Discover the capabilities of Azure AD today. Learn how to set up a new AAD, synchronize it with an on-premise Active Directory and configure it as an identity service in greenfield applications.
4. Windows Active Directory
•Centralized storage of information about all network
objects (users, computers, etc.)
•Authentication
•Access control providing permission levels
•Audit trail for monitoring network activity
@DivineOps
21. ADAL
• Web Browser to Web Application (.Net)
• Single Page Application (JavaScript, .Net)
• Native Application to Web API (.Net, ObjC, Java)
• Web Application to Web API (.Net, Nodejs)
• Calling Azure AD Graph API (.Net, Java, PHP)
@DivineOps
28. Azure AD Connect
•Azure AD Global Administrator account
•Enterprise Administrator account for your local
Active Directory
•SQL Server database to store identity data
•Meet server version and hardware requirements
@DivineOps
31. What’s New
•Azure AD Connect with Connect Health is GA
•Multi-Factor Authentication per app
•Dynamic groups for applications and licenses
•Out-of-the-box dedicated user group “All Users”
•Azure Active Directory Application Proxy updates
•Password write-back from AAD to AD is GA
@DivineOps
32. B2C AAD
As of September 2015 Business to Consumer AAD is
in public preview!
•Self-registration
•Registration with social accounts
•Customer defined UX
•Security and scalability of Azure Cloud
B2C AAD Overview
@DivineOps
Notas do Editor
A directory is similar to a database, but typically contains more descriptive, attribute-based data; that is, data read more often than it is written. Directories are tuned to respond quickly to high-volume lookup or search operations.
BYOD
Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.
Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on the enrollment status of the device and the compliance policies set by the administrator.
OAuth 2.0 – One of the most popular authorization protocols of today. Some of the benefits of this protocol is its smaller token format, JSON Web Token (JWT), and application scenarios it simplifies such as accessing Web API’s from a native client with an access token.
OpenID Connect – This is a protocol that adds an authentication layer on top of the existing OAuth 2.0 protocol.
WS-Federation – This is arguably one of the most well-known and used protocol today for authenticating users of web applications. The token format used in this protocol is SAML.
SAML-P – This is also a widely adopted protocol. The token format used in this protocol is SAML.
Synchronization - This part is made up of the the components and functionality previously released as Dirsync and AAD Sync.
AD FS - This is an optional part of Azure AD Connect and can be used to setup a hybrid environment using an on-premises AD FS infrastructure, to address complex deployments that include such things as domain join SSO, enforcement of AD login policy etc.
Health Monitoring - For complex deployments using AD FS, Azure AD Connect Health can provide robust monitoring of your federation servers and provide a central location in the Azure portal to view this activity.
By default a SQL Server 2012 Express LocalDB (a light version of SQL Server Express) is installed and the service account for the service is created on the local machine. SQL Server Express has a 10GB size limit that enables you to manage approximately 100.000 objects.
Azure AD Connect must be installed on Windows Server 2008 or later. This server may be a domain controller or a member server.
The AD schema version and forest level must be Windows Server 2003 or later. The domain controllers can run any version as long as the schema and forest level requirements are met.
If Active Directory Federation Services is being deployed, the servers where AD FS will be installed must be Windows Server 2012 R2 or later.
Multiple criteria can be defined to automatically populate a group. Think geographical location, department, etc. Only AAD groups today, not AD.
Security policies can be applied immediately. Base level configuration out-of-the-box.
On-premises apps can now join My Apps. More robust usage.
Replacing DirSync and AADSync, Azure AD Connect will continue to enhance the experience of sharing identities securely with AAD.