AZ-900
Describe Azure identity, access, and security
Azure directory services

Azure directory services (DS -> Custom name)

MS Entra ID is used for cloud applications -> Microsoft monitors the log in attempts and also reports to the user if there are any suspicious activities.

Active Directory is locally on the on-prem server. This can not be accessed from the cloud and also not monitored by MS.

Who uses MS Entra ID

  1. IT administrators: Can use Entra ID to control who got access to the applications.
  2. Developers: Can use Entra ID to secure the applications. It also allows to do integrate SSO.
  3. Users: User can manage their identity and also can use the same credentials for multiple applications. Also they can self-reset their password
  4. Online service subscruber: MS 365, MS Office 365, Azure and MS Dynamics already use Entra ID.

What does Entra ID do?

  1. Authentication: Entra ID authenticates the user and also checks if the user is authorized to access the application.
  2. Single sign-on (SSO): Entra ID allows the user to sign in once and then access multiple applications.
  3. Application management: Cloud and on-prem apps can be managed with Entra ID.
  4. Device management: Also can check if the user is allowed to enter with a certain device. E. g Intune managed devices are allowed but private devices not, even though they are logged in with the same user.

How does Entra Domain Services work?

Defining two namespaces with unique names which equals to the domain name. Two Windows Server domain controller are deployed to the region. It is known as replica.

How is the infromation synchronized

Only a one way synchronization is available from MS Entra ID to MS Entra DS. I can create resources directtly into the managed domain, but these are not syncrhonized over to the MS Entra ID.

Identify Azure file movement optionsDescribe Azure authentication methods