Aisu  Joesph

Aisu Joesph

1626532080

Azure Active Directory (AAD) 101

I’m currently getting ready for the AZ-900 examination and recently I studied the azure core identity services module in it. So I thought to write an introductory article on it because it might help someone who is getting ready for examination like me or someone who has an interest in learning the basics in Azure AD.

Authentication vs. Authorization

So before going into deep, first we have to understand the difference between the two keywords authentication and authorization. You may already know this. But anyway I’ll quickly explain it.

So, the process of identifying someone himself or herself is called authentication.

For example, Say If I tell you I am Kalpani, someone will ask me to prove it. How can I prove it? Probably I can show you an ID card issued by the government, the passport, or my driving license. So that is authentication.

Then what is authorization?

Based on the identity that I have proved; the immediate next question comes is what I can do or what I cannot do with that identity in a particular organization or a system? In the context of Azure, What are the different services which I can access and where I do not have access, is called authorization.

Multi-factor authentication

When I log into a particular website, I provide my username and password and think somehow the password got leaked. Then somebody without authorized access and have my password can access data and services in it.

So how can we mitigate this issue? That is when we need multi-factor authentication (MFA). In addition to the username and password, one has to also provide the identity in the form of probably an OTP which they are going to get on their mobile, or phone call through a mobile network. Otherwise, they can have a mobile app installed, and on that app, they have to confirm that they are the person who is logging in.

So Multi-Factor Authentication works by requiring two or more of the following authentication methods:

  • Something you know, typically a password.
  • Something you have, such as a trusted device that is not easily duplicated. (Eg: phone or hardware key)
  • Something you are — biometrics like a fingerprint or face scan.

Azure Active Directory (AAD)

Now, let’s see who is going to provide this authentication, authorization, and who is going to take care of these multi-factor authentication features. In Azure, we have the Azure Active Directory for that. We call it, an identity and access management service in Azure.

  • Authentication
  • Single sign-on (SSO)
  • Application management
  • Device management

Active Directory to Azure Active Directory

It is very easy for businesses to adopt azure in their organization because almost every organization has an on-premise active directory. That means the users of their organization are already in the on-premise active directory. Now, what Microsoft does was they provide a facility to sink all the on-premise identities into azure Ad. If a user existing on-premise, the same username and password can be also added to azure with some tool such as Azure AD connect. This is the most popular way to connect your existing AD to Azure AD.

#conditional-access #azure #azure active directory

Azure Active Directory (AAD) 101
Wade  Gulgowski

Wade Gulgowski

1625203140

How to create a azure Active Directory tenant and transfer the Subscription

In this Video we have explained how to create a new azure active directory , renaming and transfer a existing Subscription

Before watching this video please watch how to create a free subscription with below link :
https://youtu.be/13NYdR1Kwu0

Timeline
Introduction :0.00
creating a new azure active directory tenant : 1.00
Rename a subscription :3.06
Transfer to an existing subscription : 3.13
Overview of azure active directory : 3.51

What’s Next ?
Watch::: what is azure resource group : https://youtu.be/vDuVVzWqDy0

Subscribe with below link 🖥🖥🖥
https://m.youtube.com/channel/UCpDM4kDe1J7DT8r_OoEpC7A?sub_confirmation=1

#azure active directory #azure #azure active

How to create a azure Active Directory tenant and transfer the Subscription
Aisu  Joesph

Aisu Joesph

1626532080

Azure Active Directory (AAD) 101

I’m currently getting ready for the AZ-900 examination and recently I studied the azure core identity services module in it. So I thought to write an introductory article on it because it might help someone who is getting ready for examination like me or someone who has an interest in learning the basics in Azure AD.

Authentication vs. Authorization

So before going into deep, first we have to understand the difference between the two keywords authentication and authorization. You may already know this. But anyway I’ll quickly explain it.

So, the process of identifying someone himself or herself is called authentication.

For example, Say If I tell you I am Kalpani, someone will ask me to prove it. How can I prove it? Probably I can show you an ID card issued by the government, the passport, or my driving license. So that is authentication.

Then what is authorization?

Based on the identity that I have proved; the immediate next question comes is what I can do or what I cannot do with that identity in a particular organization or a system? In the context of Azure, What are the different services which I can access and where I do not have access, is called authorization.

