AZ-500

Azure Security Engineer Associate 

Azure Portal

Managing Identities in Entra ID

Managing Identities in Entra ID

Key Terms

Managing Identities in Entra ID

ENTRA ID - Licenses and Features

Licenses

FREE

Provides user and group management, on prem directory synchronization and cloud resources, basic reports, self-service password change for cloud users, and SSO across Azure, MS 365, and other SaaS applications.

P1 - Everything in Free plus:

Hybrid user access both on-prem and cloud resources, advanced administration such as dynamic groups, self-service group management, MS Identity Manager, and Cloud-write back capabilities.

P2 - Everything in P1 plus:

ENTRA ID Protection for risk-based conditional access to apps, company data, and Privileged Identity Management. PIM allows for discovering, restricting, and monitoring administrators and their access to resources - "just in time" access when needed.

Pay as You Go 

Self-Explanatory. Pay for features and services with various factors being used to determine cost.

 

 

 

 

 

 

Managing Identities in Entra ID

User Types & Creation

Always try and enforce the concept of least privilege: Users should only have the level of access required for them to perform their work tasks. Nothing more.

User Types

Internal Member

Internal Guest

External Members

External Guest

User Creation

  1. Navigate to Entra ID ---> Users ---> All Users
  2. Select the +New User icon and select Create New User
    1. image.png

 

 

Managing Identities in Entra ID

Groups, Memberships, Access Management

Group Types

Security Groups

Microsoft 365 Group

Membership Types

Assigned

Dynamic User

Dynamic Device

Ways to Assign Access Rights

Direct Assignment

Group Assignment

Rule-Based Assignment

External Authority Assignment

image.png

When to use External Identities

B2B collaboration is the most common use of this method. It allows you to securely share company applications and services with external users, while maintaining control over your own corporate data. 

image.png

MS Entra B2B

Entra B2B allows fore partners to use their own identity management solution

Manage Authentication with Entra ID

Manage Authorization with ENTRA ID

Manage Application Access with ENTRA ID

Plan & Implement Security for Private Access to Azure Resources

Plan & Implement Security for Public Access to Azure Resources

Pland and Implement Advanced Security for Compute

Plan and Implement Security for Storage

Plan and Implement Security for Azure SQL Database and Azure SQL Managed Instances

Manage Security Posture with MS Defender for Cloud

Configure and Manage Threat Protection with MS Defender for Cloud

Configure and Manage Threat Protection with MS Defender for Cloud

Configure and Manage Threat Protection with MS Defender for Cloud

Configure and Manage Security Monitoring & Automation Solutions