Let’s get to know about Azure Active Directory — I Tharala Madhusanka (Foiow } May 8-5 min read ello guys, hope you all are doing good, under this pandemic H situation, While being quaratined, thought to discover more about Azure Active Directory, and bring it to you as a series of articles. My main purpose of these articles is to discuss core concepts, mechanisms, security protocols and architecture behind the Azure Active Directory. And next, I thought to bring you this as a Q&A model. Before start, one thing I want to say, I really wish to have your feedback, comment and questions to make this success and correct me If something is not in the way I explained. So , that’s why [titled this as ‘Let’s get to know... In this article I expect to discuss fundamental concepts of the Azure Active Directory.So, Let’s start, LET'S GET TO LEARNING! QL. What is the problem? Scenario 1— Imagine your business is using different internal applications. Now you want to provide the access, for the employees with different permissions. Some can only read, some can read/write, some cannot access etc, How are you going to do this? You can create Sign in accounts for each employee including the permission level, for each application Scenario 2— imagine your business is going to use an external service, let’s say Microsoft 0365 Outlook, and you want to provide the access for youremployees to use the outlook email. So for this you have to create separate account for each employee to access the email. By now, you have created two accounts for an employee, 1. To access internal applications and this account is handled by internally. 2, To access external application and this account is handled by externally. When it comes to huge no of employees in the business, as an IT administrator you may have to maintain huge no of different accounts, internally and externally. This is tedious and hectic task.NOY extemal Avplication/Service image — the problem When you see the above illustration you can see that, you have to maintain number of accounts for an employee to grant the permission to access different applications, with different permissions. Can't we simplify this? In the organization, each employee has unique Identity (Employee Id) to identify an employee uniquely. So why cannot use this Id, to grant the permission to access different applications, internal or external, with different permission levels. “One Account, Multiple Access” This means, you do not need to maintain huge no of different accounts for an employee, instead you use one account for an employee, and it can be granted permissions to use the applications with under different access levels. This is where Azure Active Directory comes in to the picture.When it comes to the trend of Cloud “Anytime, anywhere”, everything is, considered as a Service. That’s where introduced Software as a Service, By based on this concept Microsoft introduced Azure Active Directory, Identity & Access Management Service, which for organizations can use to maintain accounts of their employees, business partners, customers, by granting permissions to access different services, with different access levels, with more advanced security features. This is the problem I see, what Mictosoft tried to resolved by AAD, but you may see another thing. So, tell © troducing by Q2. What is ‘Azure Active Directory’? Azure Active Directory, here onwards I mention as AD, is “Fully Managed, Multi-Tenant Identity & Access Management Service introduced by Microsoft.” In the other words, this says “One account, access multiple services”. This has two key words.a, Fully Managed — This does mean, regarding the security features, and the protection is completely handled by the Azure. The features such Single Sign On, Multifactor Authentication, OAuth 2.0 protocol etc. you do not worry about those, and Azure does handle those. b. Multi-Tenant — This does mean working together, or share and work. This is described later in this article. AAD enables your employees sign in and access in external or internal services or resources, under the given permission level. This does mean not asin the above which discussed in Q1, by maintaining single identity for an employee can be enabled to use different resources, service or applications, internal or external B npr an AoweAD Azure Active & Set Oa | Windows Server Rati Beectny Your wn bane: Ete denite: “ppicanore eo —Slay i image — AAD Service | Source — https!/knowledge-junction.comThis image shows you what types of resources you can enable to access through AAD. Now as an IT admin you do not need to worry to maintain multiple accounts for an employee, to enable multiple services. AAD is a centralized place to manage users, roles, permissions & services Q3. What are the benefits of AAD for a business? There are many benefits and advantages can have using AAD. a. Single-Sign-On (SSO) for multiple applications — You can enable your users to consume multiple services, by signing only once. b. Integration with an existing windows Active Directory — You can use on- premises identity provision to manage access to cloud features. c. AAD Multifactor Authentication and conditional access d. Multiple Platform functionality e. Global Availability — around the world, this is running on 28 data centers.f. Role based access control (RBAC) Q4. What are the AAD Types/License & Features? When it comes to license, AAD presents different types of license by facilitating different security features and services. a. AAD Free b. AAD Basic (removed) c. AAD Premium-1 d. AAD Premium-2 . Pay-as-you-go feature licenseFurther, pay-as-you-go feature license enables to have different features such as Azure Active Directory Business-To-Customer (B2C) which can use to provide access & identity management solutions for your customers, including all the P1 features. Q5. AAD Terminology In order to understand or work with AAD, it is must to have an understanding on different terms using with it. Anything can be Authenticated, meens cen be Identified uniquely. ‘bata associated with Ident, ‘an Kdantty crested trough AAD or another‘Azure Subscription Single Tenant Multi-Tenant ‘Azure AD Directory (Microsoft sui, such outlook 03655 ate, “The plan you areusing such as Free, Premium Your orgenization inside the AAD service, This represents your organization, and here nse you create your users, groups, accessible sevice ate. Live alone, This means your arganizaton the ony owner of mfrastructur, yeu have your own decicated environment. Live by Sharing. You exists in a shared ‘environment, whare multiple organizations use Consume the infrastructure and services. ‘every tenanthas dedicated (ts own) Drectery Which contains organeation’s users, groups, services ete, image — Terminology Q6. What are the protocols supported by AAD? Azure AD supports many standardized protocols for authentication and uthorization. a. WS-Federation (Web Service Federation)b. SAML-P c, OAuth 2.0 4. Open ID connect That's all for this article. Here I expected to have an introductory discussion about AD, the key terms of AAD which we should know when we move with AAD. So, feel free to ask questions, correct me on what I missed or wrong, and I really appreciate it. So, in my next article I wish to discuss about AAD User Roles. So untill then, Enjoy Learning & Stay Safe ! & References 1, https://does.microsoft.com/en-us/previous- versions/azure/dn151124(v=azure.100)?redirectedfrom=MSDN 2, https://www.red-gate.com/simple-talk/cloud/security-and- compliance/azure-active-directory-part-1-an-introduction/ 3. https://docs.microsoft.com/en-us/azure/active- directory/fundamentals/active-directory-whatis4, https://cobweb.com/latest-news/10-reasons-why-you-should-be-using- azure-active-directory 5, https://www.sherweb.com/blog/cloud-server/microsoft-azure-active- directory/ Azure Azure Active Directory Microsoft Cloud Services| Discover Medium Make Medium yours Become a member