SlideShare una empresa de Scribd logo

azure track -01- identities in the cloud

Descargar como PPTX, PDF
ITProceed
ITProceed

by Els Putzeys More and more organizations store data in the cloud or use cloud services like Windows Azure and Office 365. For administrators that means your first task is to create and manage users in these cloud platforms. In this session we will talk about the options that are available for identity management in Windows Azure, Office 365, Windows Intune, … Windows Azure AD: Create cloud identities in Azure AD and use these across all cloud services. Directory Synchronization: Synchronize your on-premises AD users to Windows Azure AD. Federation: Allow users to sign in with their on-premises AD account when accessing cloud services. In the demo we will setup directory synchronization and federation using ADFS.

Tecnología
1 de 40
Identities in the Cloud Els Putzeys
Identities in the Cloud User Management in Windows Azure
Identity Options  Microsoft Online IDs  Microsoft Online IDs + Directory Synchronization  Federated IDs + Directory Synchronization
Microsoft Online IDs  Appropriate for small organizations without on-prem AD  Pros – No servers required on-premises  Cons – No SSO – 2 sets of credentials to manage with different password policies – IDs mastered in the cloud
Microsoft Online IDs + DirSync  Appropriate for medium/large organizations with on-prem AD  Pros – Users and groups mastered on-premises – Enables coexistence scenarios – Passwords can be synchronized with password sync tool  Cons – No SSO – 2 sets of credentials to maintain – DirSync server required on-premises
Federated IDs + DirSync  Appropriate for medium/large enterprises with on-prem AD  Pros – SSO – IDs mastered on-prem – Password policy controlled on-prem – Enables coexistence scenarios  Cons – Servers required on-premises
Microsoft Online IDs Windows Azure AD
Windows Azure AD  Identity and access management in the cloud  Your organization’s cloud directory – Used by • Windows Azure • Office 365 • Windows Intune  Can be integrated with on-premises AD  Integration with cloud applications – Single sign-on experience • App hosted in cloud • Users authenticate with corporate credentials
Windows Azure AD Windows PowerShell Office 365 Account Portal Windows Intune Account Portal Windows Azure AD Portal Windows Azure AD Tenant data
Windows Azure AD  Azure AD is a multi-tenant service  Authentication process – User accesses a SaaS application – User authenticates to Azure with username and password – Azure AD returns token – Token is sent to SaaS application – Application validates token and uses its content
Create Online IDs  Windows Azure AD Portal  Office 365 Portal  Windows PowerShell
DEMO
Microsoft Online IDs + DirSync Directory Synchronization
Directory Synchronization  Synchronize users from on-prem to online  User management is done on-prem  Password synchronization – Synchronize passwords from on-prem to online  Users have 1 set of credentials across on-prem and online – But 2 accounts
Directory Synchronization Customer Network Windows Azure Datacenter AD DirSync Azure AD MS Online IDs Office 365 Exchange Online SharePoint Online Lync Online
DirSync: Preparation  Synchronization computer – Windows Server 2008 R2 SP1 or Windows Server 2012 (R2) – Domain-joined – Prerequisite software:  .Net Framework 3.5 SP1 and 4.0  PowerShell  DC Requirements: – Forest functional level:  Windows Server 2003 or higher – Domain Controllers:  Windows Server 2003 SP1 or higher
DirSync: Preparation  To install DirSync, you need the following permissions: – Administrator of the DirSync Server – Administrator of the local AD environment – Administrator of the Cloud Service  DirSync setup creates service account – MSOL_AD_SYNC – Created in Users container – Read from local AD – Write to Windows Azure AD – Do not move or remove this account!
DirSync: Preparation  Initial synchronization – All AD objects copied to WAAD – Maximum 50000 objects  If more, contact support  DirSync requires SQL – SQL Express  < 50000 objects  Installed by default – Full SQL  > 50000 objects
