SlideShare une entreprise Scribd logo

M365 meetup hybrid identity well protected

Konrad Sagala
Konrad Sagala

This document provides an overview and comparison of different authentication options for connecting an on-premises Active Directory to Azure Active Directory including Password Hash Sync (PHS), Pass-through Authentication (PTA), and Federation with AD FS. It covers considerations like infrastructure requirements, supported sign-in types, multifactor authentication options, conditional access policies, and advanced scenarios. The document also includes links to deployment plans and guidance on migrating between the different authentication options.

Internet
1  sur  38
Télécharger pour lire hors ligne
@sagus
https://pepugmaster.blogspot.com @sagus Polska Grupa użytkowników Exchange – PEPUG Office Servers Summit
    Documentation
How Password Hash Sync (PHS) Works Full Details
Password Hash Sync Config
self-service password management Azure AD Conditional Access policies blocking legacy authentication filtering out brute force password attacks
modern authentication conditional access self-service password management Azure AD Connect protects
How Pass-through Authentication (PTA) Works Full Details
Pass-through Authentication Config Azure AD Connect release notes Full Details
Quick Start Full Details
Azure AD Connect release notes modern authentication
How Federation Services Works Full Details
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Federated Authentication Cloud Authentication * includes cloud-only 2013 2014 2015 2016 2017 2018
Consideration Password hash synchronization + Seamless SSO Pass-through Authentication + Seamless SSO Federation with AD FS Place of authentication? In the cloud In the cloud after a secure password verification exchange with the on-premises authentication agent On-premises No of additional on-prem servers (except Azure AD Connect)? None One server for each additional authentication agent Two or more AD FS servers Two or more WAP servers in DMZ What are the requirements for on-premises Internet and networking beyond the provisioning system? None Outbound Internet access from the servers running authentication agents - Inbound Internet access to WAP servers in the perimeter - Inbound network access to AD FS servers from WAP servers in the perimeter - NLB Is there an SSL certificate requirement? No No Yes Is there a health monitoring solution? Not required Agent status provided by Azure Active Directory admin center Azure AD Connect Health SSO to cloud resources from domain-joined devices within the company network? Yes with Seamless SSO Yes with Seamless SSO Yes What sign-in types are supported? - UserPrincipalName + password - Windows Integrated Authentication by using Seamless SSO - Alternate login ID - UserPrincipalName + password - Windows Integrated Authentication by using Seamless SSO - Alternate login ID - UserPrincipalName + password - sAMAccountName + password - Windows Integrated Authentication - Certificate and smart card authentication - Alternate login ID Is Windows Hello for Business supported? Key trust model Key trust model (Requires W2016 Domain functional level) - Key trust model - Certificate trust model What are the multifactor authentication options? - Azure MFA - Custom Controls with conditional access* - Azure MFA - Custom Controls with conditional access* - Azure MFA - Azure MFA server - Third-party MFA - Custom Controls with conditional access* What user account states are supported? Disabled accounts (up to 30-minute delay) - Disabled accounts - Account locked out - Account expired - Password expired - Sign-in hours - Disabled accounts - Account locked out - Account expired - Password expired - Sign-in hours What are the conditional access options? Azure AD conditional access, with Azure AD Premium Azure AD conditional access, with Azure AD Premium - Azure AD conditional access, with Azure AD Premium - AD FS claim rules Is blocking legacy protocols supported? Yes Yes Yes Can you customize the logo, image, and description on the sign-in pages? Yes, with Azure AD Premium Yes, with Azure AD Premium Yes What advanced scenarios are supported? - Smart password lockout - Leaked credentials reports, with Azure AD Premium P2 Smart password lockout - Multisite low-latency authentication system - AD FS extranet lockout - Integration with third-party identity systems
Medium or simple org? aka.ms/deploymentplans Cutover migration to PHS? aka.ms/deploymentplans Cutover migration to PTA? aka.ms/deploymentplans
Azure AD password protection with global banned password list Azure AD password protection with custom banned password list Cloud-only users Azure AD Free Azure AD Premium P1 or P2 Users synchronized from on-premises Windows Server Active Directory Azure AD Premium P1 or P2 Azure AD Premium P1 or P2 Full Details
Deploy Azure AD password protections
Full details When using pass-through authentication, you need to make sure that: • The Azure AD lockout threshold is less than the Active Directory account lockout threshold. Set the values so that the Active Directory account lockout threshold is at least two or three times longer than the Azure AD lockout threshold. • The Azure AD lockout duration in seconds is longer than the Active Directory reset account lockout counter after duration minutes.
Conditional Access Privileged Identity Management Access Panel/MyApps Provisioning- Deprovisioning Access Reviews HR App Integration Sign-inLogs Self-Service capabilities
Azure Monitor Integration Sumologic Splunk ArcSight Azure Sentinel (Preview)
Advanced Queries with Log Analytics Run ADEQL queries for investigations, statistics, and root cause + trend analyses Log Analytics advanced query experience now in Azure Portal Utilize ML algorithms for clustering and anomaly detection Central Analytics Platform across Monitoring, Management, Security Setup custom alerts and actions Dashboard views
Power BI can be configured to automatically import log data from Azure Monitor to take advantage of these additional visualizations.
   
