Skip to content

Commit 19fcc80

Browse files
committed
Line edits
1 parent bfd41c8 commit 19fcc80

15 files changed

+71
-79
lines changed

learn-pr/azure/intro-to-azure-ad/includes/2-overview.md

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ Microsoft Entra ID is a cloud-based identity-management solution. It helps your
1212

1313
- Access internal resources such as applications on the corporate network and cloud-based applications that your company builds.
1414

15-
Microsoft Entra ID also helps you keep user identities and applications secure through features like Conditional Access and identity protection.
15+
Microsoft Entra ID also helps you keep user identities and applications secure through features like Conditional Access and Microsoft Entra ID Protection.
1616

1717
![Diagram of Microsoft Entra ID.](../media/2-azure-ad.svg)
1818

@@ -22,7 +22,7 @@ Microsoft Entra ID stores your users in a *tenant* that represents an organizati
2222

2323
## Who benefits from Microsoft Entra ID?
2424

25-
Microsoft Entra ID meets the needs of many types of users. For instance, an IT administrator can use Microsoft Entra ID to determine who should have access to applications and resources, based on company requirements. An administrator can add another layer of protection to applications and services by enforcing multifactor authentication on sign-ins.
25+
Microsoft Entra ID meets the needs of many types of users. For instance, an IT Administrator can use Microsoft Entra ID to determine who should have access to applications and resources, based on company requirements. An Administrator can add another layer of protection to applications and services by enforcing multifactor authentication on sign-ins.
2626

2727
Application developers can use Microsoft Entra ID to allow users to use pre-existing credentials to access applications. Developers can also use Microsoft Entra ID to create personalized end-user experiences by accessing organizational user data through APIs that are specific to Microsoft Entra ID.
2828

@@ -32,9 +32,9 @@ If you subscribe to services like Azure or Microsoft 365, you're already taking
3232

3333
## Identity secure score in Microsoft Entra ID
3434

35-
If you're an administrator, you need to know how secure your Microsoft Entra tenant is. The identity secure score can help you understand. Microsoft Entra ID gives an overall percentage between 1 and 100. This value represents how well you match the recommendations and best practices that Microsoft suggests for tenant security. The identity secure score reveals how effective your security is and helps you implement improvements.
35+
If you're an Administrator, you need to know how secure your Microsoft Entra tenant is. The identity secure score can help you understand. Microsoft Entra ID gives an overall percentage between 1 and 100. This value represents how well you match the recommendations and best practices that Microsoft suggests for tenant security. The identity secure score reveals how effective your security is and helps you implement improvements.
3636

37-
You can find your tenant's identity secure score in the Azure portal. Go to your Microsoft Entra tenant, select **Security**, and then select the **Identity Secure Score** dashboard.
37+
You can find your tenant's identity secure score in the Microsoft Entra admin center. Sign in to the Microsoft Entra admin center as at least a Global Reader, browse to **Microsoft Entra ID**, and choose **Identity Secure Score** to view the dashboard.
3838

3939
![Secure identity score.](../media/2-secure-identity-score.png)
4040

@@ -51,7 +51,7 @@ Active Directory and Microsoft Entra ID are separate services that are used for
5151
Microsoft Entra ID is a cloud-based identity solution that helps you manage users and applications. Active Directory manages objects, like devices and users, on your on-premises network. Here are some other differences:
5252

5353
|Service|Authentication |Structure |Used for
54-
|---------|---------|---------|---------|
54+
|---------|---------|---------|---------
5555
|Active Directory |Kerberos, NTLM| Forests, domains, organizational units | Authentication and authorization for on-premises printers, applications, file services, and more
5656
|Microsoft Entra ID |Includes SAML, OAuth, WS-Federation|Tenants|Internet-based services and applications like Microsoft 365, Azure services, and third-party SaaS applications
5757

@@ -67,31 +67,31 @@ Your users want to access applications from both the cloud and on-premises. You
6767

6868
Multiple authentication methods let you achieve hybrid identity for users:
6969

70-
- **Microsoft Entra password hash synchronization**. Here, the user's password is hashed twice and synchronized between the on-premises Active Directory and Microsoft Entra ID. Users have the same credentials to access resources and applications both on-premises and in the cloud.
70+
- **Microsoft Entra password hash synchronization**: Here, the user's password is hashed twice and synchronized between the on-premises Active Directory and Microsoft Entra ID. Users have the same credentials to access resources and applications, both on-premises and in the cloud.
7171

