Submit Search
Upload
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
•
0 likes
•
231 views
F
FredBrandonAuthorMCP
Follow
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
Read less
Read more
Technology
Report
Share
Report
Share
1 of 30
Recommended
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
FredBrandonAuthorMCP
SC-900 Intro
SC-900 Intro
FredBrandonAuthorMCP
SC-900+2022.pdf
SC-900+2022.pdf
Ritish H
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystified
Albert Hoitingh
AWS Security Hub Deep Dive
AWS Security Hub Deep Dive
Nagesh Ramamoorthy
Recommended
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
FredBrandonAuthorMCP
SC-900 Intro
SC-900 Intro
FredBrandonAuthorMCP
SC-900+2022.pdf
SC-900+2022.pdf
Ritish H
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystified
Albert Hoitingh
AWS Security Hub Deep Dive
AWS Security Hub Deep Dive
Nagesh Ramamoorthy
Microsoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
Azure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
Azure Security Overview
Azure Security Overview
David J Rosenthal
Azure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
Amazon Web Services
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
Vignesh Ganesan I Microsoft MVP
Microsoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
Azure security and Compliance
Azure security and Compliance
Karina Matos
Azure sentinel
Azure sentinel
Marius Sandbu
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
Mario Worwell
Microsoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
David J Rosenthal
Azure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
Azure active directory
Azure active directory
Raju Kumar
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
Identity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
Eng Teong Cheah
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
original.pdf
original.pdf
PranavUndre1
More Related Content
What's hot
Microsoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
Azure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
Azure Security Overview
Azure Security Overview
David J Rosenthal
Azure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
Amazon Web Services
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
Vignesh Ganesan I Microsoft MVP
Microsoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
Azure security and Compliance
Azure security and Compliance
Karina Matos
Azure sentinel
Azure sentinel
Marius Sandbu
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
Mario Worwell
Microsoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
David J Rosenthal
Azure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
Azure active directory
Azure active directory
Raju Kumar
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
Identity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
Eng Teong Cheah
What's hot
(20)
Microsoft Azure Security Overview
Microsoft Azure Security Overview
Azure Identity and access management
Azure Identity and access management
Azure Security Overview
Azure Security Overview
Azure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
Microsoft 365 Security Overview
Microsoft 365 Security Overview
Azure security and Compliance
Azure security and Compliance
Azure sentinel
Azure sentinel
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
Microsoft Zero Trust
Microsoft Zero Trust
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
Azure Sentinel.pptx
Azure Sentinel.pptx
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
Azure active directory
Azure active directory
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Identity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
Similar to SC-900 Capabilities of Microsoft Identity and Access Management Solutions
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
original.pdf
original.pdf
PranavUndre1
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
Peter Selch Dahl
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
Securing your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0
Huy Pham
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
UiPathCommunity
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
CoLaboraDK
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
Peter Selch Dahl
Identity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
Identity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
Peter Selch Dahl
Active Directory Proposal
Active Directory Proposal
MJ Ferdous
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
AbedElElahElMHMOOM
The user s identities
The user s identities
Giuliano Latini
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
Similar to SC-900 Capabilities of Microsoft Identity and Access Management Solutions
(20)
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
original.pdf
original.pdf
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Securing your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
Identity Security - Azure Active Directory
Identity Security - Azure Active Directory
Zero trust deck 2020
Zero trust deck 2020
Identity and Security in the Cloud
Identity and Security in the Cloud
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
Active Directory Proposal
Active Directory Proposal
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
The user s identities
The user s identities
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
More from FredBrandonAuthorMCP
Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptx
FredBrandonAuthorMCP
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptx
FredBrandonAuthorMCP
Exploring Blockchain in the Enterprise
Exploring Blockchain in the Enterprise
FredBrandonAuthorMCP
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power Platform
FredBrandonAuthorMCP
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI
FredBrandonAuthorMCP
Automation for Small Business using the Power Platform
Automation for Small Business using the Power Platform
FredBrandonAuthorMCP
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
FredBrandonAuthorMCP
More from FredBrandonAuthorMCP
(7)
Savings, Expenses, and Budgeting.pptx
Savings, Expenses, and Budgeting.pptx
Investing and Personal Financial Planning.pptx
Investing and Personal Financial Planning.pptx
Exploring Blockchain in the Enterprise
Exploring Blockchain in the Enterprise
Business Automation - Intro to the Power Platform
Business Automation - Intro to the Power Platform
Automating Business Process with PowerApps and Power BI
Automating Business Process with PowerApps and Power BI
Automation for Small Business using the Power Platform
Automation for Small Business using the Power Platform
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Automating Business Processes Create Expense Tracker using PowerApps and Powe...
