Azure Active Directory is a cloud-based identity and access management solution which combines core directory services, advanced identity governance, and application access management into a single, highly available solution. Azure AD also provides a robust, standards-based platform that enables developers to provide centralised policy and rules-based access management to their applications.
An object is an entry in the directory service, represented by its unique distinguished name. The default usage quota is 150,000 objects. An example of an object is a user entry used for authentication purposes. If you require to exceed the default quota, then contact Microsoft support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Azure AD for directory services.
Azure AD Connect sync engine that extends on-premises directories to Azure AD
Azure AD allows for B2B (business-to-business) collaboration by enabling the use of a selected set of Azure AD features for guest users. A guest user is someone outside your organisation who is invited into your Azure AD tenant. Guest users are not employees, contractors or on-site agents for you or you affiliates. While some features are free, for any paid Azure AD features, guest users must be licensed as follows:
- With each Azure AD edition licence that you own for an employee or a non-guest user in your tenant, you will also be able to invite up to 5 guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase.
- There is no charge for inviting a guest user and assigning him/her to an application in Azure AD, for up to 10 apps per guest user.
- Other features of Azure AD ‘Free” edition, such as three basic reports, are also free for guest users.
- For paid Azure AD features that are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licences to cover guest users, in the one licence: 5 users ratio as described above. E.g., on Azure AD Basic licence will allow for up to 5 guest users to be set up for Group Based Access Management and Provisioning.
- For the 6th guest user, you will need another Azure AD Basic licence. Similarly, one Azure AD Premium P1 licence will allow for unto five guest users to use MFA feature (plus any Azure AD Basic features).
- For the 6th guest user that uses MFA, you will need a second Azure Premium P1 licence.
Azure AD reports provide a complete picture of what’s going on a tenant. The information supplied allows to see how users utilise organisation’s apps and services, identify potential risks to the environment’s health, and troubleshoot issues that are keeping the users from finishing their work.
Advanced group features include dynamic groups, group creation permission delegation, group naming policy, group expiration, usage guidelines and default classification.
The process of using an account’s credentials from one directory system allowing the same credentials to be used in other systems.
Microsoft Identity Manager Server software rights are endowed with Windows Server licences (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid licensed copy of Windows Server, then Microsoft Identity manager can be installed and used on that server. No other additional licence is required to install and use Microsoft Identity Manager Server.
At least one licence is required for the 1st monitoring agent. Each additional agent required 25 additional incremental licences. For example, agents monitoring Active Directory Federated Service (AD FS), AD Connect and Active Directory Domain Services (AD DS) are considered separate agents.
Cloud app security discovery provides a comprehensive view into a cloud app usage, enabling to address Shadow IT. To access the cloud app discovery features, go to:
- https://portal.cloudappsecurity.com/
- log in with Azure AD P1 credentials.
- note: Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
Azure Information Protection allows to control and secure email, sensitive data and documents that users share outside an organisation. No matter where it’s stored or who it’s shared with from easy classification to embedded labels and permissions, enhance data protection at all times with Azure Information Protection.
Classified documents include manual default and mandatory document classification and consumption.
Azure subscription required to use configured key for BYOK for customer-managed provisioning life cycle.
Including content in Microsoft Exchange Online, SharePoint and OneDrive for Business.
Azure Information Protection Connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector.
Protection for on-premises Exchange and SharePoint content via Azure Information protection Connector.
Azure Information Protection software developer kit for all platforms – Windows, Windows Mobile, iOS, Mac OSX and Android.
Includes PTXT, PJPG, and PFILE (general protection).
Azure Information Protection content consumption by using work or school accounts from AIP policy-aware apps and services.
Provides safeguard to corporate data by allowing more secure access to organisation resources and enabling safe sharing of sensitive information inside and outside the organisation.
Sadia's NOTES 