Crash course

in Azure Active
Directory
 February Crash course in Azure Active Directory
2018

Crash course in Azure

Active Directory
Competing today requires a focus on digital transformation
and empowering everyone to be creative and work together
securely. To create a modern workplace, you must provide
seamless access to the tools and data people need, wherever
they are, on whichever device they choose. To help keep your
modern workplace secure, you need to protect your data
effectively as it traverses many applications and locations.

A modern approach to identity and access management 2

(IAM) can help you enable this transformation for a modern
workplace. At its core is the adoption of Azure Active Directory
(Azure AD) to establish one, unified identity, and provide
an easy way to centralise authentication for many types of
applications and services. By adopting Azure AD, you can
provide effortless user experiences, unlock IT efficiencies and
enhance security and compliance.

Once you’ve established one unified identity, your users can

focus on innovation and work effectively on teams of all sizes.
At the same time, Azure AD integrates once-disparate identity
management tasks for IT simplicity and supports intelligent
security. In this e-book, we’ll take you on a quick tour of what
you can accomplish with Azure AD and how to use it to its full
potential.
 February Crash course in Azure Active Directory
2018

What is Azure AD?

Azure AD is Microsoft’s cloud-based directory and identity As it is hosted as a fully managed cloud service, Azure AD is
management service. It combines core directory services, the ideal service for combining user accounts into a single,
advanced identity protection and application access unified, highly secure identity. It employs the same Active 3
management. Azure AD delivers single sign-on (SSO) access Directory technology used by thousands of businesses
to on-premises and cloud applications, helping users to around the world, supporting seamless synchronisation from
stay productive. By using Azure AD, developers can quickly on-premises identity servers – yet with the accessibility and
integrate IAM into their applications. cross-platform capabilities of the cloud.

The solution provides a full range of modern IAM It includes solutions for authenticating users for software-as-
capabilities, including conditional access with multi-factor a-service (SaaS), on-premises, web and mobile applications
authentication (MFA) and password-free login options, using a unified identity. That identity also simplifies the
single sign-on, self-service password management, role- process of monitoring and controlling application access,
based access control and intelligent security monitoring because all authentications flow through a single system. To
and alerting capabilities. maximise the value of Azure AD, the one-identity-per-user
model should be prioritised.
 February Crash course in Azure Active Directory
2018

01. Save time and improve productivity with single

sign-on
Workers use a variety of applications throughout the day.
Improve the user experience Managing passwords and logging in over and over again
slows people down. Azure AD single sign-on (SSO) extends
on-premises AD to the cloud, so people can use their
primary corporate identity to sign in to domain-joined
devices, company resources, and web and software-as-a-
service (SaaS) applications.
4
This frees users from the burden of managing multiple
logins and enables organisations to provide or revoke
access based on employee role. Azure AD manages
the user lifecycle dynamically, integrating with Human
Resources controls to provide automatic access to the apps
users need based on team and role. As users join, move and
leave, access adapts based on preset policies.

Using Azure AD SSO, you can manage user access to SaaS

applications directly from the Azure Portal, and even
delegate application access decision making and approvals
to anyone in the organisation for greater productivity. Built-
in monitoring and reporting of user activity will help your
organisation identify and mitigate unauthorised access.
 February Crash course in Azure Active Directory
2018

Use password-free login for security and ease Simplify password management with Azure AD
self-service password reset
Keeping track of passwords can be a major headache for
users, leading them to write credentials down in non- Your IT department should be able to prioritise strategic
encrypted formats – and opening the door to security and mission critical work, rather than spending time
breaches. Azure AD provides password-free login options resetting passwords. With Azure AD self-service password
that make authenticating easier for users and more secure reset (SSPR), you can enable users to change their
for businesses. passwords and unlock their accounts without calling
the helpdesk. It is a full-featured solution, enabling
For example, by using the Microsoft Authenticator app,
5
authentication by text message, phone call, email or
employees can sign in by getting a notification on their security questions.
phone. On a domain-joined Windows 10 device, where
IT has integrated a device with Azure AD, Windows Hello
can unlock both the device and apps by recognising a PIN, Give users a consistent experience by adding
smart card or biometrics such as a fingerprint or face.
your corporate branding
Apply your company’s look and feel to your Azure AD sign-
in page, which appears when users sign in to applications
that use Azure AD as an identity provider. This option can
be configured in the Azure AD admin centre.
 February Crash course in Azure Active Directory
2018

02.
Connect your on-premises Integrate on-premises directories with Azure
AD Connect
and cloud applications in If you use Active Directory on premises, you can easily

one ecosystem benefit from Azure AD by synchronising the two using

Azure AD Connect. By providing a single, common identity
to access both cloud and on-premises resources, you can 6
improve the user experience, support productivity and
enable advanced security capabilities. Azure AD Connect
can work with Active Directory Federation Services (AD FS)
to address complex deployment scenarios such as domain-
joined SSO.

Azure AD Connect also includes Azure AD Connect Health

to help you monitor and report on your hybrid directory
environment. This helps you ensure that users can reliably
access all the resources they need using a simple Azure AD
Connect Health agent.
 February Crash course in Azure Active Directory
2018

Enable easy remote access using AD Application

Proxy
When you empower your employees to work on their
own devices with access to on-premises applications from
anywhere, you can significantly improve productivity. Some
traditional access methods for remote workers – such as
virtual private networks (VPNs) and demilitarised zones
(DMZs) – can be complex and challenging to secure and
manage.

Azure AD Application Proxy enables SSO and secure remote

access for on-premises web applications such as SharePoint 7
sites, Outlook Web Access on Exchange Server or other line-
of-business applications. Users can access on-premises and
cloud applications using one identity, and there’s no need to
change network infrastructure or employ VPN.

Engage more effectively with Azure B2B

collaboration
Employees aren’t the only people who need secure access to
your application ecosystem. You may also need to connect
with vendors, partners, subsidiaries or other external entities.
Using Azure AD B2B collaboration, you can give guest users
single sign-on access to applications of your choice, with
powerful authentication policies managed by Azure AD.
 February Crash course in Azure Active Directory
2018

03.
Secure identities more Improve security with Azure AD Conditional
Access and MFA
effectively In a world of growing cyber threats, passwords aren’t
enough to protect sensitive information, but you don’t
want to compromise productivity either. Azure AD
Conditional Access simplifies multi-factor authentication so 8
that it is only required when conditions represent risk.

Conditional Access provides a risk score based on multiple

criteria about the user, device, and location that is being
used to sign on to determine if MFA, password reset, or
limited functionality in the app is appropriate. Azure MFA
enables you to add device-based or biometric security
</>
while giving users a streamlined sign-in process. You can
use phone calls, text messages or app-based verification as
the secondary authentication method.
 February Crash course in Azure Active Directory
2018

Detect and mitigate breaches with Azure AD Delegate application controls safely using
Identity Protection Azure AD Privileged Identity Management
If an attacker steals a user’s identity, even one with minimal Users may need privileged access to administrative
privileges, they may still be able to gain access to critical controls for a variety of reasons. However, dormant or
systems and data. Azure AD Identity Protection helps you rarely used account privileges can linger unseen and
detect identity vulnerabilities, investigate and mitigate enable access beyond what individuals need – which
suspicious access, and configure automated responses creates a security risk. Azure AD Privileged Identity
to potential identity breaches. With Azure AD Identity Management (Azure AD PIM) enables you to provide
Protection, you can protect all identities regardless of granular access privileges to Azure AD resources and other
9
their privilege level and proactively prevent compromised Microsoft Online services on a temporary, as-needed or
identities from being abused. on-request basis, as well as manage, control and monitor
those privileges to prevent problems.
The solution uses adaptive machine learning algorithms
and heuristics to detect anomalies and suspicious incidents
that indicate potentially compromised identities. Using
this data, Identity Protection generates reports and alerts
that enable you to evaluate the detected issues and take
appropriate mitigation or remediation actions. You can
also configure automated responses to potential identity
breaches, including automatic blocking or remediation
actions such as password resets and multi-factor
authentication enforcement.
February Crash course in Azure Active Directory
2018

Free trial for Azure AD:

Discover the benefits of
cloud-based identity
The best way to experience the power of
Azure AD is to try it yourself.
10

Start your free trial now.

©2018 Microsoft Corporation. All rights reserved. Microsoft Windows, Windows

Vista and other product names are or may be registered trademarks in the US
and/or other countries. The information herein is for informational purposes only
and represents the current view of Microsoft Corporation as of the date of this
document. As Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft
cannot guarantee the accuracy of any information provided after the date of this
document.