Multi-factor authentication

When I log into a particular website, I provide my username and password and think somehow the password got leaked. Then somebody without authorized access and have my password can access data and services in it.

So how can we mitigate this issue? That is when we need multi-factor authentication (MFA). In addition to the username and password, one has to also provide the identity in the form of probably an OTP which they are going to get on their mobile, or phone call through a mobile network. Otherwise, they can have a mobile app installed, and on that app, they have to confirm that they are the person who is logging in.

So Multi-Factor Authentication works by requiring two or more of the following authentication methods:

  • Something you know, typically a password.
  • Something you have, such as a trusted device that is not easily duplicated. (Eg: phone or hardware key)
  • Something you are — biometrics like a fingerprint or face scan.

Azure Active Directory (AAD)

Now, let’s see who is going to provide this authentication, authorization, and who is going to take care of these multi-factor authentication features. In Azure, we have the Azure Active Directory for that. We call it, an identity and access management service in Azure.

  • Authentication
  • Single sign-on (SSO)
  • Application management
  • Device management

Active Directory to Azure Active Directory

It is very easy for businesses to adopt azure in their organization because almost every organization has an on-premise active directory. That means the users of their organization are already in the on-premise active directory. Now, what Microsoft does was they provide a facility to sink all the on-premise identities into azure Ad. If a user existing on-premise, the same username and password can be also added to azure with some tool such as Azure AD connect. This is the most popular way to connect your existing AD to Azure AD.

#conditional-access #azure #azure active directory

Azure Active Directory (AAD) 101
Panmure  Anho

Panmure Anho

1603435136

k8s cluster on Azure integrates with Azure Active Directory(AAD) and webhook authentication

Glossary:

  1. Native client

A type of client application that is installed natively on a device. It’s behalf of the human user while authenticating with AAD. We name it “kubectl app” in this article.

2. Web Client

A type of client application that executes all code on a web server, and able to function as a “confidential” client by securely storing its credentials on the server. We name it “apiserver” in this article.

#security #azure #kubernetes #azure-active-directory

k8s cluster on Azure integrates with Azure Active Directory(AAD) and webhook authentication

Azure Series #2: Single Server Deployment — part 1

Let’s assume for your organization, you know the number of users who will be accessing your application (web / mobile / BI reports) are defined and it does not fluctuate drastically like an Internet Organisation. All the fluctuations are measured and it is a step-up progression, measured and occurs over several years rather than like an erratic ECG graph. Your business could be a business with big ticket customers and is not catering for economies of scale. In such cases, you can go for Single server deployment in this case without over-engineering your business process and avoid unnecessary spend. Single server deployment for a lean and mean organization.

Gateway to your single server deployment

**Security **in general: Any cloud architecture should be ring fenced and also it should be security encompassing architecture in the sense that each and every resource that we deploy for the Single server architecture must have security-first architecture. Refer to “Azure Series #2: Cloud Security Roadmap” and Azure’s Security Benchmark.

1. Azure Active Directory

2. DNS

3. CDN

4. Advanced Threat Protection

5. DDoS Protection service

#azure-active-directory #azure-interview #azure-infrastructure #azure

Azure Series #2: Single Server Deployment — part 1
Aisu  Joesph

Aisu Joesph

1626494598

Managed Identities in Azure with Terraform

In this article, I’ll explain the concepts around Managed Identities in Azure, the different types of managed identities, and how to assign them to a VM. Then we will show how to authenticate Terraform to Azure using the managed identity. Lastly, we will configure an Application Gateway to use a managed identity in order to access secrets in an Azure Key Vault.

What is a managed identity?

Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.

Crucially the management of credentials is handled by the managed identity (hence the word managed), and not by the application or the developer.

Using Managed Identities to Authenticate with Terraform

You can use a _system-assigned _managed identity to authenticate when using Terraform. The managed identity will need to be assigned RBAC permissions on the subscription, with a role of either Owner, or both Contributor and User access administrator.

Azure Application Gateway and Key Vault with Managed Identity in Terraform

Manged identities can also be created and managed using Terraform and then assigned a role. These can then be tied to a resource, like a VM or Application Gateway.

#azure-devops #azure-managed-identities #azure-active-directory #azure #terraform

Managed Identities in Azure with Terraform