The Company Branding section allows you to set up custom text and graphics that your users will see when they sign into Azure AD. This allows your organization to set up their logo and custom color schemes. Organizations can provide a consistent look and feel for their users when they sign into their Azure AD pages.
Properties
The Properties section allows you to change settings, including Tenant Name, Notification Language, Tenant ID, Technical Contact Email, Global Privacy Contact, Privacy Statement URL, and Access Management Person For Azure.
Security
The Security section gives you an overview of your security policies and security issues. Security is a big part of Azure AD because unlike an onsite network, the Azure AD network can be accessed from anywhere in the world. So, making sure your Azure AD security is strong is a very important task for any Azure administrator.
Azure AD offers a wide range of security features to protect your organization. Some of these features are as follows:
■ Azure AD Conditional Access
■ Azure AD Identity Protection
■ Microsoft Defender for Cloud
■ Identity Secure Score
■ Named locations
■ Authentication methods
■ Multifactor Authentication (MFA)
All of the Azure Security settings will be covered in greater detail throughout the rest of this book.
Conditional Access
The Conditional Access section (see Figure 10.10) allows you to configure security policies. When it comes to Azure, one of the biggest concerns for organizations is cloud- based security. Azure allows users to access their networks from anywhere in the world and from almost any device. Because of this, just securing resource access is not enough. This is where Conditional Access policies come into play.
FIGURE 10.10 Conditional Access Policies section
Conditional Access policies allow an organization to set how resources are accessed using access control decisions (who has access to resources) through Azure AD. Setting up Conditional Access policies allows your organization to have automated access control decisions based on the policies that your organization sets. Some of the situations that Conditional Access policies can help with are sign- in risk, network location risk, device management, and client applications.
Identity Secure Score
The Identity Secure Score section lets you view your Azure AD Identity Security score. The Identity Secure score is an indicator of how aligned Azure AD is with Microsoft’s best practice recommendations for your organization’s security setup.
The Identity Secure Score is an integer number, and the higher the number, the better your security settings align with Microsoft’s recommendations. The score helps your organization objectively measure their identity security position, plan for identity security improvements, and review the successful implementation of your organization’s improvements.
On this Identity Secure Score dashboard, you will be able to view your organization’s score, comparison graph, trend graph, and a list of identity security best practices.
So, the way this works is that Azure views your security configuration every 48 hours. It then takes what it sees and compares your organization’s settings against Microsoft’s best practices. Based on that evaluation, your organization’s security score is calculated. Based on that security score, you can adjust your security settings and policies to make improvements.
Configuring Objects
Now that we have looked at some of the different sections within Azure AD, let’s see how to create objects such as users and groups.
User accounts allow employees to log into the Azure network. In Exercise 10.1, I will show you how to create a user account in Azure AD.
EXERCISE 10.1
Creating an Azure AD User Account
- Log into the Azure dashboard.
- Click the Azure Active Directory link.
- Under Manage, click the Users link.
- Click the link +New User.
- Type the name of your user and a username. For this exercise, I used George Washington as my user’s name and GWashington@wpanek.onmicrosoft.com as the username.
- Click Profile and enter the user’s name and job information. Click OK when you’re done filling out the profile information.
- We are not going to add this user to a group yet. Make sure the Directory role is set to User.
- Click the Show Password box to see the temporary password assigned. Then click the Create button.
- You should now see your user account. If you would like to change any user information, double- click the user account and make changes. Be sure to save any changes that are made.
In Exercise 10.2, I will show you how to create a group in Azure AD.
EXERCISE 10.2
Creating an Azure AD Group Account
- Log into the Azure dashboard.
- Click the Azure Active Directory link.
- Under Manage, click the Groups link.
- Click the link +New Group.
- From the Group Type pull- down, choose Security. Security groups are the group type you use when you want the group to be assigned to resources. Microsoft 365 groups allow users to collaborate with other users by giving them access to a shared mailbox, calendar, files, SharePoint site, and more.
- In the Group Name field, type the name of your group. I used Marketing for my group name.
- In the Group Description field, type a description for your group.
- From the Membership Type pull- down, choose Assigned. Assigned groups allow you to add specific users to the group and to have unique permissions. Dynamic user groups allow you to use dynamic group rules to automatically add and remove members. Dynamic device groups let you use dynamic group rules to automatically add and remove devices.
- Click the Create button.