Before we get into understanding of Azure Active Directory (AAD), let us understand what is an Identity.
What is an identity?
An identity is an Object mostly userid with a password that is used for authentication / authorization.
An identity is an Object mostly userid with a password that is used for authentication / authorization.
What is Azure Active Directory?
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your
employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Why do we need identities on Azure i.e., AAD?
Azure AD or Identies on azure are needed for
1)login to portal==>>portal.azure.com
2)Get access to azure resources (RBAC)
3)Get access to SaaS (Software as a Service) Applications.
Azure AD or Identies on azure are needed for
1)login to portal==>>portal.azure.com
2)Get access to azure resources (RBAC)
3)Get access to SaaS (Software as a Service) Applications.
Authentication:
Authentication is the process of proving that you are who you say you are. This is achieved by verification of
the identity of a person or device. It'
s sometimes shortened to AuthN.
Ex: userid and password.
Authorization:
Authorization is the act of granting an authenticated party permission to do something. It specifies what
data you
'
re allowed to access and what you can do with that data. Authorization is sometimes shortened to
AuthZ.
Ex: Accessing resources like fileshares, applications etc with the authenticated credentials.
AADS (Active Directory Domain Services) vs AAD (Azure Active Directory)
Hybrid Identity Environment is where both Onprem Identity Service (ADDS) and Azure Identity Service ADDS are used.
Hybird identity = Onprem identities (ADDS) + Azure Identity (AAD)
Azure AD Tenant / Directory
Tenant:
A dedicated and trusted instance of Azure AD. The tenant is automatically created when your organization signs up for a Microsoft cloud service subscription. These subscriptions include Microsoft Azure, Microsoft Intune, or Microsoft 365. An Azure tenant represents a single organization.
A dedicated and trusted instance of Azure AD. The tenant is automatically created when your organization signs up for a Microsoft cloud service subscription. These subscriptions include Microsoft Azure, Microsoft Intune, or Microsoft 365. An Azure tenant represents a single organization.
Directory:
Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant' s users, groups, and apps and is used to perform identity and access management functions for tenant resources.
Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant' s users, groups, and apps and is used to perform identity and access management functions for tenant resources.
Initial Domain Name:
Tenant will get a initial domain name, which is generated based on the email addr you used to signup. Ex:If you are using abc@xyz.com to signup Initial domain name would be abcxyz.onmicrosoft.com. We cannot delete the initial domain name, however you can add you own custom domain(s)
Tenant will get a initial domain name, which is generated based on the email addr you used to signup. Ex:If you are using abc@xyz.com to signup Initial domain name would be abcxyz.onmicrosoft.com. We cannot delete the initial domain name, however you can add you own custom domain(s)