DirSync: Preparation  UPN Requirements – Every user must have a UPN – UPNs must match a validated domain in the cloud  Make sure AD contains the correct UPN Suffix – Check UPN in the cloud after synchronization – Users must use UPN to logon to cloud services
DirSync: Installation  Download and install the Directory Sync tool – Installation can take up to 10 minutes
DirSync: Configure  Start DirSync Configuration wizard – Specify Windows Azure AD Credentials – Specify AD Credentials – Enable hybrid deployment (if required)  Gives dirsync service account limited Write permission to on-prem AD
DirSync: Password Sync  Password Synchronization – Feature of Sync Tool – Synchronize on-prem passwords to WAAD – Users can use same password in cloud and on-prem – No SSO  Extract password hash from AD – Overwrites cloud password – Initial dirsync synchronizes all passwords – User changes on-prem password • Tool detects and synchronizes (within minutes)
DirSync: Password Sync  Password complexity policy – On-prem policies override cloud policies for synchronized users  Password expiration policy – Cloud user password is set to “Never Expire”
DirSync: Manage • PowerShell – %Program Files%Windows Azure Active Directory SyncDirSyncConfigShell.psc1 – Add-PSSnapin Coexistence-Configuration • Cmdlets: – Get-Command –Pssnapin Coexistence-Configuration
DirSync: Synchronize  Automatically – Every 3 hours  Manually – PowerShell • Start-OnlineCoexistenceSync – Configuration Wizard • Start menu – Directory Sync Configuration
DEMO
Federated IDs + Dirsync Active Directory Federation Services
Federated Identities  Across on-prem and cloud services – Single identity – Single sign-on  User management happens on-prem  On-prem AD used to: – Sign in – Authenticate  Requires the following services – Directory synchronization – Federation Service
Identity Federation AD Contoso. com AD Fabrikam .com DC DCWeb Server Relying Party Identity Provider Federation Trust STSSTS Shibboleth AD FS Azure ACS AD Unix Live ID Google ID Facebook SAML Token Claims: Name = Els Email = Els @Fabrikam.com Age = 38 Security Token https://web.contoso.com 1 2 3 4 Home realm discovery 5 7 6 ST 8 ST ST 9 ST 10
Identity Federation with Azure Active Directory AD FS MS Federation Gateway Exchange Online Auth Token UPN:user@contoso.com Unique ID: 254729 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Windows Azure PlatformOn-Premises Domain
AD FS Deployment Options  Single server configuration  AD FS server farm and load-balancer  AD FS proxy server or UAG/TMG (External Users, Active Sync, Outlook) Internal User AD FS Server AD FS Server Active Directory External User AD FS Proxy AD FS Proxy Perimeter NetworkInternal Network
Federation: AD FS  Requirements: – Windows Server 2008 (R2) – 2012 (R2) – ADFS 2.0 / ADFS 3.0 – Public, validated domain name – SSL certificate – MS Online Services Module for PS – MS Online Sign-In Assistant
Federation: AD FS • Install ADFS – WS2012 (R2): Add roles and features – WS2008: Download and install ADFS
Federation: AD FS  Run ADFS Configuration Wizard – Create new Federation Service • Federation farm • Stand-alone server – Select SSL Certificate • ADFS certificate • Federation service name: adfs.fabrikam.com – Create Host record for the federation service in DNS
Federation: AD FS  Install MS Online Sign-In Assistant  Install MS Online Services Module for PS  Configure Trust with Microsoft Online Services – PowerShell • Connect-MsolService –Credential $cred • Convert-MsolDomainToFederated –DomainName fabrikam.com
Federation: Test • Create account in local AD – UPN must be your domain name (fabrikam.com) • Synchronize account to Azure AD – Add application licenses • Prepare Client pc – Install Sign-In Assistant – Add ADFS url to Intranet zone in IE • Sign in to client pc as test user – Browse to https://portal.microsoftonline.com – Enter username (user@fabrikam.com)
DEMO
And take home the Lumia 1320 Present your feedback form when you exit the last session & go for the drink Give Me Feedback
Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
Belgiums’ biggest IT PRO Conference

