Azure Active Directory from Zero to Hero Azure &.NET Meetup Freiburg, 2018 Esmaeil Sarabadani
What we cover today Overview on Azure AD Differences between on-prem AD and Azure AD Azure AD usage scenarios User/Group/Device management using Azure AD Managing access to applications using Azure AD Azure AD security
What do we already know? What is Active Directory? How many of you have already used AD/Azure AD? What are your use-cases?
Why Azure Active Directory?! Microsoft Identity Management as a Service (IDaaS) for organizations. Millions of independent identity systems controlled by enterprise and government tenants. 90% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Azure AD Directories >10 M More than 750 M user accounts on Azure AD Information is owned and used by the controlling organization not by Microsoft. Evolved to manage an organization s relationships with its customers/citizens and partners (B2C and B2B). 33,000 Enterprise Mobility + Security Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active Directory
What is Azure Active Directory?
Things to know about Azure AD It comes in three different editions: Azure AD Basic Azure AD Premium P1 Azure AD Premium P2 Every Azure tenant is linked to an Azure AD instance Azure AD is completely independent of Subscriptions Every subscription must be associated with an Azure AD It can be set up in a standalone or hybrid mode
Azure AD Usage Scenarios Standalone Hybrid Rely only on Azure AD and everything is in cloud On-premise AD synchronizes with Azure AD Authentication can happen onpremise or in cloud Synchronization is handled by Azure AD Connect
Azure AD Connect Microsoft Azure Active Directory Azure AD Connect Onpremises
Azure AD Connect Password Writeback
Uses Kerberos for authentication Uses LDAP to query for objects Uses DNS for locating objects Requires Domain Controllers as the central authority Uses SAML, WS-Federation, and OAuth for authentication You need to use Azure Graph API to query for objects DNS is managed by Azure Does not require any Domain Controllers Azure AD Domain Services supports LDAP for queries and Kerberos for authentication.
Passwords on Azure AD Microsoft Azure Active Directory Azure AD Connect Onpremises
Azure AD Pass-Through Authentication Microsoft Azure Active Directory Office 365, SaaS, and LoB apps Identity synchronization using Azure AD Connect Pass-through authentication Password validation requests are sent to Windows Server Active Directory via Pass-through authentication Pass-through authentication agent Onpremises
Azure AD Integration with ADFS
Authenticating Applications with Azure AD Windows Server Active Directory Simple connection Other directories Self-service Single sign-on Azure SaaS Public cloud On-premises Microsoft Azure Active Directory Cloud
How does it work?
Single Sign-On Browse to app Redirect to AAD for sign in Sign in occurs App Validates Token User signed into app
Terminology Service Provider -initiated sign in Users sign in directly from the app s web page Identity Provider -initiated sign in Users can t sign in directly from app site. User must use the Azure AD access panel, Office 365, or an Azure AD deep link to sign in
Identity Provider -Initiated Sign In Browse to Azure AD access panel Sign in occurs User signed into app App Validates Token Click on app, Azure AD redirects with token
Azure AD Application Proxy https://appx-contoso.msappproxy.net/ Microsoft Azure Active Directory Application Proxy connector Azure or 3 rd Party IaaS DMZ connector connector connector app app app app
Contact me at: e.sarabadani@gmail.com http://thebluenode.com