๐Ÿ“— Fundamentals (Basics)

From Notes_Wiki

Fundamentals (Basics)

What is Microsoft Entra ID (Azure AD)?

Microsoft Entra ID (formerly Azure Active Directory) is Microsoftโ€™s cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications.

  • Cloud-based replacement for traditional on-prem Active Directory
  • Supports single sign-on (SSO), multifactor authentication (MFA), and Conditional Access
  • Identity provider for Microsoft 365 and third-party apps

Difference between On-Prem AD vs Azure AD

Feature On-Prem AD Azure AD
Authentication Protocols Kerberos, NTLM OAuth2, SAML, OIDC
Infrastructure Domain Controllers on-premises Microsoft-managed cloud service
Device Join Domain Join Azure AD Join / Register
Group Policy Yes No (Uses Intune policies)
Internet Ready No Yes
MFA Support With extra tools (NPS, RADIUS, etc.) Built-in

Entra ID Free vs P1 vs P2 Features

Feature Free P1 P2
User and Group Management yes yes yes
SSO for SaaS Apps yes yes yes
Conditional Access No yes yes
Self-Service Password Reset Yes (Cloud only) Yes Yes
Identity Protection (Risk-based CA) No No Yes
Privileged Identity Management (PIM) No No Yes
  • Free โ€“ Basic identity features
  • P1 โ€“ Ideal for enterprise hybrid identities
  • P2 โ€“ Advanced security & governance (PIM, Identity Protection)

Understanding Entra ID Tenants & Domains

  • A Tenant is a dedicated instance of Microsoft Entra ID (Azure AD)
  • Each organization has a globally unique tenant ID and domain name (e.g., `yourcompany.onmicrosoft.com`)
  • You can add custom domains (e.g., `yourcompany.com`) for branding and authentication
  • Tenants are isolated โ€“ one tenant cannot access another tenant's resources unless explicitly allowed

How to create an Entra ID tenant step-by-step

  1. Go to [1](https://entra.microsoft.com)
  2. Sign in with a Microsoft account (or create one)
  3. Navigate to: Manage tenants > Create
  4. Choose Azure Active Directory
  5. Enter:
  • Organization name
  • Initial domain name (e.g., `mycompany.onmicrosoft.com`)
  • Country/region
  1. Click Create
  2. After a few seconds, your tenant will be ready

Understanding Users, Groups, and Roles in Entra ID

  • Users: Represent real people or service accounts
Types: Cloud-only, Synced from on-prem, Guest (B2B)
  • Groups: Used for access control and policy assignment
Types: Security Groups, Microsoft 365 Groups
  • Roles: Define what permissions a user or group has
Examples: Global Administrator, User Administrator, Security Reader
Role-Based Access Control (RBAC) is used to assign roles
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=๐Ÿ“—_Fundamentals_(Basics)&oldid=9429"