Azure Active Directory for Beginners with Andy Malone MVP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] i'm a microsoft mvp and a certified trainer you know i'm often asked how do i get started with azure active directory what is it where did it come from and i thought what a great idea for a session let's take a look so azure active directory for beginners now as i've mentioned my name is andy malone i'm an mvp i've been training now for over 22 years i speak internally for microsoft as well as many of their big events out there in my spare time when i have some i also write to like like to write novels as i should say so what i want to kind of talk about to you in this session is active directory to start with what do we mean by an identity service well just picture this you're going into your office building and obviously the first thing that you do is you need to get through the door now in most places in most office buildings or in most computer systems you're typically asked to go to a reception desk or to some kind of entry point so for example if it's maybe an internet website or a directory service you might be prompted for your username and password so once you enter that username and password you'll then uh that will be your authentication so you've identified yourself and if you're authenticated you'll then be asked or then be allowed to go further into the building now of course once you get in the building of course it not everything is a free reign and when you're in there um that you can maybe subdivide the building into different areas so depending on your security clearance or what your job role is you may have access to certain areas for example if you go to an airport and if i'm flying on a plane typically you'll have your identity you'll have your passport your government approved passport you'll have your airline ticket so that's your identity and authorization and once you've been authenticated you'll then be able to gain access to the building now in this example when you go into an airport you'll notice that not every door is open to you so in certain areas you need this key card to get past you can accomplish this in azure active directory with a feature called conditional access and if you look at some of my other sessions here on youtube you can learn all about that so once you're in the first thing that we need to talk about here of course is what do we mean by a directory service well a directory service is essentially nothing more than a database it's a collection of users groups contacts computers and so on active directory was first introduced back in 90 in the 1990s and again it's gone through a number of changes the latest iteration of this is windows server 2019 now active directory itself was originally based on a it was based on a server so you can see here we have a windows server and on that windows server um we have a database and as i said you can manage your user objects and users and groups and so on you would create all of these and they would be stored on that database and in this case it's called azure sorry active directory domain services or adds now you can obviously think um if you've ever used windows explorer which i'm sure you have you wouldn't just dump everything into the c drive you would typically put things into folders now in active directory we call these organizational units and of course you can have users and a user of course in a database is just an object and every object has attributes a first name a last name an email address a phone number and so on so within the scope of active directory we refer to this as the schema the complete set of objects okay now you can see that we can also have other ou's or organizational units so you for example you might want to organize your users by location by department and so on so the problem with windows server though and it's now considered legacy is that everything had to be installed on that single database so right away you're thinking well hey if everything's stored on that database what would happen if it went down if somebody kick the box over or pull the plug out or something like that that's it it's game over so what we have to do instead um you have to think okay well um how can we protect against that so you might think okay well if we've got multiple locations um now we'll just go back to that slide for a second two ways to think about a database is obviously the physical side of the database and also the logical side so this here is very much the logical side yes the organization of the objects within the database so our next example deals with obviously because it was active directory we had another issue the fact that you know you could ha you could install active directory on multiple servers and we call these domain controllers or dc's so if we have multiple sites again depending on how much traffic how many users you have to have more domain controllers and then replicate those to domain controllers at remote sites now as you can appreciate in those days this was pretty darn expensive and it was also quite complex if you had multiple organizations or multiple what we call um directory trees so for example here you see an organization at the top might have a number of sub-domains and these are based on location norway the us china the uk and so on so it was quite complex and expensive to set up but of course with the improvements um with cloud computing with broadband speed communications in general what microsoft have or launched a few years back is of course identity as a service and we call this azure active directory so in this case azure active directory is hosted in a microsoft data center and these things are huge okay and of course the data centers replicate to other data centers so looking at azure active directory you don't have individual servers so azure active directory is like windows explorer for everybody yes and as when you subscribe to office 365 or intune or