Professional Documents
Culture Documents
• Please log in 10 mins before the class starts and check your internet connection to avoid any network issues during
the LIVE session
• All participants will be on mute, by default, to avoid any background noise. However, you will be unmuted by
instructor if required. Please use the “Questions” tab on your webinar tool to interact with the instructor at any point
during the class
• Feel free to ask and answer questions to make your learning interactive. Instructor will address your queries at the
end of on-going topic
• We have dedicated support team to assist all your queries. You can reach us anytime at: support@edureka.co
• Your feedback is very much appreciated. Please share feedback after each class, which will help us enhance
your learning experience
01. Managing Azure Subscriptions And 11. Implementing And Managing Hybrid
Resource Groups Identities
03. Overview Of Azure Virtual Machines 09. Monitoring And Access Management
For Cloud Resources
This enables additional levels of validation, such as multifactor authentication and conditional
access policies
Monitoring suspicious activity through advanced security reporting, auditing and alerting helps
mitigate potential security issues
▪ Active Directory information is used to authenticate/authorize users, systems and resources which
are part of a network
Active Directory
Active Directory User
Computer
▪ Part of the organisation with a unique identity in the
domain ▪ Individual workstations, which are part of a network
▪ Can access the resources in the domain based on ▪ Each computer has a unique computer account
authorization that authenticates and authorises its access to the
▪ Each user account is unique and secured by a domain resources
password
▪ Two entities in Azure AD that will concern you the most during application
development are users and groups
RESOURC
E
OWNER
PAUL JOHN
ROB
Azure AD paid licenses are built on top of your existing free directory, providing
enhanced monitoring, security reporting, and secure access for your mobile
workforce
Note: Refer to Module-10 Demo1 Document on LMS for all the steps in detail
▪ Azure MFA and Azure AD SSPR give admins control over configuration, policy, monitoring, and reporting using Azure
AD and the Azure portal to protect their organizations
A phone call
It is recommended that you require Azure MFA for user sign-ins because:
• Something you have - a trusted device that is not easily duplicated, like a
phone
Checks that the user has this feature enabled and has an Azure AD license assigned - If not, the user is
asked to contact their administrator to reset their password
Checks that the user has the right authentication methods defined on their account in accordance with
administrator policy
02 Enter your username and the password that your administrator provided
▪ Office phone: Only
your admin can set this
Depending on how your IT staff has configured things, one or more of the option
03
following options are available for you to configure and verify: ▪ Authentication Phone
▪ Authentication Email
▪ Security Questions
04 Provide and verify the information that your administrator requires
05 Select finish. You can now use SSPR when you need to in the future
Enable
Choose Configure
Add users to password Test SSPR as
authentication password
register reset from the an end user
methods writeback
lock screen
Note: Refer to Module-10 Demo2 Document on LMS for all the steps in detail
Note: Refer to Module-10 Demo3 Document on LMS for all the steps in detail
2
Azure AD uses adaptive machine learning
algorithms and heuristics to detect anomalies that
indicate potentially compromised identities
To protect your organization's identities, you can To implement automated responses, Azure AD Identity
configure risk-based policies that respond to Protection provides you with three policies:
detected issues when a specified risk level has
been reached
Multi-factor Authentication Registration Policy
A risky sign-in indicates a sign-in attempt from someone that might not be the legitimate owner of a user
account
Based on the risk events that have been detected, Azure AD calculates a value that represents the
probability (low, medium, high) that the sign-in is not performed by the legitimate user
The sign-in risk policy is an automated response you can configure for a specific sign-in risk level
- block access to your resources, or require MFA to gain access.
With the user risk, Azure AD detects the probability that a user account has been compromised
All risk events that have been detected for a user and didn't get resolved are known as active user risk
events
Based on the user risk, Azure AD calculates a probability (low, medium, high) that a user has been
compromised
The user risk policy is an automated response you can configure for a specific user risk level -
block access to your resources, or require a password change to get the user account back
Note: Refer to Module-10 Demo4 Document on LMS for all the steps in detail
Conditional access is a capability of Azure AD that enables you to control how resources are
accessed in your cloud apps
By using conditional access you can empower users to be productive and protect their
corporate assets at the same time
Conditional access policies are enforced after the first-factor authentication has been
completed
There are two types of conditional access policies: Device based CA policy and App based
CA policy
▪ Each control is either a requirement that must be fulfilled by the user signing in, or a restriction on
what the user can do thereafter
▪ There are two types of controls:
Grant controls - To gate access
Session controls - To restrict access within a session
When an organisation has many tenants, the name of core domain of the tenant is usually used to
remove any ambiguity
The name of the core domain is in the form *.onmicrosoft.com, where the * varies
A tenant may have many subscriptions, exactly one directory (Azure AD), and one or more domains
associated with it
• Your new tenant represents your organization and helps you to manage
a specific instance of Microsoft cloud services for your internal and
external users
• The Global administrator creates the tenant and can add additional
administrators to the tenant
Setting Value
DirectorySynchronizationEnabled True
PasswordSynchronizationEnabled False
SelfServePasswordResetEnabled True
UsersPermissionToCreateGroupsEnabled False
UsersPermissionToReadOtherUsersEnabled True
UsersPermissionToCreateLOBAppsEnabled False
UsersPermissionToUserConsentToAppEnabled False
Select
Create
13.Under Required
configuration steps, click
Configure
Note: Refer to Module-10 Demo6 Document on LMS for all the steps in detail
Azure AD SSO allows application management for existing users by reducing the need to manage multiple
passwords
SSO enables single sign-on across apps by reducing or eliminating sign-in prompts
Coupling Azure AD SSO with conditional access policies provides high levels of security capabilities for
accessing apps
These capabilities allow for granular control over apps, or groups that need higher levels of security
4. Click on Assign
Can add and update app registrations, but can't manage enterprise
Application Developer
applications or configure an application proxy.
Copyright © edureka and/or its affiliates. All rights reserved.
Summary