AD Concepts

Azure AD vs AD DS (Win server -based)

Azure AD comes in four editions, free, O365 apps, premium p1, premium p2


Enables single sign-on to services and apps from wherever. So IT admin must ensure that organization’s are protected and that the app / services / devices meets standards.

Connection options is:

Registering: add device to Azure AD, to manage the identity, AD provides the device with identity for authentication the device when users signs in. Identity can be used to enable / disable.

Joining: device is an extension to registering a device. You get all from registering but also the change of state for the device. I.e use work account instead of personal.

There is also SSPR, self-service password reset to reset your own password, in active directory->password reset:

Under manage:

Users and groups

Managing users, add new. Bulk user accounts with Powershell

Group accounts

Two types of groups

Security groups,common and for manage member and machine access to shared resources for a group. I.e create security group for a security policy, so we can set permission to the hole group with members.

O365 groups, giving members access to mail, calendar, SP etc. Also for people outside of org

Adding members with Assigned (add user to group), dynamic user (automatically add and remove users/members, if users atrb. changes, then the user will be added or removed depending on the rules/requirements ). Dynamic device(security groups), same as above but for devices, added/removed depending on rules/requirements.