Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Hitchhiker's Guide to Azure Active Directory

Published byDoreen Franklin Modified over 6 years ago

Similar presentations

Presentation on theme: "A Hitchhiker's Guide to Azure Active Directory"— Presentation transcript:

1 A Hitchhiker's Guide to Azure Active Directory
Max Fritz Senior Systems Consultant, Now Micro @theCloudSherpa

2 Thank You Sponsors for participating in SPS St. Louis 2017!
You can use the hashtag #SPSSTL & follow Gold Sponsors Silver Sponsors

3 Max Fritz Senior Consultant MCSA Office 365, MCSE Productivity Working with Office 365 for over 5 years Specialize in the Education Industry Focus in Azure AD, Exchange, and SharePoint Online Contact Details Twitter Blog: maxafritz.com LinkedIn : in/maxafritz

4 Max Fritz Senior Consultant MCSA Office 365, MCSE Productivity Working with Office 365 for over 5 years Specialize in the Education Industry Focus in Azure AD, Exchange, and SharePoint Online Contact Details Twitter Website/Blog: maxafritz.com LinkedIn : in/maxafritz

5 Now Micro is a Consulting & Device Life Cycle Management company
Now Micro’s Consulting Practice focuses on helping organization deliver the best end user experience by designing and implementing the most robust Systems Management, Cloud Productivity, and Identity Management solutions available.

6 What is Azure Active Directory?
Identity management in the cloud. Based on the Active Directory we all already know, but integrated with numerous first and third party cloud services. Backbone of Office 365

7 The Office 365 and Azure AD Story

8 The Office 365 and Azure AD Story

9 The Office 365 and Azure AD Story

10 The Office 365 and Azure AD Story

11 Azure AD Basics

12 Synchronizing with Azure AD: Azure Active Directory Connect
5/7/2018 Synchronizing with Azure AD: Azure Active Directory Connect Formerly known as “DirSync” Connects to Active Directory On Premise Synchronizes Users, Groups, and Contacts Allows for writes in both directions Uses SQL express to manage synchronization © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Azure Active Directory Connect Functionality
5/7/2018 Identity Bridge On-premises Azure AD Connect Salesforce Box DropBox Google Office 365 Your apps AD DS AD FS (optional) Sync engine Health © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 How to get Azure AD Feature/Plan Basic (incl. with O365) Premium P1
Directory Object Limit Unlimited Single Sign-On 10 per user Reports Basic Advanced Self-Service Multi-Factor Auth. Cloud App Discovery Conditional Access* Identity Protection Privileged Identity Management There is a free tier as well not covered here

15 How to get access to Azure AD
Has someone already setup Azure AD? Yes: Are you an Office 365 Admin? Yes: You have access No: Someone with access needs to give it to you No: Are you an Office 365 Admin? Yes: Click on Azure AD in the Office 365 Admin Center No: An Office 365 Admin will need to set it up

16 Accessing Azure AD Admin Controls
New Azure Portal portal.azure.com Old Azure Portal manage.windowsazure.com Powershell From Office 365 portal.office.com

17 Accessing Azure AD Admin Controls
New Azure Portal portal.azure.com Azure Active Directory controls are in public preview May not always work, and not everything is there Old Azure Portal manage.windowsazure.com Azure Active Directory controls are fully functional Dated look to the portal, all other Azure items are in the new portal

18 Azure AD Powershell – Version Madness
Preview Allows for modification of O365 Group Policies My recommended version Version Full Release Only version supported by MS Version 2.x Super-preview Few commands available Advanced users only New Azure Portal portal.azure.com Old Azure Portal manage.windowsazure.com Powershell From Office 365 portal.office.com

19 Azure AD Features

20 Azure Multi-Factor Authentication
Prevents unauthorized access to Azure AD by providing an additional level of authentication Prompts users for a second form of authentication (besides password) to verify identity Free for users with admin privledges in Office 365 (use it!)

