It is a Cloud-based identity and directory management service enabling access to Azure services and other SAAS solutions like Microsoft 365, Dropbox, Concur, Salesforce etc.
It offers self-service options including Password reset, Authentication, Device Management, Hybrid Identities and Single Sign On.
Azure Ad concepts
Identity
Any object that can be authenticated is considered an identity. It could be a user, group, managed identity or service principals.
Account
When we associate data attributes to an identity, we call it an account. Users will have multiple attributes like locations, departments, managers, and phone numbers.
Azure AD Connect
Accounts that are created in Azure AD or another Microsoft Cloud Service.
Azure Ad Tenant
A dedicated instance of Azure AD is created during the sign-up of any Microsft Cloud Service Subscription. Tenant and Directory mean the same.
Azure Active Directory Domain
Queried using LDAP and Kerberos is used AD DS Authentication, Federation is only to other domains third party services are not supported. It will be running on VM or physical servers
Creating Users in Azure Active Directory
Click on Add+ in the top left of the Azure Active Directory and Click on a User
Click on Users, So that It will display the Users in Azure Active Directory
Bulk Operations
It will let you download it as a CSV template, Where you add users you want to create, delete, or invite. Using bulk operations, We can easily work on these operations rather than doing them one by one.
Bulk Create
Bulk Invite
Bulk Delete
Download Users
Group Account
It is used to manage users that all need the same access and permission to resources, such as potentially restricted apps and services
Group Types
Security Groups: It used for access management and assigning roles
Microsoft 365 groups: Collaboration Opportunities with M365 services, create a shared mailbox
Create a basic group and add members
You can create a basic group and add your members at the same time using the Azure Active Directory (Azure AD) portal. Azure AD roles that can manage groups include Groups Administrator, User Administrator, Privileged Role Administrator, or Global Administrator.
To create a basic group and add members:
Sign in to the Azure Portal
Go to Azure Active Directory > Groups > New group.
Select a Group type and Selecting the Microsoft 365 Group type enables the Group email address option.
Enter a Group name. Choose a name that you'll remember and that makes sense for the group. A check will be performed to determine if the name is already in use. If the name is already in use, you'll be asked to change the name of your group.
Group email address: Only available for Microsoft 365 group types. Enter an email address manually or use the email address built from the Group name you provided.
Group description. Add an optional description to your group.
Switch the Azure AD roles can be assigned to the group setting to yes to use this group to assign Azure AD roles to members.
This option is only available with Premium P1 or P2 licenses.
You must have the Privileged Role of Administrator or Global Administrator role.
Enabling this option automatically selects Assigned as the Membership type.
The ability to add roles while creating the group is added to the process.
Select a Membership type.
Optionally add Owners or Members. Members and owners can be added after creating your group.
Select the link under Owners or Members to populate a list of every user in your directory.
Choose users from the list and then select the Select button at the bottom of the window.
Click Create button to Create a new group
Administrative Roles
Administrative roles are used for granting access to privileged actions in Azure AD. We recommend using these built-in roles for delegating access to manage broad application configuration permissions without granting access to manage other parts of Azure AD not related to application configuration
Service Audience
There are three types of audiences in the Azure active directory:
IT administrators
Application developers
Online customers
IT Administrators
IT administrators take care of all the sign-in procedures. They also solve issues related to authentication.
Application Developers
Application developers use these services to build applications. Development becomes quick since there are many resources available.
Online Customer
They make use of services like Office 365, and CRM services, and have all their demands catered to immediately.