Recently uploaded
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
ngoud9212
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Neo4j
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Recently uploaded
(20)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
1.
© Copyright Microsoft
Corporation. All rights reserved. SC-900T00-A Module 2: Describe the Capabilities of Microsoft Identity and Access Management Solutions
2.
© Copyright Microsoft
Corporation. All rights reserved. Module Agenda Explore the services and identity types of Azure Active Directory Explore the authentication capabilities of Azure Active Directory Explore the access management capabilities of Azure Active Directory Describe identity protection governance capabilities of Azure Active Directory
3.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 1: Explore the services and identity types in Azure Active Directory
4.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 1 Introduction After completing this module, you’ll be able to: • Describe what is Azure AD • Describe the identity types that Azure AD supports
5.
© Copyright Microsoft
Corporation. All rights reserved. Azure Active Directory Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD include: • Organizations can enable their employees, guests, and others to sign in and access the resources they need. • Provide a single identity system for their cloud and on- premises applications. • Protect user identities and credentials and to meet an organization’s access governance requirements. • Each Microsoft 365, Office 365, Azure, and Dynamics 365 Online subscription automatically use an Azure AD tenant.
6.
© Copyright Microsoft
Corporation. All rights reserved. Azure AD identity types Azure AD manages different types of identities: users, service principals, managed identities, and devices. User – Generally speaking, a user is a representation of an individual’s identity that's managed by Azure AD. Employees and guests are represented as users in Azure AD. Device - A piece of hardware, such as mobile devices, laptops, servers, or printer. Device identities can be set up in different ways in Azure AD, to determine properties such as who owns the device. Service principal - You can think of it as an identity for an application. A service principal is created in every tenant the application is used & defines who can access the app, what resources the app can access, and more. Managed identity – A type of service principal, a managed identity provides an identity for applications to use when connecting to resources that support Azure AD authentication.
7.
© Copyright Microsoft
Corporation. All rights reserved. Demo Azure Active Directory user settings
8.
© Copyright Microsoft
Corporation. All rights reserved. External identities in Azure AD Two different Azure AD External Identities: B2B collaboration B2B collaboration allows you to share your apps and resources with external users B2C access management B2C is an identity management solution for consumer and customer facing apps
9.
© Copyright Microsoft
Corporation. All rights reserved. The concept of hybrid identities Hybrid identities Hybrid identity model • With the hybrid model, users accessing both on-premises and cloud apps are hybrid users managed in the on-premises Active Directory. • When you make an update in your on- premises AD DS, all updates to user accounts, groups, and contacts are synchronized to your Azure AD with Azure AD Connect
10.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 2: Explore the authentication capabilities of Azure Active Directory
11.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 2 Introduction After completing this module, you’ll be able to: • Describe the secure authentication methods of Azure AD • Describe the password protection and management capabilities of Azure AD
12.
© Copyright Microsoft
Corporation. All rights reserved. Authentication methods of Azure AD Multifactor authentication (MFA) & Security Defaults MFA requires more than one form of verification: • Something you know • Something you have • Something you are Security defaults: • A set of basic identity security mechanisms recommended by Microsoft. • A great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Azure AD licensing.
13.
© Copyright Microsoft
Corporation. All rights reserved. Multi-factor authentication (MFA) in Azure AD Different authentication methods that can be used with MFA Passwords Password & additional verification • Phone (voice or SMS) • Microsoft Authenticator • Open Authentication (OATH) with software or hardware tokens Passwordless • Biometrics (Windows Hello) • Microsoft Authenticator • FIDO2
14.
