1 AZURE ACCESS AND Security

For an interview related to Microsoft 365 or Azure Active Directory (Azure AD), here
are some important questions along with sample answers:

1. **What is Azure Active Directory (Azure AD)?**

**Answer:** Azure Active Directory is Microsoft's cloud-based identity and access

management service. It provides authentication and authorization services for
applications and resources, both on-premises and in the cloud. Azure AD enables single
sign-on (SSO), multi-factor authentication (MFA), identity protection, and more.

2. **What are the key differences between Azure AD and on-premises Active Directory?
**

**Answer:** Azure AD is a cloud-based identity service, while on-premises Active

Directory is typically deployed within an organization's data center. Some key
differences include:
- Azure AD is managed and maintained by Microsoft, while on-premises Active
Directory is managed by the organization.
- Azure AD supports modern authentication methods like OAuth and OpenID
Connect, while on-premises Active Directory primarily uses Kerberos and NTLM.
- Azure AD can integrate with various cloud services, while on-premises Active
Directory is primarily used for on-premises resources.

3. **What is the difference between Azure AD B2B and B2C?**

**Answer:** Azure AD B2B (Business-to-Business) is used for collaboration between

organizations, allowing external users to access resources shared by an organization.
Azure AD B2C (Business-to-Consumer) is used for customer-facing applications,
enabling organizations to manage identities and access for customers.

4. **What is Conditional Access in Azure AD?**

**Answer:** Conditional Access in Azure AD allows you to enforce additional

security measures based on conditions such as user identity, location, device compliance,
and application sensitivity. It helps ensure that access to resources is granted securely
based on specific criteria.

5. **What is Azure AD Connect?**

**Answer:** Azure AD Connect is a tool used to synchronize on-premises Active

Directory with Azure AD. It enables seamless single sign-on and allows users to access
both cloud-based and on-premises resources using the same set of credentials.
2 AZURE ACCESS AND Security

6. **Explain the concept of Azure AD Multi-Factor Authentication (MFA).**

**Answer:** Azure AD Multi-Factor Authentication adds an extra layer of security to

user sign-ins by requiring users to provide additional verification factors beyond just a
password. This could include a phone call, SMS message, mobile app notification, or
verification code.

7. **What is Azure AD Privileged Identity Management (PIM)?**

**Answer:** Azure AD Privileged Identity Management is a service that helps

organizations manage, control, and monitor access within Azure AD. It allows you to
monitor and control access to privileged roles and resources, enabling just-in-time
access and providing oversight into who has access to sensitive resources.

8. **How do you secure privileged identities in Azure AD?**

**Answer:** Securing privileged identities involves implementing best practices such

as:
- Enabling Azure AD Privileged Identity Management to manage access to privileged
roles.
- Enforcing strong authentication methods like Azure AD Multi-Factor Authentication
for privileged accounts.
- Regularly reviewing and auditing privileged roles and permissions.

9. **What is Azure AD Identity Protection?**

**Answer:** Azure AD Identity Protection is a service that helps organizations detect

and respond to identity-related risks. It uses machine learning algorithms to analyze
user behavior and detect anomalies, such as unusual sign-in locations or risky sign-in
attempts, helping organizations prevent potential security threats.

10. **How do you manage guest access in Azure AD?**

**Answer:** Managing guest access involves:

- Using Azure AD B2B to invite external users as guests to access resources.
- Applying Conditional Access policies to control guest access based on specific
conditions.
- Monitoring guest activity and revoking access when necessary.

These questions cover a range of topics related to Azure AD and Microsoft 365, and
providing detailed answers to them should help you prepare for your interview
effectively.
3 AZURE ACCESS AND Security

Microsoft Entra ID, formerly Azure Active Directory (Azure AD), can be created within the
Azure portal. Here's how to set it up:

Prerequisites:
 An existing Azure subscription. If you don't have one, you can sign up for a free trial
https://azure.microsoft.com/en-us/free.
Steps:
1. Sign in to Azure Portal: Go to the Azure portal
(https://azure.microsoft.com/en-us/get-started/azure-portal) and sign in using your
Microsoft account credentials.
2. Access Microsoft Entra ID Service:
o From the Azure portal menu, locate and select "Microsoft Entra ID."
3. Manage Tenants:
o Navigate to "Identity" > "Overview" > "Manage tenants."
4. Create a New Tenant:
o Click on "Create."
5. Configure Tenant Details:
o On the "Basics" tab, choose between:
 Microsoft Entra ID: For managing identities within your organization
(internal users).
 Microsoft Entra ID (B2C): For managing external user identities for
customer-facing applications.
o Select "Next: Configuration" to proceed.
6. Fill in Configuration:
o Enter your desired "Organization name."
o Choose a friendly name for your initial domain (it will use
<your_name>.onmicrosoft.com). You can add a custom domain later.

