1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Azure Active Directory Security

What is Azure AD?

Contents

keyboard_tab
Overview of the course
1
Course Intro
PREVIEW1m 24s
Introduction to Azure AD
2
What is Azure AD?
PREVIEW5m 45s
Secure Access to Azure AD
Integrate Securely with Azure AD
Summary

The course is part of these learning paths

AZ-500 Exam Preparation: Microsoft Azure Security Technologies
course-steps 11 certification 1 lab-steps 3
AZ-103 Exam Preparation: Microsoft Azure Administrator
course-steps 15 certification 6 lab-steps 8
AZ-203 Exam Preparation: Developing Solutions for Microsoft Azure
course-steps 20 certification 1 lab-steps 7
Architecting Microsoft Azure Solutions
course-steps 10 certification 6 lab-steps 5
Azure Services for Security Engineers
course-steps 8 certification 4 lab-steps 3
more_horiz See 4 more
play-arrow
What is Azure AD?
Overview
Transcript
DifficultyBeginner
Duration41m
Students2262
Ratings
4.6/5
star star star star star-half

Description

Azure Active Directory Security

Azure Active Directory, commonly referred to as Azure AD, is Microsoft’s Identity and Access Management service in the Cloud. It manages users, groups, and applications along with their access to other applications and resources running in the cloud. This is exactly what we have with traditional on-premises Active Directory. Azure AD runs as a cloud service and thus can be thought of as Identity and Access Management as a Service.

This course is an introduction to Azure AD security and covers topics related to securing users, groups, devices, and applications as well as cover hybrid identity infrastructure solutions and much more!

What You'll Learn in this Course

Lesson What you'll learn
Overview of the Course Overview of the course and the Learning Objectives
Introduction to Azure AD An intro to Azure AD and Cloud Security
Secure Access to Azure AD Discuss users, group, apps, and RBAC
Integrate Securely with Azure AD Azure AD Connect, Identity solutions, MFA, and App Integration
Identity Management Discuss Identity Management and premium features
Summary Summary and Course Wrap-up

 

About the Author

Students6378
Labs1
Courses2
Learning paths2

Chris has over 15 years of experience working with top IT Enterprise businesses.  Having worked at Google helping to launch Gmail, YouTube, Maps and more and most recently at Microsoft working directly with Microsoft Azure for both Commercial and Public Sectors, Chris brings a wealth of knowledge and experience to the team in architecting complex solutions and advanced troubleshooting techniques.  He holds several Microsoft Certifications including Azure Certifications.

In his spare time, Chris enjoys movies, gaming, outdoor activities, and Brazilian Jiu-Jitsu.

Azure Active Directory, commonly referred to as Azure AD, is Microsoft’s Identity and Access Management service in the Cloud. It manages users, groups, and applications along with their access to other applications and resources running in the cloud. This is exactly what we have with traditional on-premises Active Directory. Azure AD runs as a cloud service and thus can be thought of as Identity and Access Management as a Service.

It’s very often that the main vulnerability to an individual or organization’s infrastructure are end-user accounts and devices. Making sure one has a very robust Azure AD setup is imperative to help prevent or identify key vulnerabilities in the system. This course in an introduction to Azure AD security and covers topics related to securing users, groups, devices, and applications.

The main feature of Azure AD is connecting users, applications, and devices to the cloud whether that users originates in the cloud or form on-premises. One of the major goals is to offer users a clean, Single Sign-On experience and seamless integration with existing on-premises infrastructure. This meshes well with the Hybrid Identity model which we’ll get into more later in the course.

Microsoft’s Identity and Access Management solution adopts many industry standards such as SAML, WS-Federation, and OAuth in addition to multi-factor authentication. Functioning as the middle-layer, Azure AD connects users and applications securely to cloud services such as Office 365 and other Enterprise applications.

Let’s discuss several common use-cases for Azure AD. As previously mentioned Azure AD gives on-premises users single-sign on access to Office 365. Another benefit is the cost-savings from the reduced overhead of B2B application integration since additional account creation is unnecessary. Azure AD offers application usage monitoring and protection reports against advanced threats. When integrating with on-premises infrastructure Azure AD is designed to make sure each remote access connection to the cloud is secure and has features to enforce rule-based Multi-factor Authentication for both on-premises and cloud applications.

Security is very important in any environment. And when moving to the Cloud one can never escape the topic of security. Cloud security has a certain philosophy which may be slightly different than what you’re used to on-premises. These philosophies become features built into the product.

In a world where we embrace Bring-Your-Own-Device (BYOD) and where connections and applications run across the internet and not fully controlled in your own building on your own private intranet, one has to have an evolved mindset when it comes to Security.

Azure is designed and developed around an “Assume breach” concept as opposed to the traditional “prevent breach” security model. In a prevent breach scenario we spend a lot of time and money in stopping “bad” things from happening. We did things such as prevent Denial of Service (DDoS) attacks, lock down and harden our systems through updates and antivirus software, create demilitarized zones on the network, scanned systems and ports for vulnerabilities, etc. Even after all this, systems continued to be breached. That doesn’t mean not continue to do this, but it does mean we need to do more.

Microsoft has decided that in addition to what we’ve said above we also need to implement features that assumes a breach could potentially happen and provide tools to isolate and minimize risk and damage from a potential breach. These tools and processes also help to quickly recognize where a breach occurred and quickly identify the attacker in the system and close off access. Vulnerabilities often come from user account control or unsecured devices which has limited access, and thus finding the attacker quickly before higher levels of security access is gained is key to securing your cloud environment. We’ll learn about these security controls such as when we cover Role-Based Access and Control, or RBAC, later in this course.

Also, in addition to a traditional IT and security organization we have to realize that in public cloud computing the cloud service provider is also involved and thus Security of your environment is a Shared Responsibility. So knowing your own IT and security infrastructure is one side, but also knowing the responsibilities and operations of your cloud service provider and how it fits your security requirements is also necessary. There we be a limit to how much you can access and control and there is a certain level of trust in the system which should be clearly documented by the cloud service provider and the actions they may take on your behalf.

There are tools available to help you monitor and audit your environment which you’ll learn later in the course.