Author : HASSAN MD TAREQ | Updated : 2020/11/13
Identity
- An entity that can get authenticated
- An identity can be a user with a username and password
- Identities also include applications or other servers that might require authentication through secret keys or certificates
Tenant
- A tenant represents an organization in Azure Active Directory
- It’s a dedicated Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365
- An Azure tenant represents a single organization
- Single tenant: Azure tenants that access other services in a dedicated environment are considered single tenant
- Multi-tenant: Azure tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant
Azure AD directory
- Each Azure tenant has a dedicated and trusted Azure AD directory
- The Directory includes the tenant’s users, groups, and apps and is used to perform identity and access management functions for tenant resources
Custom domain
- Every new Azure AD directory comes with an initial domain name i.e.
domainname.onmicrosoft.com - In addition to that initial name, you can also add your organization’s domain names
- Adding custom domain names helps you to create user names that are familiar to your users such as
alain@contoso.com
Azure subscription
- Subscription: A business model by which a customer agrees to pay the company for products or services throughout a specified time-period
- **Azure subscription: ** An Azure subscription is a logical container used to provision resources in Azure
- You can have many subscriptions and they’re linked to a credit card
Account Administrator
- The billing owner of a subscription
- This role has access to the Azure Account Center and enables you to manage all subscriptions in an account
Owner
- This role helps you manage all Azure resources, including access
- This role is built on a newer authorization system called Azure role-base access control (Azure RBAC) that provides fine-grained access management to Azure resources
Azure AD Global administrator
- Global administrators can do all of the administrative functions for Azure AD and any services that federate to Azure AD, such as Exchange Online, SharePoint Online, and Skype for Business Online
- This administrator role is automatically assigned to whomever created the Azure AD tenant
- This administrator role is called Global administrator in the Azure portal, but it’s called Company administrator in the Microsoft Graph API and Azure AD PowerShell
Azure AD roles
Use Azure AD roles to manage Azure AD-related resources like users, groups, billing, licensing, application registration, and more.
Role-based access control
- RBAC => Role-based access control
- Use RBAC roles to manage access to Azure resources like virtual machines, SQL databases, or storage
- Example: you could assign an RBAC role to a user to manage and delete SQL databases in a specific resource group or subscription