aka.ms/auth-options aka.ms/deploymentplans aka.ms/aadframework aka.ms/aaddatawhitepaper aka.ms/gopasswordless

Recommandé

Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 
SQL Server Security
SQL Server SecuritySQL Server Security
SQL Server Securitysunitkanyan
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
Azure AD B2C Webinar Series: Custom Policies Part 3 TroubleshootingAzure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
Azure AD B2C Webinar Series: Custom Policies Part 3 TroubleshootingVinu Gunasekaran
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
The Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityThe Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityStormpath
 

Recommandé

Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 
SQL Server Security
SQL Server SecuritySQL Server Security
SQL Server Securitysunitkanyan
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
Azure AD B2C Webinar Series: Custom Policies Part 3 TroubleshootingAzure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
Azure AD B2C Webinar Series: Custom Policies Part 3 TroubleshootingVinu Gunasekaran
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
The Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityThe Ultimate Guide to Mobile API Security
The Ultimate Guide to Mobile API SecurityStormpath
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
Spring Security
Spring SecuritySpring Security
Spring SecurityManish Sharma
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security AvalancheMichele Leroux Bustamante
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity ManagementEng Teong Cheah
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Security as a Service - Tian Wang
Security as a Service - Tian WangSecurity as a Service - Tian Wang
Security as a Service - Tian WangVMware Tanzu
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3Jason Ferguson
 
Session management
Session management Session management
Session management Dhruv Aggarwal
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...aOS Community
 
Azure AD Options
Azure AD OptionsAzure AD Options
Azure AD OptionsPrem Kumar
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 

Contenu connexe

Tendances

Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity ManagementEng Teong Cheah
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Security as a Service - Tian Wang
Security as a Service - Tian WangSecurity as a Service - Tian Wang
Security as a Service - Tian WangVMware Tanzu
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...aOS Community
 
Azure AD Options
Azure AD OptionsAzure AD Options
Azure AD OptionsPrem Kumar
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 

Tendances (20)

Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
Security as a Service - Tian Wang
Security as a Service - Tian WangSecurity as a Service - Tian Wang
Security as a Service - Tian Wang
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
 
Session management
Session management Session management
Session management
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
 
Azure AD Options
Azure AD OptionsAzure AD Options
Azure AD Options
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...
 

Similaire à M365 meetup hybrid identity well protected

Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
 
Azure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAzure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAndres Canello
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectRonny de Jong
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Robert Crane
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?Vignesh Ganesan I Microsoft MVP
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 

Similaire à M365 meetup hybrid identity well protected (20)

Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Azure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAzure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protections
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015Office 365 Identity Management - SMBNation 2015
Office 365 Identity Management - SMBNation 2015
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 

Plus de Konrad Sagala

Expert Summit 2018 SfB 2019
Expert Summit 2018 SfB 2019Expert Summit 2018 SfB 2019
Expert Summit 2018 SfB 2019Konrad Sagala
 
OSS2018_skypeforbusiness_2019
OSS2018_skypeforbusiness_2019OSS2018_skypeforbusiness_2019
OSS2018_skypeforbusiness_2019Konrad Sagala
 
Pepug 65 integracja lync i cisco
Pepug 65 integracja lync i ciscoPepug 65 integracja lync i cisco
Pepug 65 integracja lync i ciscoKonrad Sagala
 
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...Konrad Sagala
 
Exchange 2013 sp1 - what's new
Exchange 2013 sp1 - what's newExchange 2013 sp1 - what's new
Exchange 2013 sp1 - what's newKonrad Sagala
 
Pepug 54 Exchange managed availability
Pepug 54 Exchange managed availabilityPepug 54 Exchange managed availability
Pepug 54 Exchange managed availabilityKonrad Sagala
 
Office 2013 community launch - exchange 2013 what's new
Office 2013 community launch - exchange 2013 what's newOffice 2013 community launch - exchange 2013 what's new
Office 2013 community launch - exchange 2013 what's newKonrad Sagala
 
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?Konrad Sagala
 

Plus de Konrad Sagala (8)

Expert Summit 2018 SfB 2019
Expert Summit 2018 SfB 2019Expert Summit 2018 SfB 2019
Expert Summit 2018 SfB 2019
 
OSS2018_skypeforbusiness_2019
OSS2018_skypeforbusiness_2019OSS2018_skypeforbusiness_2019
OSS2018_skypeforbusiness_2019
 
Pepug 65 integracja lync i cisco
Pepug 65 integracja lync i ciscoPepug 65 integracja lync i cisco
Pepug 65 integracja lync i cisco
 
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...
Zarządzanie użytkownikami i komputerami w firmie - dlaczego warto znać Active...
 
