Basic Info

Microsoft Azure, often called Azure, is a cloud computing service by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

- Azure Active Directory (AAD):

Entra ID, formerly known as Azure Active Directory (Azure AD), is Microsoft's enterprise cloud-based identity and access management (IAM) solution. It is essential for Office 365, syncing with on-premise Active Directory, and providing authentication to other cloud-based systems via OAuth.

Entra ID Objects:

• Each Entra ID object has a unique ID called an object ID.

• Each object has its own properties.

• Types of Entra ID objects include:

  • Users

  • Groups

  • Devices

  • Applications

Entra ID Directory Roles:

• Directory roles are predefined sets of permissions to perform specific tasks within an Entra ID tenant.

• These roles facilitate administrative tasks in Entra ID.

• Types of roles:

  • Built-in Directory Roles:

    • Global Administrator

    • Application Administrator

    • User Administrator

  • Custom Directory Roles

Microsoft Graph API Endpoint:

{HTTP method} https://graph.microsoft.com/{version}/{resource}?{query-parameters}

- Azure Resource Manager (ARM):

Azure Resource Manager (ARM) is the native platform for infrastructure as code (IaC) in Azure. It centralizes the management, deployment, and security of Azure resources and supports Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). ARM manages access control using Role-Based Access Control (RBAC).

Azure Resource Manager Resource Hierarchy:

• AAD Tenant

• Management Group

• Subscription

• Resource Group

• Resource

Role-Based Access Control (RBAC)

• Azure RBAC is an authorization system built on ARM that provides fine-grained access management of Azure resources.

• Role Assignment:

  • Security Principal

    • Represents a user, group, service principal, or managed identity requesting access.

    • Types include:

      • User Identity

      • Groups

      • Service Principal

      • Managed Identity

        • User Assigned

        • System Assigned

    • Scope

      • The set of resources that the access applies to.

      • Levels include:

        • Management Group Level

        • Subscription

        • Resource Group

        • Individual Resource

    • Role Definition

      • The process of attaching a role definition to a user, group, service principal, or managed identity at a particular scope to grant access.

      • Access is granted by creating a role assignment and revoked by removing it.

Azure Resource Manager API Endpoint:

{HTTP method} https://management.azure.com/{version}/{resource}?{query-parameters}

- Office 365 (O365):

A cloud-based suite of productivity and collaboration applications.

Provided as Software as a Service (SaaS).

• Types of Subscriptions:

  • Personal

  • Business

• List of Enterprise Apps Included in Office 365:

  • Microsoft Exchange Online

  • Microsoft SharePoint Online

  • Office for the web: https://outlook.office365.com

  • Microsoft Skype for Business Online

  • Microsoft OneDrive

  • Microsoft Teams: https://teams.microsoft.com/

  • Microsoft Intune: https://endpoint.microsoft.com/

• Office 365 Access:

  • Users can access the Office 365 portal with different roles assigned to them.

  • Management Access (Administrator Role):

    • Management portal is used to manage Office 365 users, applications, and configuration.

  • User Access (User Role):

    • User portal is used to access Office 365 applications.

• Office 365 Management Access:

  • Web Portals:

    • O365 / M365 Admin Center:

      • https://admin.microsoft.com

      • https://portal.microsoft.com

Microsoft Graph API:

{HTTP method} https://graph.microsoft.com/{version}/{resource}?{query-parameters}

O365 API: (Management, Outlook, and other applications)

{HTTP method} https://*.office.com/{version}/{resource}?{query-parameters}