SlideShare une entreprise Scribd logo

Understanding Azure AD

New Horizons Ireland
New Horizons Ireland

Understanding the identity models - Cloud identity - Synchronized identity. - Federated identity Introduction to Azure Active Directory Azure Active Directory Domain Services

Technologie
1  sur  55
Télécharger pour lire hors ligne
Microsoft Official Course Understanding Azure AD
Jackson Felden jackson.felden@nhireland.ie https://www.linkedin.com/in/jacksonfelden/
Seminar outline • Understanding the identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
Microsoft Official Course Understanding the identity models
Overview of Azure AD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
Understanding the identity models Azure / Azure / Azure /
Understanding the identity models Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
Cloud identity Pros: Very Simple No Servers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
Synchronized identity Pros: Simple No big changes on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
DirSync Synchronization Synchronization "Same SignOn" Synchronized identity - Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
Installing and configuring Azure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
Azure AD Connect components
Federated identity Pros: Full single sign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
Federated identity - Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
Federated identity - Authentication
Federated identity – High Availability ISP1 ISP2
Federated identity – on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
Federated identity – on Azure
Understanding the identity models Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
Microsoft Official Course Demo: Managing Azure AD users and groups
Microsoft Official Course Introduction to Azure Active Directory
Introduction to Azure Active Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
Overview of Azure AD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
Managing Azure AD users, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
The table of Nines - SLA
Azure AD free • Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
Azure AD Basic • Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
Azure AD Premium P1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
Azure AD Premium P2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Planning to deploy Active Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
Azure AD Domain Services • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – Jackson@nh.ie instead nhackson • Supports On-prem AD synchronization with Azure AD connect
Azure AD Domain Services – Replication Azure AD and Azure AD Domain Services
Azure AD Domain Services – Replication On-premises AD, Azure AD and Azure AD Domain Services
Azure AD Domain Services - Setup
Azure AD Domain Services – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
Understanding the identity models Azure / Azure / Azure /
Azure AD Domain Services - pricing
Microsoft Official Course Azure AD Connect: -Pass-through authentication -Seamless Single Sign-On
Pass-through authentication
Pass-through authentication – Cloud App
Pass-through Authentication - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Pass-through Authentication - Configuration
Seamless Single Sign-On How to disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
Azure Active Directory Seamless Single Sign-On
Azure Active Directory Pass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
Seamless Single Sign-On - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Azure Active Directory Seamless Single Sign-On
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – Event Viewer
Azure Certification and Courses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions
Understanding Azure AD

Recommandé

Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Amazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon Web Services
 

Recommandé

Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Amazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon Web Services
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectoryThurupathan Vijayakumar
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudDavid J Rosenthal
 
Azure 101
Azure 101Azure 101
Azure 101Korry Lavoie
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Azure migration
Azure migrationAzure migration
Azure migrationArnon Rotem-Gal-Oz
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesAndre Debilloez
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudAtanas Gergiminov
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureNovosco
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxceyhan1
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationNew Horizons Ireland
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 

Contenu connexe

Tendances

Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudDavid J Rosenthal
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesAndre Debilloez
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudAtanas Gergiminov
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureNovosco
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxceyhan1
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 

Tendances (20)

Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Active directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloudActive directory-from-on-premises-to-the-cloud
Active directory-from-on-premises-to-the-cloud
 
Azure 101
Azure 101Azure 101
Azure 101
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure migration
Azure migrationAzure migration
Azure migration
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloud
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptx
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 

Similaire à Understanding Azure AD

Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationNew Horizons Ireland
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Robert Crane
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackWinWire Technologies Inc
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxSumTingWong8
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryÖnder Değer
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLaboraDK
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 

Similaire à Understanding Azure AD (20)

Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 

Plus de New Horizons Ireland

Students' Testimonials - Online Live Classes
Students' Testimonials - Online Live ClassesStudents' Testimonials - Online Live Classes
Students' Testimonials - Online Live ClassesNew Horizons Ireland
 
Understanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 octUnderstanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 octNew Horizons Ireland
 
Office 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance WebinarOffice 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance WebinarNew Horizons Ireland
 
Webinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 SepWebinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 SepNew Horizons Ireland
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 

Plus de New Horizons Ireland (7)

Students' Testimonials - Online Live Classes
Students' Testimonials - Online Live ClassesStudents' Testimonials - Online Live Classes
Students' Testimonials - Online Live Classes
 
Understanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 octUnderstanding Migration Paths to Azure webinar 18 oct
Understanding Migration Paths to Azure webinar 18 oct
 
Office 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance WebinarOffice 365 Features for GDPR Compliance Webinar
Office 365 Features for GDPR Compliance Webinar
 
Webinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 SepWebinar Understanding Azure Backup 05 Sep
Webinar Understanding Azure Backup 05 Sep
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
 
CompTIA certification
CompTIA certificationCompTIA certification
CompTIA certification
 
Reception slideshow
Reception slideshowReception slideshow
Reception slideshow
 

Dernier

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Understanding Azure AD

  • 3. Seminar outline • Understanding the identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
  • 5. Overview of Azure AD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
  • 6. Understanding the identity models Azure / Azure / Azure /
  • 7. Understanding the identity models Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
  • 8. Cloud identity Pros: Very Simple No Servers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
  • 9. Synchronized identity Pros: Simple No big changes on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
  • 10. DirSync Synchronization Synchronization "Same SignOn" Synchronized identity - Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
  • 11. Installing and configuring Azure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
  • 12. Azure AD Connect components
  • 13. Federated identity Pros: Full single sign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
  • 14. Federated identity - Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
  • 15. Federated identity - Authentication
  • 16. Federated identity – High Availability ISP1 ISP2
  • 17. Federated identity – on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
  • 19. Understanding the identity models Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
  • 20. Microsoft Official Course Demo: Managing Azure AD users and groups
  • 21. Microsoft Official Course Introduction to Azure Active Directory
  • 22. Introduction to Azure Active Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
  • 23. Overview of Azure AD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
  • 24. Managing Azure AD users, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
  • 25. The table of Nines - SLA
  • 26. Azure AD free • Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
  • 27. Azure AD Basic • Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
  • 28. Azure AD Premium P1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
  • 29. Azure AD Premium P2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
  • 30. Azure AD Premium P2 - Identity Protection
  • 31. Azure AD Premium P2 - Identity Protection
  • 32. Azure AD Premium P2 - Identity Protection
  • 33. Planning to deploy Active Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
  • 34. Azure AD Domain Services • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – Jackson@nh.ie instead nhackson • Supports On-prem AD synchronization with Azure AD connect
  • 35. Azure AD Domain Services – Replication Azure AD and Azure AD Domain Services
  • 36. Azure AD Domain Services – Replication On-premises AD, Azure AD and Azure AD Domain Services
  • 37. Azure AD Domain Services - Setup
  • 38. Azure AD Domain Services – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
  • 39. Understanding the identity models Azure / Azure / Azure /
  • 40. Azure AD Domain Services - pricing
  • 41. Microsoft Official Course Azure AD Connect: -Pass-through authentication -Seamless Single Sign-On
  • 44. Pass-through Authentication - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 46. Seamless Single Sign-On How to disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
  • 47. Azure Active Directory Seamless Single Sign-On
  • 48. Azure Active Directory Pass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
  • 49. Seamless Single Sign-On - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 50. Azure Active Directory Seamless Single Sign-On
  • 51. Seamless Single Sign-On – GPO configuration
  • 52. Seamless Single Sign-On – GPO configuration
  • 53. Seamless Single Sign-On – Event Viewer
  • 54. Azure Certification and Courses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions