Okay, so the next thing we're going to be talking about is we're going to be looking at Azure Identity Management. Azure Identity Management when we're thinking about it it's a directory as a service. What a directory as a service is is means that we have our identities up in Azure. And so Azure has been around since BPOS which is Business Productivity Online Services. And then Office 365 and that's when people was like, well, what's in the back end? Well, it's Azure. So Azure Active Directory is pretty much the same as what we have with Active Directory on-premises. Now, there are some differences, and so we're going to talk about Azure AD. We're looking at creating and managing users in groups. Well, we'll look at guest accounts, bulk user configuration, we'll look at the self-services password reset, Azure AD Join, managing device settings, adding custom domains. We'll talk about Azure AD Connect, Azure MFA, configuring accounts with MFA, verification methods. We'll look at configuring fraud alerts, configuring bypass options and configuring trusted IPs. So we're going to cover a lot of different things. It's going to be broken into different sections. So let's go ahead and start with section one. So we're going to talk about Azure AD. And so, when we deal with Azure AD, Azure AD like I said is Directory as a service, this provides us with the ability of having identities. Now, these identities could be and Azure itself or they could be a federated environment. When you sign up for your Microsoft 365 Dynamics and tune you're assigned an Azure AD tenant, and this is where we store the identities for Azure. It's similar to Active Directory that we have been using for years since Windows 2000. Azure AD is a little different. We'll be exploring differences later in this module. Now, when you sign up for these services, we're given either Azure Basic and Azure P1 or an Azure P2. Now Azure Free is another Azure addition that you can use, also you get to help you start with off with your directory as a service. Now, the things that you have to keep in mind is the more you pay the more you play. What I mean is the higher level the more features that you're available with the version. Now the one difference between Active Directory and the one that we have on-premises is that it's in the cloud. And that way you access it or query it differently. Azure AD is accessed through the REST API, which uses HTTP and HTTPS, where Active Directory is using LDAP.. Azure AD also uses OpenID for authentication and OAUTH for authorization. We'll talk about those later on in a different module. Now, the thing is is with Azure active directory, do we access it through HTTP, HTTPS? Active Directory domain services that we have on premises, We Implement through LDAP. Also Azure AD is flat, so it doesn't have any OUs where Azure Active Directory does have OUs. Now Azure Active Directory also uses Kerberos, where Azure AD uses OpenID and OAUTH. Azure AD and Active Directory Domain Services are similar in the way that they work, but there are some differences when it comes to accessing. You access Azure AD using HTTP, HTTPS, REST API. Active Directory Domain Services is accessed or queried using LDAP. The authentication is done through OpenID Connect for Azure AD and OAUTH for authorization where Active Directory Domain Services uses Kerberos and NTLM, this is not friendly for the cloud. To manage users and devices in Azure Active Directory we use a Group Policy Objects or GPOs, Azure AD uses Intune. Azure AD is flat and does not have OUs like Azure Active Directory or Active Directory Domain Services. Azure AD is managed by Microsoft and is fully managed environment. We manage our own AD on-premises. Azure AD is built for the cloud and is very flexible. But sometimes the applications that we have on-premises are not able to work with the way that we need them to in the cloud. So we have to re-architect the apps. Now, there's another option which is Azure Active Directory Domain Services, and this acts like the on-premises AD but it does not require the management that we would do on-premises. This is managed by Microsoft, this is used to help extend our AD or do a lift and shift without re-tooling our apps. This is similar to MAD, which is Microsoft Active Directory, and AWS, domain controllers and all upkeep is done by Microsoft. Azure AD comes in different editions. Free is used to get you started with your Azure AD and offers basic features such as support for up to 500,000 objects, gives you single sign on for apps, you can also work with your partners with B2B for external users. You can also synchronize with your on-premises environment and support self-service password changes, groups and standard security reports. The next step is Azure Basic. This provides the same features as Free but 99.9% SLA. Self-service password reset and you can put your own logo on the pages to make it more customized, plus has support for application proxy. Next step is the P1, and this is available with Microsoft 365 E3 more as an add-on. It also has all the features of Azure AD Basic and Free. P1 also offers advanced reporting. You can also implement some of the MFA features, multi-factor authentication, and this edition introduces conditional access policies. There's also mobile device management, which is MDM capabilities with auto-enrollment. There's a Cloud App Discovery and Azure AD Connect Health. The final edition has all of the above. And is P2 is E5 or EMS E5 which is Enterprise Mobility Suite E5. And this introduces Azure Identity Protection, privileged identity management. Now, these are covered more in death in the AZ 500 exam and courses. So you should take a look at it when you have a chance.