21 Azure Multifactor Authentication
Mobile apps Phone calls Text messages

22 Single sign-on to any app
Windows Server Management Marketing 5/7/2018 Single sign-on to any app Microsoft Azure OTHER DIRECTORIES Security: Password only stored in identity provider (Azure AD) Convenience: Don’t remember multiple username and passwords Management: Centrally manage authentication processes Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Thousands of pre-integrated apps and growing!
Build 2012 5/7/2018 Thousands of pre-integrated apps and growing! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Windows Server Management Marketing
5/7/2018 Azure Active Directory Identity Protection Identity Protection at its best Infected devices Leaked credentials Gain insights from a consolidated view of machine learning based threat detection Configuration vulnerabilities Brute force attacks Suspicious sign-in activities Risk-based policies Remediation recommendations MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Privileged Identity Management
Global Administrator Billing Administrator SharePoint Administrator User Administrator Password Administrator Privileged Identity Management Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time administrative access when needed Provides more visibility through alerts, audit reports and access reviews

26 Privileged Identity Management
Windows Server Management Marketing 5/7/2018 Privileged Identity Management How time-limited activation of privileged roles works SECURITY ADMIN Users need to activate their privileges to perform a task ALERT MFA is enforced during the activation process Configure Privileged Identity Management Alerts inform administrators about out-of-band changes Identity verification Read only ADMIN PROFILES Monitor Users will retain their privileges for a pre- configured amount of time Billing Admin Global Admin Audit USER MFA Service Admin Access reports Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews PRIVILEGED IDENTITY MANAGEMENT © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Ok let’s take a breath, and show some real stuff
(and don’t forget to bring a towel)

28 3 simple things you can do using Azure AD to improve Office 365

29  Organizational Sign-in Branding
Affects any Azure AD or Office 365 Sign in: Portal.office.com Mobile Apps Office Pro Plus Etc… Different from the branding within the Office 365 portal and SharePoint branding Great way to make Office 365 your own Help provide sign in instructions to users Reassure your users that they are signing into the right page Make your marketing department happy   Organizational Sign-in Branding

30 Organizational Sign-in Branding
Before After

31  Setup Multi-Factor Authentication for Admins
As mentioned, this is free for Office 365 Admins Admin accounts are a huge security vulnerability If an admin account is breached, your entire organization can be considered breached Only downside: SharePoint Online PowerShell does not support MFA Recommendation: Enable MFA anyways, and temporarily disable when using SharePoint PowerShell  Setup Multi-Factor Authentication for Admins

32  Restrict Office 365 Group Creation
To be honest, this one is less simple Requires Azure AD PowerShell Version (not higher or lower) Group Creation used to be controlled by Exchange Online With Planner, Teams, SharePoint Team Sites, PowerBI and more able to create Groups, it is now controlled through Azure AD Policy can be created in Azure AD that only allows certain groups of users access to create Groups Any other attempts will result in error (error messages can get strange) Policy created through PowerShell  Restrict Office 365 Group Creation

33 Questions ?

34 Thank you! Come ask me questions! Stay in touch!
Twitter Website/Blog: maxafritz.com LinkedIn : in/maxafritz

Download ppt "A Hitchhiker's Guide to Azure Active Directory"

Similar presentations

Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Secure Windows App Development. Authentication.

Secure Windows App Development. Authentication.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Office 365 Upsell Paths.

Office 365 Upsell Paths.
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Tools and Tips for Administering Office 365

Tools and Tips for Administering Office 365
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
A lap around Azure Active Directory Business to Consumer (B2C)

A lap around Azure Active Directory Business to Consumer (B2C)
Max Fritz Senior Systems Consultant, Now Micro

Max Fritz Senior Systems Consultant, Now Micro
Deployment Planning Services

Deployment Planning Services
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services

Deployment Planning Services
Security as A Service Components

Security as A Service Components
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
O365 & AZURE ADDS Mladen Baranek, Miadria

O365 & AZURE ADDS Mladen Baranek, Miadria
Deployment Planning Services

Deployment Planning Services

Similar presentations

Ads by Google