It is a Cloud-based identity and directory management service enabling access to Azure services and other SAAS solutions like Microsoft 365, Dropbox, Concur, Salesforce etc.

It offers self-service options including Password reset, Authentication, Device Management, Hybrid Identities and Single Sign On.

Azure Ad concepts

Identity

Any object that can be authenticated is considered an identity. It could be a user, group, managed identity or service principals.

Account

When we associate data attributes to an identity, we call it an account. Users will have multiple attributes like locations, departments, managers, and phone numbers.

Azure AD Connect

Accounts that are created in Azure AD or another Microsoft Cloud Service.

Azure Ad Tenant

A dedicated instance of Azure AD is created during the sign-up of any Microsft Cloud Service Subscription. Tenant and Directory mean the same.

Azure Active Directory Domain

Queried using LDAP and Kerberos is used AD DS Authentication, Federation is only to other domains third party services are not supported. It will be running on VM or physical servers

Creating Users in Azure Active Directory

1. Click on Add+ in the top left of the Azure Active Directory and Click on a User

   

Click on Users, So that It will display the Users in Azure Active Directory

Bulk Operations

It will let you download it as a CSV template, Where you add users you want to create, delete, or invite. Using bulk operations, We can easily work on these operations rather than doing them one by one.

• Bulk Create

• Bulk Invite

• Bulk Delete

• Download Users

Group Account

It is used to manage users that all need the same access and permission to resources, such as potentially restricted apps and services

Group Types

1. Security Groups: It used for access management and assigning roles

2. Microsoft 365 groups: Collaboration Opportunities with M365 services, create a shared mailbox

   Create a basic group and add members

   You can create a basic group and add your members at the same time using the Azure Active Directory (Azure AD) portal. Azure AD roles that can manage groups include Groups Administrator, User Administrator, Privileged Role Administrator, or Global Administrator.

   To create a basic group and add members:

   1. Sign in to the Azure Portal

   2. Go to Azure Active Directory > Groups > New group.

      

      • Select a Group type and Selecting the Microsoft 365 Group type enables the Group email address option.

      • Enter a Group name. Choose a name that you'll remember and that makes sense for the group. A check will be performed to determine if the name is already in use. If the name is already in use, you'll be asked to change the name of your group.

      • Group email address: Only available for Microsoft 365 group types. Enter an email address manually or use the email address built from the Group name you provided.

      • Group description. Add an optional description to your group.

      • Switch the Azure AD roles can be assigned to the group setting to yes to use this group to assign Azure AD roles to members.

        • This option is only available with Premium P1 or P2 licenses.

        • You must have the Privileged Role of Administrator or Global Administrator role.

        • Enabling this option automatically selects Assigned as the Membership type.

        • The ability to add roles while creating the group is added to the process.

      • Select a Membership type.

      • Optionally add Owners or Members. Members and owners can be added after creating your group.

        1. Select the link under Owners or Members to populate a list of every user in your directory.

        2. Choose users from the list and then select the Select button at the bottom of the window.

        3. Click Create button to Create a new group

           

Administrative Roles

Administrative roles are used for granting access to privileged actions in Azure AD. We recommend using these built-in roles for delegating access to manage broad application configuration permissions without granting access to manage other parts of Azure AD not related to application configuration

Service Audience

There are three types of audiences in the Azure active directory:

• IT administrators

• Application developers

• Online customers

IT Administrators

IT administrators take care of all the sign-in procedures. They also solve issues related to authentication.

Application Developers

Application developers use these services to build applications. Development becomes quick since there are many resources available.

Online Customer

They make use of services like Office 365, and CRM services, and have all their demands catered to immediately.