any of those products the first thing that you do in azure is you create what we call a tenant so your tenant is like a bubble it's unique to you and you can manage it in in the case of all your users groups and devices within your organization and of course once you're managing that you can then secure it with various policies now the difference between azure active directory and active directory is there is no servers on premises you don't need anything everything is in the cloud it's managed as a service and it's backed up to you backed up for you with a guarantee of course so again you have the same attributes the same features that you've had before now the only difference here is of course that you have the enterprise administrator role so in this case our enterprise administrator role um one of the nice things about azure active directory is that you can have multiple tenants so you can even if you were let's say a service provider you could manage your customers on behalf of them okay and again underneath there we have lots of different um subscriptions to azure active directory so what i'd like to do is just i'm going to take you through a quick overview of azure active directory and just give you a little kind of look and feel for it so uh this is the azure active directory admin center and i'm going to click on this you can see the little triangle there the little pyramid and this is essentially where we manage all aspects of azure active directory so we create our groups we create our users and any kind of relationships and because what we what we call protocols the protocols for the internet are very different to what they were for the server-based active directory so here you can find that you can build relationships with many third-party organizations including google for example the other thing that you can also manage is you can manage applications within your organizations device management uh how applications are pushed out to users licensing this is huge in terms of how to use things so just uh absolute basics one of the first things that you're going to want to do is you're going to want to create a new user now you can in active also azure active directory you can create a new user or something called a new guest user a new guest user might be somebody who works outside your company a supplier a customer or something like that and the nice thing about guest users is you don't need a license they're absolutely free you can the typical rule of thumb is that you can have five guest users for every one paid subscription all right so what i'm going to do is i'm going to click on a new user so the username that i'm going to create i'm going to call her this is um i'm a big star trek fan so crusher b for beverly crusher um i'm gonna put in beverly okay and her second name of course is crusher um oops sorry yeah beverly crusher here i should say there we go and uh the last name here oops sorry i botched that up didn't i okay just pop that in there um so beverly okay now do you want to auto generate a password or do you want to let the user do you want to create a password on behalf of the user um i'm gonna what the heck i'm going to just say yeah auto generate one that's absolutely fine now this point is saying okay does the user need to be a member of a group um so i can go and click on groups here and let's say for example i have a group here called executives so i would think beverly you know she's a senior member of staff i'm going to make her a member of the executive group um the next thing i do you want to block her signing or do you want to allow her sign in so maybe you want to block a sign in if maybe for some reason she's uh the account's not ready so she's joining the company in a couple of weeks time and she's not quite ready yet um the job information well of course we know that she's a doctor and the department of course she's in medical and i'm good to go so let's go ahead now and create that user okay so once you've created the user we can now go back into beverly's account and we can have a look and here you can see that if she's got any assigned roles so again a role by the way is an administrative role so an administrative role means is she going to get any kind of administration center admin access okay and um again this is something that you know uh the global administrator is god for you know for all intensive purposes but you might not want to maybe she's a junior administrator and maybe she just needs to manage users or something like that so for the purpose of this demo i'm just going to make her a member of the user administrators role okay um now so once you've done that the next thing you might say okay does she want to be a member of a particular group we did that already um i can also assign applications to beverly and i can manage her licenses and i can also see if she's got any uh devices in there as well you can also go in and view the audit logs of users so again it shows me you've got complete auditing control here you can see who's doing what where and how and also you can see if users are uh not logging on as uh sorry not um or failing to log on as well which is really useful so um there you have it uh just a quick look at azure active directory so there you have it you're not a beginner anymore i hope that little look inside azure active directory you found it useful and if you've got any suggestions or ideas for little sessions that you'd like to know more about then please drop them in the comments below remember subscribe if you've not already and i've got plan some great videos coming up in the future but in the meantime i'm andy malone and thanks for joining me [Music] [Music] you

Info

Channel: Andy Malone MVP

Views: 2,077

Rating: undefined out of 5

Keywords: AzureAD, MVPBuzz, MicrosoftAzureAD, Microsoft 365, AndyMalone, Office365, Microsoftlearn

Id: Us_O9CZMsBE

Channel Id: undefined

Length: 15min 56sec (956 seconds)

Published: Mon May 18 2020