o Specify your "Country or region."

o Click "Next: Review + Create" to finalize.
7. Review and Create:
o Review the summary of your new tenant details.
o Click "Create" to provision your Microsoft Entra ID tenant.
Additional Resources:
4 AZURE ACCESS AND Security

 Microsoft Quickstart on Creating a New Tenant:

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-create-new-tenant
 Microsoft Entra ID Beginner's Tutorial (Video): YouTube:
https://m.youtube.com/watch?v=ztE_tmueE8s

Microsoft Entra ID offers two main tenant types:

1. Regular Microsoft Entra ID: This is designed for managing the identities of users
within your organization (internal users). It allows you to control access to various
Microsoft resources and applications used by your employees.
2. Microsoft Entra ID (B2C): This tenant type caters to Business-to-Consumer (B2C)
identity management. It enables you to manage the identities of external users who
access your customer-facing applications. This is useful for scenarios where you
provide services or applications to external users who aren't necessarily part of
your organization.eg customer-facing apps.

hat is Microsoft Intune?

Microsoft Intune is a cloud-based unified endpoint management (UEM) tool that
aims to help organizations manage the mobile devices employees use to access
corporate data and applications, such as email.

Unified endpoint management (UEM) is an approach to securing and

controlling desktop computers, laptops, smartphones and tablets in a
connected, cohesive manner from a single console.

It is a component of Microsoft's Enterprise Mobility + Security (EMS) offering,

a mobile device management and mobile application management (MAM)
platform. Intune is designed to integrate with other parts of the EMS offering,
including Azure Active Directory (Azure AD) and Microsoft Azure Information
Protection. Intune's app protection policy component uses the Azure AD identity to
separate corporate and personal data.
5 AZURE ACCESS AND Security

Microsoft Intune features and capabilities

Over the years, Microsoft Intune has evolved into a cross-platform tool for
managing devices and apps. The most important features and capabilities include
the following:

 Manage personally owned and company-owned devices of the most

common platforms and provide secure access to company data on
those devices. Microsoft Intune currently supports management
for Android, iOS and iPadOS, Linux, macOS, Windows and ChromeOS
devices.

 Manage the lifecycle of apps on managed devices, including the

deployment, update and removal of apps.

 Manage apps on mobile devices and securely provide access to

company data via those apps.

 Enable self-service functionalities, such as resetting PIN or password,

installing apps and removing devices, via the Company Portal app.

 Integrate with mobile threat defense services for a real focus on

endpoint security.

 Provide report capabilities that provide insights into your environment.

This includes reports with insights about policies, profiles, updates, apps
and more.

How it works
In Microsoft's approach to managing mobile devices, Intune mainly uses
protocols or APIs available in mobile OSes to execute tasks, such as
enrolling devices. Enrollment lets IT personnel maintain an inventory of
devices that can access enterprise services. Other tasks include mobile
device configuration, certificates, Wi-Fi and VPN profiles, and compliance
reporting concerning corporate standards. Intune integrates with Azure AD
to provide access control capabilities. That provides the required tool set
for working toward a zero-trust environment
6 AZURE ACCESS AND Security

Meanwhile, Microsoft's Intune app management approach covers areas

such as assigning mobile apps to the workforce, configuring those apps
with standard settings and removing enterprise data from mobile apps.
When used with other EMS suite services, Intune lets an organization
provide apps that can access additional mobile app and data security
features, such as single sign-on (SSO) and multifactor authentication.
Benefits of Microsoft Intune
Intune provides organizations with the features and capabilities to manage
their devices and apps and protect company data. With the integrations of
Intune with Azure AD, Windows Autopilot, Microsoft Defender for
Endpoint, Microsoft 365 and Windows Autopatch, it's an important part of
the zero-trust strategy in a Microsoft cloud environment.

Intune can provide an IT department with the required features for

managing enrollments, configurations, security, compliance, apps and
updates on any supported device. That enables IT admins to securely
provide access to company data on nearly any device.

With direct integration with Conditional Access via Azure AD, Intune can
enable IT administrators to check if a device complies with company
policies and only allow access to company data and apps when that device
is compliant.

