Azure AD Overview Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
>> Hello Siberians.
00:00
Welcome to the first lesson of module
00:00
1 of this course titled,
00:00
AZ-301, Microsoft Azure Architect Design.
00:00
My name is David Okeyode and I'll
00:00
be your instructor, through out this course.
00:00
Some quick information on what we'll be
00:00
covering in this first series of lessons.
00:00
This lesson is divided into three paths to
00:00
ensure that the concepts
00:00
covered are kept short and simple.
00:00
In part 1 of this lesson,
00:00
we'll start by covering what Azure AD is,
00:00
and what Azure AD is not.
00:00
From my experience, knowing what Azure AD
00:00
is as important as knowing what Azure AD is.
00:00
Would then explain the differences between
00:00
On-premises Active Directory and Azure
00:00
Active Directory so that
00:00
the use cases of both solutions are clear to you.
00:00
In part 2 of this lesson,
00:00
we'll cover some information on
00:00
the different Azure AD additions that exist.
00:00
That you have the information
00:00
>> that you need to select
00:00
>> the right option for
00:00
different requirements and use cases.
00:00
Will then proceed to cover
00:00
another solution in Azure called
00:00
Azure Active Directory Domain Services, Azure ADDS.
00:00
We'll expand on this service and the use cases.
00:00
Finally, in part three,
00:00
we'll have some quiz questions and
00:00
some supplementary material references to help
00:00
you in further studies of the concepts discussed.
00:00
Let's get right into this.
00:00
First of all, let's cover what is Azure AD.
00:00
We'll start by talking about what Azure AD is not.
00:00
The first thing I want to start with is,
00:00
Azure AD is NOT On-premises Active Directory in Azure.
00:00
It's very easy to make
00:00
this mistake because of the similarities in the name,
00:00
and because many of us are familiar with
00:00
the concept of Active Directory On-premises,
00:00
with the authentication protocols
00:00
>> like Kerberos and NTLM.
00:00
>> It's very easy to assume
00:00
that when we talk about Azure AD,
00:00
we're just talking about
00:00
the same Active Directory
00:00
only that it's now hosted in Azure.
00:00
That is not the case with Azure AD.
00:00
As a matter of fact, it has a different use case.
00:00
It has a different structure.
00:00
I personally, I will have called it
00:00
Azure Identity Service, also other name.
00:00
That will help to avoid confusion with
00:00
Active Directory On-premises by think what
00:00
Microsoft wanted to do was the one tends to
00:00
keep the Active Directory brand-name going.
00:00
If Azure AD is not
00:00
On-premises AD in Azure, what is it then?
00:00
Here's my first description of what Azure AD is.
00:00
Azure AD is the identity provider
00:00
for Microsoft Cloud services.
00:00
What do we mean by this?
00:00
Let's take this illustration.
00:00
If you go online to sign up for
00:00
any Microsoft Cloud Services
00:00
that could be Microsoft Azure,
00:00
that could be Office 365,
00:00
that could be Dynamics 365.
00:00
When you sign up for this Cloud services,
00:00
transparently in the background,
00:00
it creates Azure AD tenants for you.
00:00
That is the identity provider
00:00
for the services that you're using.
00:00
When you're creating your users,
00:00
your groups in Office 365 to you,
00:00
you think that they're starting in Office 365,
00:00
but that's not the case.
00:00
Office 365 is on the frontend application.
00:00
The backend identity provider behind that,
00:00
it's Azure AD, and it's the
00:00
same if you have an Azure subscription.
00:00
Azure subscription when you sign up for it,
00:00
transparently creates
00:00
an Azure AD tenant in the background,
00:00
and that's where your identities are stored.
00:00
Now we can create
00:00
a different Azure AD tenant
00:00
in the case of Azure subscription,
00:00
and then we can transfer
00:00
our subscription to trust the new Azure AD tenant,
00:00
but I will show you that when we get to the demo.
00:00
What other description do we have for Azure AD?
00:00
Azure AD is Microsoft implementation
00:00
of modern authentication protocols.
00:00
Again, what do we mean by this?
00:00
Here's what we mean by that.
00:00
We first need to understand the reason why we
00:00
needed new authentication protocols to begin with.
00:00
If you have an On-premises AD infrastructure,
00:00
you're probably familiar with
00:00
authentication protocols like Kerberos and NTLM.
00:00
You also probably familiar with the query language or
00:00
other query protocol that
00:00
On-premises Active Directory supports like LDAP.
00:00
The fail with this protocol,
00:00
I'm talking specifically about Kerberos and NTLM now.
