Skip to content
Menu
e-lo [IT Engineer life]
  • Home
    • Note
  • Database
    • T-SQL
    • SQL Server quick
    • SQL server docs
    • MySql quick sheet
    • Postgre
    • InfluxDB
  • Programming
    • MS Azure Powershell
    • MS Azure Command-Line Interface (CLI) doc
    • Python Docs
    • Python Logging
    • Python-cheat-sheet
    • Git-guide
  • Azure
    • MS Windows virtual machines in Azure
    • MS ARM Docs
    • MS ARM Template Docs
    • MS ARM Functions
    • MS Bicep+ARM
    • MS ARM Tutorial
    • MS Deployment scripts (intern/extern)
    • MS Virtual Network
  • Az-nutshell
    • ms-technology-choices-compute-decision-tree
    • ms-data-store-decision-tree
    • ms-data-explorer
    • ms-storage-explorer
    • ms-azure-sql
    • ms-common-data-services
    • ms-azure-mysql-daas
    • ms-sla
    • az paas
    • az glossary-quicksheet
    • az-test-vm-script-quickguide
  • Linux
    • Top CMD’s
    • Useful CMD Linux
    • ss64 Linux
    • Ubuntu
    • 30 things Ubuntu 18.04
    • Bootable Ubuntu USB
    • LinuxFilesystemTreeOverview
  • Sys Admin
    • System Administrator
    • Sys News
  • Zen
    • Not thinking about anything is Zen
e-lo [IT Engineer life]

AD 101

Posted on August 23, 2020January 4, 2021 by espenk

AD Concepts

  • Identity, can be user, app, servers that need auth through cert or keys
  • Account, an identity that has some data associated
  • Azure AD Account, identity created through Azure AD
  • Azure subscription, pays for cloud services
  • Azure tenant, dedicated and trusted instance of Azure AD, automatically made when signs up for MS cloud subscription (i.e MS Azure, Intune, o365). Tenant is a single organization
  • Azure AD directory, tenant has a dedicated/trusted AD directory (Includes:users, groups, apps) for preforming identity and and access functions

Azure AD vs AD DS (Win server -based)

  • Identity solution, designed for HTTP(S)
  • REST API q, since it is HTTP(S), we cannot use LDAP, but REST API
  • Communication protocols, since it is HTTP(S), it does not use Kerberos, but web protocols ; SAML, WS-Federation, OpenID for authentication (and Oauth for authorization)
  • Federation service, is included, 3party services like Facebook
  • Flat structure, there is no OU (org unit) or GPO (group policy objects)

Azure AD comes in four editions, free, O365 apps, premium p1, premium p2

Azure AD JOIN

Enables single sign-on to services and apps from wherever. So IT admin must ensure that organization’s are protected and that the app / services / devices meets standards.

Connection options is:

Registering: add device to Azure AD, to manage the identity, AD provides the device with identity for authentication the device when users signs in. Identity can be used to enable / disable.

Joining: device is an extension to registering a device. You get all from registering but also the change of state for the device. I.e use work account instead of personal.

There is also SSPR, self-service password reset to reset your own password, in active directory->password reset:

Under manage:

Users and groups

Managing users, add new. Bulk user accounts with Powershell

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/users-bulk-add

Group accounts

Two types of groups

Security groups,common and for manage member and machine access to shared resources for a group. I.e create security group for a security policy, so we can set permission to the hole group with members.

O365 groups, giving members access to mail, calendar, SP etc. Also for people outside of org

Adding members with Assigned (add user to group), dynamic user (automatically add and remove users/members, if users atrb. changes, then the user will be added or removed depending on the rules/requirements ). Dynamic device(security groups), same as above but for devices, added/removed depending on rules/requirements.

https://docs.microsoft.com/en-us/azure/active-directory/

RSS Azure

  • Scale your cloud-native apps and accelerate app modernization with Azure, the best cloud for your apps May 24, 2022

RSS RabbitMQ

  • RabbitMQ 3.8.15 release

RSS Python

  • PEP 691: JSON-based Simple API for Python Package Indexes May 4, 2022

Tags

5 min (26) Ansible (1) ARM (10) azure (40) cmd (3) Django (4) Docker (1) e-lo (2) Flask (2) Github (9) Grafana (2) Information (7) Information Retrieval (13) JAVA (1) kivy (2) Kotlin (6) linux (15) mobile (2) Natural Language Prossesing (NLP) (2) Net.Core (1) Networking and Security (6) OPC (2) PEP8 (1) Philosophy (3) Python (47) Python Networking and Security (5) Reason (2) RMQ (3) Solr (11) Sql (10) Uncategorized (2) VSC (1) Warframe (2) WMVARE (4) Zabbix (7)

Recent Posts

  • 5 min Logic App Storage Table
  • 5 min Logic App PSQL
  • 5 min Logic App
  • 5 MIN Azure Data Explorer
  • TODO Build a Hash Table in Python With TDD Real Python

Archives

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Photo by Markus Spiske from Pexels "Matrix"

©2022 e-lo [IT Engineer life] | Powered by WordPress & Superb Themes