Difference between revisions of "π Fundamentals (Basics)"
From Notes_Wiki
Β |
|||
| Line 29: | Line 29: | ||
! Feature !! Free !! P1 !! P2 | ! Feature !! Free !! P1 !! P2 | ||
|- | |- | ||
| User and Group Management || | | User and Group Management || yes || yes || yes | ||
|- | |- | ||
| SSO for SaaS Apps || | | SSO for SaaS Apps || yes || yes || yes | ||
|- | |- | ||
| Conditional Access || | | Conditional Access || No || yes || yes | ||
|- | |- | ||
| Self-Service Password Reset || | | Self-Service Password Reset || Yes (Cloud only) || Yes || Yes | ||
|- | |- | ||
| Identity Protection (Risk-based CA) || | | Identity Protection (Risk-based CA) || No || No || Yes | ||
|- | |- | ||
| Privileged Identity Management (PIM) || | | Privileged Identity Management (PIM) || No || No || Yes | ||
|} | |} | ||
Latest revision as of 12:54, 29 August 2025
Fundamentals (Basics)
What is Microsoft Entra ID (Azure AD)?
Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications.
- Cloud-based replacement for traditional on-prem Active Directory
- Supports single sign-on (SSO), multifactor authentication (MFA), and Conditional Access
- Identity provider for Microsoft 365 and third-party apps
Difference between On-Prem AD vs Azure AD
| Feature | On-Prem AD | Azure AD |
|---|---|---|
| Authentication Protocols | Kerberos, NTLM | OAuth2, SAML, OIDC |
| Infrastructure | Domain Controllers on-premises | Microsoft-managed cloud service |
| Device Join | Domain Join | Azure AD Join / Register |
| Group Policy | Yes | No (Uses Intune policies) |
| Internet Ready | No | Yes |
| MFA Support | With extra tools (NPS, RADIUS, etc.) | Built-in |
Entra ID Free vs P1 vs P2 Features
| Feature | Free | P1 | P2 |
|---|---|---|---|
| User and Group Management | yes | yes | yes |
| SSO for SaaS Apps | yes | yes | yes |
| Conditional Access | No | yes | yes |
| Self-Service Password Reset | Yes (Cloud only) | Yes | Yes |
| Identity Protection (Risk-based CA) | No | No | Yes |
| Privileged Identity Management (PIM) | No | No | Yes |
- Free β Basic identity features
- P1 β Ideal for enterprise hybrid identities
- P2 β Advanced security & governance (PIM, Identity Protection)
Understanding Entra ID Tenants & Domains
- A Tenant is a dedicated instance of Microsoft Entra ID (Azure AD)
- Each organization has a globally unique tenant ID and domain name (e.g., `yourcompany.onmicrosoft.com`)
- You can add custom domains (e.g., `yourcompany.com`) for branding and authentication
- Tenants are isolated β one tenant cannot access another tenant's resources unless explicitly allowed
How to create an Entra ID tenant step-by-step
- Go to [1](https://entra.microsoft.com)
- Sign in with a Microsoft account (or create one)
- Navigate to: Manage tenants > Create
- Choose Azure Active Directory
- Enter:
- Organization name
- Initial domain name (e.g., `mycompany.onmicrosoft.com`)
- Country/region
- Click Create
- After a few seconds, your tenant will be ready
Understanding Users, Groups, and Roles in Entra ID
- Users: Represent real people or service accounts
Types: Cloud-only, Synced from on-prem, Guest (B2B)
- Groups: Used for access control and policy assignment
Types: Security Groups, Microsoft 365 Groups
- Roles: Define what permissions a user or group has
Examples: Global Administrator, User Administrator, Security Reader Role-Based Access Control (RBAC) is used to assign roles
