https://DevOpsCloud.io -- Cloud Monk Losang Jinpa, Ph.D., MCSE/MCT, GitOps DevOps Engineer

Return to Microsoft Entra ID, Active Directory

Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It helps organizations manage user identities and create intelligence-driven access policies to secure applications and resources. Azure AD was introduced as part of Microsoft's Azure platform to support the growing need for online services to authenticate and authorize users without relying on in-house directory services. It offers a broad range of features including single sign-on (SSO), multi-factor authentication (MFA), and conditional access policies that protect users from cybersecurity threats. Azure AD integrates with various Microsoft and third-party cloud services, enabling seamless access control across an organization's applications. It supports integration with on-premises Active Directory to provide a consistent identity for users both in the cloud and on-premises, facilitating a smooth transition to the cloud and enabling hybrid identity solutions.

“Azure Active Directory is an Identity and Access Management as a service (IDaaS) solution that extends your on-premises Active Directory into the Azure cloud and provides single sign-on to Azure, Office 365 and thousands of cloud (SaaS) apps and access to web apps you run on-premises.”

“Built for ease of use, Azure Active Directory enables enterprise mobility and collaboration and delivers advanced identity protection through multi-factor authentication (MFA), security reports, audits, alerts and adaptive conditional access policies based on device health, user location and risk level.”

https://channel9.msdn.com/posts/Multi-Factor-Account-Setup

Azure AD MFA

About enabling multi-factor auth: Read the Azure AD MFA deployment guide (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted) if you haven’t already. If your users do not regularly sign in through the browser, you can send them to this link to register for multi-factor auth: https://aka.ms/MFASetup

• Identity Protection
• Privileged Identity Management
• Tenant restrictions
• Azure AD Domain Services
• Access reviews

Azure AD Identity Protection

• Azure AD Password Protection - Feature added as Public preview on June 20, 2018
  • Use Azure AD Password Protection to help eliminate easily guessed passwords from your Active Directory environment. Eliminating these passwords helps to lower the risk of compromise from a password spray type of password attack.

Specifically, Azure AD Password Protection helps you:

• Protect your organization's accounts in both Azure AD and Windows Server Active Directory (AD).
• Stops your users from using passwords on a list of more than 500 of the most commonly used passwords, and over 1 million character substitution variations of those passwords.
• Administer Azure AD Password Protection from a single location in the Azure AD portal, for both Azure AD and on-premises Windows Server AD.

• Organization name
• By default, a basic domain name at onmicrosoft.com is included with your directory. Later, you can add a domain name that your organization already uses, such as contoso.com.

• https://azure.microsoft.com/en-us/services/active-directory
• https://docs.microsoft.com/en-us/azure/active-directory
• https://azure.microsoft.com/en-us/pricing/details/active-directory