Wondershare EdrawMind
EdrawMindAzure AD
MindMap Gallery Azure AD
- 762
- 7
- 1
Azure AD
Basic introduction about Azure AD. You can make and share your own mind maps easily. Just try EdrawMind mind mapping software for free!
Edited at 2022-03-08 09:31:19- Azure AD
Basic introduction about Azure AD. You can make and share your own mind maps easily. Just try EdrawMind mind mapping software for free!
- Active Directory
Basic introduction about Active Directory. You can make and share your own mind maps easily. Just try EdrawMind mind mapping software for free!
- NIST Cybersecurity Framework v1.1
NIST Cybersecurity Framework is a voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
Azure AD
- Azure AD
Basic introduction about Azure AD. You can make and share your own mind maps easily. Just try EdrawMind mind mapping software for free!
- Active Directory
Basic introduction about Active Directory. You can make and share your own mind maps easily. Just try EdrawMind mind mapping software for free!
- NIST Cybersecurity Framework v1.1
NIST Cybersecurity Framework is a voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
- Recommended to you
- Outline
Azure AD
Overview
Definition
Directory service
Identity and management solution
Authentication and authorization solution
Built into Microsoft Azure
Identity as as Service
Microsoft implementation of IaaS
Centralized and secure
Identity store
Authenticate user
Cloud resources
Multi-factor authentication
Single sign-on
AD Version
Active Directory
Domain Services
Federation Services
Rights Management Services
Certificate Services
Lightweight Directory Services
Azure AD Premium
AD Premium P1
AD Premium P2
Azure AD Basic
AD DS vs Azure AD
Querying
LDAP vs Microsoft Graph API
Enterprise features
Group policies, trust, OU
Decoupling of server
No domain controllers
Fundamentals
Services & Features
Azure AD Admin Center
Managing users and computers
Azure AD Join
Managing laptop and desktop computers
Azure AD Domain Services
Manage old directory-aware applications
SaaS and PaaS apps
Manage SaaS and PaaS
Application proxy
Authenticate you to run on-prem apps
Device Registration
For BYOD
Azure AD B2B
Authenticate partner company
Azure AD B2C
Manage identities of general public
Azure AD Connect
Integrate on-prem AD
Administration
AD Connect is lighweight and it comes with AD Connect Health
Self-service for profile, password, groups and apps
Delegation of groups and apps through ownership
Automatic provisioning/deprovisioning of SaaS apps
Delegate device joining/registering to end users
Smart lockout powered by machine learning
Azure AD Connect
Overview
Implement if you require hybrid setup
Not required for full cloud setup
Integrates AD DS and Azure AD
Installed on a member server
Synchronized user, group and computer
Bidirectional flow of configuration changes
Single sign-on
Federation with AD FS (If authentication is on-prem)
AD Connect Health
Users and Groups
Users
Federated Users
ADDS, ADDFS is present
Provides Federation and Single sign-on
Users are sync to the cloud via AD Connect
Users can access both cloud and on-prem resources
Authentication is on-prem
Synchronized Users
ADDS only or no Federation
Users are sync to the cloud via AD Connect
Sync from on-prem to cloud
Users can access both cloud and on-prem resources
Authentication is in the cloud and on-prem
Cloud Users
Users are natively created in the cloud
Cloud only resources
Authentication is in the cloud
Source
Multiple
External Azure AD
Microsoft Account
User Type
Guest
Member
Groups
Security groups
Similar to on-prem security group
Office 365 groups
For Office 365
Shared mailbox in Exchange
Site collection in Sharepoint
Chatroom in Teams
Dynamic membership
Device Management
Azure AD Join
For cloud-only environment
Atleast Windows 10
Managed via Intune
Hybrid Azure AD Join
Atleast Windows 8.1 and above
Can be configure via AD Connect tool
For company-owned asset
Device Registration
For BYOD
Windows and MacOS
Can enfore minimal security baseline
Manage via Intune
External Users Management
Azure AD B2B
For partner companies
Send them email to join your tenant
Authentication is via their external Identity provider
Will soon replace ADFS and Trust
Can invite non-Microsoft identities
Azure AD B2C
Customers accessing public-facing apps
Identity lifecycle is self-service
It scales to millions of users
B2C directory is isolated
Application Support
SaaS application
Apps Gallery
One-click to provision
Integrate non-Gallery SaaS apps
Assign users and groups
Assign owners
PaaS applications
Custome apps, in-house apps
App registration
Add a name and location
Configure cert or keys
Choose Azure API
Supports OpenID, OAuth, SAML
Assign users and groups
Assign owners
Azure AD Domain Services
Legacy directory-aware application
Apps that require Kerberos, NTLM and LDAP
Refactor to use apps for newer protocol
Apps are running in the cloud
Application proxy
Apps are running on-prem
Authentication happens in Azure AD
App proxy service (Azure AD) talks to apps proxy connector (on-prem)
Azure AD Security
Credentials
Conditional access
Location
Rules
AI learns users login pattern
Multi-factor authentication
Azure AD Directory roles (DR)
Global Administrators
Azure AD Identity Protection (IP)
flag users for risk
discover irregular activities
for monitoring and reporting
AAD Privileged Identity Management (PIM)
Just in time privilege
AAD Entitlement Management (EM)
AAD Access Reviews (AR)
Identity Governance
Regulatory Compliance Solution
Microsoft Trust Center
Microsoft Compliance Manager
Azure Security Center