Windows Azure Question-Answer Part V- Azure Active Directory

Similar documents
Windows Azure Question-Answer Part II- Azure Web Apps. KRUNAL TRIVEDI MCT, MCT INDIA REGIONAL LEAD TRAINER, WRITER, SPEAKER

Use EMS to protect your mobile data and mobile app

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Azure Multi-Factor Authentication. Technical Note

Why Choose MS Azure?

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Identity as the core of enterprise mobility

Hybrid Identity de paraplu in de cloud

Azure Multi-Factor Authentication: Who do you think you are?

Tech Dive: Microsoft Azure Identity Management and Office 365

Course 10993A: Integrating On-Premises Identity Infrastructure with Microsoft Azure

Simplify Application Access with Azure Active Directory

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Conditional Access Policies

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Centrify for Dropbox Deployment Guide

A tale of Modern Management Part 1

Go mobile. Stay in control.

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

SharePoint Online and Azure Integration

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

MS 20488: Developing Microsoft SharePoint Server 2013 Core Solutions Duration: 5 Days Method: Instructor-Led

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Consuming Office 365 REST API. Paolo Pialorsi PiaSys.com

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

CAN MICROSOFT HELP MEET THE GDPR

Integrating On-Premises Identity Infrastructure with Microsoft Azure

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation

GLOBAL INFOSKILLS SDN BHD

GLOBAL INFOSKILLS SDN BHD

Lifespan Guide for installing and using Multi-Factor Authentication (MFA)

Developing Microsoft SharePoint Server 2013 Core Solutions

Managing Microsoft 365 Identity and Access

COURSE 20488B: DEVELOPING MICROSOFT SHAREPOINT SERVER 2013 CORE SOLUTIONS

Course 20488A: Developing Microsoft SharePoint Server 2013 Core Solutions

Office 365 management done right

Developing Microsoft SharePoint Server 2013 Core Solutions Course Contact Hours

IT professionals are grappling with

Authlogics for Azure and Office 365

Cloud Print Migration Step-by-Step Deployment Guide

Azure Certification BootCamp for Exam (Developer)

Securing Your Identities with Azure AD

Developing Microsoft SharePoint Server 2013 Core Solutions

STREAMLINED CERTIFICATION PATHS

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led

External Collaboration with Office 365 Project Sites. September 16, 2015

WELCOME! Using Microsoft Office 365 for a Robust Mail and Conferencing System

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Office 365 management done right

Secure access to your enterprise. Enforce risk-based conditional access in real time

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Lifespan Guide for using your Lifespan Network Account

COURSE OUTLINE MOC 20488: DEVELOPING MICROSOFT SHAREPOINT SERVER 2013 CORE SOLUTIONS

News and Updates June 1, 2017

70-532: Developing Microsoft Azure Solutions

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

SharePoint 20488: Developing Microsoft SharePoint Server 2013 Core Solutions. Upcoming Dates. Course Description. Course Outline

Partner Center: Secure application model

ShareFile Technical Presentation

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.

MCSE Cloud Platform & Infrastructure CLOUD PLATFORM & INFRASTRUCTURE.

Deccansoft Software Services

Multi Factor Authentication & Self Password Reset

MCSA Office 365 Bootcamp

MD-101: Modern Desktop Administrator Part 2

Azure Archival Installation Guide

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Office : Enabling and Managing Office 365. Upcoming Dates. Course Description. Course Outline

Lifespan Guide for installing and using Multi-Factor Authentication (MFA)

SafeNet Authentication Service

Object of this document

Google Identity Services for work

Developing Microsoft Azure Solutions (70-532) Syllabus

Course 20488: Developing Microsoft SharePoint Server 2013 Core Solutions

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

Office 365: Modern Workplace

Enabling and Managing Office 365

Extranets in SharePoint and Office 365 May 17, 2017

70-532: Developing Microsoft Azure Solutions

Identity & Access Management

Developing Microsoft SharePoint Server 2013 Core Solutions

Integration Patterns for Legacy Applications

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Course Outline: MS20488 Developing Microsoft SharePoint Server 2013 Core Solutions

Training Schedule July-December 2018 Code Course Days Fees Jul Aug Sep Oct Nov Dec

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Extranets in SharePoint and SSO for Claims Apps. January 18, 2017

ENABLING AND MANAGING OFFICE 365

Migrating Enterprise Applications to the Azure Platform

Developing Microsoft Azure Solutions (MS 20532)

STREAMLINED CERTIFICATION PATHS

Course Outline. Enabling and Managing Office 365 Course 20347A: 5 days Instructor Led

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Azure Certification BootCamp for Exam (Infrastructure)

Transcription:

Windows Azure Question-Answer Part V- Azure Active Directory KRUNAL TRIVEDI MCT, MCT INDIA REGIONAL LEAD TRAINER, WRITER, SPEAKER www.techtrainingpoint.com

WINDOWS AZURE QUESTION-ANSWER Windows Azure Active Directory WHAT IS AZURE ACTIVE DIRECTORY? Windows Azure is all about services. It offers numerous services like Virtual Machines, Websites, Databases, Storage Services etc. For on-premises application and environment Active Directory serves the purpose of data store for identities management, same way Azure AD is a repository for all of your organization s directory data in the cloud, so that it can be readily available to all the services you have subscribed to. Azure Active Directory offers you the identity and access capabilities of Active Directory with your applications regardless of cloud-hosted or on-premises app. You can consider Azure AD as an identity provider which offers identity and access management functionality for your applications or SaaS applications like Dropbox, Skype, Intuit etc... It implements Single-Sign-On (SSO) to your application. It also supports identity sync functionality. As a result, your existing corporate credentials can be used to authenticate to new or existing applications that are hosted in cloud. Azure AD comes with a portal where your users can optionally manage their own passwords or groups. Password write-back feature of the Azure AD, the updated password hash is then duplicated to your on-premises Active Directory Instance. HOW DEVELOPERS CAN LEVERAGE AZURE AD? Azure AD is a logical way to group your application and users. Developers can user Azure AD as an identity provider in their custom line-of-business applications and get benefits of SSO[Single-Sign-On]. Developers can also update existing applications to use specific Azure AD tenant for identity.

1 0 80 60 40 20 0 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr East West North Third party cloud applications can interact with your data in Azure AD by using Graph API. EXPLAIN THE MAIN FEATURES OF AZURE ACTIVE DIRECTORY? Azure AD is composed of multiple features. Two main features of Azure AD are: Multi-Factor Authentication Directory Services Multi-Factor Authentication: MFA offers another layer of authentication for your application that is completely managed. Administrator need to configure Multi-Factor Authentication and your application can take advantage of the feature by using Azure AD as the authentication (identity) provider. Multi-Factor Authentication supports authentication from text messages, mobile applications or phone calls. Directory Services: Azure AD provides conceptual directories where you can store related accounts. One can sync identities from on-premises systems, identities created in Azure and third-party identities. These identities can be later configured to use with SaaS application. WHAT ARE THE DIFFERENT WAYS TO INTEREACT WITH AZURE AD? One can manage organization s tenant data in Azure AD using either of these three tools: Microsoft Azure AD Portal Office 365 Account Portal Windows intune Account Portal Office 365 Account Portal