Microsoft Intune pricing

Intune is priced per user, per month, and organizations can purchase it as
a standalone plan or a component of another subscription. The following
are the three individual plans:

1. Microsoft Intune Plan 1. Plan 1 includes basic UEM functionality

and is included with subscriptions to Microsoft 365 E3, E5, F1, F3,
EMS E3 and E5, and Business Premium plans. Notably, the
expanded tools in Microsoft Intune Suite are purchasable as add-
ons for Plan 1. The price for Plan 1 is $8 per user, per month.

2. Microsoft Intune Plan 2. Plan 2 is an add-on to Plan 1 and

features additional tools, such as Microsoft Intune Tunnel for MAM
7 AZURE ACCESS AND Security

and endpoint management for specialty devices. The price for

Plan 2 is $4 -- in addition to the $8 for Plan 1 -- per user, per
month.

3. Microsoft Intune Suite. Intune Suite is the highest-tier plan for

Intune as a standalone service. It's an add-on to Plan 1, includes
the add-ons from Plan 2 and features even more tools. The
additional tools found in Intune Suite include Remote Help,
Endpoint Privilege Management, advanced endpoint analytics and
more tools set for release later in 2023. The price for Intune Suite
is $10 -- in addition to the $8 for Plan 1 -- per user, per month.

Azure Active Directory vs Active Directory: What’s the Difference?

What is Active Directory?

Active Directory, or AD, is a directory service developed by Microsoft for

Windows domain networks. Its purpose is to facilitate the management of
network resources and user identities in a Windows-based environment. You can
think of it as a database that stores information about users, groups, and various
network objects, and provides both authentication and authorization to these
entities.

The hierarchical structure of Active Directory uses a domain-based model, where

network objects are organized into units called domains. Each domain represents
a distinct security boundary and administrative scope.

At the heart of Active Directory’s functionality is the Domain Controller.

A Domain Controller is a server that stores a copy of the AD database for a
specific domain. It serves as the source for authentication and authorization
requests within that domain. When a user attempts to log in or access resources,
the Domain Controller verifies their credentials and determines their permissions
based on the information stored in the AD database.

Core functions of AD include:

 Authentication: It validates the identities of users and devices accessing

network resources.
8 AZURE ACCESS AND Security

 Authorization: Once authenticated, it grants users permissions to

resources based on their roles and privileges.

 Directory services: It keeps a database of entities on the network.

 Group Policy management: It enforces policies across the network to

regulate user behavior, security settings, and software distribution.

Understanding Azure Active Directory

Azure Active Directory (Azure AD) is a cloud-based directory and identity and
access management service provided by Microsoft. It gives users a centralized
directory to manage user identities, authentication, and authorization in the
Azure cloud environment, as well as other linked services and applications. It
extends the functionality of on-premises AD into the Azure cloud environment.
Azure AD offers a variety of features that help secure cloud-based applications,
ensure compliance, and streamline IT processes, including the following:

 Cloud-based identity management: It centralizes user identities and

authentication mechanisms.

 Single Sign-On (SSO) and Multi-Factor Authentication (MFA): It supports SSO as

well as MFA which requires users to provide multiple forms of verification
before gaining access.

 Application integration: It offers seamless integration with various

Microsoft services and supports various authentication protocols and
standards, making it compatible with a wide range of applications.

 B2B and B2C identity scenarios: It allows secure collaboration with

external partners and enables businesses to manage identities and
authentication for their customers.
9 AZURE ACCESS AND Security

Similarities between Azure AD and Active Directory

While Azure AD and Active Directory have distinct purposes and target different
environments, they share some common features. These include:

 User and group management: Both allow administrators to create,

manage, and organize users and groups.

 Authentication: Both support validating user and device identities.

 Authorization: Both grant users permission to resources based on their

roles.

Active Directory and Azure AD also share some common objectives, including:

 Centralized management: Both platforms provide a solution for managing

user identities, authentication, and authorization in one place.

 Improved security: Both offer security features, like MFA, to protect user
identities and control access.

 Streamlined user experience: Both allow users to use one set of credentials
to access a large number of applications.

Differences between Azure AD and Active Directory

While both platforms share some common features, there are also some
differences between them. The core architectural difference between Active
Directory is that AD was designed for on-premises data centers and Azure AD was
designed for the Microsoft cloud. They also have some distinct differences in their
features, including:

 Protocols: Active Directory supports traditional authentication protocols

like Kerberos and LDAP, while Azure AD uses modern protocols like SAML,
OAuth 2.0, and OpenID Connect.

