All About Azure AD

Robert Crane
http://about.me/ciaops

Agenda

• What is Azure?
• What is Single Sign on (SSO)?
• What is WAAD?
• Accessing your free WAAD using Office 365
• Configuring your Azure SSO portal
• Conclusions

What is Azure?

Your on demand
datacenter

Platform Services Security & Hybrid Management Cloud Service Operations Web Apps API API Services Fabric Apps Management Visual Studio Azure SDK Portal Azure AD Connect Health Batch Mobile Logic Notification Remote App Team Project Application Apps Apps Hubs Active Insights AD Privileged Directory Identity Management Multi-Factor Authentication Backup Storage Biztalk Queues Services Automation HDInsight Machine SQL SQL Data Learning Database Warehouse Operational Insights Hybrid Service Connections Bus Key Vault Data Event Redis Import/Export Cache Search Factory Hubs Store / Marketplace Site Stream Mobile Recovery DocumentDB Tables Analytics Engagement Media Content Delivery VM Image Gallery Services Network (CDN) StorSimple & VM Depot Infrastructure Services .

Common Questions • Can Azure AD replace my on premises domain controller? • Can I join PC’s directly to Azure AD? • Can Azure AD to manage mobile devices? • Can Azure AD to manage local devices like pri nters? • Can I use MFA? • Can you protect documents with Azure AD? .

MS Online IDs + DirSync + DirSync Appropriate for Appropriate for Appropriate for • Smaller orgs without AD on • Medium/Large orgs with AD • Larger enterprise orgs with -premise on-premise AD on-premise Pros Pros Pros • No servers required on-pre • Users and groups mastered • SSO with corporate cred mise on-premise • IDs mastered on-premise • Enables co-existence • Password policy controlled Cons scenarios on-premise • No SSO • 2FA solutions possible • No 2FA Cons • Enables co-existence • 2 sets of credentials to man • No SSO scenarios age with differing password • No 2FA policies • 2 sets of credentials to man Cons • IDs mastered in the cloud age with differing password • High availability server depl policies oyments required • Server deployment required . Federated IDs 1. MS Online IDs 3. 2.

Online Identity .

com .office.Cloud identity model http://portal.

.

.

Synchronised Identity .

Office 365 Identity Models .

and contacts to Windows Azure AD.Directory Sync • Synchronizes users. groups. DEPRECATED . • Users will have a different password in Windows Azure AD than they have for the on-premises AD.

groups and contacts.Azure AD Sync tool • Formerly known as Dirsync. • This new feature will allow for same user sign in with Microsoft cloud services such as Office 365 powered by Azure Active Directory since the username and the password from local AD will be synced up to Azure AD. • Also synchronizes users. this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. DEPRECATED .

Synchronized Identity Model Password hashes User accounts AAD Sync or Connect Sign-on On-premises directory User .

Federated Identity .

Federated identity model AAD Sync or Connect On-premises directory .

Password Sync Backup for Federated Sign-In Backup Password Hash Sync This new backup option for Office 365 customers using federated User accounts AAD Sync sign-in provides the option to manually switch your domain in a On-premises short amount of time during directory outages such as on. .premises power loss. internet connection interruption and any other on- premises outage.

Azure AD as the control point Active Directory .

Basic . Versions: .What is Azure Active Directory? A comprehensive identity and access management cloud solution. application access management and a rich standards-based platform for developers. It combines directory services.Free .Premium . advanced identity governance.

and an enterprise-level SLA of 99. .Basic . self-service password reset for cloud applications. . get single sign on across Azure. multi factor authentication. and thousands of popular SaaS applications. plus group-based access management. Manage user accounts. synchronise with on-premises directories.Azure Active Directory versions Versions: .Free . Microsoft Identity Manager (MIM) . group based application access. Office 365. Azure Active Directory application proxy (to publish on-premises web applications using Azure Active Directory). plus additional feature-rich enterprise-level identity management capabilities such as branding. Get all the capabilities that Azure Active Directory Free has to offer. Get all of the capabilities that he Azure Active Directory Free and Basic editions have to offer.9 percent uptime.Premium . customizable environment for launching enterprise and consumer cloud applications.

.

Access to free Azure AD via Office 365 .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Add an application .

Monitor an application .

Preintegrated SaaS apps in the application gallery .

Cloud app discovery AD Agent Logs Active Directory Cloud App Discovery .

Your Directory on the cloud .

Centrally managed identities and access .

Connect to Azure AD https://www.youtube.com/watch?v=qpPYmGV5GjM .

Conditional Device Selective Access Management Wipe LoB app Built-in Built-In Microsoft Intune Microsoft Intune .

Recent additions .

References .

me/ciaops .Thank You Questions / Feedback? @directorcia http://about.