You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/describe-azure-identity-access-security/includes/2-directory-services.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,17 @@
1
-
Microsoft Entra ID is Microsoft's cloud-based identity and access management service. It lets you sign in and access both Microsoft cloud applications and cloud applications that you develop.
1
+
Microsoft Entra ID is Microsoft's cloud-based identity and access management service. You use it to sign in and access both Microsoft cloud applications and applications that you develop.
2
2
3
3
If you've worked with on-premises Active Directory, Microsoft Entra ID will feel familiar. The key difference is that you control the identity accounts while Microsoft ensures the service is available globally.
4
4
5
-
Connecting the two unlocks extra protection. On its own, on-premises Active Directory doesn't monitor sign-in behavior. Once connected to Microsoft Entra ID, Microsoft can detect suspicious sign-in attempts at no extra cost — for example, sign-ins from unexpected locations or unknown devices.
5
+
Connecting on-premises Active Directory to Microsoft Entra ID adds security. On its own, on-premises Active Directory doesn't monitor sign-in behavior. After the connection, Microsoft Entra ID can detect suspicious sign-in attempts at no extra cost — for example, sign-ins from unexpected locations or unknown devices.
6
6
7
7
## Who uses Microsoft Entra ID?
8
8
9
9
Microsoft Entra ID is for:
10
10
11
11
-**IT administrators**. Administrators can use Microsoft Entra ID to control access to applications and resources based on workload and security requirements.
12
-
-**App developers**. Developers can use Microsoft Entra ID to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user's existing credentials.
13
-
-**Users**. Users can manage their identities and take maintenance actions like self-service password reset.
14
-
-**Online service subscribers**. Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Microsoft Entra ID to authenticate into their account.
12
+
-**App developers**. Developers can use Microsoft Entra ID as a standards-based way to add functionality to their applications, such as SSO or support for existing user credentials.
13
+
-**Users**. Users can manage their identities and perform tasks like self-service password reset.
14
+
-**Online service subscribers**. Microsoft 365, Azure, and Dynamics 365 subscribers already use Microsoft Entra ID to sign in to their accounts.
15
15
16
16
## What does Microsoft Entra ID do?
17
17
@@ -26,27 +26,27 @@ Microsoft Entra ID provides services such as:
26
26
27
27
## Can I connect my on-premises AD with Microsoft Entra ID?
28
28
29
-
Without a connection, an on-premises Active Directory deployment and a cloud Microsoft Entra ID deployment require you to maintain two separate identity sets. Microsoft Entra Connect bridges that gap.
29
+
Without a connection, you must maintain two separate identity sets: one in on-premises Active Directory and one in Microsoft Entra ID. Microsoft Entra Connect bridges that gap.
30
30
31
-
Microsoft Entra Connect synchronizes user identities between on-premises Active Directory and Microsoft Entra ID. Because changes flow between both systems, users get a consistent experience — including SSO, multifactor authentication, and self-service password reset — whether they're accessing on-premises or cloud resources.
31
+
Microsoft Entra Connect synchronizes user identities between on-premises Active Directory and Microsoft Entra ID. Because changes flow between both systems, users have a consistent experience — including SSO, multifactor authentication, and self-service password reset — whether they access on-premises or cloud resources.
32
32
33
33
## What is Microsoft Entra Domain Services?
34
34
35
35
Microsoft Entra Domain Services provides managed domain services — domain join, group policy, LDAP, and Kerberos/NTLM authentication — without requiring you to deploy or maintain domain controllers in the cloud.
36
36
37
-
This is especially useful for legacy applications that can't use modern authentication. You can lift and shift those applications from on-premises into a managed domain without managing an AD DS environment in the cloud.
37
+
Managed domain services are especially useful for legacy applications that can't use modern authentication. You can lift and shift those applications from on-premises into a managed domain without managing an AD DS environment in the cloud.
38
38
39
-
Because Microsoft Entra Domain Services integrates with your existing Microsoft Entra tenant, users can sign in to the managed domain with their existing credentials. Existing groups and user accounts also carry over, providing a smoother migration path.
39
+
Because Microsoft Entra Domain Services integrates with your existing Microsoft Entra tenant, users can sign in to the managed domain with their existing credentials. Existing groups and user accounts also transfer, which simplifies migration.
40
40
41
41
### How does Microsoft Entra Domain Services work?
42
42
43
-
When you create a Microsoft Entra Domain Services managed domain, you define a unique namespace. This namespace is the domain name. Two Windows Server domain controllers are then deployed into your selected Azure region. This deployment of DCs is known as a replica set.
43
+
When you create a Microsoft Entra Domain Services managed domain, you define a unique namespace. This namespace is the domain name. Azure then deploys two Windows Server domain controllers into your selected region. This pair of DCs is called a replica set.
44
44
45
45
You don't need to manage, configure, or update these DCs. The Azure platform handles the DCs as part of the managed domain, including backups and encryption at rest using Azure Disk Encryption.
46
46
47
47
### Is information synchronized?
48
48
49
-
A managed domain is configured to perform a one-way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services. You can create resources directly in the managed domain, but they aren't synchronized back to Microsoft Entra ID. In a hybrid environment with an on-premises AD DS environment, Microsoft Entra Connect synchronizes identity information with Microsoft Entra ID, which is then synchronized to the managed domain.
49
+
A managed domain performs one-way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services. You can create resources directly in the managed domain, but they don't synchronize back to Microsoft Entra ID. In a hybrid environment, Microsoft Entra Connect synchronizes on-premises AD DS identity information with Microsoft Entra ID, which then synchronizes to the managed domain.
50
50
51
51
:::image type="content" source="../media/directory-services-option-sync-architecture.png" alt-text="Diagram showing the identity sync flow from on-premises Active Directory through Microsoft Entra Connect to Microsoft Entra ID and Domain Services.":::
0 commit comments