# AZ-104 Azure Identity - Conceptualizing Entra ID (Azure Active Directory)

[What is Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/fundamentals/whatis)

- Identity and Access Management (IAM) Basics
- What is Azure AD (Entra ID)?
- Azure AD Tenant ARchitecture
- Azure AD Features
- Active Directory vs Azure AD (Entra ID)

##### <span style="background-color: rgb(0, 0, 0);">**Identity and Access Management (IAM) Basic**</span>

- IAM: A global cloud-based identity service for azure that provides an identity repository
- Principal: An unauthenticated entity that will seek to authenticate as an identity.
- Identity: An Identity profile that is authenticated against using credentials
- Authorization: Actions that are permitted/prohibited for an identity to perform
- Create Identity Resources - Create users and groups
- Manage Identity Security - Enable multi-factor authentication (MFA) control resources access and provide policy based controls

##### <span style="background-color: rgb(0, 0, 0);">**Azure AD Tenant Architecture**</span>

When crating a tenant it will automatically assign a domain for us, for example htf.onmicrosoft.com, you can also register a custom domain name.

A tenant can be associated to multiple subscriptions but a subscription can only be associated to one tenant.

![image.png](https://wiki.tinod.net/uploads/images/gallery/2024-02/scaled-1680-/Uy9lsSvNCxXzboP7-image.png)

##### <span style="background-color: rgb(0, 0, 0);">**Azure AD Features**</span>

- IAM Platform - for azure cloud based resources.
- Identity security - additional security with MFA and Privileged Identity Management (PIM).
- Collaboration and Development - Azure AD B2B collaboration and Azure AD B2C to support development.
- Monitoring - Audit logs, security monitoring, identity protection and risk management.
- Identity Integration - Hybrid identity and single sign-on (SSO) using Azure AD connect and Azure AD Domain Services.
- Enterprise Access - Additional security for applications and devices both on-premises and in the cloud

<table border="1" id="bkmrk-active-directory-ent" style="border-collapse: collapse; width: 100%; height: 178.3px;"><colgroup><col style="width: 50.0567%;"></col><col style="width: 50.0567%;"></col></colgroup><tbody><tr style="height: 29.7167px;"><td class="align-center" style="height: 29.7167px;">**Active Directory**  
</td><td class="align-center" style="height: 29.7167px;">**Entra ID**  
</td></tr><tr style="height: 29.7167px;"><td style="height: 29.7167px;">Organizational units (OUs)  
</td><td style="height: 29.7167px;">Administrative units  
</td></tr><tr style="height: 29.7167px;"><td style="height: 29.7167px;">Group Policy Objects (GPOs)  
</td><td style="height: 29.7167px;">SAML, WS-Federation, OAuth  
</td></tr><tr style="height: 29.7167px;"><td style="height: 29.7167px;">Kerberos, LDAP, NTLM  
</td><td style="height: 29.7167px;">Flat Directory Structure  
</td></tr><tr style="height: 29.7167px;"><td style="height: 29.7167px;">Hierarchical  
</td><td style="height: 29.7167px;">Cloud-based solution</td></tr><tr style="height: 29.7167px;"><td style="height: 29.7167px;">On-Premises  
</td><td style="height: 29.7167px;">Global  
</td></tr></tbody></table>

<p class="callout success">As part of Hybrid solution we can use Entra Connect to manage on prem infrastructure.  
</p>