Table of Contents
Azure Active Directory
Return to Focus or Active Directory
“Azure Active Directory is an Identity and Access Management as a service (IDaaS) solution that extends your on-premises Active Directory into the Azure cloud and provides single sign-on to Azure, Office 365 and thousands of cloud (SaaS) apps and access to web apps you run on-premises.”
“Built for ease of use, Azure Active Directory enables enterprise mobility and collaboration and delivers advanced identity protection through multi-factor authentication (MFA), security reports, audits, alerts and adaptive conditional access policies based on device health, user location and risk level.”
Azure AD MFA
About enabling multi-factor auth: Read the Azure AD MFA deployment guide (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted) if you haven’t already. If your users do not regularly sign in through the browser, you can send them to this link to register for multi-factor auth: https://aka.ms/MFASetup
Other capabilities
- Access reviews
Azure AD Identity Protection
Identity Protection - User Authentication
-
- Use Azure AD Password Protection to help eliminate easily guessed passwords from your Active Directory environment. Eliminating these passwords helps to lower the risk of compromise from a password spray type of password attack.
Specifically, Azure AD Password Protection helps you:
- Protect your organization's accounts in both Azure AD and Windows Server Active Directory (AD).
- Stops your users from using passwords on a list of more than 500 of the most commonly used passwords, and over 1 million character substitution variations of those passwords.
- Administer Azure AD Password Protection from a single location in the Azure AD portal, for both Azure AD and on-premises Windows Server AD.
Setup questions
- By default, a basic domain name at onmicrosoft.com is included with your directory. Later, you can add a domain name that your organization already uses, such as contoso.com.