Microsoft Azure Active Directory Identity Solutions

Slides:

Advertisements

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Advertisements

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Identity management integration options for Office 365

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Single Sign-On with Microsoft Azure

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Moving/Co-existing your messaging platform to the cloud with Exchange.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.

Office 365 Directory Synchronization Update: Deploying Password Sync.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Configuration Manager and InTune Gemeinsam oder einsam?

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.

 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.

Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD

 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Identity; What you need to know to be in the Microsoft Cloud

Deployment Planning Services

Recording Brief EMS Partner Bootcamp Variables Values Module Title

LOCAL CLOUDINESS Dino Buljubašić Rijad Smajlović

Azure Active Directory - Business 2 Consumer

O365 & AZURE ADDS Mladen Baranek, Miadria

Microsoft - Managing Office 365 Identities and Requirements

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.

ACTIVE DIRECTORY ADMINISTRATION

Microsoft Virtual Academy

Planning your Office 365 deployment - Lessons from real world deployments. Chris Goosen Office Servers and Services MVP Insight.

Directory Synchronization in Office 365

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Leverage your on-premise investments with cloud innovation

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Hybrid Search Planning Implementation.

PSC Group, LLc Office 365/SharePoint Online Migration traps and tricks

05 | AD to Windows Azure AD IT Professionals

TechEd /24/2018 4:00 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

Michael Stephenson DevOps empowered by Microsoft Flow

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

SharePoint Online Hybrid – Configure Outbound Search

Microsoft Virtual Academy

M7: New Features for Office 365 Identity Management

Five mistakes to avoid when deploying Enterprise Mobility + Security

Office 365 Identity Management

12/29/2018 8:46 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Microsoft Virtual Academy

Brian Arkills Microsoft Solutions Architect

1/3/2019 1:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

M3: Guidance for choosing the right integration option

AD FS Integration Active Directory Federation Services (AD FS) 7.4

Surviving identity management in a hybrid world

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

M6: Advanced Identity Management topics for Office 365

Office 365 Identity Management

7/18/2019 7:04 PM Pregled scenarijev uporabe storitve Azure Active Directory pri integraciji in nadzoru identitete uporabnika Gregor Šuster Microsoft Slovenija.

Microsoft 365 Business Technical Fundamentals Series

Azure AD Simon May Technical Evangelist.

10 | Implementing Directory Synchronization

Microsoft AZ-500 Dumps Pdf – Latest And Authentic Material

Presentation transcript:

Microsoft Azure Active Directory Identity Solutions Kaido Järvemets Senior Enterprise Architect, Microsoft MVP CT Global Services John Marcum Managing Consultant, Microsoft MVP CT Global Services

Kaido Järvemets John Marcum Kaidja I don’t tweet Microsoft MVP: Enterprise Mobility Microsoft MVP: Enterprise Mobility Level 13 Level 17 I hate mushrooms Grits and cornbread

Identity services K

Azure Active Directory services Azure AD Identity Protection Azure AD Privileged Identity Management Azure AD B2B Azure AD B2C Azure AD Connect Health ADFS / WAP / ADDS / Azure AD Connect Azure AD Domain Services Enterprise Mobility & Security E3 Versus E5 Azure AD Premium P1 Versus P2 K

Identity concepts J

Concepts Synchronized Identity Federated Identity NEWEST! Pass-through Authentication Cloud only Identity J

Synchronized Identity Use Cases Everything that you “think” you need ADFS for Pros Single identity Uses same password as on-prem Same Sign On Cons Authentication happens in cloud J *Also required for Pass-through and ADFS

Hybrid Identity J

Directory Synchronization J Step 1 – Import from AD Step 2 – Export to Azure AD

Preparing for Synchronization J Azure AD Connect Installation and Configuration

What is Azure AD Connect Primary tool to onboard to Azure AD Express Settings gets customers connected in a matter of minutes Provides install & configuration of password sync/ADFS for sign-in All future investments will only be available with Azure AD Connect Azure AD Connect DirSync Azure AD Sync Sync FIM + Azure AD Connector ADFS J Health ADFS

Preparation is key Get the binaries: http://bit.ly/CTAADC SQL: Instance vs 2012 Express LocalDB Service Account Virtual Service Account, Group Managed Service Account, Standard User Account Sync Groups Administrators, Operators, Browse and Reset Password group are builtin Sign-in method: Sync, Federated, Pass-through J

Preparation is key #2 Global admin account and password Sync Account Do not use an account in a domain you will enable for federation. Use an account in the default onmicrosoft.com domain, which comes with your Azure AD directory. Sync Account Regular user account w read permissions Domain and OU filtering Default: all domains and OUs are synchronized Unselect domains and OUs not to be synched Group Filtering Sync small subset of objects (pilot purposes) J

Post Install Add sync admins Assign Licenses to users Default: only user who installed and local administrators Additional: membership of ADSyncAdmins local group. Assign Licenses to users AADPremium EMS Change the default configuration Deletion threshold, etc. Install ADFS & ADDC Azure AD Connect Health Agents J

Installation and Configuration Azure AD Connect Installation and Configuration Demo K

Synchronized Identity Demo J

Federated Identity Use Cases Pros Cons Conditional access Single Sign On No password hash sync Regulations Pros Cons Complex infrastructure Single point of failure K https://support.office.com/en-us/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9#bk_federated

ADFS is NOT REQUIRED for Exchange Online etc. Big announcement ADFS is NOT REQUIRED for Exchange Online etc. K

why folks do use AN ADFS? Office 365 requires an ADFS infrastructure False I need an ADFS because it is more secure I need an ADFS because I cant sync my password hashes True K

High level overview K

Federated Demo K

Pass-through Authentication Use cases Another way to do everything you “think” you need ADFS for ;-) Reduce complexity Pros No password hash sync Single sign-on Cons Complex infrastructure Single point of failure K *Still in preview

HIGH Level Overview

Pass-through Authentication Demo K

Cloud only Use cases Pros Cons Grant vendor access to online resources No infrastructure Can be converted to synchronized Near 100% uptime Cons Does not use on-prem credentials Limited access to on-prem resources J

Cloud Only Demo J