Difference between revisions of "π Fundamentals (Basics)"
From Notes_Wiki
(Created page with "= π Fundamentals (Basics) = == πΉ What is Microsoft Entra ID (Azure AD)? == Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications. * Cloud-based replacement for traditional on-prem Active Directory * Supports single sign-on (SSO), multifactor authen...") Β |
|||
| Line 1: | Line 1: | ||
= | = Fundamentals (Basics) = | ||
== | == [[What is Microsoft Entra ID (Azure AD)?]] == | ||
Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications. | Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications. | ||
| Line 8: | Line 8: | ||
* Identity provider for Microsoft 365 and third-party apps | * Identity provider for Microsoft 365 and third-party apps | ||
== | == [[Difference between On-Prem AD vs Azure AD]] == | ||
{| class="wikitable" | {| class="wikitable" | ||
! Feature !! On-Prem AD !! Azure AD | ! Feature !! On-Prem AD !! Azure AD | ||
| Line 25: | Line 25: | ||
|} | |} | ||
== | == [[Entra ID Free vs P1 vs P2 Features]] == | ||
{| class="wikitable" | {| class="wikitable" | ||
! Feature !! Free !! P1 !! P2 | ! Feature !! Free !! P1 !! P2 | ||
| Line 46: | Line 46: | ||
* P2 β Advanced security & governance (PIM, Identity Protection) | * P2 β Advanced security & governance (PIM, Identity Protection) | ||
== | == [[Understanding Entra ID Tenants & Domains]] == | ||
* A '''Tenant''' is a dedicated instance of Microsoft Entra ID (Azure AD) | * A '''Tenant''' is a dedicated instance of Microsoft Entra ID (Azure AD) | ||
* Each organization has a '''globally unique tenant ID''' and domain name (e.g., `yourcompany.onmicrosoft.com`) | * Each organization has a '''globally unique tenant ID''' and domain name (e.g., `yourcompany.onmicrosoft.com`) | ||
| Line 52: | Line 52: | ||
* Tenants are isolated β one tenant cannot access another tenant's resources unless explicitly allowed | * Tenants are isolated β one tenant cannot access another tenant's resources unless explicitly allowed | ||
== | == [[How to create an Entra ID tenant step-by-step]] == | ||
# Go to [https://entra.microsoft.com](https://entra.microsoft.com) | # Go to [https://entra.microsoft.com](https://entra.microsoft.com) | ||
# Sign in with a Microsoft account (or create one) | # Sign in with a Microsoft account (or create one) | ||
| Line 64: | Line 64: | ||
# After a few seconds, your tenant will be ready | # After a few seconds, your tenant will be ready | ||
== | == [[Understanding Users, Groups, and Roles in Entra ID]] == | ||
* '''Users''': Represent real people or service accounts | * '''Users''': Represent real people or service accounts | ||
Β Types: Cloud-only, Synced from on-prem, Guest (B2B) | Β Types: Cloud-only, Synced from on-prem, Guest (B2B) | ||
Revision as of 05:12, 29 August 2025
Fundamentals (Basics)
What is Microsoft Entra ID (Azure AD)?
Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications.
- Cloud-based replacement for traditional on-prem Active Directory
- Supports single sign-on (SSO), multifactor authentication (MFA), and Conditional Access
- Identity provider for Microsoft 365 and third-party apps
Difference between On-Prem AD vs Azure AD
| Feature | On-Prem AD | Azure AD |
|---|---|---|
| Authentication Protocols | Kerberos, NTLM | OAuth2, SAML, OIDC |
| Infrastructure | Domain Controllers on-premises | Microsoft-managed cloud service |
| Device Join | Domain Join | Azure AD Join / Register |
| Group Policy | Yes | No (Uses Intune policies) |
| Internet Ready | No | Yes |
| MFA Support | With extra tools (NPS, RADIUS, etc.) | Built-in |
Entra ID Free vs P1 vs P2 Features
| Feature | Free | P1 | P2 |
|---|---|---|---|
| User and Group Management | β | β | β |
| SSO for SaaS Apps | β | β | β |
| Conditional Access | β | β | β |
| Self-Service Password Reset | β (Cloud only) | β | β |
| Identity Protection (Risk-based CA) | β | β | β |
| Privileged Identity Management (PIM) | β | β | β |
- Free β Basic identity features
- P1 β Ideal for enterprise hybrid identities
- P2 β Advanced security & governance (PIM, Identity Protection)
Understanding Entra ID Tenants & Domains
- A Tenant is a dedicated instance of Microsoft Entra ID (Azure AD)
- Each organization has a globally unique tenant ID and domain name (e.g., `yourcompany.onmicrosoft.com`)
- You can add custom domains (e.g., `yourcompany.com`) for branding and authentication
- Tenants are isolated β one tenant cannot access another tenant's resources unless explicitly allowed
How to create an Entra ID tenant step-by-step
- Go to [1](https://entra.microsoft.com)
- Sign in with a Microsoft account (or create one)
- Navigate to: Manage tenants > Create
- Choose Azure Active Directory
- Enter:
- Organization name
- Initial domain name (e.g., `mycompany.onmicrosoft.com`)
- Country/region
- Click Create
- After a few seconds, your tenant will be ready
Understanding Users, Groups, and Roles in Entra ID
- Users: Represent real people or service accounts
Types: Cloud-only, Synced from on-prem, Guest (B2B)
- Groups: Used for access control and policy assignment
Types: Security Groups, Microsoft 365 Groups
- Roles: Define what permissions a user or group has
Examples: Global Administrator, User Administrator, Security Reader Role-Based Access Control (RBAC) is used to assign roles