 Group Policy: Active Directory allows admins to manage Group Policy

Objects, while Azure AD uses Conditional Access policies.
10 AZURE ACCESS AND Security

 Domain Services: Active Directory provides DNS, DHCP, NPS, Wi-Fi, and
VPN access, but Azure AD does not.

 User device management: Azure AD manages devices accessing cloud

resources including mobile devices, but AD primarily manages on-
premises devices on the local network.

 B2B and B2C: Azure AD manages access for external partners and
customer-facing applications while AD focuses on internal user
management.

 Application integration: Azure AD integrates with many cloud services and

applications, while Active Directory is tailored to on-premises resources.

Considerations for choosing between Azure AD and Active Directory

Now that you know some of the similarities and differences, which do you use: AD
or Azure AD? This depends on your organization’s needs and infrastructure.

If your business relies heavily on on-premises infrastructure and needs traditional

domain services, Active Directory is the best choice. Many organizations still have
legacy and bespoke applications that are important to their operations, are
difficult to migrate to the cloud, and work better with traditional AD.

If instead, your organization primarily uses cloud services like Microsoft 365,
Azure, and other SaaS applications, Azure AD would be a better choice. It provides
seamless integration and centralized identity management for cloud services.
Azure AD will also scale with your cloud infrastructure to fit the needs of your
business as it grows.

If your organization has a hybrid environment and its infrastructure is split

between on-premises and the cloud, it doesn’t have to be an either-or
question. Azure AD Connect allows you to extend your on-premises AD identities
to Azure AD, creating an identity platform that spans both environments. This can
be highly beneficial if you want to leverage the benefits of both platforms while
maintaining a unified identity and access management strategy.

Microsoft Entra multifactor authentication

11 AZURE ACCESS AND Security

Multifactor authentication is a process in which users are prompted during the sign-
in process for an additional form of identification, such as a code on their cellphone
or a fingerprint scan.

If you only use a password to authenticate a user, it leaves an insecure vector for
attack. If the password is weak or has been exposed elsewhere, an attacker could be
using it to gain access. When you require a second form of authentication, security is
increased because this additional factor isn't something that's easy for an attacker to
obtain or duplicate.

Microsoft Entra multifactor authentication works by requiring two or more of the

following authentication methods:

 Something you know, typically a password.

 Something you have, such as a trusted device that's not easily
duplicated, like a phone or hardware key.
 Something you are - biometrics like a fingerprint or face scan.

Microsoft Entra multifactor authentication can also further secure password reset.
When users register themselves for Microsoft Entra multifactor authentication, they
can also register for self-service password reset in one step. Administrators can
choose forms of secondary authentication and configure challenges for MFA based
on configuration decisions.

Available verification methods

When users sign in to an application or service and receive an MFA prompt, they can
choose from one of their registered forms of additional verification. Users can
access My Profile to edit or add verification methods.

The following additional forms of verification can be used with Microsoft Entra
multifactor authentication:

 Microsoft Authenticator
 Authenticator Lite (in Outlook)
 Windows Hello for Business
 FIDO2 security key
 OATH hardware token (preview)
 OATH software token
12 AZURE ACCESS AND Security

 SMS
 Voice call

https://learn.microsoft.com/en-us/entra/fundamentals/
13 AZURE ACCESS AND Security
14 AZURE ACCESS AND Security


o What is Microsoft Entra ID?
o New name for Azure AD
o Identity fundamentals
o Introduction to identity and access management (IAM)
 First steps
o Create a Directory
o Add a custom domain name
o Associate an Azure subscription
o Add your privacy info
o Add company branding
o Rename Azure AD
o Get the most out of documentation
 Users, groups, and licenses
 Microsoft Copilot for Security + Microsoft Entra
 Quick security wins
 Support and help
 Reference

https://k21academy.com/microsoft-azure/admin/azure-active-directory-azure-ad/

What is Windows Active Directory?

Active Directory (AD): Active Directory is a database and a set of services connecting users
with the network resources required by them to get their work done. The database (or directory)
has critical information related to your IT environment, including what users and computers there
are and who’s allowed to do what. The services control most of the activity going on in your IT
environment so basically, Windows AD provides authentication and authorization to applications,
file services, and other resources in a network.
15 AZURE ACCESS AND Security

What is Microsoft Entra ID?

