Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By : Jochen Nickel
Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By: Jochen Nickel

Overview of this book

Microsoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively. You’ll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies.

Related Content you might be interested in

Current Title:

Small book image
Mastering Identity and Access Management with Microsoft Azure - Second Edition
Jochen Nickel
Feb, 2019 | 698 pages
Small book image
Microsoft 365 Identity and Services Exam Guide MS-100
Aaron Guilmette
Jun, 2023 | 462 pages
Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
Microsoft Identity and Access Administrator Exam Guide
Dwayne Natwick
Mar, 2022 | 452 pages
Table of Contents (23 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Building and Managing Azure Active Directory
Building and Managing Azure Active Directory
Implementation scenario overview
Implementing a solid Azure Active Directory
Creating and managing users and groups
Assign roles to administrative units
Protect your administrative accounts
Provide user and group-based application access
Password reset self-service capabilities
Using standard security monitoring
Integrating Azure AD Join for Windows 10 clients
Configuring a custom domain
Configure Azure AD Domain Services
Summary
2
Understanding Identity Synchronization
Understanding Identity Synchronization
Technology overview
Synchronization scenarios
Synchronization terms and processes
Summary
3
Exploring Advanced Synchronization Concepts
Exploring Advanced Synchronization Concepts
Preparing your lab environment
Understanding declarative provisioning and expressions
Synchronization rules explained
Special considerations in advanced synchronization concepts
Summary
4
Monitoring Your Identity Bridge
Monitoring Your Identity Bridge
How Azure AD Connect Health works
Azure AD monitoring and logs
Azure Security Center for monitoring and analytics
Summary
5
Configuring and Managing Identity Protection
Configuring and Managing Identity Protection
Microsoft Identity Protection solutions
Azure ATP and how to use it
Azure AD Identity Protection
Using Azure AD PIM to protect administrative privileges
Summary
6
Managing Authentication Protocols
Managing Authentication Protocols
Microsoft identity platform
Common token standards in a federated world
Security Assertion Markup Language (SAML) 2.0
WS-Federation
OAuth 2.0
OpenID Connect (OIDC)
Pass-through authentication and seamless SSO
Multi-factor authentication
Summary
7
Deploying Solutions on Azure AD and ADFS
Deploying Solutions on Azure AD and ADFS
Basic environment installation and configuration
Azure AD authentication deployments
ADFS Authentication deployments
Integrating Azure MFA (YD1ADS01)
Summary
8
Using the Azure AD App Proxy and the Web Application Proxy
Using the Azure AD App Proxy and the Web Application Proxy
Configuring additional applications for Azure AD and ADFS
Publishing with Windows server and Azure AD Web Application Proxy
Using conditional access
Summary
9
Deploying Additional Applications on Azure AD
Deploying Additional Applications on Azure AD
Preparing your lab environment
What defines single- and multi-tenant applications
Deploying a single-tenant application including roles and claims
Moving the single-tenant app to a multi-tenant scenario
Deploying another multi-tenant app with OpenID Connect
Summary
10
Exploring Azure AD Identity Services
Exploring Azure AD Identity Services
Preparing your lab environment
Understanding Azure AD B2B
Exploring Azure AD B2C
Extending Active Directory solutions with Azure AD Domain Services
AD FS as an on-premise identity service for the cloud
Summary
11
Creating Identity Life Cycle Management in Azure
Creating Identity Life Cycle Management in Azure
Lab environment readiness
Handling the guest user life cycle
Azure services for automation
Summary
12
Creating a Security Culture
Creating a Security Culture
Why do we need a security culture?
Pillars of a good security culture
General overview of data classification
Azure Information Protection (AIP) overview
Summary
13
Identifying and Detecting Sensitive Data
Identifying and Detecting Sensitive Data
Extending your lab environment
Understanding and using AIP capabilities for data in motion
Understanding and using AIP capabilities for data at rest
Summary
14
Understanding Encryption Key Management Strategies
Understanding Encryption Key Management Strategies
Azure Information Protection key basics
How Azure RMS works under the hood
Summary
15
Configuring Azure Information Protection Solutions
Configuring Azure Information Protection Solutions
Preparing to configure and manage AIP
Azure RMS management with PowerShell
Configuring AIP
Summary
16
Azure Information Protection Development
Azure Information Protection Development
Technical requirements
Microsoft Information Protection solutions
Understanding the Microsoft Information Protection SDK
Preparing your Azure AD environment for tests
Using MIP binaries to explore functionality
Using PowerShell with Azure Information Protection
Overview of the RMS 2.1 and 4.2 SDKs
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

OpenID Connect (OIDC)

OIDC was established as a standard by its membership in February 2014. OIDC provides a lightweight framework for identity interactions in a RESTful manner. The specification was developed under the OpenID Foundation and has its roots in OpenID; it was greatly affected by OAuth 2.0, because that specification was not intended for authentication. Microsoft was also a co-author of the OIDC specification.

Key facts about OIDC

It defines the following identity layers on top of OAuth 2.0:

  • It uses two OAuth 2.0 flows:
    • Authorization code flow
    • Implicit flow
  • Adds an ID token to OAuth 2.0 exchange
  • Adds the ability to request claims using an OAuth 2.0 access token

The following roles are used:

  • OpenID Connect Provider (OP): Authorization server issues the ID token
  • Relying Party: Client application that requests the ID token
  • ID token: Issued by the OP
  • Claim: Information about the user

The following figure shows the OpenID Connect flow:

OpenID Connect flow

The flow runs with the following steps...

Previous Section
End of Section 7
Next Section