New Horizons Ireland, profile picture
Uploaded byNew Horizons Ireland
4,762 views

Understanding Azure AD

The document outlines Microsoft’s official course on understanding Azure Active Directory (Azure AD), covering identity models such as cloud, synchronized, and federated identities. It highlights the functionalities of Azure AD, including user management, authentication methods, and different Azure AD tiers—Free, Basic, Premium P1, and Premium P2—along with their respective features and service level agreements. Additionally, it discusses Azure AD Connect for syncing identities between on-premises and cloud environments and the setup of Azure AD Domain Services for traditional directory-aware applications.

Downloaded 429 times
Microsoft Official Course Understanding Azure AD
Jackson Felden jackson.felden@nhireland.ie https://www.linkedin.com/in/jacksonfelden/
Seminar outline • Understanding the identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
Microsoft Official Course Understanding the identity models
Overview of Azure AD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
Understanding the identity models Azure / Azure / Azure /
Understanding the identity models Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
Cloud identity Pros: Very Simple No Servers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
Synchronized identity Pros: Simple No big changes on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
DirSync Synchronization Synchronization "Same SignOn" Synchronized identity - Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
Installing and configuring Azure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
Azure AD Connect components
Federated identity Pros: Full single sign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
Federated identity - Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
Federated identity - Authentication
Federated identity – High Availability ISP1 ISP2
Federated identity – on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
Federated identity – on Azure
Understanding the identity models Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
Microsoft Official Course Demo: Managing Azure AD users and groups
Microsoft Official Course Introduction to Azure Active Directory
Introduction to Azure Active Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
Overview of Azure AD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
Managing Azure AD users, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
The table of Nines - SLA
Azure AD free • Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
Azure AD Basic • Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
Azure AD Premium P1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
Azure AD Premium P2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Azure AD Premium P2 - Identity Protection
Planning to deploy Active Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
Azure AD Domain Services • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – Jackson@nh.ie instead nhackson • Supports On-prem AD synchronization with Azure AD connect
Azure AD Domain Services – Replication Azure AD and Azure AD Domain Services
Azure AD Domain Services – Replication On-premises AD, Azure AD and Azure AD Domain Services
Azure AD Domain Services - Setup
Azure AD Domain Services – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
Understanding the identity models Azure / Azure / Azure /
Azure AD Domain Services - pricing
Microsoft Official Course Azure AD Connect: -Pass-through authentication -Seamless Single Sign-On
Pass-through authentication
Pass-through authentication – Cloud App
Pass-through Authentication - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Pass-through Authentication - Configuration
Seamless Single Sign-On How to disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
Azure Active Directory Seamless Single Sign-On
Azure Active Directory Pass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
Seamless Single Sign-On - Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
Azure Active Directory Seamless Single Sign-On
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – GPO configuration
Seamless Single Sign-On – Event Viewer
Azure Certification and Courses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions
Understanding Azure AD

More Related Content

PPTX
Azure active directory
byRaju Kumar
 
PPTX
Azure Identity and access management
byDinusha Kumarasiri
 
PDF
Microsoft Azure Active Directory
byDavid J Rosenthal
 
PDF
Microsoft-Entra-Identity-and-Access-presentation.pdf
byJohnDoe583546
 
PDF
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
PPTX
Mastering Identity Management with Entra ID in Microsoft Azure AD
byBert Blevins
 
PPTX
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
PPTX
Azure role based access control (rbac)
bySrikanth Kappagantula
 
Azure active directory
byRaju Kumar
 
Azure Identity and access management
byDinusha Kumarasiri
 
Microsoft Azure Active Directory
byDavid J Rosenthal
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
byJohnDoe583546
 
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
Mastering Identity Management with Entra ID in Microsoft Azure AD
byBert Blevins
 
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
Azure role based access control (rbac)
bySrikanth Kappagantula
 

What's hot

PPTX
Azure AD Presentation - @ BITPro - Ajay
byAnoop Nair
 
PDF
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
byEdureka!
 
PPTX
Azure security and Compliance
byKarina Matos
 
PDF
Microsoft Azure Overview
byDavid J Rosenthal
 
PPTX
Azure App Service Deep Dive
byAzure Riyadh User Group
 
PPTX
Azure key vault
byRahul Nath
 
PPTX
Windows Azure Active Directory
byKrunal Trivedi
 
PDF
Secure Your Cloud Environment with Azure Active Directory (AD)
byWinWire Technologies Inc
 
PDF
Migrate to Microsoft Azure with Confidence
byDavid J Rosenthal
 
PDF
Microsoft Azure Security Overview
byAlert Logic
 
PDF
[Azure Governance] Lesson 4 : Azure Policy
by☁ Hicham KADIRI ☁
 
PPTX
Azure - Identity as a service
byBizTalk360
 
PDF
Introduction to Azure
byRobert Crane
 
PDF
Azure Arc Overview from Microsoft
byDavid J Rosenthal
 
PPTX
App Modernization with Microsoft Azure
byMicrosoft Tech Community
 
PPTX
Microsoft Azure Networking Basics
bySai Kishore Naidu
 
PDF
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
PPTX
Introducing Azure SQL Database
byJames Serra
 
PPTX
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
PDF
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
byDavid J Rosenthal
 
Azure AD Presentation - @ BITPro - Ajay
byAnoop Nair
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
byEdureka!
 
Azure security and Compliance
byKarina Matos
 
Microsoft Azure Overview
byDavid J Rosenthal
 
Azure App Service Deep Dive
byAzure Riyadh User Group
 
Azure key vault
byRahul Nath
 
Windows Azure Active Directory
byKrunal Trivedi
 
Secure Your Cloud Environment with Azure Active Directory (AD)
byWinWire Technologies Inc
 
Migrate to Microsoft Azure with Confidence
byDavid J Rosenthal
 
Microsoft Azure Security Overview
byAlert Logic
 
[Azure Governance] Lesson 4 : Azure Policy
by☁ Hicham KADIRI ☁
 
Azure - Identity as a service
byBizTalk360
 
Introduction to Azure
byRobert Crane
 
Azure Arc Overview from Microsoft
byDavid J Rosenthal
 
App Modernization with Microsoft Azure
byMicrosoft Tech Community
 
Microsoft Azure Networking Basics
bySai Kishore Naidu
 
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
Introducing Azure SQL Database
byJames Serra
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
byDavid J Rosenthal
 

Similar to Understanding Azure AD

PDF
Understanding Azure AD Webinar Presentation
byNew Horizons Ireland
 
PPTX
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
byMax Fritz
 
PDF
Identity Security - Azure Active Directory
byEng Teong Cheah
 
PDF
Understanding Cloud Identities - SMBNation 2015
byRobert Crane
 
PPTX
826182700-AZ-500T00A-ENU-Powerpoint-01.pptx
bywisdomrobertkonudze
 
PPTX
Azure_AD UNIT-3 .pptx
bychiefwardenmh1
 
PPTX
Azure-AD.pptx
byssuser9dddf7
 
PPTX
Microsoft Azure AD architecture and features
byssuser381403
 
PPTX
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
PPTX
Azure AD and Office 365 - Deja Vu All Over Again
bySean Deuby
 
PPTX
Azure Global Bootcamp 2017 Azure AD Deployment
byAnthony Clendenen
 
PPTX
JoTechies - Cloud identity
byJoTechies
 
PPTX
Identity Management for Office 365 and Microsoft Azure
bySparkhound Inc.
 
PPTX
Securing your Azure Identity Infrastructure
byVignesh Ganesan I Microsoft MVP
 
PDF
Microsoft Azure Active Directory- The Complete Guide.pdf
byMultisoft Systems
 
PPSX
AzureAAD
byTonyHotko
 
PPTX
Análisis de riesgos en Azure y protección de la información
byPlain Concepts
 
PDF
Premier Webcast - Identity Management with Windows Azure AD
byuberbaum
 
PPTX
Azure Community Tour 2019 - AZUGDK
byPeter Selch Dahl
 
PPTX
O365-AzureAD Identity management
byDavid Pechon
 
Understanding Azure AD Webinar Presentation
byNew Horizons Ireland
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
byMax Fritz
 
