Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By : Jochen Nickel
Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By: Jochen Nickel

Overview of this book

Microsoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively. You’ll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies.

Related Content you might be interested in

Current Title:

Small book image
Mastering Identity and Access Management with Microsoft Azure - Second Edition
Jochen Nickel
Feb, 2019 | 698 pages
Small book image
Microsoft 365 Identity and Services Exam Guide MS-100
Aaron Guilmette
Jun, 2023 | 462 pages
Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
Microsoft Identity and Access Administrator Exam Guide
Dwayne Natwick
Mar, 2022 | 452 pages
Table of Contents (23 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Building and Managing Azure Active Directory
Building and Managing Azure Active Directory
Implementation scenario overview
Implementing a solid Azure Active Directory
Creating and managing users and groups
Assign roles to administrative units
Protect your administrative accounts
Provide user and group-based application access
Password reset self-service capabilities
Using standard security monitoring
Integrating Azure AD Join for Windows 10 clients
Configuring a custom domain
Configure Azure AD Domain Services
Summary
2
Understanding Identity Synchronization
Understanding Identity Synchronization
Technology overview
Synchronization scenarios
Synchronization terms and processes
Summary
3
Exploring Advanced Synchronization Concepts
Exploring Advanced Synchronization Concepts
Preparing your lab environment
Understanding declarative provisioning and expressions
Synchronization rules explained
Special considerations in advanced synchronization concepts
Summary
4
Monitoring Your Identity Bridge
Monitoring Your Identity Bridge
How Azure AD Connect Health works
Azure AD monitoring and logs
Azure Security Center for monitoring and analytics
Summary
5
Configuring and Managing Identity Protection
Configuring and Managing Identity Protection
Microsoft Identity Protection solutions
Azure ATP and how to use it
Azure AD Identity Protection
Using Azure AD PIM to protect administrative privileges
Summary
6
Managing Authentication Protocols
Managing Authentication Protocols
Microsoft identity platform
Common token standards in a federated world
Security Assertion Markup Language (SAML) 2.0
WS-Federation
OAuth 2.0
OpenID Connect (OIDC)
Pass-through authentication and seamless SSO
Multi-factor authentication
Summary
7
Deploying Solutions on Azure AD and ADFS
Deploying Solutions on Azure AD and ADFS
Basic environment installation and configuration
Azure AD authentication deployments
ADFS Authentication deployments
Integrating Azure MFA (YD1ADS01)
Summary
8
Using the Azure AD App Proxy and the Web Application Proxy
Using the Azure AD App Proxy and the Web Application Proxy
Configuring additional applications for Azure AD and ADFS
Publishing with Windows server and Azure AD Web Application Proxy
Using conditional access
Summary
9
Deploying Additional Applications on Azure AD
Deploying Additional Applications on Azure AD
Preparing your lab environment
What defines single- and multi-tenant applications
Deploying a single-tenant application including roles and claims
Moving the single-tenant app to a multi-tenant scenario
Deploying another multi-tenant app with OpenID Connect
Summary
10
Exploring Azure AD Identity Services
Exploring Azure AD Identity Services
Preparing your lab environment
Understanding Azure AD B2B
Exploring Azure AD B2C
Extending Active Directory solutions with Azure AD Domain Services
AD FS as an on-premise identity service for the cloud
Summary
11
Creating Identity Life Cycle Management in Azure
Creating Identity Life Cycle Management in Azure
Lab environment readiness
Handling the guest user life cycle
Azure services for automation
Summary
12
Creating a Security Culture
Creating a Security Culture
Why do we need a security culture?
Pillars of a good security culture
General overview of data classification
Azure Information Protection (AIP) overview
Summary
13
Identifying and Detecting Sensitive Data
Identifying and Detecting Sensitive Data
Extending your lab environment
Understanding and using AIP capabilities for data in motion
Understanding and using AIP capabilities for data at rest
Summary
14
Understanding Encryption Key Management Strategies
Understanding Encryption Key Management Strategies
Azure Information Protection key basics
How Azure RMS works under the hood
Summary
15
Configuring Azure Information Protection Solutions
Configuring Azure Information Protection Solutions
Preparing to configure and manage AIP
Azure RMS management with PowerShell
Configuring AIP
Summary
16
Azure Information Protection Development
Azure Information Protection Development
Technical requirements
Microsoft Information Protection solutions
Understanding the Microsoft Information Protection SDK
Preparing your Azure AD environment for tests
Using MIP binaries to explore functionality
Using PowerShell with Azure Information Protection
Overview of the RMS 2.1 and 4.2 SDKs
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Integrating Azure AD Join for Windows 10 clients

In this section, we will configure the Azure AD Join functionality and join our first Windows 10 client to Azure AD.

We configure a maximum of five devices per user and leave the other default values:

Azure AD - Device settings

In the next section, we will join our client to Azure AD.

Join your Windows 10 client to Azure AD

Log in to your freshly installed Windows 10 client machine and go to Settings. Choose Connect in the Access work or school section:

Azure AD Join process dialog

We sign in with [email protected] and join the Windows 10 client to Azure AD:

Join actions overview

Click through the Next sections and finish joining the client. Afterwards, we will check the new status. The expected result will be the connection to your Azure AD name:

Azure AD joined client message

Afterward, we will verify the Azure AD Join process.

Verify the newly joined Windows 10 client

Log in to the Windows 10 client with the credentials of [email protected] and click through the security policy configuration. Click Enforce these policies. Click through the PIN setup and finish the process, then test the user experience:

  • Open the mail application, and you will see that the system recognizes your user ID and Single Sign-On is provided.
  • Also, if you open https://myapps.microsoft.com, you will be directly logged in to the access panel UI:

Different mail account options

After verifying the Azure AD Join, we will configure a custom domain. Be aware that you need to register a domain if you want to test the associated functionality.

Previous Section
End of Section 10
Next Section