Book Image

Mastering Identity and Access Management with Microsoft Azure

By : Jochen Nickel
Book Image

Mastering Identity and Access Management with Microsoft Azure

By: Jochen Nickel

Overview of this book

Microsoft Azure and its Identity and Access Management is at the heart of Microsoft’s Software as a Service, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is an essential tool to master in order to effectively work with the Microsoft Cloud. Through practical, project based learning this book will impart that mastery. Beginning with the basics of features and licenses, this book quickly moves on to the user and group lifecycle required to design roles and administrative units for role-based access control (RBAC). Learn to design Azure AD to be an identity provider and provide flexible and secure access to SaaS applications. Get to grips with how to configure and manage users, groups, roles, and administrative units to provide a user- and group-based application and self-service access including the audit functionality. Next find out how to take advantage of managing common identities with the Microsoft Identity Manager 2016 and build cloud identities with the Azure AD Connect utility. Construct blueprints with different authentication scenarios including multi-factor authentication. Discover how to configure and manage the identity synchronization and federation environment along with multi -factor authentication, conditional access, and information protection scenarios to apply the required security functionality. Finally, get recommendations for planning and implementing a future-oriented and sustainable identity and access management strategy.

Related Content you might be interested in

Current Title:

Small book image
Mastering Identity and Access Management with Microsoft Azure
Jochen Nickel
Sep, 2016 | 692 pages
No titles found
Table of Contents (22 chapters)
Mastering Identity and Access Management with Microsoft Azure
Mastering Identity and Access Management with Microsoft Azure
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with a Cloud-Only Scenario
Getting Started with a Cloud-Only Scenario
Identifying business needs and challenges
An overview of feature and licensing decisions
Defining the benefits and costs
Principles of security and legal requirements
Summary
2
Planning and Designing Cloud Identities
Planning and Designing Cloud Identities
Understanding the user and group life cycle
Employee life cycle (word smart)
Designing roles and administrative units
Managing identity reporting capabilities
Summary
3
Planning and Designing Authentication and Application Access
Planning and Designing Authentication and Application Access
Using Azure AD as an identity provider
User and group-based application access management
Managing authentication reporting capabilities
Summary
4
Building and Configuring a Suitable Azure AD
Building and Configuring a Suitable Azure AD
Implementation scenario overview
Implementing a solid Azure Active Directory
Creating and managing users and groups
Assigning roles and administrative units
Providing user-and group-based application access
Activating password reset self-service capabilities
Using standard security reports
Integrating Azure AD join for Windows 10 clients
Configuring a custom domain
Configuring Azure AD Domain Services
Summary
5
Shifting to a Hybrid Scenario
Shifting to a Hybrid Scenario
Identifying business drivers and changes for a hybrid move
Special handling for moving to a multi-forest Active Directory environment
Describing architectures and needed changes
Summary
6
Extending to a Basic Hybrid Environment
Extending to a Basic Hybrid Environment
Identifying business needs for a hybrid approach
Choosing the correct features
Getting the benefits and costs
Applying the right security strategy for legal requirements
Summary
7
Designing Hybrid Identity Management Architecture
Designing Hybrid Identity Management Architecture
Key design concepts
Management of common identities with Microsoft Identity Manager and Active Directory
Choosing the best directory synchronization scenario for cloud identities
Delivering password management capabilities
Using multiple identity providers and authentication scenarios
Enabling strong authentication scenarios
How does advanced identity and authentication reporting work?
Summary
8
Planning Authorization and Information Protection Options
Planning Authorization and Information Protection Options
Designing and applying risk-based Access Control
Delivering authentication and authorization improvements with Windows Server 2016
Enabling advanced application Access Control
Getting in touch with information protection
How does authorization and information protection reporting work?
Summary
9
Building Cloud from Common Identities
Building Cloud from Common Identities
Creating the basic lab environment
Installing and configuring the synchronization and federation environment
Creating dynamic groups
Configuring self-service group management
Implementing secure remote access and SSO for on premise web applications
Enabling and configuring Multi-Factor Authentication
Summary
10
Implementing Access Control Mechanisms
Implementing Access Control Mechanisms
Extending the basic lab environment
Configuring conditional access control
Enabling and configuring information protection
Configuring advanced security scenarios with Windows Server 2016
Summary
11
Managing Transition Scenarios with Special Scenarios
Managing Transition Scenarios with Special Scenarios
Identifying special Active Directory and ADFS considerations
Planning the correct connectivity to your Azure infrastructure
Integrating Azure MFA in your MIM 2016 deployment
Knowing the migrate from AD RMS to Azure RMS shortcut
Summary
12
Advanced Considerations for Complex Scenarios
Advanced Considerations for Complex Scenarios
Additional business needs in a complex hybrid environment
Advanced information for often-used additional features
Summary
13
Delivering Multi-Forest Hybrid Architectures
Delivering Multi-Forest Hybrid Architectures
Enabling identity synchronization in multi-forest environments
Guidance through federation in multi-forest environments
Using alternate login ID and ADAL
Comparing AD FS against Azure B2B/B2C
Designing ADFS 4.0 identity and attribute stores
Summary
14
Installing and Configuring the Enhanced Identity Infrastructure
Installing and Configuring the Enhanced Identity Infrastructure
Important note for readers
Creating the extended lab environment
Installing and configuring the multi-forest synchronization environment
Installing and configuring the multi-forest and high availability Federation environments
Configuring application access with ADFS, WAP, and AAD AP
Configuring Multi-Factor authentication scenarios for Conditional Access
Summary
15
Installing and Configuring Information Protection Features
Installing and Configuring Information Protection Features
Preparing your admin workstation to manage Azure RMS
Configuring onboarding controls
Delegating administrative permissions
Enabling Azure RMS super users
Configuring Exchange Online to use Rights Management capabilities
Configuring Exchange to use Rights Management capabilities
Configuring SharePoint to use Rights Management capabilities
Creating and publishing custom Rights Policy templates
Verifying Azure RMS logging
Preview of Azure Information Protection
SAP integration as a special scenario
Configuring a BYOK scenario
Summary
16
Choosing the Right Technology, Methods, and Future Trends
Choosing the Right Technology, Methods, and Future Trends
MIM 2016 future improvements
Summary

About the Author

Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a focus and technical deep knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland and spends the majority of each work day planning, designing, and implementing Identity and Access Management solutions, single parts such as Microsoft Azure Active Directory Premium and Microsoft Azure Rights Management Services, or complete Enterprise Mobility Suite solutions. He has also been part of many projects, proofs of concepts, reviews, reference architectures, and workshops in this field of technology. Furthermore, he is a Microsoft V-TSP Security, Identity and Access Management, Microsoft Switzerland, and uses his experience for directly managed business accounts in Switzerland. He has also been an established speaker at many technology conferences. As an active writer and reviewer, Jochen authored Learning Microsoft Windows Server 2012 Dynamic Access Control and reviewed Windows Server 2012 Unified Remote Access Planning and Deployment by Erez Ben-Ari and Bala Natarajan, as well as Windows Server 2012 R2 Administrator Cookbook by Jordan Krause, a Microsoft MVP. He is also reviewing Microsoft Identity Manager 2016 Handbook for Packt Publishing. Committed to continuous learning, he holds Microsoft certifications such as MCSD Azure Solutions Architect, MCITP, MCSE/A Office 365/Private Cloud, MCTS, and many other security titles such as Certified Information Systems Auditor (CISA). He enjoys spending as much time as possible with his family to recharge, in order to handle such interesting technologies.

Previous Section
Next Chapter