IT:AD:Azure:Active Directory (AD)
Summary
Azure AD might be called Azure AD – but that's a marketing thing.
Azure AD is not a subset of the Azure Service. It's a totally separate Service, on which Azure relies (and so does IT:AD:Office 365 (O365), IT:AD:Visual Studio Team Services (VSTS), etc.)
The link to that service is:
MS made a new AD solution because the original AD was designed for an era of intranet and Kerberos.
Comprehensive identity and access management solution in the cloud.
Used for * IT:AD:Office 365 (O365) * IT:AD:InTune * Dynamics CRM * Thousands of apps
Notes
An IT:AD:Azure:Account may be made an AD Directory's Global Administrator, who is not a Service Administrator or Service Co-Administrator * This is useful, so that if you have an IT:AD:Office 365 (O365) account you can add/remove AD users, without having to be granted access to the IT:AD:Azure:Portal:Classic Portal.
Relationship to Azure Subscriptions
Whereas other Resource/Service are 'owned' by the IT:AD:Azure:Subscription, a IT:AD:Azure:Subscription only has a trust relationship with an IT:AD:Azure:Subscription.
The above means:
* if a Azure Subscription were suspended, all its Resources/Services would be suspended– bar Azure AD.
* if a Azure Subscription were terminated, another Azure Subscription could be started, and associated to the AD instance.
Identity Management
Misc
- Tenant versus Directory:
- A Tenant is a user/occupier of space within AD.
- They occupy a dedicated instance of an AD Directory.
- On-Premises:
- LDAP/Kerboers
- AD on premise
- Sharepoint
- Exchange
- ADSI
- Cloud:
- …see slides
ACiD
* Advantages:
- It will never go down. Replicated on 28 Data Centers.
- Can integrate and sync onsite users/passwords with Azure Active Directory.
- 3500 apps already federated…and you can add your app.
- Features:
- Controllable using IT:AD:Powershell
- Device Registration
- Access portal fro SSO based user access to
- Self-service password reset/change
- Azure AD Connect - for syncing on-premises to Azure Active Directory
- Standard security reports for overview picture of environment.
- B2B Collaboration (in preview)
- Group based application management and provisioning (not in free)
- Application Proxy: Secure remote access and SSO to on premises website. ⇐ ?
- Premium edition:
- Self service group management
- Microsoft Identity Manager (MIM) user licenses - for on prmeises identity and access management.
- Azure AD Connect Health: Monitor on-site AD infrastructure.
* Considerations:
- Must be Windows 10 Device in order to join Windows InTune. Which is how you set up Policies (equivalent of AD domain policies).
Azure AD Domain Services for Hybrid
* Lets you join Azure VM to a Domain without theneed to deploy domain controllers. * Users sign in to thesm VMS using corp AD. * TIp: use Groups to control access to which
THe feature is that it gives Azure AD the ability to control Kerberos based devices (interna).