Professional Documents
Culture Documents
AZ-104 Azure-AD
AZ-104 Azure-AD
This session introduces Microsoft Azure Active Directory and then progress into some key features of the service such as
configuring access to SaaS applications, supporting multi-factor authentication and then compare and contrast premium
features of the service. The module will also cover running Windows Server AD workloads in Azure Virtual Machines.
6
Similarities between Active Directory &
Microsoft Azure Active Directory
Identities Everywhere
Microsoft Azure
Active Directory
Windows Server
Active Directory
13
Support for Single Sign-On
Federation-based Single Sign-On
Users are automatically signed in to applications using their credentials from Microsoft Azure AD.
http://azure.microsoft.com/en-us/gallery/active-directory/
LAB 7
Application Access with Azure
Active Directory and Password-
Based Single Sign-On
DEMO
Application Access with Azure
Active Directory and Federation-
Based Single Sign-On
Cloud App Discovery
Cloud App Discovery
Visibility
Gain visibility into which cloud applications are being used within an organization.
Get Started
By General Availability (GA), will be integrated into the Azure Management Portal. Until then, sign up at
https://appdiscovery.azure.com/.
EC2
AD Agent
Azure AD Application
Proxy Service
Request/Response
Queue
On-Premises Network
Expense App
Connector
Benefits App
Connector
https://benefits-contoso.cwap.net
Multi-Factor Authentication
Multi-Factor Authentication (MFA)
What is it?
A method of authentication requiring the use of more than one
verification method to authenticate a user.
• Mobile Application
1. Login using username and password
• Automated Phone Call
• Text Message 2. Microsoft Azure MFA Challenge
How it works?
Requiring any two or more verification methods
• Something you know (typically a password)
• Something you have (a trusted device that is not easily duplicated,
like a phone)
28
LAB 8
Multi-Factor Authentication
Company Branding
Azure AD Company Branding
Requirements
Azure Active Directory Premium or Basic (both require an EA)
DirSync On-Demand
Start-OnlineCoexistenceSync (PowerShell)
Monitoring DirSync
Directory Synchronization logs events in the Windows
Application Event Log.
Event Source: “Directory Synchronization”
Features
Onboard Multi-Forest Server AD Deployments to Azure AD
Advanced provisioning, mapping and filtering rules
Map multiple on-premises Exchange organizations to a single
Azure AD tenant
DirSync Demo Configuration
AD-Subnet Apps-Subnet
PPE-DC PPE-DirSync
ppelabs.onmicrosoft.com
The lease is an infinite ‘dynamic’ lease, but not the same as ‘static assigned’ address that you would
expect to use in and on-premises environment.
The leased IP address is routable for the duration of the lease, which is determined by the life time of
the service (or VM).
On-Premises Environment
FSP1 FSP2
FS1 FS2
Running ADFS On-Premises
Deploy AD FS Proxy Servers in Azure.