72-
- **Microsoft Entra pass-through authentication**. Here, an agent is installed on on-premises servers that authenticates against the on-premises Active Directory. When a Microsoft Entra user account tries to authenticate, password authentication is handled on-premises through these servers and Active Directory.
72+
- **Microsoft Entra pass-through authentication**: Here, an agent is installed via on-premises servers that authenticates against the on-premises Active Directory. When a Microsoft Entra user account tries to authenticate, password authentication is handled on-premises through these servers and Active Directory.
7373

74-
- **Federated authentication**. Here, an on-premises Active Directory Federation Services (AD FS) server that validates users' passwords performs the authentication process. Use this authentication method if you want advanced measures like smart card-based authentication for users.
74+
- **Federated authentication**: Here, an on-premises Active Directory Federation Services (AD FS) server that validates users' passwords performs the authentication process. Use this authentication method if you want advanced measures like smart card-based authentication for users.
7575

7676
These authentication options allow you to give users a single sign-on experience. Using single sign-on means users are automatically signed in when they use company devices and connect to your internal corporate network.
7777

7878
Use the following table as a reference for which options to use for particular scenarios:
7979

80-
|You want to: |Password hash synchronization|Pass-through authentication|Federated authentication|
81-
|---------|---------|---------|---------|
82-
|Automatically synchronize to the cloud the users, contacts, and groups that are set up on on-premises Active Directory|Yes|Yes|Yes|
83-
|Allow users to access cloud applications and resources by using their on-premises password|Yes|Yes|Yes|
84-
|Ensure that password hashes aren't stored in the cloud|No|Yes|Yes|
85-
|Use cloud-based multifactor authentication|Yes |Yes|Yes|
86-
|Use on-premises multifactor authentication|No|No|Yes|
87-
|Use smart card authentication for added protection|No|No|Yes|
80+
|You want to: |Password hash synchronization|Pass-through authentication|Federated authentication
81+
|---------|---------|---------|---------
82+
|Automatically synchronize to the cloud the users, contacts, and groups that are set up via on-premises Active Directory|Yes|Yes|Yes
83+
|Allow users to access cloud applications and resources by using their on-premises password|Yes|Yes|Yes
84+
|Ensure that password hashes aren't stored in the cloud|No|Yes|Yes
85+
|Use cloud-based multifactor authentication|Yes |Yes|Yes
86+
|Use on-premises multifactor authentication|No|No|Yes
87+
|Use smart card authentication for added protection|No|No|Yes
8888

8989
## European identity data storage
9090

9191
When you subscribe to a service like Azure or Microsoft 365, all of your identity data is stored based on the address you provide during the subscription process. If you're a customer who uses an address in Europe, Microsoft Entra ID stores most of your data in European datacenters. However, services that you use with Microsoft Entra ID store some data outside Europe. Here are a few examples of some of the data stored outside Europe:
9292

93-
|Microsoft Entra ID-based service |Data location |
94-
|---------|---------|
95-
|Microsoft Entra B2B (Microsoft Entra B2B)| Guest users access applications through a link in an invitation email or a link shared directly with them. These redemption links are stored in US datacenters. If a user unsubscribes from invitation messages, their email address is also stored in US datacenters. |
96-
|Azure Active Directory B2C (Azure AD B2C)|No personal data is stored outside of Europe, but policy configuration data is stored in US datacenters.|
97-
|Microsoft Entra multifactor authentication|Phone calls and text messages come from US datacenters, and global providers handle the routing. OAuth code validation happens in the US. Push notifications for the Microsoft Authenticator app come from US datacenters.|
93+
|Microsoft Entra ID-based service |Data location
94+
|---------|---------
95+
|Microsoft Entra B2B (Microsoft Entra B2B)| Guest users access applications through a link in an invitation email or a link shared directly with them. These redemption links are stored in US datacenters. If a user unsubscribes from invitation messages, their email address is also stored in US datacenters.
96+
|Azure Active Directory B2C (Azure AD B2C)|No personal data is stored outside of Europe, but policy configuration data is stored in US datacenters.
97+
|Microsoft Entra multifactor authentication|Phone calls and text messages come from US datacenters, and global providers handle the routing. OAuth code validation happens in the US. Push notifications for the Microsoft Authenticator app come from US datacenters.

0 commit comments

Comments
 (0)