Identity Security - Azure Active Directory
byEng Teong Cheah
 
Understanding Cloud Identities - SMBNation 2015
byRobert Crane
 
826182700-AZ-500T00A-ENU-Powerpoint-01.pptx
bywisdomrobertkonudze
 
Azure_AD UNIT-3 .pptx
bychiefwardenmh1
 
Azure-AD.pptx
byssuser9dddf7
 
Microsoft Azure AD architecture and features
byssuser381403
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
Azure AD and Office 365 - Deja Vu All Over Again
bySean Deuby
 
Azure Global Bootcamp 2017 Azure AD Deployment
byAnthony Clendenen
 
JoTechies - Cloud identity
byJoTechies
 
Identity Management for Office 365 and Microsoft Azure
bySparkhound Inc.
 
Securing your Azure Identity Infrastructure
byVignesh Ganesan I Microsoft MVP
 
Microsoft Azure Active Directory- The Complete Guide.pdf
byMultisoft Systems
 
AzureAAD
byTonyHotko
 
Análisis de riesgos en Azure y protección de la información
byPlain Concepts
 
Premier Webcast - Identity Management with Windows Azure AD
byuberbaum
 
Azure Community Tour 2019 - AZUGDK
byPeter Selch Dahl
 
O365-AzureAD Identity management
byDavid Pechon
 

More from New Horizons Ireland

PDF
Students' Testimonials - Online Live Classes
byNew Horizons Ireland
 
PDF
Understanding Migration Paths to Azure webinar 18 oct
byNew Horizons Ireland
 
PDF
Office 365 Features for GDPR Compliance Webinar
byNew Horizons Ireland
 
PDF
Webinar Understanding Azure Backup 05 Sep
byNew Horizons Ireland
 
PPTX
Understanding Azure Disaster Recovery
byNew Horizons Ireland
 
PPTX
CompTIA certification
byNew Horizons Ireland
 
PPTX
Reception slideshow
byNew Horizons Ireland
 
Students' Testimonials - Online Live Classes
byNew Horizons Ireland
 
Understanding Migration Paths to Azure webinar 18 oct
byNew Horizons Ireland
 
Office 365 Features for GDPR Compliance Webinar
byNew Horizons Ireland
 
Webinar Understanding Azure Backup 05 Sep
byNew Horizons Ireland
 
Understanding Azure Disaster Recovery
byNew Horizons Ireland
 
CompTIA certification
byNew Horizons Ireland
 
Reception slideshow
byNew Horizons Ireland
 

Recently uploaded

PDF
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
PDF
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
PPTX
Practical tips for keeping your C# code base clean
byDennis Doomen
 
PPTX
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
PDF
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
PDF
Igalia and WebKit: Status update and plans (2025)
byIgalia
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PPTX
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
PDF
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
PPTX
Healthcare BI - Turning Raw Data into Actionable Insights.pptx
byDash Technologies Inc
 
PDF
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
PDF
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
Practical tips for keeping your C# code base clean
byDennis Doomen
 
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
Igalia and WebKit: Status update and plans (2025)
byIgalia
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
Healthcare BI - Turning Raw Data into Actionable Insights.pptx
byDash Technologies Inc
 
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 

Understanding Azure AD

  • 1.
  • 2.
  • 3.
    Seminar outline • Understandingthe identity models • - Cloud identity • - Synchronized identity. • - Federated identity • Introduction to Azure Active Directory • Azure Active Directory Domain Services
  • 4.
  • 5.
    Overview of AzureAD Azure Apps subscription 1 subscription 2 Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
  • 6.
    Understanding the identitymodels Azure / Azure / Azure /
  • 7.
    Understanding the identitymodels Azure / Azure / Azure / Seamless Single Sign-OnPass-through authentication
  • 8.
    Cloud identity Pros: Very Simple NoServers on-premises Single place for user management No configuration on-premises Cons: Doesn’t support Win7 computer join Doesn’t support computer management via GPO Azure / Azure /
  • 9.
    Synchronized identity Pros: Simple No bigchanges on-prem AD On-prem is the user “master copy” Users use the same password for on-premfor and Azure resources (“Same SignOn”) Cons: Might need a new server or VM 2 places for user management* Need to make sure the replication is always working Azure AD Connect Azure /
  • 10.
    DirSync Synchronization Synchronization "Same SignOn" Synchronized identity- Authentication Azure AD Connect Active Directory Domain Controller Azure Active Directory Office 365 Azure Apps
  • 11.
    Installing and configuringAzure AD Connect • Use express settings for: • Single Active Directory forest • Default synchronization settings • Use customized settings for: • Multiple forests with duplicate identities • Federation scenarios • Custom synchronization settings, for example writeback • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional)
  • 12.
    Azure AD Connectcomponents
  • 13.
    Federated identity Pros: Full singlesign-on Audit all logons locally On-prem AD does the authentication Passwords don’t need to be synched Better option for advanced scenarios Immediate account disable and password changes Supports sign-in restrictions by network location, client or work hours. Cons: More Complex Needs more servers Needs Active Directory Federation Services (AD FS) On-prem DCs, AD FS servers and internet link must be highly available Require a public certificate and solid domain name Azure D Connect
  • 14.
    Federated identity -Authentication The security token contains claims about the user, such as user name, group membership, User Principal Name (UPN), email address, manager details, phone number, and other attribute values. Azure Active Directory Office 365 Azure Apps Azure AD Connect Federation with Azure AD or O365 enables users to authenticate using on-premises credentials and access all resources in cloud.
  • 15.
    Federated identity -Authentication
  • 16.
    Federated identity –High Availability ISP1 ISP2
  • 17.
    Federated identity –on Azure AD Connect AD FS Proxy AD FS Server AD FS ServerDC VPN Gateway DC VPN On-premises AD FS Proxy
  • 18.
  • 19.
    Understanding the identitymodels Azure / Azure / Azure / Note: Use the simplest identity model that meets your needs. Is possible to switch between the models when needed
  • 20.
  • 21.
    Microsoft Official Course Introductionto Azure Active Directory
  • 22.
    Introduction to AzureActive Directory • Azure Active Directory (free) • Azure Active Directory Basic • Azure Active Directory Premium P1 • Azure Active Directory Premium P2 • Deploy Active Directory domain controllers on Azure virtual machines • Azure Active Directory Domain Services
  • 23.
    Overview of AzureAD • Microsoft-managed • Multitenant by design • Employs internet-friendly protocols • Supports users, groups, applications, and devices • Includes built-in MFA (Multi-factor Authentication) support • No organizational units • No support for GPOs • No support for LDAP • etc
  • 24.
    Managing Azure ADusers, groups, and devices • Azure AD users: • Cloud identities • Directory-synchronized identities • Management interfaces: • Azure portal • Windows PowerShell • Office 365 admin Center
  • 25.
    The table ofNines - SLA
  • 26.
    Azure AD free •Is FREE • Supports Single Sign On • Supports on-prem AD replication with AD Connect • Maximum 500,000 objects • Managed by web interface or PowerShell • Supports Windows 10 device registration • Self-Service Password Change for cloud users • Supports 'per user' or 'per authentication’ Multi-Factor Authentication • No SLA is provided for the Free tier of Azure Active Directory.
  • 27.
    Azure AD Basic •Self-Service Password Reset for cloud users, • Company Branding (Logon Pages/Access Panel customization) • SLA of 99.9 percent uptime • No Object Limit
  • 28.
    Azure AD PremiumP1 • Self-service group and app management • Automatic password rollover for group accounts • Self-service password reset and account unlock with write-back • Conditional Access based on device state (Allow access from managed devices) • Conditional Access based on group and location • MDM (Mobile Device Management) auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming • Advanced security reports and alerts • Enterprise SLA of 99.9 percent • Multi-Factor Authentication • Azure AD Connect Health • Cloud App Discovery • Dynamic groups
