Showing posts with label Az-305. Show all posts
Showing posts with label Az-305. Show all posts

Monday, December 5, 2022

Azure Active Directory

Before we get into understanding of Azure Active Directory (AAD), let us understand what is an Identity.

What is an identity?
An identity is an Object mostly userid with a password that is used for authentication / authorization.

What is Azure Active Directory?
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Why do we need identities on Azure i.e., AAD?
Azure AD or Identies on azure are needed for
1)login to portal==>>portal.azure.com 
2)Get access to azure resources (RBAC) 
3)Get access to SaaS (Software as a Service) Applications.

Authentication: 
Authentication is the process of proving that you are who you say you are. This is achieved by verification of the identity of a person or device. It' s sometimes shortened to AuthN. Ex: userid and password.

Authorization:
Authorization is the act of granting an authenticated party permission to do something. It specifies what data you ' re allowed to access and what you can do with that data. Authorization is sometimes shortened to AuthZ. Ex: Accessing resources like fileshares, applications etc with the authenticated credentials.

AADS (Active Directory Domain Services) vs AAD (Azure Active Directory)











Hybrid Identity Environment is where both Onprem Identity Service  (ADDS) and Azure Identity Service ADDS are used.

Hybird identity = Onprem identities (ADDS) + Azure Identity (AAD)

Azure AD Tenant / Directory 

Tenant: 
A dedicated and trusted instance of Azure AD. The tenant is automatically created when your organization signs up for a Microsoft cloud service subscription. These subscriptions include Microsoft Azure, Microsoft Intune, or Microsoft 365. An Azure tenant represents a single organization.

Directory: 
Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant' s users, groups, and apps and is used to perform identity and access management functions for tenant resources.

Initial Domain Name:
Tenant will get a initial domain name, which is generated based on the email addr you used to signup. Ex:If you are using abc@xyz.com to signup Initial domain name would be abcxyz.onmicrosoft.com. We cannot delete the initial domain name, however you can add you own custom domain(s)



Monday, November 28, 2022

Virtual Network Peering

Vnet peering enable communication between vnets, with in the same region, different regions, different subscriptions and ofcourse different Tenants. 

Vnets will helps with isolation which means resources accross vents will not communicate with each other, hence the need of Peering. 

Peering between the Vnets in the same Region is called Regional Vnet Peering
Peering between the Vnets in the different Regions is called Global Vnet Peering.

Vnet Peering traffic will go through private network of azure, which give you below advantages.
    *Secure
    *Reliability
    *Better performance

Peering should always two ways, If you create onway peering, two way communication will not work.
If you want allow traffic one way the other way to be bloked do it by Network Security Groups (NSG).

Here is the video which help you with the configuration of both Regional and Global Vnet Peering.