00:00
The fail with them is that they are great when
00:00
applications and the identity provider
00:00
exist on the same network,
00:00
and that was the situation for many years,
00:00
but things have changed around the beats.
00:00
For many organizations,
00:00
majority of the applications now live in the Clouds.
00:00
They're CRM applications, they're HR application,
00:00
they're facilities application,
00:00
the Salesforce application,
00:00
all these different applications now live in
00:00
the Cloud in someone else's organization.
00:00
If I were to ask the question,
00:00
how many of you will be comfortable
00:00
with opening [inaudible],
00:00
how the parts of that Kerberos
00:00
needs to the Internet you'll be able
00:00
to make this authentication work with
00:00
your On-premises Domain Controller.
00:00
Probably not very many of you
00:00
will be comfortable with doing that.
00:00
That's good sense on your part.
00:00
What that means is that in
00:00
the modern reality that we live in,
00:00
with multiple Cloud applications,
00:00
we need new authentication protocols
00:00
that allows us to walk fluently in
00:00
situations where our applications
00:00
live in other people's organizations,
00:00
applications that we're using.
00:00
That's where modern authentication protocols
00:00
like WS-FED, SAML,
00:00
OpenID Connect with all photolization,
00:00
that's where the come in.
00:00
That's the description that I gave for Azure AD.
00:00
It's one of Microsoft implementation of
00:00
this modern authentication protocols.
00:00
Let's go back and let's talk about
00:00
the primary use case of Azure AD.
00:00
I mentioned here that the primary use case of Azure AD,
00:00
it's the identity provider for
00:00
Cloud applications that
00:00
support modern authentication protocols.
00:00
What I mean by this is that
00:00
Azure AD goes beyond just Microsoft Cloud services.
00:00
If you have any Cloud application that support any of
00:00
this modern authentication protocols
00:00
that we talked about,
00:00
you can use azure AD as
00:00
the identity provider for those services.
00:00
Now, don't get me wrong.
00:00
Azure AD can help with On-premises applications also,
00:00
but I'm talking about the primary use case,
00:00
and that's what I'm referring to here.
00:00
It goes beyond Microsoft Cloud services,
00:00
if for any web application that
00:00
supports more than authentication protocols.
00:00
Let's cover very quickly the differences
00:00
between On-premises AD and Azure AD,
00:00
and then I'll move on to the next part of this lesson.
00:00
The first difference is around how they're queried.
00:00
I mentioned earlier On-premises Active Directory is
00:00
queried using a protocol called LDAP,
00:00
which walks on TCP port 289,
00:00
and if you're using LDAP secure,
00:00
that works on TCP port 686.
00:00
In the case of Azure AD,
00:00
it queried using the REST API over HTTP and HTTPS.
00:00
Actually the REST API endpoint of
00:00
Azure AD it's some thing
00:00
referred to as the Microsoft Graph.
00:00
You've probably heard that if you've
00:00
been around Microsoft Azure for a while.
00:00
The other differences surrounds
00:00
the protocols that it support.
00:00
I mentioned this earlier On-premises
00:00
Active Directory uses Kerberos
00:00
and NTLM as it authentication protocols,
00:00
which I'll refer to them as
00:00
legacy authentication protocols,
00:00
while Azure AD uses
00:00
protocols that supports web transport.
00:00
Protocols they use HTTP and HTTPS, like SAML,
00:00
WS-FED OpenID Connect for
00:00
authentication and then OAuth for authorization.
00:00
Azure AD includes native federation services.
00:00
In the case of On-premises Active Directory,
00:00
you're probably familiar with
00:00
another service from Microsoft
00:00
called Active Directory Federation Services, ADFS.
00:00
If we want that to create federation between
00:00
your identity provider and
00:00
other organization's identity provider,
00:00
you have to use ADFS to be the middleman,
00:00
but when it comes to Azure AD,
00:00
federation is natively built-in.
00:00
We'll see a little bit of this when we talk
00:00
later about Azure AD B2B.
00:00
Then finally, Azure AD users
00:00
and groups are created in a flat structure.
00:00
It does not use a hierarchical structure
00:00
like On-premises Active Directory
00:00
use with organization units,
00:00
it simply use a flat structure.
00:00
Does also no support for things like
00:00
Group Policy with Azure AD.
00:00
What I'll do is I'll stop
00:00
this recording here for this video,
00:00
and then in the very next video,
00:00
I'll pick up from where I stop here,
00:00
we'll start talking about Azure AD addition.
00:00
Now that you have an understanding of
00:00
one Azure AD is, what it is not,
00:00
let's start talking about the different editions of
00:00
Azure AD and the differences between them.
00:00
You need that information to be able to pass the exam.
00:00
See you in the next video.
Up Next