A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.
This data store, also known as the directory, contains information about Active Directory objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer accounts.
Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network.
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. Azure AD helps your employees sign in and access resources in:
More information can be found at:
The Microsoft identity platform allows developers to build apps targeting a wide variety of custom Microsoft 365 environments and identities. To get started using Microsoft identity platform, you will need access to an environment, also called an Azure AD tenant, that can register and manage apps, have access to Microsoft 365 data, and deploy custom Conditional Access and tenant restrictions.
A tenant is a representation of an organization. It’s a dedicated instance of Azure AD that an organization or app developer receives when the organization or app developer creates a relationship with Microsoft– like signing up for Azure, Microsoft Intune, or Microsoft 365.
Each Azure AD tenant is distinct and separate from other Azure AD tenants and has its own representation of work and school identities, consumer identities (if it’s an Azure AD B2C tenant), and app registrations. An app registration inside of your tenant can allow authentications from accounts only within your tenant or all tenants.
Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals. It provides the following features:
Security is a top concern for organizations using the cloud. A key aspect of cloud security is identity and access when it comes to managing your cloud resources. In a mobile-first, cloud-first world, users can access your organization’s resources using a variety of devices and apps from anywhere. As a result of this, just focusing on who can access a resource is not sufficient anymore. To master the balance between security and productivity, you also need to factor how a resource is accessed into an access control decision.
The following are some common access concerns that conditional access can help you with:
A conditional access policy is a definition of an access scenario using the pattern: When this happens à Then do this
Azure Active Directory Identity Protection is a feature of the Azure AD Premium P2 edition that enables you to:
Azure offers built in advanced threat detection functionality through services such as Azure Active Directory (Azure AD), Azure Monitor logs, and Azure Security Center. This collection of security services and capabilities provides a simple and fast way to understand what is happening within your Azure deployments.
Azure provides a wide array of options to configure and customize security to meet the requirements of your app deployments. This article discusses how to meet these requirements.
Azure Rights Management (often abbreviated to Azure RMS) is the protection technology used by Azure Information Protection.
This cloud-based protection service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.
As an example, employees might email a document to a partner company, or save a document to their cloud drive. The persistent protection that Azure RMS provides not only helps to secure your company data, but might also be legally mandated for compliance, legal discovery requirements, or simply for good information management practices.
But very importantly, authorized people and services (such as search and indexing) can continue to read and inspect the protected data. This capability is not easily accomplished with other information protection solutions that use peer-to-peer encryption. You might have heard this capability referred to as “reasoning over data” and it is a crucial element in maintaining control of your organization’s data.
Protection is supported by the popular end-user devices that run Windows, macOS, iOS, and Android.
Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
The following picture shows an example of Azure Information Protection in action on a user’s computer. The administrator has configured a label with rules that detect sensitive data and in this example, it is credit card information. When a user saves a Word document that contains a credit card number, she sees a custom tooltip that recommends the label that the administrator has configured. This label classifies the document and protects it.
After your content is classified (and optionally protected), you can then track and control how it is used. You can analyze data flows to gain insight into your business, detect risky behaviors and take corrective measures, track access to documents, prevent data leakage or misuse, and so on.
Click-to-Run is the technology used to install Office 365 subscription and most versions of Office 2013 and newer. Windows Installer technology (MSI) was used to install the volume license editions of older versions of Office 2016 and older, such as Microsoft Office Professional Plus and Microsoft Office Standard.
Traditional software downloads require a complete (and sometimes lengthy) download before the product can be unpackaged, installed and used on an endpoint computer. Click-to-Run streams Office installs over a network, much the same way YouTube streams videos to website visitors. Streaming allows the end user to open and use Office before the entire software suite has been downloaded. If the end user clicks on a part of Office that has not yet been downloaded, Click-to-Run will jump ahead to that part of Office and make it available. Once the entire download is complete and the software has been installed, the end user can run Office offline.
You can’t install the same version of Office products that use two different installation technologies installed on the same computer. This also applies to standalone applications like Access, Visio, Project, Skype for Business, or OneDrive for Business.
A domain, in the context of networking, refers to any group of users, workstations, devices, printers, computers and database servers that share different types of data via network resources. There are also many types of subdomains.
A domain has a domain controller that governs all basic domain functions and manages network security. Thus, a domain is used to manage all user functions, including username/password and shared system resource authentication and access. A domain is also used to assign specific resource privileges, such as user accounts.
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery in Office 365 to search for content in Exchange Online mailboxes, Office 365 Groups, Microsoft Teams, SharePoint Online and OneDrive for Business sites, and Skype for Business conversations. You can search mailboxes and sites in the same eDiscovery search by using the Content Search tool in the Security & Compliance Center. And you can use eDiscovery cases in the Security & Compliance Center to identify, hold, and export content found in mailboxes and sites. If your organization has an Office 365 E5 subscription, you can further analyze content by using Office 365 Advanced eDiscovery.
Office 365 provides the following eDiscovery tools:
Moving to the cloud increases flexibility for employees and reduces IT cost. However, it also introduces new challenges and complexities for keeping your organization secure. To get the full benefit of cloud applications, an IT team must find the right balance of supporting access while maintaining control to protect critical data.
Cloud App Security is a critical component of the Microsoft Cloud Security stack. It’s a comprehensive solution that can help your organization as you move to take full advantage of the promise of cloud applications, but keeps you in control through improved visibility into activity. It also helps increase the protection of critical data across cloud applications. With tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, your organization can more safely move to the cloud while maintaining control of critical data.
Microsoft Intune is a cloud-based service in the enterprise mobility management (EMM) space that helps enable your workforce to be productive while keeping your corporate data protected. Similar to other Azure services, Microsoft Intune is available in the Azure portal. With Intune, you can:
Common business problems that Intune helps solve:
Ever wonder how secure your organization really is in Office 365? Secure Score analyzes your organization’s security based on your regular activities and security settings in Office 365, and assigns a score. Read the article at the following link to get an overview of Secure Score and how you can use it.
Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:
Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:
Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices.
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple.
Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.