Azure Classroom Series – 23/Aug/2020

Managing Identities in Azure Active Directory

  • Integrating an existing on-premises AD with Azure AD for hybrid cloud deployments Preview

  • Microsoft has developed a tool called AAD Connect, which can be downloaded from here

  • There are two phases to the installation of AAD

    1. Installation of Agents (On Windows Servers which can connect to Active Directory Domain Controller)
    2. Configuration of Synchronization between on-premise domain and Azure AD
  • For configuring AAD Connect

    1. You would require a Global Administrator credentials in your target Azure AD
    2. You would require Administrator account for connection to Active Directory Domain Controller on-premise.
  • Synchronization Options

    1. Password Hash Synchronization:
      • This option allows users to sign in to Azure AD using same username & password as they use on-premise
      • Hash of the password is synced to Azure AD
    2. Pass-Through Authentication
      • This option allows users to sign in to Azure AD using same username & password as they use on-premise
      • Whenever azure receives an authentication request it will forward to Domain Controller on-premise to check for authentication.
    3. Federation with AD FS
      • This option allows users to sign-in with a AD FS as a federated Identity provider.
    4. Federation with PingFederate
      • This option allows users to sign in with PingFederate. With this option after users in federated domains have been resolved in Azure AD, they will be redirected to target identity provider
    5. Do Not Configure
  • Single sign-on can be optionally enable for domain joined desktops without the use of AD FS

  • Choosing Express settings while configuring Azure AD Connect

    • will configure synchronization fo all the identities using password hash synchronization
    • Enable auto upgrade of AAD connection
    • Initiate synchronization as soon the installation is complete Preview
  • To select the synchronization select any one of the following options depending on your organizational choice Preview

  • Once you sync users the azure will show the users with Directory synced value as yes Preview

Enabling the Self-service Password request for cloud users

Enabling MFA (Multi-factor authentication)

Enabling password writeback to on-premise

Azure AD Privileged Identity Management (PIM)

  • Azure AD PIM is a service that enables you to manage, control & monitor access to resources (Azure AD, Azure, Office 365) in your organization
  • PIM does the following
    • Assign time-bound access to resources using start & end-dates
    • Provide just-in-time privileged access to Azure AD and Azure resources
    • Require approval to activate privileged roles
    • Get notifications when privileged roles are activated
    • Download audit history for internal & external audit

Azure AD B2B (Business to Business)

  • Azure AD B2B collaboration is a feature where external users can be invited as guest users to collaborate with your organization

Azure AD B2B (Business to Consumer)

  • Azure AD is Identity as a Service. Now lets think of scenario where you are developing an app. Does your app requires authentication & authorization.
  • All of the Authentication & Authorization required by your application can be handled by Azure AD.
  • Create a resource and select Active Directory B2C Preview Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin