Azure - Identity as a service
Download as PPTX, PDF1 like943 views
This document summarizes Microsoft Azure Active Directory (Azure AD) and how it compares to on-premises Active Directory Domain Services (AD DS). Azure AD provides identity and access management in the cloud, while AD DS is installed on-premises. Key differences include Azure AD being multi-tenant, lacking group policy support, and using REST APIs instead of LDAP. The document also outlines integrating Azure AD and AD DS through synchronization and federation for single sign-on capabilities across cloud and on-premises applications and services.
Azure - Identity as a service
- 1. PRESENTS Microsoft, DLF Cyber City August 20, 2017 MICROSOFT AZURE DAY Subhendu Bhattacharyya Microsoft Certified Trainer , MCP ,MCSA , MCSE , MS – Azure Corporate Trainer @ Koenig Solutions Pvt Ltd , Blogger Blog/Website : www.SubhenduMCT.com Azure AD – Identity As A Service
- 2. Public Cloud Offering From Microsoft 42 Datacenter Across The Globe 62 Compliance Offering 90% of Fortune 500 company use Azure 72 product available in portal One Stop Support from Microsoft Great compatibility with your on prem env www.SubhenduMCT.co
- 3. Azure AD – Identity As A Service Azure AD – Provide Authentication and Authorization to Cloud App (Office365 , SharePoint online Etc) and Azure . www.SubhenduMCT.com
- 4. Starting from Facebook , Gmail , Hotmail Even this Gate Pass of this seminar says – Who you are ? & What you can Do ? www.SubhenduMCT.co
- 5. In organization - Employee prove there Identity by their domain username and password. To set up this , we install ADDS role in Server. www.SubhenduMCT.co
- 6. ADDS is a Role in windows server – Provide 3A Factor Authentication – Authorization - Accounting in our Domain Environment www.SubhenduMCT.com
- 7. Azure AD – Provide Authentication and Authorization to cloud app (Office365 , SP online etc) and Azure . www.SubhenduMCT.com
- 8. • Microsoft-managed • A platform as a service offering • Multitenant by design • Employs Internet-friendly protocols • Supports users, groups, applications, and devices • No organizational units or computer objects • Does not support Group Policy settings • No support for forests, relies on federations to extend scope of authentication and authorization • Delegation model based on Role-Based Access Control • Easily extensible, includes multi-factor authentication support • Provides authentication and authorization: • Cloud identity • Synchronized identity • Federated identity www.SubhenduMCT.com
- 9. ADDS Azure AD First introduced with Windows 2000 Server Introduced with Azure It has a hierarchical structure based on X.500. It uses DNS for locating objects, can be interacted with using LDAP, and it primarily uses Kerberos for authentication. Azure AD is a multi-customer public directory service for your cloud servers and apps such as O365. Users and groups are created in a flat structure without OUs or GPOs. Authentication is performed through protocols such as SAML, WS-Federation, and OAuth. It's possible to query Azure AD, but instead of using LDAP you must use a REST API called AD Graph API. These all work over HTTP and HTTPS. www.SubhenduMCT.co
- 10. Managing multiple Azure AD tenants Uses for multiple directories: • Live directory • Test directory • Sync directory Multiple cloud services can use Azure AD for authentication and authorization: • Azure • Office 365 • Intune You can add users from one directory to another directory www.SubhenduMCT.com
- 11. Implementing Azure AD B2B and Azure AD B2C Azure AD Business to Business (B2B): • Provides simple and secure sharing of data and applications • Works with partners that have their own Azure AD tenant and with partners that do not have an Azure AD tenant • Requires a company to federate only once with Azure AD Azure AD Business to Consumer (B2C): • Provides Identity as a Service for applications • Supports standard protocols, such as OpenID Connect and OAuth 2.0 • Supports identity management by using social accounts such as Facebook, Google, and LinkedIn www.SubhenduMCT.com
- 12. Overview of managing Cloud Applications • Enable SSO for apps • Use centralized application access management • Grant access to users and groups from Azure AD or from AD DS • Use unified reporting and monitoring • Use the Application Access Panel http://myapps.microsoft.com www.SubhenduMCT.com
- 13. Integrating applications with Azure AD • Add an application from the Azure AD application gallery • http://azure.microsoft.com/en-us/gallery/active-directory/ • Add a custom LOB application in Azure AD: • Register the web app in the Azure AD tenant • Add logic or code to the web app: • Block and redirect unauthenticated request • Grant access to authenticated requests • Add a SaaS application that is not listed in the Azure AD application gallery: • Register the web app in the Azure AD tenant • Configure SSO with Azure AD • Assign users and groups to the application www.SubhenduMCT.com
- 14. Introducing Azure AD Premium Features of Azure AD Premium: •Self-service group management •Advanced security reports and alerts •Multi-Factor Authentication •Enterprise SLA of 99.9 percent •Self-service password reset with writeback •Cloud App Discovery •Azure AD Connect Health www.SubhenduMCT.com
- 15. Azure Multi-Factor Authentication • Azure Multi-Factor Authentication requires additional form of authentication: • Mobile app authentication • Phone call • Text message • Email message • Third party OAuth token • Multi-factor security solution: • For cloud-only apps • For on-premises applications www.SubhenduMCT.com
- 16. Deploy Active Directory domain controllers in Azure • Reasons for placing domain controllers in Azure: • Providing resilience to the on-premises directory • Keeping authentication requests for Azure-based services within Azure • Extending access to on-premises Active Directory to worldwide sites • Enabling additional directory synchronization options • Deployment scenarios: • Deploy domain controllers only in Azure • Deploy AD DS only in an on-premises infrastructure with cross-premises connectivity • Deploy AD DS in an on-premises infrastructure and on an Azure virtual machine • Planning considerations: • Inter-site connectivity • Active Directory sites • Read-only domain controllers • FSMO roles and global catalog placement • Backup and restore www.SubhenduMCT.com
- 17. Installing and configuring Azure AD Connect • Use express settings for: • A single Active Directory forest • Signing in with the same password by using password synchronization • Installing Azure AD Connect with express settings: • Installs the synchronization engine • Configures Azure AD Connector • Configures the on-premises AD DS connector • Enables password synchronization • Configures synchronization services • Configures synchronization services for Exchange hybrid deployment (optional) www.SubhenduMCT.com
- 18. Overview of AD DS and Azure AD integration options • Extend on-premises Active Directory to Azure • Synchronize AD DS with Azure AD: • Optional password synchronization • Implement trust relationship and single sign-on (SSO): • Active Directory Federation Service (AD FS) • Web Application Proxy www.SubhenduMCT.com
- 19. Hum Hain Rahi Cloud Ke - Phir Milenge Chalte Chalte…. - $ubhendu