π Fundamentals (Basics)
From Notes_Wiki
π Fundamentals (Basics)
πΉ What is Microsoft Entra ID (Azure AD)?
Microsoft Entra ID (formerly Azure Active Directory) is Microsoftβs cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications.
- Cloud-based replacement for traditional on-prem Active Directory
- Supports single sign-on (SSO), multifactor authentication (MFA), and Conditional Access
- Identity provider for Microsoft 365 and third-party apps
πΉ Difference between On-Prem AD vs Azure AD
Feature | On-Prem AD | Azure AD |
---|---|---|
Authentication Protocols | Kerberos, NTLM | OAuth2, SAML, OIDC |
Infrastructure | Domain Controllers on-premises | Microsoft-managed cloud service |
Device Join | Domain Join | Azure AD Join / Register |
Group Policy | Yes | No (Uses Intune policies) |
Internet Ready | No | Yes |
MFA Support | With extra tools (NPS, RADIUS, etc.) | Built-in |
πΉ Entra ID Free vs P1 vs P2 Features
Feature | Free | P1 | P2 |
---|---|---|---|
User and Group Management | β | β | β |
SSO for SaaS Apps | β | β | β |
Conditional Access | β | β | β |
Self-Service Password Reset | β (Cloud only) | β | β |
Identity Protection (Risk-based CA) | β | β | β |
Privileged Identity Management (PIM) | β | β | β |
- Free β Basic identity features
- P1 β Ideal for enterprise hybrid identities
- P2 β Advanced security & governance (PIM, Identity Protection)
πΉ Understanding Entra ID Tenants & Domains
- A Tenant is a dedicated instance of Microsoft Entra ID (Azure AD)
- Each organization has a globally unique tenant ID and domain name (e.g., `yourcompany.onmicrosoft.com`)
- You can add custom domains (e.g., `yourcompany.com`) for branding and authentication
- Tenants are isolated β one tenant cannot access another tenant's resources unless explicitly allowed
πΉ How to create an Entra ID tenant step-by-step
- Go to [1](https://entra.microsoft.com)
- Sign in with a Microsoft account (or create one)
- Navigate to: Manage tenants > Create
- Choose Azure Active Directory
- Enter:
- Organization name
- Initial domain name (e.g., `mycompany.onmicrosoft.com`)
- Country/region
- Click Create
- After a few seconds, your tenant will be ready
πΉ Understanding Users, Groups, and Roles in Entra ID
- Users: Represent real people or service accounts
Types: Cloud-only, Synced from on-prem, Guest (B2B)
- Groups: Used for access control and policy assignment
Types: Security Groups, Microsoft 365 Groups
- Roles: Define what permissions a user or group has
Examples: Global Administrator, User Administrator, Security Reader Role-Based Access Control (RBAC) is used to assign roles