Project 3 – User Management and Authentication Template
Project 3 – User Management and Authentication Template
This template is expected to help Microsoft 365 customers design and deploy their Azure Active Directory (Azure AD) applications
Azure AD Application Service Template
This template is designed to be used with Microsoft 365 for Business.
Objective
In Project 2 deliverable, you implemented a strategy for user identity. Managing user identity is equally important as implementing it. Proper management of identity ensures that users have access to resources they need to perform their job functions and accounts are properly secured. In this deliverable, you will demonstrate the creation of user groups, manage Role-Based Access Control (RBAC) roles, view user login activity, the configuration of Azure AD self-service password reset policy, and create a customed banned password.
Part 1: Create Groups
The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted.
- Step 1 – Groups Screenshot
Part 2: Manage Role-Based Access Control (RBAC) Roles
The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted.
- Step 1 – Helpdesk Administrator – Michael Pattis
- Step 2 – Global Administrator – Sudan Pandya
Part 3: Examine User Login Activity
The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted.
- Step 1 – User Sign-ins Activity
Part 4: Azure Active Directory Password Reset
The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted.
- Step 1 – Selected User Password Reset
Part 5: Azure Active Directory Banned Passwords
The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted.
- Step 1 – Banned Password Policy
Part 6: Authentication
The Opportunity: Basic Authentication and Moden Authentication
- Discuss in a few paragraphs the differences between basic authentication and modern authentication in the content of Microsoft 365 tenant. What authentication method should KCoder implement and why?
References
These sample citations use the IEEE style. Ensure you use in-text citations in the body of your paper as appropriate.
[1] “Microsoft 365 for enterprise overview.” 09, September 2020 [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide [Accessed January 1, 2020].
Resources
Azure Active Directory Groups: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal
Azure AD Roles: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-manage-roles-portal
Azure Self Service Password Reset – https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
Azure Active Directory Banned Passwords: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection
Azure AD is a free and open-source provider of identity and access management (IAM) solutions. Azure AD enables organizations to manage their users across the entire enterprise, including the infrastructure layer of their infrastructure, such as servers, storage, and networks. Azure AD supports multi-tenancy among multiple users in an organization, allowing them to share data stores between each other or to identify each other with unique identifiers.
Microsoft currently has a method for storing and managing users within the company. This is known as “Azure Active Directory” (AD) and it is the most popular and popular approach of storing and managing users in Microsoft’s cloud services. Azure AD uses a three-tier architecture which allows the user to be managed from any one of these three tiers, depending on their roles within an organization.
This section deals with the authentication techniques that Azure AD supports, including: username/password/fingerprint, OAuth 2.0, Azure Active Directory Federation Service (AADF), SAML 2.0.
There are a lot of companies that are using Microsoft 365 every day to store every user’s data. This includes passwords, usernames, email addresses, instant messaging, groups and more. It’s very easy to log in with Microsoft 365 if you have it set up properly. But this is not the case for all users because sometimes users forget their password or their email address for an unknown reason.
So how do you prevent this? The solution lies in adding a policy to your Microsoft 365 account which keeps track of all users who are missing login credentials or forgot their email address for an unknown reason. There is no need to manually update the settings on each user’s machine which means that you can securely manage user information without creating any risks associated with managing any sensitive data.
