Azure AD learning resources

Introduction

A collection of links with simple notes, specializing in things related to identity management, such as Azure Active Directory. The source of information is mainly official documents. Based on information obtained from publicly available information that can be obtained by searching on the net

Azure Active Directory

  • What is Azure AD ?

Cloud-based identity and access management services. Used by IT admins, app developers, app subscribers such as Office 365. You can manage directories by selecting “Azure Active Directory” from the menu of the Azure portal.

  • Azure AD SLAs
  • Official information

Tools

Both fiddler and postman seem to be useful, but are they preferred rather than used properly? I haven’t touched on it in depth yet, so I’d like to keep track of which one is easier to use after using it for a while.

PowerShell

  • Azure Active Directory V2 PowerShell Module
  • Azure Active Directory PowerShell for Graph
  • RSAT: Remote Server Administration Tools, Active Directory user management cmdlets

Debug, test

A tool that can record HTTP / HTTPS traffic between your device and the Internet, inspect the contents of communications for debugging, rewrite the contents of requests / responses, and test performance and security. Download page

The following was helpful for what kind of tool it is. The operation that was performed with curl can be done more conveniently with the GUI.

Browser extension installation, for example Firefox https://addons.mozilla.org/en-US/firefox/addon/access-panel-extension/

A tool for searching data using control commands that start with dot and queries that start with characters other than dot.

Multi-factor authentication

  • How it works

Azure Multi-Factor Authentication: MFA Can be used with the conditional access policy function. With “Trusted IP”, you can skip MFA by signing in AAD from your company’s NW. Requires Premium P1 or higher.

  • App password

Functions for apps that do not support 2-step authentication

Azure AD Privileged Identity Management (PIM)

You can use administrator privileges only when you need it. Very different but sudo like image.

  • Identity: The target of authentication. OS user accounts, K8s service accounts, etc.
  • Principal: Identity with an authorized role.
  • Service Principal: Identity used in services and apps, with some Role attached.

Azure AD Identity Protection

Automatically detect suspicious sign-ins and events. You can check the result report on the portal, receive alert notifications, etc.

Azure AD connect

  • What is Azure AD Connect?

Integration of on-pre-AD and Azure AD

  • Single Sign-On (SSO)
  • ADFS integration
  • Password hash authentication
  • Pass-through authentication
  • sSSO (seamless SSO)

SSO, protocol, passwordless sign-in

Other services and functions related to AAD

DevOps Consultant. I’m strongly focused on automation, security, and reliability.