Recomendados

Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldMicrosoft TechNet - Belgium and Luxembourg
 
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITProceed
 
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
 
The Internet of your things by Jan Tielens
The Internet of your things by Jan TielensThe Internet of your things by Jan Tielens
The Internet of your things by Jan TielensITProceed
 
Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel Coenye Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel CoenyeITProceed
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Azure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsAzure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsITProceed
 
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITProceed
 

Recomendados

Office 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldOffice 365: Do’s and Don’ts, Lessons learned from the field
Office 365: Do’s and Don’ts, Lessons learned from the fieldMicrosoft TechNet - Belgium and Luxembourg
 
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITProceed
 
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
 
The Internet of your things by Jan Tielens
The Internet of your things by Jan TielensThe Internet of your things by Jan Tielens
The Internet of your things by Jan TielensITProceed
 
Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel Coenye Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel CoenyeITProceed
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Azure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsAzure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsITProceed
 
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITProceed
 
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITProceed
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITProceed
 
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITProceed
 
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITProceed
 
Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...ITProceed
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckITProceed
 
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...ITProceed
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonITProceed
 
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersOffice Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersITProceed
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenOffice Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenITProceed
 
SQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellSQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellITProceed
 
SQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsSQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsITProceed
 
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesSQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesITProceed
 
SQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerSQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerITProceed
 
SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014ITProceed
 
SQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceSQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceITProceed
 
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...ITProceed
 
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...ITProceed
 
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsSysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsITProceed
 
Sysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experienceSysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experienceITProceed
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Más contenido relacionado

Más de ITProceed

ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITProceed
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITProceed
 
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITProceed
 
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITProceed
 
Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...ITProceed
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckITProceed
 
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...ITProceed
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonITProceed
 
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersOffice Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersITProceed
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenOffice Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenITProceed
 
SQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellSQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellITProceed
 
SQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsSQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsITProceed
 
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesSQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesITProceed
 
SQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerSQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerITProceed
 
SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014ITProceed
 
SQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceSQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceITProceed
 
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...ITProceed
 
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...ITProceed
 
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsSysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsITProceed
 
Sysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experienceSysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experienceITProceed
 

Más de ITProceed (20)

ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
 
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
 
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
 
Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
 
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
 
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersOffice Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenOffice Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
 
SQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellSQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershell
 
SQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsSQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizations
 
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesSQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
 
SQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerSQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL Server
 
SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014
 
SQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceSQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligence
 
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
 
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
 
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsSysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
 
Sysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experienceSysctr Track: Unified Device Management: It’s all about the experience
Sysctr Track: Unified Device Management: It’s all about the experience
 

Último

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Último (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