Microsoft Entra ID: If we want to manage access to the Azure Cloud application and associated
resources then we need Microsoft Entra ID. This helps your employees to access external
resources, such as Azure services, Azure portal, And other applications.
Microsoft Entra ID is a Microsoft cloud-based identity and access management service, which
helps your employees sign in and access resources in:

1) External resources, such as Microsoft Office 365, the Azure portal, and thousands of other
SaaS applications.
2) Internal resources, such as apps on your corporate network and intranet, along with any cloud
apps developed by your own organisation.

If we have a traditional on-premise setup with AD and want to integrate it with Azure Entra ID so
that we can manage access to the Cloud application, we can do it easily by using AD Connect.

In layman’s terms, the Microsoft Entra ID is not an extension of an on-premises directory. Rather,
it’s a copy that contains the same objects and identities.

How Does Microsoft Entra ID Work?

Microsoft Entra ID a cloud-based service for identity and access management that falls into the
identity as a service (IDaaS) category, is a secure online authentication store for both individual
user profiles and groups of user profiles.

It manages access through user accounts, which have a username and a password. Users can
be organized into different groups, which can have different access privileges for individual
applications. Identities from Microsoft or third-party software as a service (SaaS) can also be
created for cloud applications to grant user access.

To connect users to SaaS applications, Microsoft Entra ID uses SSO which allows each user to
access the full suite of applications they have permission for, without having to repeatedly log in
each time. It creates access tokens (that may be created with expiry dates) that are stored locally
on employee devices.
16 AZURE ACCESS AND Security

Azure Entra ID Concepts

1) Identity: Anything that can be authenticated. It can be a user with a username & password,
applications, or other services that require authentication.
2) Account: Identity with data associated.
3) Azure Entra ID Account: Identity created using Azure Entra ID or other Microsoft cloud
services.
4) Azure Tenant: An Instance of Azure Entra ID is created when an organization signs up for a
Microsoft Cloud service subscription.
5) Azure AD Directory: Each Azure Tenant has a dedicated and trusted Azure Entra ID
Directory.
6) User Subscription: To pay for Azure cloud services used.

Azure Entra ID Features & Licensing

Azure Entra ID works on a licensing model. You can access Azure Entra ID with these two
licenses:

 Microsoft Online Services

 Azure Entra ID Premium Licenses
If you have Office 365 or Microsoft Azure license, then you will get all the non-paid Azure
features, otherwise, you can get Azure premium features through Power BI premium licenses:

 Premium P1
 Premium P2 licenses
Features of Azure Entra ID
 Application Management: It Manages your cloud and on-premises apps using
services like Application Proxy, the My Apps portal, single sign-on, and Software
as a Service (SaaS) apps.
 Authentication: Users can manage Azure Entra ID self-service password reset
feature, Multi-Factor Authentication, custom banned password list, and smart
lockout.
 Azure Active Directory for developers: It builds apps that can sign in all the
Microsoft identities, and fetch tokens to call Microsoft Graph, and other Microsoft
or custom APIs
 Business-to-Business: You can manage your guest users and external partners
while also maintaining control over your own corporate data at the same time.
 Business-to-Customer (B2C): With Azure Entra ID users can customize and
control how others sign up, sign in, and manage their profiles when using their
apps.
 Managed identities for Azure resources: Provide your Azure services with an
automatically managed identity in Azure Entra ID that can authenticate any Azure
Entra ID-supported authentication service, including Key Vault.
 Reports and monitoring: Users can gain insights into the security and usage
patterns in their working environment.
 Privileged identity management (PIM): This feature includes access to
resources in Azure Entra ID and Azure, including some other Microsoft Online
Services, like Microsoft 365 or Intune. Users can manage, control, and monitor
access within their organization.
 Identity protection: Detect potential vulnerabilities affecting your organization’s
identities, configure policies to respond to suspicious actions, and accordingly take
appropriate steps to resolve them.
 Identity governance: Manage your organization’s identity through employee,
business partner, vendor, service, and app access controls.
17 AZURE ACCESS AND Security

 Enterprise users: Manage license assignments, app access, and setting up

delegates using groups and administrator roles.
Azure Entra ID Connect
It is used to integrate the on-premise directories (Active Directories) with Azure Active Directory
which provides a common identity for accessing both cloud and on-premise resources.

There are various features of Azure AD Connect:

1) Password Hash Synchronization: Sign-in method that synchronizes a hashed user on-
premise AD password with Azure Entra ID.
2) Pass-through authentication: Sign-in method that provides access to users to use the same
password on-premise and on the cloud.
3) Synchronization: Responsible for creating users, groups, and other objects and also
validating if the identity information of your on-premise users and groups match with the cloud.
4) Health Monitoring: A central place to view the activity and also provide monitoring.