WHAT IS INTEGRATING ON-PREMISES DIRECTORIES WITH AZURE AD? Organization s existing on-premises directory service you can integrate with your Azure AD. There are number of ways of setting up directory integration capabilities like directory sync or SSO. Once you configured the sync operations, all the cloud services that you have subscribed to in your Azure AD tenant can utilize the data that is now provisioned and updated in your cloud. You have various options available like : Syncing identities from Active directory to Azure AD Syncing identity and password hash from AD to Azure AD Syncing identity and password hash from AD to Azure AD and enabling password writeback. WHAT IS PASSWORD WRITEBACK? Password writeback feature allows your existing AD identity to be updated when a change occurs in Azure AD. Identity and password hash sync process generates two identities. While designing authentication schemes for cloud applications, writeback functionality is key factor to be considered. WHAT IS SINGLE SIGN-ON? Single Sign-On enables the users in your organization to be automatically signed into any thirdparty SaaS application using their Azure AD credentials. This functionality provides users with the convenience of remembering a single password and also increase the organization s security by providing users with access to only their applications.. WHAT IS AZURE AD GRAPH? Azure AD Graph is a REST based API which provides programmatic access to your Azure AD. This API can be used to store and retrieve metadata about your users that is not part of the typical user profile in Active Directory.

Applications use the Graph API to perform CRUD operations on directory objects in your Azure AD instance. For example, Create a new user in a specified directory, Get detailed properties for a user Check group membership for a user Delete or disable a user account Update the profile of a user Similar operations are supported for groups and applications EXPLAIN THE SCENARIO WHERE YOU NEED TO WORK WITH AD GRAPH API? Sometimes you application needs metadata and properties for each user that is not typically stored in standard Active Directory user profile. The Graph API allows you to register and then use extended properties. For example, if you need to store and then retrieve the Xbox Live ID for each user in a gaming application, you must first register the new property in the directory. You can then use this property in subsequent operations because it is not available for every user object in the directory. EXPLAIN THE SCENARIO WHERE YOU NEED TO WORK WITH AD GRAPH API? Sometimes you application needs metadata and properties for each user that is not typically stored in standard Active Directory user profile. The Graph API allows you to register and then use extended properties. For example, if you need to store and then retrieve the Xbox Live ID for each user in a gaming application, you must first register the new property in the directory. You can then use this property in subsequent operations because it is not available for every user object in the directory.

EXPLAIN AZURE MULTIFACTOR-AUTHENTICATION? Multifactor-Authentication feature of Azure AD is used to provide an additional layer of authorizations like mobile code or a phone call to your existing directory accounts. It is an extra layer of authentication along with your credentials. It can be used for both on-premises applications and cloud applications. Multi-factor authentication can protect applications from unauthorized access if a user s credentials are compromised. Multi-factor authentication is usually defined by password (something you know) and trusted device (phone) If a user s credentials are compromised, a malicious user would still require a trusted device that is assigned to the same user to compromise the application or its data. If a user loses a trusted device, they report it immediately and the device can be de-authorized. Multi-Factor authentication can be used with either Azure AD or on-premises directory. The second form of authentication can be a smartphone, a phone number that supports text message or a phone call or a custom application. Multi-Factor Authentication service with Azure AD can have multi-factor authentication for each individual user. The MFA supports up to three phone numbers that are authorized for use as a second from of authentication. A SDK is available to integrate your custom application with Azure AD multi-factor authentication. The SDK allows you to use the Multi-Factor Authentication phone call or text message verification as a part of your custom application s sign-in process.

About The Author Krunal Trivedi is a Microsoft Certified Trainer as well as MCT INDIA Regional Lead Krunal delivers training on various Microsoft technologies like.net Framework, ASP.NET MVC Framework, SharePoint Server, Windows Azure PaaS and IaaS,Office 365. He is having extensive experience of delivering IT technical training to thousands of participants In various software MNCs. He writes articles on his personal website www.techtrainingpoint.com on various Microsoft as well as JavaScript technologies including Angular JS, KnockoutJS and Angular2. Spanlabs is one of the premier Information Technology and Soft-Skills training organization. Spanlabs has the privilege of working with some of the leading players in the IT & ITES space. The company can proudly claim to have imparted training on many niche programs, complex technologies, products, applications and domains. We also provide advisory and consultancy services to our clients in their niche areas. Web Site: www.spanlabs.in

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback