SlideShare a Scribd company logo

Understanding Azure AD

New Horizons Ireland
New Horizons Ireland

Understanding the identity models - Cloud identity - Synchronized identity. - Federated identity Introduction to Azure Active Directory Azure Active Directory Domain Services

1 of 55
Downloaded 411 times
Microsoft Official Course Understanding Azure AD
Jackson Felden jackson.felden@nhireland.ie https://www.linkedin.com/in/jacksonfelden/
Seminar outline • Understanding the identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
Microsoft Official Course Understanding the identity models
Overview of Azure AD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
Understanding the identity models Azure / Azure / Azure /
Understanding the identity models Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
Cloud identity Pros: Very Simple No Servers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
Synchronized identity Pros: Simple No big changes on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
DirSync Synchronization Synchronization "Same SignOn" Synchronized identity - Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
Installing and configuring Azure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
Azure AD Connect components
Federated identity Pros: Full single sign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
Federated identity - Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
Federated identity - Authentication
Federated identity – High Availability ISP1 ISP2
Federated identity – on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
Federated identity – on Azure
Understanding the identity models Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
Microsoft Official Course Demo: Managing Azure AD users and groups
Microsoft Official Course Introduction to Azure Active Directory
Introduction to Azure Active Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
Overview of Azure AD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
Managing Azure AD users, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
The table of Nines - SLA
Azure AD free • Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
Azure AD Basic • Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
Azure AD Premium P1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
Azure AD Premium P2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Planning to deploy Active Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
Azure AD Domain Services • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – Jackson@nh.ie instead nhackson • Supports On-prem AD synchronization with Azure AD connect
Azure AD Domain Services – Replication Azure AD and Azure AD Domain Services
Azure AD Domain Services – Replication On-premises AD, Azure AD and Azure AD Domain Services
Azure AD Domain Services - Setup
Azure AD Domain Services – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
Understanding the identity models Azure / Azure / Azure /
Azure AD Domain Services - pricing
Microsoft Official Course Azure AD Connect: -Pass-through authentication -Seamless Single Sign-On
Pass-through authentication
Pass-through authentication – Cloud App
Pass-through Authentication - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Pass-through Authentication - Configuration
Seamless Single Sign-On How to disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
Azure Active Directory Seamless Single Sign-On
Azure Active Directory Pass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
Seamless Single Sign-On - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Azure Active Directory Seamless Single Sign-On
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – Event Viewer
Azure Certification and Courses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions
Understanding Azure AD
Ad

Recommended

Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Edureka!
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
Shawn Ismail
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
Raju Kumar
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Sovelto
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Charith Suriyakula
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2
AzureEzy1
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
New Horizons Ireland
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptx
Razith2
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
Robert Crane
 
Ad

More Related Content

What's hot (20)

Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Edureka!
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
Shawn Ismail
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
Raju Kumar
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Sovelto
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Charith Suriyakula
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2
AzureEzy1
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
New Horizons Ireland
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptx
Razith2
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Edureka!
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
Shawn Ismail
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
Raju Kumar
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Sovelto
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Charith Suriyakula
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
Thurupathan Vijayakumar
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2
AzureEzy1
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
New Horizons Ireland
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptx
Razith2
 

Similar to Understanding Azure AD (20)

Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
Robert Crane
 
AZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdfAZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdf
OlivierLumeau1
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
Robert Crane
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
BizTalk360
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Max Fritz
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
David Pechon
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
WinWire Technologies Inc
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
CoLaboraDK
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
SumTingWong8
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
Robin Vermeirsch
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
Önder Değer
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015
CoLaboraDK
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
New Horizons Ireland
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
Robert Crane
 
AZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdfAZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdf
OlivierLumeau1
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
Robert Crane
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
BizTalk360
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Max Fritz
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
David Pechon
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
WinWire Technologies Inc
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
CoLaboraDK
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
SumTingWong8
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
Robin Vermeirsch
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
Önder Değer
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015
CoLaboraDK
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Ad

More from New Horizons Ireland (6)

