Azure雲端資源管理_常見專有名詞
Tenant 租(用)戶
是指 Azure Active Directory 的單一專用且受信任的實例,它會在註冊 Microsoft 雲端服務訂閱時自動建立,Tenant 可能為一個組織、身分或個人。
一個租戶可與多個 Subscriptions 關聯,但每個 Subscriptions 只能與一個租戶綁定。
租用戶是 Microsoft Entra ID 的專用且受信任的執行個體,其中包含組織的資源,包括已註冊的應用程式和使用者的目錄。
有兩種方式可以設定租用戶,視組織打算如何使用租用戶和他們想要管理的資源而定:
- 員工租用戶設定
是一個標準 Microsoft Entra 租用戶,其中包含您的員工、內部商務應用程式和其他組織資源。 在員工租用戶中,您的內部使用者可以使用 B2B 共同作業,與外部商務夥伴和來賓共同作業。 - 外部租用戶設定
專用於您想要對取用者或商務客戶發佈的應用程式。 此相異租用戶遵循標準 Microsoft Entra 租用戶模型,但已針對取用者案例進行設定。 其中包含您的應用程式註冊和取用者或客戶帳戶的目錄。
Microsoft Entra ID is a cloud-based identity and access management service that your employees can use to access external resources.
Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.
To enhance your Microsoft Entra implementation, you can also add paid features by upgrading to Microsoft Entra ID P1 or P2 licenses, or adding on licenses for products such as Microsoft Entra ID Governance.
You can also license Microsoft Entra paid licenses are built on top of your existing free directory.
The licenses provide self-service, enhanced monitoring, security reporting, and secure access for your mobile users.
1.Microsoft Entra ID Free.
Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps.
2.Microsoft Entra ID P1.
In addition to the Free features, P1 also lets your hybrid users access both on-premises and cloud resources.
It also supports advanced administration, such as dynamic membership groups, self-service group management,
Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
3.Microsoft Entra ID P2.
includes features in addition to the features included in Free and P1. P2 includes Microsoft Entra ID Protection
to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, monitor administrators,
their access to resources and to provide just-in-time access when needed.
Microsoft Entra External ID
Microsoft Entra 外部 ID 結合了功能強大的解決方案,可與組織外部的人員合作。 使用外部 ID 功能,您可以允許外部身分識別安全地存取您的應用程式和資源。
無論是與外部合作夥伴、取用者或商務客戶合作,使用者都可以攜帶自己的身分識別。
這些身分識別的範圍從公司或政府發行的帳戶到 Google 或 Facebook 等社交識別提供者。
- Build secure web and mobile apps for customers and partners in minutes, with developer-friendly tools.
- Federated single sign-on (SSO) for seamless access to your applications.
- Support for multiple identity providers, including Azure AD, Google, and Facebook.
- Risk-based authentication to protect against unauthorised access.
- Privacy-preserving identity verification to ensure that your users are who they say they are.
Microsoft Entra Connect Sync
Microsoft Entra Connect 同步處理服務(Microsoft Entra Connect Sync)是 Microsoft Entra Connect 的主要元件。 它負責處理所有與本機環境與 Microsoft Entra ID 之間的身分識別數據同步相關的作業。 Microsoft Entra Connect Sync 是 DirSync 和 Azure AD Sync 的繼任者。
Microsoft Entra Connect 會將用戶密碼的哈希從內部部署 Active Directory 實例同步處理至雲端式Microsoft Entra 實例。
Resource Lock
Azure 資源鎖是一項安全功能,有助於防止意外修改或刪除 Azure 訂閱中的資源。
鎖可以應用於各種資源,例如 VM、儲存帳戶和資料庫。
Azure RBAC 基於角色的訪問控制
Ref:
【Explanation】Azure Infrastructure — 了解 Resource Manager 來優化 Azure 基礎設施管理
Getting Tenant Name and ID
The Ultimate Guide to Setting Up Microsoft Entra Cloud Sync
怎麼可以避免資源被誤刪?所有 Production 環境都應該要上 Resource Lock
Azure RBAC(Role-Based Access Control) example use case
留言
張貼留言