Azure User Group Denmark - The often overlooked gems in Azure AD

1. The often overlooked gems in Azure AD
Peter Selch Dahl – Azure MVP – I’m ALL Cloud First 
- Azure AD delegated application management, Azure AD ToU, Azure AD Access Review and Azure AD sign-in
logs in Log Analytics

2. Microsoft MCSA: Cloud Platform - Certified 2018,
Microsoft MCSA: Office 365 - Certified 2018,
Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018
Microsoft MCSA: 2016 Windows Server 2016,
Microsoft MCSA: 2012 Windows Server 2012,
Microsoft MCITP: 2008 Server and Enterprise Administrator,
Microsoft MCSA: 2008 Windows Server 2008,
Microsoft MCSA/MCSE : 2003 Security,
Microsoft MCSA/MCSE : 2000 Security,
VMWare Certified Professional VI3/VI4/VI5,
CompTIA A+, Network+,
EC-Council: Certified Ethical Hacker (CEH v7),
And more
Peter Selch Dahl
Cloud Architect, Azure MVP
Twitter: @PeterSelchDahl
www: www.peterdahl.net
Blog : http://blog.peterdahl.net
Mail : psd@apento.com

3. • Azure AD Terms of Use
• Azure AD Application Management
• Azure AD Access Review
• Azure AD and Azure Log Analytics better together

4. Manage your account, apps, and groups
Company-branded, personalized
application Access Panel:
http://myapps.microsoft.com
+ iOS and Android Mobile Apps
Self-service password reset
Application access requests
Integrated Office 365 app launching
ENABLE BUSINESS WITHOUT BORDERS

5. We are starting to see a more rapid adoption of SaaS applications and collaboration between companies using a
single cloud identities. Most of you have properly tried Microsoft Teams and added a couple of multi-tenant Azure
AD application to Teams. Some of you have also started doing collaboration using single-tenant application using
Azure B2B. How do you manage, audit and govern the access to your own single-tenant applications.
Multi-Tenant Apps Great mix between Multi-Tenant and single-tenant Apps

6. Azure Active Directory. Identity at the core of your business
1000s of apps,
1 identity
Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Cloud-powered
protection
Ensure user and admin
accountability with better
security and governance
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability

7. Enable business
without borders
Stay productive everywhere
with easy access to every
application and powerful
collaboration capabilities
across location, application,
and device borders
Ease of use for end users
Any time, any place productivity with
Windows 10
Better connect with your consumers
Enable cross-organization collaboration

8. “We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications
for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and
secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.”
3000+ partners
ENABLE BUSINESS WITHOUT BORDERS
Share without complex
configuration or duplicate users
Partners use their own credentials to access
your org
Users lose access when leaving the
partner org
No external directories
No per partner federation
You manage
access
You control partner access in your
directory:
• app assignment
• group membership
• custom attributes
Partners of
all sizes
Bulk invite 1000s at a time
Partners with Azure Active Directory sign
in to accept invite
Other partners simply sign up to
accept invite

9. Azure AD Terms of Use provides a
simple method organizations can
use to present information to end
users and requiring the end user
to consent prior to getting access
to resources.

10. General terms of use for all users
in your organization
Define specific terms of use
based on user types and
application sensitivity
Assist in meeting GDPR and
privacy regulations
Compliance and audit

11. Require, configure, enforce, and audit
Create a ToU Enforce at
Sign-In
Review audit
reports
Users consent

13. Azure Active Directory – Self-Service Application Management

15. Azure Active Directory – Access Review
• You can recertify guest user access by using access reviews of their access to
applications and memberships of groups. Reviewers can use the insights that are
provided to efficiently decide whether guests should have continued access.
• You can recertify employee access to applications and group memberships with access
reviews.
• You can collect access review controls into programs that are relevant for your
organization to track reviews for compliance or risk-sensitive applications.

16. Azure Active Directory – Access Review

18. Azure Active Directory Activity logs in Azure Log Analytics
Microsoft provides some great tools for auditing and
insights into the data that have been logged. Most of
these tools depend on extra configuration and licensing
to give you the insight that is needed.
How would you lookup data that than 100 days?
• https://docs.microsoft.com/en-us/azure/active-
directory/reports-monitoring/reference-reports-data-
retention
• https://docs.microsoft.com/en-
us/office365/securitycompliance/search-the-audit-log-in-
security-and-compliance#before-you-begin

19. Azure Active Directory Activity logs in Azure Log Analytics
Microsoft now support the ability to forward your Azure AD logs to Azure Log Analytics. This has
been a requested feature for many years. This provides developers with insights into the sign-in
experience for the applications within Azure Active Directory.
Send your Azure AD Audit and Sign-In Logs to Log Analytics, Blob storage or EventHub

20. Azure Active Directory Activity logs in Azure Log Analytics

21. Azure AD Logging

22. Azure AD Logging

23. Azure AD Logging

24. T: +45 82 32 32 32
F: +45 82 32 32 22
M: info@proactive.dk
W: www.proactive.dk

25. Azure Active Directory. Identity at the core of your business
1000s of apps,
1 identity
Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Cloud-powered
protection
Ensure user and admin
accountability with better
security and governance
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability

26. Connect your on-premises identities to the
cloud for a seamless authentication experience
Single sign-on to thousands of pre-integrated
and custom SaaS apps. Bring your own apps:
templates for SSO to any SaaS app
Secure remote access to on-premises apps
SSO from mobile apps
Support for lift-and-shift of
traditional apps to the cloud
1000s of apps,
1 identity
Provide one persona to
the modern workforce for
SSO to 1000s of cloud and
on-premises applications

27. Enable business
without borders
Stay productive everywhere
with easy access to every
application and powerful
collaboration capabilities
across location, application,
and device borders
Ease of use for end users
Any time, any place productivity with
Windows 10
Better connect with your consumers
Enable cross-organization collaboration

28. Manage access
at scale
Manage identities at scale in
the cloud and on-premises
Advanced user lifecycle management
Low IT overhead
Monitor your identity bridge

29. Cloud-powered
protection
Ensure accountability with
better security and
governance
Conditional access to resources
Safeguard user authentication
Respond to advanced threats before they
start with risk-based policies and
monitoring
Mitigate administrative risks
Governance of on-premises
and cloud identities

30. Conditions
Allow access or
Block access
Actions
Enforce MFA per
user/per app
User, Group, App sensitivity
Device state
LocationUser
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIES
CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY
PROTECTION
Risk
CLOUD-POWERED PROTECTION