Azure Active Directory

Azure Active Directory

May 11, 2024

Azure Active Directory or Access Control:-


Azure Active Directory

 



1. Microsoft Entra ID


Microsoft Entra ID is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services like Microsoft 365, Dynamics 365, Azure, and cloud-based applications.


2. What is Azure Active Directory used for?


Microsoft Windows Azure Active Directory (Windows Azure AD or Azure AD) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges. Its services include core directory, access management and identity


3. what is tenant in azure active directory?


An Azure AD tenant is a reserved Azure AD service instance that an organization receives and owns once it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365. Each tenant represents an organization, and is distinct and separate from other Azure AD tenants.


4. What is a tenant and subscription in Azure?


The primary purpose of a subscription is to provide a common billing paradigm for use of Azure services. A subscription might have one or more tenants, directories, and domains associated with it. A tenant is the organization that owns and manages a specific instance of Microsoft cloud services.



*Access Control Azure Active Directory ( Create Tenants):-


  1. Open Azure Active Directory.
  2. Manage Tenants.

     — Create

     — Azure active directory

     — Org-name             — Google

     — InitialDName       — Chrome

     — Region                — India   (Asia Pacific)


Review + Create.     

— Create.

 



  1. Manage Tenants and come to Overview.


       — Click on tenant 

     — User,  Name

     — Assign roles,   check roles.



*Get Azure AD Premium  P2 free trial Subscriptions:


      — Go to AAD.

      — license. 

      — get a free trial.

      — Activate.




*Create New user Account in AAD:


  1. Go to Azure Active Directory.
  2. Users.


— New Users

— Create new user

— enter details.

— Next

— Under Assignment,    — Add group     —Add role.


— Add existing group if exists.

— Aad role for user

— Create.



*Create Bulk User Account in Azure AD Using CSV File:

 

  1. Go to Azure Active Directory.


— User

— All users

— Bulk Operations 

— Download

— Open .csv file and details and save.


  1. Go to Azure portal.


— Browse .csv file for bulk-users

— Submit.



*Edit, Delete, Restore deleted users in AAD:


  1. Click on User

— edit properties    — do changes.

— delete users using delete button.

— Go to Deleted users.

— Select restore.





*Assign Role to the Users:


  1. Go to Azure Active Directory.


— Click on user

— Assigned roles

— +Add assignments 

— select roles which you want to assign 

— Add.



*To Delete or Remove Roles:


— Click on checkbox 

— Remove assignments    — Yes.




*Assign Azure Active Directory Role:


  1. Click on AAD


— Roles and administrators.

— Search role and click on it.

— Add assignments

— Select the users or group 

— Add


  1. To remove roles


— click on user or checkbox ✅ 

— remove assignments.





*Blocking User Account Sign-In: 


  1. Go to Azure active directory.


— Users

— Click on user

— edit properties

— Account enabled       — uncheck box   

— Save.

— Under Setting —> you can do the same.





*Configuring Default User Permission in AAD:


  1. Go to Azure Active Directory.


— Under Manage Sections 

— Click on User Settings

— Restrict as per requirements.      Inside External user also can change permission as well as User Features

— Click on Manage external collaboration settings 

— Enable guest-self-service sign up via user flows 

— Yes   —> Save.



  1. Go to External Identities.


— Under Self-Service sign up

— Configure user flows

— New user flow               — Ok

— Click on user flow-name and check all the details


— Applications     — Add applications   if you have publish app. Add it here





*Administrative Units in AAD [Azure Active Directory]:


  1. Go to Azure Active Directory.


— Administrative Units

— +add, Name - India, description

— Create.


  1. Go to Azure Active Directory    —> administrative units

— India

— Add, Remove Member.




*Create a Group and Add Members in AAD:



  1. Go to Azure Active Directory.


— Group

— New group 

— Group type     — Security 

— Group name   — DevOps Team

— Group Description   — All Users from India in DevOps Team.

— Add owners

— Add members

— Create.



— Click on group (DevOps Team) 

— member

— add members  — select. 

— owner        

— add owners

— Roles & administrators.     — ✅

— administrative units            — assign administrative units.





*Manage Groups in Azure AD:


  1. Go to Azure Active Directory.

— Groups

— Create two groups Test1, Test2.


Test1   — Owner  

            — add owner

            — select 

            — delete previous one.


Test2  — Group membership 

            — Test1

            — select 


Go to Test1   

           — Members     (See the Test2)


  1. Go to AAD


— Users

— User1       — groups

— +add membership       — Test2     — select 


— Test1        — Remove memberships.






*Guest User for Invitation:


Create Guest User for Invitation:-


  1. Go to Azure active directory.


— User                         — new user

— Invite exter-user 

— Email                        — zoom@zts.com      (other required details)

— Create.  




*Manage Guest User Account in AAD:


  1. Go to Azure Active Directory.


— Users                         — user

— do the changes           — Save

— groups                        — +add memberships       

                                        — select


—> Another method:  Azure AD      — Group

— Group-Name        — member

— Search                  — select           — add


—> Check invitation status               — go to user        — properties   — check invitation stat.


— Assign role for guest user            

— Go to Azure Active Directory.

— Roles and administrator

— User administrator 

— Add assignments                        select user,    — add.




 

                                                          

*Setup Email One-Time Passcode:


Setup Email One-Time Passcode Authentication for guest user in Azure AD.


  1. Go to Azure Active Directory.


— External Identities 

— All Identity providers

— Email one-time passcode

— Enable email one-time passcode for guest user

— effective now 

— Save.


  1. Go to Azure Active Directory.


— New guest user

— invite





*Configure expiration policy for Microsoft-365 Group in Azure AD:



  1. Go to Azure active directory.


— Expiration 

— group lifetime    — 180

— zts360.com


— select                  — Microsoft-365 group

— select                  — +Add.


(Before doing this create Microsoft-365 group )


— Delete group.

— Restore group.






*Assign License to User and Group in Azure Active Directory:



  1. Go to Azure Active Directory.


— License                            — All products 

— Microsoft Entra ID P2

— +Assign

— +add users & groups       — select 

— Review + Create             — Assign 


Check Licensed users, Groups.






*Enable Self Service Password Reset in Azure Active Directory:



  1. Azure active directory.


— Groups 

— Members

— Come to AAD Overview Page

— Password reset

— Selected                    — No group selected 

                                       — DevOps Team  (group_name)

                                       — Select

                                       — Save.


— Authentication method        — Yes

— Registration                         — 180

— Notifications  — Yes, Yes    — Save.





















About

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)