Students' Testimonials - Online Live Classes
Students' Testimonials - Online Live ClassesStudents' Testimonials - Online Live Classes
Students' Testimonials - Online Live Classes
New Horizons Ireland
 
Understanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 octUnderstanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 oct
New Horizons Ireland
 
Office 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance WebinarOffice 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance Webinar
New Horizons Ireland
 
Webinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 SepWebinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 Sep
New Horizons Ireland
 
CompTIA certification
CompTIA certificationCompTIA certification
CompTIA certification
New Horizons Ireland
 
Reception slideshow
Reception slideshowReception slideshow
Reception slideshow
New Horizons Ireland
 
Students' Testimonials - Online Live Classes
Students' Testimonials - Online Live ClassesStudents' Testimonials - Online Live Classes
Students' Testimonials - Online Live Classes
New Horizons Ireland
 
Understanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 octUnderstanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 oct
New Horizons Ireland
 
Office 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance WebinarOffice 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance Webinar
New Horizons Ireland
 
Webinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 SepWebinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 Sep
New Horizons Ireland
 
CompTIA certification
CompTIA certificationCompTIA certification
CompTIA certification
New Horizons Ireland
 
Reception slideshow
Reception slideshowReception slideshow
Reception slideshow
New Horizons Ireland
 
Ad

Recently uploaded (20)

Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 

Understanding Azure AD

  • 3. Seminar outline • Understanding the identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
  • 5. Overview of Azure AD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
  • 6. Understanding the identity models Azure / Azure / Azure /
  • 7. Understanding the identity models Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
  • 8. Cloud identity Pros: Very Simple No Servers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
  • 9. Synchronized identity Pros: Simple No big changes on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
  • 10. DirSync Synchronization Synchronization "Same SignOn" Synchronized identity - Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
  • 11. Installing and configuring Azure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
  • 12. Azure AD Connect components
  • 13. Federated identity Pros: Full single sign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
  • 14. Federated identity - Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
  • 15. Federated identity - Authentication
  • 16. Federated identity – High Availability ISP1 ISP2
  • 17. Federated identity – on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
  • 19. Understanding the identity models Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
  • 20. Microsoft Official Course Demo: Managing Azure AD users and groups
  • 21. Microsoft Official Course Introduction to Azure Active Directory
  • 22. Introduction to Azure Active Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
  • 23. Overview of Azure AD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
  • 24. Managing Azure AD users, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
  • 25. The table of Nines - SLA
  • 26. Azure AD free • Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
  • 27. Azure AD Basic • Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
  • 28. Azure AD Premium P1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
  • 29. Azure AD Premium P2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
  • 30. Azure AD Premium P2 - Identity Protection
  • 31. Azure AD Premium P2 - Identity Protection
  • 32. Azure AD Premium P2 - Identity Protection
  • 33. Planning to deploy Active Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
  • 34. Azure AD Domain Services • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – [email protected] instead nhackson • Supports On-prem AD synchronization with Azure AD connect
  • 35. Azure AD Domain Services – Replication Azure AD and Azure AD Domain Services
  • 36. Azure AD Domain Services – Replication On-premises AD, Azure AD and Azure AD Domain Services
  • 37. Azure AD Domain Services - Setup
  • 38. Azure AD Domain Services – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
  • 39. Understanding the identity models Azure / Azure / Azure /
  • 40. Azure AD Domain Services - pricing
  • 41. Microsoft Official Course Azure AD Connect: -Pass-through authentication -Seamless Single Sign-On
  • 44. Pass-through Authentication - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 46. Seamless Single Sign-On How to disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
  • 47. Azure Active Directory Seamless Single Sign-On
  • 48. Azure Active Directory Pass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
  • 49. Seamless Single Sign-On - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 50. Azure Active Directory Seamless Single Sign-On
  • 51. Seamless Single Sign-On – GPO configuration
  • 52. Seamless Single Sign-On – GPO configuration
  • 53. Seamless Single Sign-On – Event Viewer
  • 54. Azure Certification and Courses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions