Download presentation
Presentation is loading. Please wait.
1
Microsoft Azure Active Directory Identity Solutions
Kaido Järvemets Senior Enterprise Architect, Microsoft MVP CT Global Services John Marcum Managing Consultant, Microsoft MVP CT Global Services
2
Kaido Järvemets John Marcum Kaidja I don’t tweet
Microsoft MVP: Enterprise Mobility Microsoft MVP: Enterprise Mobility Level 13 Level 17 I hate mushrooms Grits and cornbread
3
Identity services K
4
Azure Active Directory services
Azure AD Identity Protection Azure AD Privileged Identity Management Azure AD B2B Azure AD B2C Azure AD Connect Health ADFS / WAP / ADDS / Azure AD Connect Azure AD Domain Services Enterprise Mobility & Security E3 Versus E5 Azure AD Premium P1 Versus P2 K
5
Identity concepts J
6
Concepts Synchronized Identity Federated Identity
NEWEST! Pass-through Authentication Cloud only Identity J
7
Synchronized Identity
Use Cases Everything that you “think” you need ADFS for Pros Single identity Uses same password as on-prem Same Sign On Cons Authentication happens in cloud J *Also required for Pass-through and ADFS
8
Hybrid Identity J
9
Directory Synchronization
J Step 1 – Import from AD Step 2 – Export to Azure AD
10
Preparing for Synchronization
J Azure AD Connect Installation and Configuration
11
What is Azure AD Connect
Primary tool to onboard to Azure AD Express Settings gets customers connected in a matter of minutes Provides install & configuration of password sync/ADFS for sign-in All future investments will only be available with Azure AD Connect Azure AD Connect DirSync Azure AD Sync Sync FIM + Azure AD Connector ADFS J Health ADFS
12
Preparation is key Get the binaries: http://bit.ly/CTAADC SQL:
Instance vs 2012 Express LocalDB Service Account Virtual Service Account, Group Managed Service Account, Standard User Account Sync Groups Administrators, Operators, Browse and Reset Password group are builtin Sign-in method: Sync, Federated, Pass-through J
13
Preparation is key #2 Global admin account and password Sync Account
Do not use an account in a domain you will enable for federation. Use an account in the default onmicrosoft.com domain, which comes with your Azure AD directory. Sync Account Regular user account w read permissions Domain and OU filtering Default: all domains and OUs are synchronized Unselect domains and OUs not to be synched Group Filtering Sync small subset of objects (pilot purposes) J
14
Post Install Add sync admins Assign Licenses to users
Default: only user who installed and local administrators Additional: membership of ADSyncAdmins local group. Assign Licenses to users AADPremium EMS Change the default configuration Deletion threshold, etc. Install ADFS & ADDC Azure AD Connect Health Agents J
15
Installation and Configuration
Azure AD Connect Installation and Configuration Demo K
17
Synchronized Identity
Demo J
18
Federated Identity Use Cases Pros Cons Conditional access
Single Sign On No password hash sync Regulations Pros Cons Complex infrastructure Single point of failure K
19
ADFS is NOT REQUIRED for Exchange Online etc.
Big announcement ADFS is NOT REQUIRED for Exchange Online etc. K
20
why folks do use AN ADFS? Office 365 requires an ADFS infrastructure
False I need an ADFS because it is more secure I need an ADFS because I cant sync my password hashes True K
21
High level overview K
22
Federated Demo K
23
Pass-through Authentication
Use cases Another way to do everything you “think” you need ADFS for ;-) Reduce complexity Pros No password hash sync Single sign-on Cons Complex infrastructure Single point of failure K *Still in preview
24
HIGH Level Overview
25
Pass-through Authentication
Demo K
26
Cloud only Use cases Pros Cons Grant vendor access to online resources
No infrastructure Can be converted to synchronized Near 100% uptime Cons Does not use on-prem credentials Limited access to on-prem resources J
27
Cloud Only Demo J
Similar presentations