© Copyright Microsoft
Corporation. All rights reserved. Windows Hello for Business Windows Hello lets users authenticate to: • A Microsoft account • An Active Directory account • An Azure Active Directory (Azure AD) account • Identity Provider Services or Relying Party Services that support Fast ID Online v2.0 authentication Why is Windows Hello safer than a password? Because it's tied to the specific device on which it was set up. Without the hardware, the PIN is useless
15.
© Copyright Microsoft
Corporation. All rights reserved. Self-service password reset (SSPR) in Azure AD Benefits of Self-service password reset: • It increases security. • It saves the organization money by reducing the number of calls and requests to help desk staff. • It increases productivity, allowing the user to return to work faster. Self-service password reset works in the following scenarios: • Password change • Password reset • Account unlock Authentication method of SSPR: • Mobile app notification • Mobile app code • Email
16.
© Copyright Microsoft
Corporation. All rights reserved. Demo Azure Active Directory self-service password reset (SSPR)
17.
© Copyright Microsoft
Corporation. All rights reserved. Password protection & management capabilities in Azure AD Global banned password list Custom banned password lists Protecting against password spray Hybrid security
18.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 3: Explore the access management capabilities of Azure Active Directory
19.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 3 Introduction After this module, you’ll be able to:
20.
© Copyright Microsoft
Corporation. All rights reserved. Conditional access Conditional Access signals: • User or group membership • Named location information • Device • Application • Real-time sign-in risk detection • Cloud apps or actions • User risk Access controls: • Block access • Grant access • Require one or more conditions to be met before granting access • Control user access based on session controls to enable limited experiences within specific cloud applications
21.
© Copyright Microsoft
Corporation. All rights reserved. Demo Azure Active Directory Conditional Access
22.
© Copyright Microsoft
Corporation. All rights reserved. Azure AD role-based access control (RBAC) Azure AD roles control permissions to manage Azure AD resources. Built-in roles Custom roles Azure AD role-based access control Only grant the access users need
23.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 4: Describe the identity protection and governance capabilities of Azure Active Directory
24.
© Copyright Microsoft
Corporation. All rights reserved. Lesson 4 Introduction
25.
© Copyright Microsoft
Corporation. All rights reserved. Identity governance in Azure AD The tasks of Azure AD identity governance • Govern the identity lifecycle. • Govern access lifecycle. • Secure privileged access for administration. Identity lifecycle • Join: A new digital identity is created. • Move: Update access authorizations. • Leave: Access may need to be removed.
26.
© Copyright Microsoft
Corporation. All rights reserved. Entitlement management and access reviews Entitlement management • It is an identity governance feature that enables organizations to manage identity and access lifecycle at scale. • It automates access request workflows, access assignments, reviews, and expiration. Access reviews • Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. • Ensure that only the right people have access to resources • Used to review and manage access for both users and guests Terms of use • Allow information to be presented to users, before they access data or an application. • Ensure users read relevant disclaimers for legal or compliance requirements.
27.
© Copyright Microsoft
Corporation. All rights reserved. Privileged Identity Management (PIM) PIM enables you to manage, control, and monitor access to important resources in your organization. Just in time, providing privileged access only when needed, and not before. Time-bound, by assigning start and end dates that indicate when a user can access resources. Approval-based, requiring specific approval to activate privileges. Visible, sending notifications when privileged roles are activated. Auditable, allowing a full access history to be downloaded.
28.
© Copyright Microsoft
Corporation. All rights reserved. Azure Identity Protection Enables organizations to accomplish three key tasks: • Automate the detection and remediation of identity-based risks. • Investigate risks using data in the portal. • Export risk detection data to third-party utilities for further analysis. It can categorize and calculate risk: • Categorize risk into three tiers: low, medium, and high. • Calculate the sign-in risk, and user identity risk. It provides organizations with three reports: • Risky users • Risky sign-ins • Risk detections
29.
© Copyright Microsoft
Corporation. All rights reserved. Module Summary Azure AD and services and identity types Azure AD supports • Explore the authentication capabilities of Azure AD, including MFA • Explore the access management capabilities of Azure AD with Conditional Access and Azure AD RBAC • Describe identity protection and governance capabilities of Azure AD, including PIM, entitlement management, and access reviews.
30.
© Copyright Microsoft
Corporation. All rights reserved.