Get an overview of the Azure Active Directory, including the Premium services in Enterprise Mobility + Security. Explore an in-depth comparison between the four levels of Azure AD.
- [Instructor] In this chapter, we are going to focus on Azure Active Directory Premium, and in this lesson, we're providing a high level overview of the service. For those of you who know me, know that I love Azure Active Directory. For those of you who are unfamiliar with Azure Active Directory, this graphic may help. Over to the far left we have our on-premise environment, and we're probably all very familiar with this structure. We have our windows server active directory, we may have other directories, line of business applications that sit on premise. Over to the far right of the graphic, we have our cloud solutions, and these could be public cloud, Office 365, Azure, also included in here could be Dropbox, or Google, or Box.com, you name it, anything that's hosted in a cloud solution is classified as a cloud offering.
Or, as Software as a Service Solution. So how do we get these two components to talk to each other? Well we can do that with Azure Active Directory, and it basically sits in between the two, and it can be used to control access from our on premise environment to the cloud environment and vice versa. And this is done with a simple connection from Azure Active Directory to our on premise environment called Azure Active Directory Connect. Within Azure Active Directory, we can then have different directories, including let's say, a customer directory, or a partner directory.
We can allow for self-service management, single sign on, and multi-factor authentication. One thing I do want to point out though, before we move on, is that Azure Active Directory is not Server Active Directory. They do integrate, but they are different in their functionality, so keep that in mind. Azure Active Directory comes in several flavors. We have a free, basic, premium one, and premium two SKU. When we're talking EMS in Azure Active directory, that will include the premium services, which will include multi-factor authentication, Azure Active Directory Connect Health, conditional access, privileged identity management, Azure Active Directory identity protection, Microsoft cloud app security, Azure Cloud App Discovery, self-service password management, and self-service group management, that's a lot of extra services when we move into the premium editions of Azure Active Directory.
Sometimes it's easier to compare the tiers when you see a chart. As we can see, we have this broken down into those four tiers that I had mentioned, and our free tier does provide a lot of functionality right out of the gate. We have user management, device registration, password changes, single sign on, B2B collaboration, B2B is business to business, security reports, usage reports, Windows 10 join to Azure Active Directory, and Windows Hello. When we move into the basic tier, we have everything in the free tier, plus group based access management, single sign on password reset for our cloud users, company branding, application proxy, and an SLA of 99.9%.
Now, within this course, I will not be covering any of the functionality within those two tiers. I will cover most of the functionality that is include in premium one and premium two, which include self-service group management, dynamic groups, device write back, this allows for password write back from the cloud solution back to on premise, advanced multi-factor authentication, cloud app discovery, this is a really cool little cool that will discover all the cloud apps within your environment that your users are using, Connect Health will provide an overview of our domain services within our environment, conditional access will only allow for specific resources to be accessed, as long as the policies are met, MDM, or mobile device management auto-enrollment for our devices, self-service BitLocker recovery, and enterprise state roaming.
And then when we move into premium two, we have everything in premium one, plus identity protection and privileged identity management, both which will be covered in detail within this chapter. I have provided a high level overview of Azure Active Directory Premium and the services that are offered within those tiers. The rest of this chapter will be a deep dive into those services.
- Configuring Azure Multi-Factor Authentication
- Configuring conditional access
- Managing roles in Privileged Identity Management
- Using Azure Information Protection to protect Word documents
- Tracking and revoking documents
- Configuring mobile apps
- Configuring device compliance policies
- Reviewing device settings in Intune