azure track -01- identities in the cloud

  • 1. Identities in the Cloud Els Putzeys
  • 2. Identities in the Cloud User Management in Windows Azure
  • 3. Identity Options  Microsoft Online IDs  Microsoft Online IDs + Directory Synchronization  Federated IDs + Directory Synchronization
  • 4. Microsoft Online IDs  Appropriate for small organizations without on-prem AD  Pros – No servers required on-premises  Cons – No SSO – 2 sets of credentials to manage with different password policies – IDs mastered in the cloud
  • 5. Microsoft Online IDs + DirSync  Appropriate for medium/large organizations with on-prem AD  Pros – Users and groups mastered on-premises – Enables coexistence scenarios – Passwords can be synchronized with password sync tool  Cons – No SSO – 2 sets of credentials to maintain – DirSync server required on-premises
  • 6. Federated IDs + DirSync  Appropriate for medium/large enterprises with on-prem AD  Pros – SSO – IDs mastered on-prem – Password policy controlled on-prem – Enables coexistence scenarios  Cons – Servers required on-premises
  • 8. Windows Azure AD  Identity and access management in the cloud  Your organization’s cloud directory – Used by • Windows Azure • Office 365 • Windows Intune  Can be integrated with on-premises AD  Integration with cloud applications – Single sign-on experience • App hosted in cloud • Users authenticate with corporate credentials
  • 9. Windows Azure AD Windows PowerShell Office 365 Account Portal Windows Intune Account Portal Windows Azure AD Portal Windows Azure AD Tenant data
  • 10. Windows Azure AD  Azure AD is a multi-tenant service  Authentication process – User accesses a SaaS application – User authenticates to Azure with username and password – Azure AD returns token – Token is sent to SaaS application – Application validates token and uses its content
  • 11. Create Online IDs  Windows Azure AD Portal  Office 365 Portal  Windows PowerShell
  • 12. DEMO
  • 13. Microsoft Online IDs + DirSync Directory Synchronization
  • 14. Directory Synchronization  Synchronize users from on-prem to online  User management is done on-prem  Password synchronization – Synchronize passwords from on-prem to online  Users have 1 set of credentials across on-prem and online – But 2 accounts
  • 15. Directory Synchronization Customer Network Windows Azure Datacenter AD DirSync Azure AD MS Online IDs Office 365 Exchange Online SharePoint Online Lync Online
  • 16. DirSync: Preparation  Synchronization computer – Windows Server 2008 R2 SP1 or Windows Server 2012 (R2) – Domain-joined – Prerequisite software:  .Net Framework 3.5 SP1 and 4.0  PowerShell  DC Requirements: – Forest functional level:  Windows Server 2003 or higher – Domain Controllers:  Windows Server 2003 SP1 or higher
  • 17. DirSync: Preparation  To install DirSync, you need the following permissions: – Administrator of the DirSync Server – Administrator of the local AD environment – Administrator of the Cloud Service  DirSync setup creates service account – MSOL_AD_SYNC – Created in Users container – Read from local AD – Write to Windows Azure AD – Do not move or remove this account!
  • 18. DirSync: Preparation  Initial synchronization – All AD objects copied to WAAD – Maximum 50000 objects  If more, contact support  DirSync requires SQL – SQL Express  < 50000 objects  Installed by default – Full SQL  > 50000 objects
  • 19. DirSync: Preparation  UPN Requirements – Every user must have a UPN – UPNs must match a validated domain in the cloud  Make sure AD contains the correct UPN Suffix – Check UPN in the cloud after synchronization – Users must use UPN to logon to cloud services
  • 20. DirSync: Installation  Download and install the Directory Sync tool – Installation can take up to 10 minutes
  • 21. DirSync: Configure  Start DirSync Configuration wizard – Specify Windows Azure AD Credentials – Specify AD Credentials – Enable hybrid deployment (if required)  Gives dirsync service account limited Write permission to on-prem AD
  • 22. DirSync: Password Sync  Password Synchronization – Feature of Sync Tool – Synchronize on-prem passwords to WAAD – Users can use same password in cloud and on-prem – No SSO  Extract password hash from AD – Overwrites cloud password – Initial dirsync synchronizes all passwords – User changes on-prem password • Tool detects and synchronizes (within minutes)
  • 23. DirSync: Password Sync  Password complexity policy – On-prem policies override cloud policies for synchronized users  Password expiration policy – Cloud user password is set to “Never Expire”
  • 24. DirSync: Manage • PowerShell – %Program Files%Windows Azure Active Directory SyncDirSyncConfigShell.psc1 – Add-PSSnapin Coexistence-Configuration • Cmdlets: – Get-Command –Pssnapin Coexistence-Configuration
  • 25. DirSync: Synchronize  Automatically – Every 3 hours  Manually – PowerShell • Start-OnlineCoexistenceSync – Configuration Wizard • Start menu – Directory Sync Configuration
  • 26. DEMO
  • 27. Federated IDs + Dirsync Active Directory Federation Services
  • 28. Federated Identities  Across on-prem and cloud services – Single identity – Single sign-on  User management happens on-prem  On-prem AD used to: – Sign in – Authenticate  Requires the following services – Directory synchronization – Federation Service
  • 29. Identity Federation AD Contoso. com AD Fabrikam .com DC DCWeb Server Relying Party Identity Provider Federation Trust STSSTS Shibboleth AD FS Azure ACS AD Unix Live ID Google ID Facebook SAML Token Claims: Name = Els Email = Els @Fabrikam.com Age = 38 Security Token https://web.contoso.com 1 2 3 4 Home realm discovery 5 7 6 ST 8 ST ST 9 ST 10
  • 30. Identity Federation with Azure Active Directory AD FS MS Federation Gateway Exchange Online Auth Token UPN:user@contoso.com Unique ID: 254729 Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Windows Azure PlatformOn-Premises Domain
  • 31. AD FS Deployment Options  Single server configuration  AD FS server farm and load-balancer  AD FS proxy server or UAG/TMG (External Users, Active Sync, Outlook) Internal User AD FS Server AD FS Server Active Directory External User AD FS Proxy AD FS Proxy Perimeter NetworkInternal Network
  • 32. Federation: AD FS  Requirements: – Windows Server 2008 (R2) – 2012 (R2) – ADFS 2.0 / ADFS 3.0 – Public, validated domain name – SSL certificate – MS Online Services Module for PS – MS Online Sign-In Assistant
  • 33. Federation: AD FS • Install ADFS – WS2012 (R2): Add roles and features – WS2008: Download and install ADFS
  • 34. Federation: AD FS  Run ADFS Configuration Wizard – Create new Federation Service • Federation farm • Stand-alone server – Select SSL Certificate • ADFS certificate • Federation service name: adfs.fabrikam.com – Create Host record for the federation service in DNS
  • 35. Federation: AD FS  Install MS Online Sign-In Assistant  Install MS Online Services Module for PS  Configure Trust with Microsoft Online Services – PowerShell • Connect-MsolService –Credential $cred • Convert-MsolDomainToFederated –DomainName fabrikam.com
  • 36. Federation: Test • Create account in local AD – UPN must be your domain name (fabrikam.com) • Synchronize account to Azure AD – Add application licenses • Prepare Client pc – Install Sign-In Assistant – Add ADFS url to Intranet zone in IE • Sign in to client pc as test user – Browse to https://portal.microsoftonline.com – Enter username (user@fabrikam.com)
  • 37. DEMO
  • 38. And take home the Lumia 1320 Present your feedback form when you exit the last session & go for the drink Give Me Feedback
  • 39. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
  • 40. Belgiums’ biggest IT PRO Conference