Also, read our blog post on the Azure Virtual Network.

Azure AD Join
 Azure AD join is used to connect devices directly to Azure Entra ID and we need
not join to the on-premises AD.
 Azure AD joined devices are signed in for using an organizational Azure Entra ID
Account
 Devices that are Azure AD joined can still authenticate to on-premises servers like
file, print, and other applications.
18 AZURE ACCESS AND Security

Also Read Azure ExpressRoute vs VPN, to know the major differences between them.
Creating And Managing Users & Groups In Azure AD
There are many ways to add users and groups to Azure Active Direct.

 By syncing from an on-premises Windows Server Entra ID using AAD Sync. This
is how most enterprise customers will get their users added to the directory and
requires some additional server configuration on-premises to setup.
 Manually using the Azure Management Portal.
 Using PowerShell and the Azure Active Directory cmdlets
 Programmatically using the Azure Entra ID Graph API. This is an extremely
powerful option that essentially gives you full control of how users are added to the
directory.

Also Check: Our blog post on the Microsoft Azure Administrator certification exam az
104: Everything you need to know
19 AZURE ACCESS AND Security

Access To Azure Resources

It is a very difficult and important task for any organization to manage access to Azure resources.

 Role-based access control (RBAC) helps you manage who has access to Azure
resources, what they can do with those resources, and what areas they have
access to.
 RBAC is an authorization system built on Azure Resource Manager that provides
fine-grained access management of Azure resources.
 We can segregate duties and the amount of access to the users in a team that
they need to perform their tasks using RBAC.
 It’s a best practice to grant users the least privilege to get their work done.

A
Q.1 What is Azure Active Directory?

Microsoft Azure Entra ID is a cloud-based identity and access management solution.

It acts as a centralized directory for managing user IDs, authentication, and
authorisation in the Azure cloud environment as well as other linked applications and
services. Organizations may use Azure AD to restrict resource access, enforce
security standards, and provide single sign-on for users across many cloud and on-
premises apps. It includes functionality such as user provisioning, multi-factor
authentication, role-based access management, and connection with major software
as a service (SaaS) applications. In essence, Azure AD is a critical component of
Microsoft's cloud ecosystem for securely managing user identities and access to
digital resources.

Q.2 What is difference between Azure Active Directory and Active Directory?

AD is an on-premises directory service used to manage resources within a local

network, whereas Azure AD is a cloud-based service intended to manage identities
and access to cloud services and apps.
20 AZURE ACCESS AND Security

Q.3 What is an Active Directory used for?

Active Directory (AD) is a Microsoft directory service that is primarily used for
managing and organizing resources in a networked environment. It stores user
accounts, groups, machines, and other network objects in a centralized database.
AD supports various critical functions, including authentication, authorization, and
domain services. Administrators can use it to restrict user access to resources,
enforce security policies, and manage user permissions. AD also makes
administration easier by allowing the deployment of group rules to specify settings
across several machines, providing consistent setups and network security. Overall,
Active Directory is critical in Windows-based environments for simplifying user
management, improving security, and optimizing network administration.

Q.4 Is Azure Active Directory SaaS or PaaS?

Azure Active Directory (Azure AD) is a Microsoft cloud-based service that falls under
the Software-as-a-Service (SaaS) category. SaaS refers to the internet-based
distribution of software applications in which the provider hosts and administers the
underlying infrastructure, which includes servers, databases, and networking. With
Azure AD, enterprises can use the SaaS model to access and use Microsoft's
identity and access management features without having to manage the underlying
infrastructure. User authentication, access control, single sign-on, and connection
with other SaaS apps are among the features and functionalities provided by Azure
AD. As a result, Azure AD is categorized as a SaaS solution under the Microsoft
Azure cloud platform.

Q.5 What is tenant in Azure?

An Azure AD tenant is a reserved Azure AD service instance that an organization

obtains and owns after signing up for a Microsoft cloud service such as Azure,
Microsoft Intune, or Microsoft 365. Each tenant represents an organization and is
distinct from other Azure AD tenants.

Q.6 What is DNS in Active Directory?

Active Directory Domain Services (AD DS) makes advantage of Domain Name
System (DNS) name resolution services to allow clients to discover domain
controllers and the domain controllers that host the directory service to communicate
with one another.

Q.7 What is Azure LDAP?

The Lightweight Directory Access Protocol (LDAP) is an application protocol that

allows users to interact with various directory services. Active Directory, for example,
stores user and account information as well as security information such as
passwords.