πŸ“— Fundamentals (Basics)

From Notes_Wiki

πŸ“— Fundamentals (Basics)

πŸ”Ή What is Microsoft Entra ID (Azure AD)?

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access management service. It helps employees of an organization sign in and access resources such as Microsoft 365, Azure services, and thousands of other SaaS applications.

  • Cloud-based replacement for traditional on-prem Active Directory
  • Supports single sign-on (SSO), multifactor authentication (MFA), and Conditional Access
  • Identity provider for Microsoft 365 and third-party apps

πŸ”Ή Difference between On-Prem AD vs Azure AD

Feature On-Prem AD Azure AD
Authentication Protocols Kerberos, NTLM OAuth2, SAML, OIDC
Infrastructure Domain Controllers on-premises Microsoft-managed cloud service
Device Join Domain Join Azure AD Join / Register
Group Policy Yes No (Uses Intune policies)
Internet Ready No Yes
MFA Support With extra tools (NPS, RADIUS, etc.) Built-in

πŸ”Ή Entra ID Free vs P1 vs P2 Features

Feature Free P1 P2
User and Group Management βœ… βœ… βœ…
SSO for SaaS Apps βœ… βœ… βœ…
Conditional Access ❌ βœ… βœ…
Self-Service Password Reset βœ… (Cloud only) βœ… βœ…
Identity Protection (Risk-based CA) ❌ ❌ βœ…
Privileged Identity Management (PIM) ❌ ❌ βœ…
  • Free – Basic identity features
  • P1 – Ideal for enterprise hybrid identities
  • P2 – Advanced security & governance (PIM, Identity Protection)

πŸ”Ή Understanding Entra ID Tenants & Domains

  • A Tenant is a dedicated instance of Microsoft Entra ID (Azure AD)
  • Each organization has a globally unique tenant ID and domain name (e.g., `yourcompany.onmicrosoft.com`)
  • You can add custom domains (e.g., `yourcompany.com`) for branding and authentication
  • Tenants are isolated – one tenant cannot access another tenant's resources unless explicitly allowed

πŸ”Ή How to create an Entra ID tenant step-by-step

  1. Go to [1](https://entra.microsoft.com)
  2. Sign in with a Microsoft account (or create one)
  3. Navigate to: Manage tenants > Create
  4. Choose Azure Active Directory
  5. Enter:
  • Organization name
  • Initial domain name (e.g., `mycompany.onmicrosoft.com`)
  • Country/region
  1. Click Create
  2. After a few seconds, your tenant will be ready

πŸ”Ή Understanding Users, Groups, and Roles in Entra ID

  • Users: Represent real people or service accounts
Types: Cloud-only, Synced from on-prem, Guest (B2B)
  • Groups: Used for access control and policy assignment
Types: Security Groups, Microsoft 365 Groups
  • Roles: Define what permissions a user or group has
Examples: Global Administrator, User Administrator, Security Reader
Role-Based Access Control (RBAC) is used to assign roles