At the core of Microsoft 365 is the concept of identity-based security management. One of the benefits of using Microsoft 365 is that it includes a directory service, Azure Active Directory (AAD), which can be used to define an organization's cloud-service security baseline.

Identity and security administrators alike should understand the main security features that can be integrated between their new and existing solutions. In the case of Microsoft 365, this will likely mean integrating an existing AD on-premise deployment with Azure AD.

In this chapter, we'll highlight some of the basic security features present in both AD (part of an organization's on-premise identity infrastructure), and AAD. Specifically, we'll look at the following:

• Understanding directory-based security features
• Addressing common threats with AAD

By the end of this chapter, you should have an understanding of how some AD security features such as Group Policy and password management, can be used in conjunction with AAD to mitigate threat risks.