  • 29.
    Azure AD PremiumP2 • Azure AD Privileged Identity Management: • Uses machine learning to understand what would be a normal operation, can detect Impossible travel situations, IP addresses with suspicious behaviour, etc • Enables on-demand, just-in-time administrative access • Generates reports about administrator access history • Azure AD Identity Protection: • Monitors identity usage patterns • Assigns risk levels to users • Implements risk-based policies • Privileges given are time-limited, MFA enforcement, etc • Enterprise SLA of 99.9 percent
  • 30.
    Azure AD PremiumP2 - Identity Protection
  • 31.
    Azure AD PremiumP2 - Identity Protection
  • 32.
    Azure AD PremiumP2 - Identity Protection
  • 33.
    Planning to deployActive Directory domain controllers on Azure virtual machines • Reasons for placing domain controllers in Azure: • Keeping authentication requests from Azure-based services within Azure • Extending on-premises Active Directory to Azure • Enhancing resiliency of directory synchronization and federation deployments • Deployment scenarios: • AD DS in Azure • AD DS in an on-premises infrastructure with cross-premises connectivity • AD DS in an on-premises infrastructure and in Azure
  • 34.
    Azure AD DomainServices • Supports: • LDAP • Azure Active Directory domain join • NTLM • Kerberos • Group Policy • OUKey points: • Avoids domain controllers in Azure • Is highly-available service • SLA —guarantee at least 99.9% • Minimises the traffic from Azure VM to your on-prem DC • You pay an hourly charge based on the size of your directory • Supports your traditional directory-aware apps alongside your modern cloud apps • Must be connected to a VNET and has an IP, (client DNS) • UPN format is recommended – [email protected] instead nhackson • Supports On-prem AD synchronization with Azure AD connect
  • 35.
    Azure AD DomainServices – Replication Azure AD and Azure AD Domain Services
  • 36.
    Azure AD DomainServices – Replication On-premises AD, Azure AD and Azure AD Domain Services
  • 37.
    Azure AD DomainServices - Setup
  • 38.
    Azure AD DomainServices – Limitations Limitations: • Single managed domain serviced by Azure AD Domain Services for a single Azure AD directory. • Cannot use Azure AD Domain Services with federated Azure AD • Cannot use Azure AD Domain Services with Pass-through Authentication • You cannot add domain controllers to the managed domain • You cannot connect to domain controllers for the managed domain using Remote Desktop. • You are not granted Domain Administrator or Enterprise Administrator privileges • No control over the synchronization (+-20 minutes) • You cannot pause the service to “pause” the Billing • You cannot extend the schema
  • 39.
    Understanding the identitymodels Azure / Azure / Azure /
  • 40.
    Azure AD DomainServices - pricing
  • 41.
    Microsoft Official Course AzureAD Connect: -Pass-through authentication -Seamless Single Sign-On
  • 42.
  • 43.
  • 44.
    Pass-through Authentication -Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 45.
  • 46.
    Seamless Single Sign-On Howto disable Pass-through Authentication? Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass- through Authentication on the tenant and uninstalls the Authentication Agent from the server. You have to manually uninstall the Authentication Agents from other servers.
  • 47.
    Azure Active DirectorySeamless Single Sign-On
  • 48.
    Azure Active DirectoryPass-through Authentication with Seamless Single Sign-On Uses Azure AD connect AD FS is not needed Installs an Agent on on-prem DCs Needs 2 configurations on GPO Creates a computer account for Azure AD on local AD domain Allows your users to sign in to both on-premises and cloud-based applications using the same passwords Validates users' passwords directly against your on-premises Active Directory Good option for organizations that don't want to send users' passwords outside Integrated with self-service password management including password writeback and password protection(banning commonly used passwords) User sign-ins into Office 365 client applications that support modern authentication - Office 2016, and Office 2013 with modern authentication. It’s free
  • 49.
    Seamless Single Sign-On- Configuration Users from all managed domains in your tenant can sign in using Pass-through Authentication. However, users from federated domains continue to sign in using Active Directory Federation Services (AD FS) or another federation provider that you have previously configured. If you convert a domain from federated to managed, all users from that domain automatically start signing in using Pass-through Authentication. Cloud-only users are not impacted by the Pass- through Authentication feature.
  • 50.
    Azure Active DirectorySeamless Single Sign-On
  • 51.
    Seamless Single Sign-On– GPO configuration
  • 52.
    Seamless Single Sign-On– GPO configuration
  • 53.
    Seamless Single Sign-On– Event Viewer
  • 54.
    Azure Certification andCourses Course 10979: Microsoft Azure Fundamentals Course 20532: Developing Microsoft Azure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20535: Architecting Microsoft Azure Solutions