Exchange 2013 sp1 - what's new
Exchange 2013 sp1 - what's newExchange 2013 sp1 - what's new
Exchange 2013 sp1 - what's new
 
Pepug 54 Exchange managed availability
Pepug 54 Exchange managed availabilityPepug 54 Exchange managed availability
Pepug 54 Exchange managed availability
 
Office 2013 community launch - exchange 2013 what's new
Office 2013 community launch - exchange 2013 what's newOffice 2013 community launch - exchange 2013 what's new
Office 2013 community launch - exchange 2013 what's new
 
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?
Publikacja usług Exchange 2013 w internecie. Co dalej bez TMG?
 

Dernier

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 

Dernier (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 

M365 meetup hybrid identity well protected

  • 3.
  • 4.
  • 6.
  • 7. How Password Hash Sync (PHS) Works Full Details
  • 9. self-service password management Azure AD Conditional Access policies blocking legacy authentication filtering out brute force password attacks
  • 10. modern authentication conditional access self-service password management Azure AD Connect protects
  • 11. How Pass-through Authentication (PTA) Works Full Details
  • 12. Pass-through Authentication Config Azure AD Connect release notes Full Details
  • 14. Azure AD Connect release notes modern authentication
  • 15. How Federation Services Works Full Details
  • 17. Consideration Password hash synchronization + Seamless SSO Pass-through Authentication + Seamless SSO Federation with AD FS Place of authentication? In the cloud In the cloud after a secure password verification exchange with the on-premises authentication agent On-premises No of additional on-prem servers (except Azure AD Connect)? None One server for each additional authentication agent Two or more AD FS servers Two or more WAP servers in DMZ What are the requirements for on-premises Internet and networking beyond the provisioning system? None Outbound Internet access from the servers running authentication agents - Inbound Internet access to WAP servers in the perimeter - Inbound network access to AD FS servers from WAP servers in the perimeter - NLB Is there an SSL certificate requirement? No No Yes Is there a health monitoring solution? Not required Agent status provided by Azure Active Directory admin center Azure AD Connect Health SSO to cloud resources from domain-joined devices within the company network? Yes with Seamless SSO Yes with Seamless SSO Yes What sign-in types are supported? - UserPrincipalName + password - Windows Integrated Authentication by using Seamless SSO - Alternate login ID - UserPrincipalName + password - Windows Integrated Authentication by using Seamless SSO - Alternate login ID - UserPrincipalName + password - sAMAccountName + password - Windows Integrated Authentication - Certificate and smart card authentication - Alternate login ID Is Windows Hello for Business supported? Key trust model Key trust model (Requires W2016 Domain functional level) - Key trust model - Certificate trust model What are the multifactor authentication options? - Azure MFA - Custom Controls with conditional access* - Azure MFA - Custom Controls with conditional access* - Azure MFA - Azure MFA server - Third-party MFA - Custom Controls with conditional access* What user account states are supported? Disabled accounts (up to 30-minute delay) - Disabled accounts - Account locked out - Account expired - Password expired - Sign-in hours - Disabled accounts - Account locked out - Account expired - Password expired - Sign-in hours What are the conditional access options? Azure AD conditional access, with Azure AD Premium Azure AD conditional access, with Azure AD Premium - Azure AD conditional access, with Azure AD Premium - AD FS claim rules Is blocking legacy protocols supported? Yes Yes Yes Can you customize the logo, image, and description on the sign-in pages? Yes, with Azure AD Premium Yes, with Azure AD Premium Yes What advanced scenarios are supported? - Smart password lockout - Leaked credentials reports, with Azure AD Premium P2 Smart password lockout - Multisite low-latency authentication system - AD FS extranet lockout - Integration with third-party identity systems
  • 18. Medium or simple org? aka.ms/deploymentplans Cutover migration to PHS? aka.ms/deploymentplans Cutover migration to PTA? aka.ms/deploymentplans
  • 19.
  • 20.
  • 21. Azure AD password protection with global banned password list Azure AD password protection with custom banned password list Cloud-only users Azure AD Free Azure AD Premium P1 or P2 Users synchronized from on-premises Windows Server Active Directory Azure AD Premium P1 or P2 Azure AD Premium P1 or P2 Full Details
  • 23. Full details When using pass-through authentication, you need to make sure that: • The Azure AD lockout threshold is less than the Active Directory account lockout threshold. Set the values so that the Active Directory account lockout threshold is at least two or three times longer than the Azure AD lockout threshold. • The Azure AD lockout duration in seconds is longer than the Active Directory reset account lockout counter after duration minutes.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 32. Advanced Queries with Log Analytics Run ADEQL queries for investigations, statistics, and root cause + trend analyses Log Analytics advanced query experience now in Azure Portal Utilize ML algorithms for clustering and anomaly detection Central Analytics Platform across Monitoring, Management, Security Setup custom alerts and actions Dashboard views
  • 33. Power BI can be configured to automatically import log data from Azure Monitor to take advantage of these additional visualizations.
  • 35.
  • 36.
  • 37.