Downloaded 207 times
Uploaded bySasha Rosenbaum
Azure Active Directory, Practical Guide
The document provides a comprehensive guide to Azure Active Directory, detailing its origins, features, and the differences between free, basic, and premium tiers for identity management services. It covers integration protocols, application access management, and various scenarios for using Azure AD, including SaaS and on-premise applications. Additionally, it highlights new features and what to expect in the future, particularly in the Business-to-Consumer Azure Active Directory services.
More Related Content
![[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud](https://cdn.slidesharecdn.com/ss_thumbnails/fs0fswrr36f3q9puu3u6-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to Azure Active Directory, Practical Guide
![UiPath Automation Suite Installation (Hands-On) [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/automationsuitecommunitysession2-251015095633-a6d862f1-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Azure Active Directory, Practical Guide
- 1. Azure Active Directory ThePractical Guide Sasha Rosenbaum @DivineOps September 2015
- 2.
- 3. Where did itall start?
- 4. Windows Active Directory •Centralizedstorage of information about all network objects (users, computers, etc.) •Authentication •Access control providing permission levels •Audit trail for monitoring network activity @DivineOps
- 5.
- 6.
- 7. Azure Active Directory Identityas a Service •Identity Management •Directory Services •Application Access Management @DivineOps
- 8.
- 9.
- 10. When should youchoose Identity as a Service
- 11. You already have! EveryAzure, Office365, Microsoft Intune and Dynamics CRM tenant is an AAD tenant @DivineOps
- 12.
- 13.
- 14.
- 15.
- 16.
- 17. Tiers TIER FREE BASICPREMIUM Directory as a Service Yes Yes Yes User and Group Management Yes Yes Yes Device registration Yes Yes Yes Directory Objects 1 500 K Unlimited Unlimited End User Access Panel Yes Yes Yes SSO for SaaS Apps 10 Apps / User 2 10 Apps / User 2 Unlimited Directory Synchronization Yes Yes Yes User-based Access Management and Provisioning Yes Yes Yes Basic Security Reports Yes Yes Yes @DivineOps
- 18. Tiers TIER FREE BASICPREMIUM Logon/Access Panel Branding Customization -- Yes Yes Group-based Access Management and Provisioning -- Yes Yes Self-Service Password Reset for Cloud Users -- Yes Yes Secure Remote Access and SSO to on- premises web applications -- Yes Yes Self-Service Password Reset for Users w/ writeback to on-premises directories -- -- Yes Self-service group management for cloud users -- -- Yes @DivineOps
- 19. Tiers TIER FREE BASICPREMIUM Multi-Factor Authentication (for cloud and on-premises applications) -- -- Yes Advanced Usage and Security Reports -- -- Yes Connect Health -- -- Yes Cloud App Discovery -- -- Yes Microsoft Identity Manager User CAL -- -- Yes Service Level Agreement -- 99.9% 99.9% @DivineOps
- 20. Scenarios •Green field applications •Web • Mobile @DivineOps
- 21. ADAL • Web Browserto Web Application (.Net) • Single Page Application (JavaScript, .Net) • Native Application to Web API (.Net, ObjC, Java) • Web Application to Web API (.Net, Nodejs) • Calling Azure AD Graph API (.Net, Java, PHP) @DivineOps
- 22. Scenarios •SaaS Applications • Over2500 apps, including @DivineOps
- 23. Scenarios •On-Premise Applications • Integrationwith Local AD @DivineOps
- 24.
- 25. How do youget started?
- 26. Demo Active Directory Sync AzureAD Connect Demo Slides
- 27.
- 28. Azure AD Connect •AzureAD Global Administrator account •Enterprise Administrator account for your local Active Directory •SQL Server database to store identity data •Meet server version and hardware requirements @DivineOps
- 29. Demo Greenfield Application Development AADwith new MVC app Demo Slides
- 30. The “Where” are weheaded?
- 31. What’s New •Azure ADConnect with Connect Health is GA •Multi-Factor Authentication per app •Dynamic groups for applications and licenses •Out-of-the-box dedicated user group “All Users” •Azure Active Directory Application Proxy updates •Password write-back from AAD to AD is GA @DivineOps
- 32. B2C AAD As ofSeptember 2015 Business to Consumer AAD is in public preview! •Self-registration •Registration with social accounts •Customer defined UX •Security and scalability of Azure Cloud B2C AAD Overview @DivineOps
Editor's Notes
- #8 A directory is similar to a database, but typically contains more descriptive, attribute-based data; that is, data read more often than it is written. Directories are tuned to respond quickly to high-volume lookup or search operations.
- #15 BYOD Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune. Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on the enrollment status of the device and the compliance policies set by the administrator.
- #17 OAuth 2.0 – One of the most popular authorization protocols of today. Some of the benefits of this protocol is its smaller token format, JSON Web Token (JWT), and application scenarios it simplifies such as accessing Web API’s from a native client with an access token. OpenID Connect – This is a protocol that adds an authentication layer on top of the existing OAuth 2.0 protocol. WS-Federation – This is arguably one of the most well-known and used protocol today for authenticating users of web applications. The token format used in this protocol is SAML. SAML-P – This is also a widely adopted protocol. The token format used in this protocol is SAML.
- #28 Synchronization - This part is made up of the the components and functionality previously released as Dirsync and AAD Sync. AD FS - This is an optional part of Azure AD Connect and can be used to setup a hybrid environment using an on-premises AD FS infrastructure, to address complex deployments that include such things as domain join SSO, enforcement of AD login policy etc. Health Monitoring - For complex deployments using AD FS, Azure AD Connect Health can provide robust monitoring of your federation servers and provide a central location in the Azure portal to view this activity.
- #29 By default a SQL Server 2012 Express LocalDB (a light version of SQL Server Express) is installed and the service account for the service is created on the local machine. SQL Server Express has a 10GB size limit that enables you to manage approximately 100.000 objects. Azure AD Connect must be installed on Windows Server 2008 or later. This server may be a domain controller or a member server. The AD schema version and forest level must be Windows Server 2003 or later. The domain controllers can run any version as long as the schema and forest level requirements are met. If Active Directory Federation Services is being deployed, the servers where AD FS will be installed must be Windows Server 2012 R2 or later.
- #32 Multiple criteria can be defined to automatically populate a group. Think geographical location, department, etc. Only AAD groups today, not AD. Security policies can be applied immediately. Base level configuration out-of-the-box. On-premises apps can now join My Apps. More robust usage. Replacing DirSync and AADSync, Azure AD Connect will continue to enhance the experience of sharing identities securely with AAD.