Azure Active Directory (Azure AD)
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD enables your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.
Emergency access accounts a.k.a Break glass accounts
It is important that you prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can’t sign in or activate another user’s account as an administrator. You can mitigate the impact of accidental lack of administrative access by creating two or more emergency access accounts in your organization.
Emergency access accounts are highly privileged, and they are not assigned to specific individuals. Emergency access accounts are limited to emergency or ”break glass”’ scenarios where normal administrative accounts can’t be used. We recommend that you maintain a goal of restricting emergency account use to only the times when it is absolutely necessary. Read more.
Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
Multifactor Authentication (MFA)
A factor in authentication is a way of confirming your identity when you try to sign in.
- Something you know – Password/PIN
- Something you have – Smartphone/Secure USB
- Something you are – Fingerprint/Facial recognition/Retinal Scan
When you sign into your online accounts – a process we call ”authentication” – you’re proving to the service that you are who you say you are.
Traditionally that’s been done with a username and a password which has proven to not be very secure.
Multifactor means that you have to use more than one factor to be able to login to a service. Learn more.
A container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Learn more.
Azure Resource Manager (ARM) templates
Automate deploying resources with Azure Resource Manager templates in a single, coordinated operation. Define resources and configurable input parameters and deploy with script or code.
Azure Virtual Network (Vnet)
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation. Learn more.
Virtual Network NAT
Virtual Network NAT is a fully managed and highly resilient Network Address Translation (NAT) service. Virtual Network NAT simplifies outbound Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses the Virtual Network NAT’s static public IP addresses. Learn more.
A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts when you run the Azure Virtual Desktop agent. All session host virtual machines in a host pool should be sourced from the same image for a consistent user experience. You control the resources published to users through app groups.
Host pool types
A host pool can be one of two types:
- Personal, where each session host is assigned to an individual user. Personal host pools provide dedicated desktops to end-users that optimize environments for performance and data separation.
- Pooled, where user sessions can be load balanced to any session host in the host pool.
There can be multiple different users on a single session host at the same time. Pooled host pools provide a shared remote experience to end-users, which ensures lower costs and greater efficiency.
Validation host pools
We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. Learn more.
An application group is a logical grouping of applications installed on session hosts in the host pool.
An application group can be one of two types:
- RemoteApp, where users access the RemoteApps you individually select and publish to the app group. Available with pooled host pools only.
- Desktop, where users access the full desktop. Available with pooled or personal host pools.
A workspace is a logical grouping of application groups in Azure Virtual Desktop. Each Azure Virtual Desktop application group must be associated with a workspace for users to see the remote apps and desktops published to them.
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.
Administrators are faced with two primary goals:
- Empower users to be productive wherever and whenever
- Protect the organization’s assets
Use Conditional Access policies to apply the right access controls when needed to keep your organization secure. Learn more.
Windows Local Administrator Password Solution(Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory – joined or Windows Server Active Directory – joined devices.
Windows client custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features. These settings are typically used by mobile device manufacturers to control features on the device.
Azure AD Registered Application
Registering an application establishes a trust relationship between your app and the Microsoft identity platform. The trust is unidirectional: your app trusts the Microsoft identity platform, and not the other way around. Once created, the application object cannot be moved between different tenants.