Azure Active Directory (Azure AD) is Microsoft\u2019s enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems via OAuth.<\/p>\n
https:\/\/www.varonis.com\/blog\/azure-active-directory\/#:~:text=Azure%20Active%20Directory%20(Azure%20AD,cloud%2Dbased%20systems%20via%20OAuth<\/a>.<\/p>\n O365: Extra features here include<\/span><\/p>\n P1:<\/span><\/p>\n P2: advanced features like Identity Protection and Governance<\/span><\/p>\n You can add your custom domain to Azure AD which will allow you to create users using your domain name.<\/p>\n To add the domain you will need to verify you won the own by using a TXT record in your DNS for the domain.<\/p>\n Azure AD join is intended for organizations that want to be cloud-first or cloud-only. Any organization can deploy Azure AD joined devices no matter the size or industry. Azure AD join works even in a hybrid environment, enabling access to both cloud and on-premises apps and resources.<\/p>\n Scenarios<\/span><\/p>\n While Azure AD join is primarily intended for organizations that do not have an on-premises Windows Server Active Directory infrastructure, you can certainly use it in scenarios where:<\/p>\n You can configure Azure AD joined devices for all Windows 10 devices with the exception of Windows 10 Home.<\/p>\n The goal of Azure AD joined devices is to simplify:<\/p>\n You need Azure P2 level for these features.<\/p>\n Identity Protection uses advanced machine learning algorithms to monitor accounts and alert you of potential risks. This includes things like:<\/p>\n You set policies to perform actions if a risky event occurs. This can do things like block logins, require password resets etc\u2026<\/p>\n You need to turn on this service for your account. You can then go this service and see the dashboard where it will show you:<\/p>\n This is where you can set the policies. Options for policies:<\/p>\n This is also a P2 only feature. You can find this under “Security -> Conditional Access”<\/p>\n By default there is a policy for admins to require MFA.<\/p>\n The following is how you would setup a policy to lock users out of cloud apps<\/p>\n<\/h1>\n
<\/h1>\n
Azure AD – Free Vs Premium<\/h1>\n
\n
\n– 500,000 object limit
\n– SSO
\n– AD sync
\n– Self service password change for cloud users
\n<\/span><\/li>\n<\/ul>\n\n
\n
<\/h2>\n
Custom Domains<\/h2>\n
<\/h2>\n
Azure AD Join<\/h2>\n
\n
\n
<\/h1>\n
Azure AD Identity Protection<\/h1>\n
\n
<\/h2>\n
Identity Protection Service<\/h2>\n
\n
Configuration<\/h3>\n
\n
<\/h1>\n
Conditional Access<\/h1>\n
<\/h2>\n
Conditional Access Policies<\/h2>\n
Creating a new Policy<\/h3>\n
\n
\n– Sign in risk (likelihood the sign in is coming from someone other than the user)
\n– Device platform (EG: if they login on a phone)
\n– Location (any location, a trusted location etc\u2026)
\n– Client apps (Browser or mobile apps)
\n– Device State (are they part of the hybrid network?)<\/span><\/li>\n
\n– Block or Grant access
\n– make them use MFA or use a compliant device
\n– Session controls: limited experiences within a cloud app
\n<\/span><\/li>\n<\/ul>\n<\/h1>\n
Access Reviews<\/h1>\n