Book Image

Mastering Identity and Access Management with Microsoft Azure

By : Jochen Nickel
Book Image

Mastering Identity and Access Management with Microsoft Azure

By: Jochen Nickel

Overview of this book

Microsoft Azure and its Identity and Access Management is at the heart of Microsoft’s Software as a Service, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is an essential tool to master in order to effectively work with the Microsoft Cloud. Through practical, project based learning this book will impart that mastery. Beginning with the basics of features and licenses, this book quickly moves on to the user and group lifecycle required to design roles and administrative units for role-based access control (RBAC). Learn to design Azure AD to be an identity provider and provide flexible and secure access to SaaS applications. Get to grips with how to configure and manage users, groups, roles, and administrative units to provide a user- and group-based application and self-service access including the audit functionality. Next find out how to take advantage of managing common identities with the Microsoft Identity Manager 2016 and build cloud identities with the Azure AD Connect utility. Construct blueprints with different authentication scenarios including multi-factor authentication. Discover how to configure and manage the identity synchronization and federation environment along with multi -factor authentication, conditional access, and information protection scenarios to apply the required security functionality. Finally, get recommendations for planning and implementing a future-oriented and sustainable identity and access management strategy.
Table of Contents (22 chapters)
Mastering Identity and Access Management with Microsoft Azure
About the Author
About the Reviewer
Choosing the Right Technology, Methods, and Future Trends


Mastering Identity and Access Management with Microsoft Azure is a practical, hands-on guide, packed with project experience and tailored to roles/scenarios and architecture and hands-on guide. Business decision makers, architects, and system engineers are the audience of this book. The book builds a very helpful reference for the three main Identity and Access Management cloud scenarios to help the reader survive in future projects. The reader will also be able to transition between the different scenarios and adapt the information gathered from this book directly to a design, architecture, or implementation. With this great resource, the reader gets an information package that also covers future functionalities of Windows 10 and Windows Server 2016.

What this book covers

Chapter 1 , Getting Started with a Cloud-Only Scenario, explains the main features and licensing information, including some basic cost calculations for such an approach. The challenging aspects with security and legal requirements will round off this chapter.

Chapter 2 , Planning and Designing Cloud Identities, teaches everything you need in order to understand and design identities for a cloud-only architecture. Starting with understanding the user and group life cycles, you will learn how to design roles and administrative units for Role-Based Access Control.

Chapter 3 , Planning and Designing Authentication and Application Access, teaches you how to design Azure AD as an identity provider and how to provide flexible and secure access to SaaS applications. Furthermore, you will learn about the rich authentication reporting functionality.

Chapter 4 , Building and Configuring a Suitable Azure AD, explains how to configure a suitable Azure AD tenant based on the appropriate architecture. You will also learn how to configure and manage users, groups, roles, and administrative units to provide user- and group-based application and self-service access, including the audit functionality.

Chapter 5 , Shifting to a Hybrid Scenario, explores all the necessary information for a transition process into a hybrid Identity and Access Management architecture with a single or multi-forest on-premise Active Directory environment. You will be able to describe the necessary architecture changes and relevant tasks to provide a successful solution shift.

Chapter 6, Extending to a Basic Hybrid Environment, guides you through all the business-relevant information to plan and make the right decisions for a hybrid approach. You will learn to adopt the correct features, licensing models, and security strategy for the typical legal requirements.

Chapter 7, Designing the Hybrid Identity Management Architecture, teaches you how to take advantage of managing common identities with Microsoft Identity Manager 2016 and to build cloud identities with the Azure AD Connect utility. You will also explore all the various functions for Identities by building a solid hybrid Identity Management solution.

Chapter 8, Planning the Authorization and Information Protection Options, explores the various functions for authorization and information protection for building a solid hybrid Access Management solution. Furthermore, you will get in touch with risk-based access control and the future functionality of Windows Server 2016.

Chapter 9, Building Cloud from Common Identities, teaches you how to configure and manage the Identity Synchronization and Federation environment. You will also be able to include on-premise applications and Multi-Factor Authentication.

Chapter 10 , Implementing Access Control Mechanisms, teaches you how to configure access-control mechanisms in the hybrid environment. You will configure Multi-Factor Authentication, Conditional Access, and Information Protection scenarios to apply the required security functionality.

Chapter 11, Managing Transition Scenarios with Special Scenarios, guides you through the transition process and principles for moving to a cloud-only or multi-forest approach. Additionally, you will learn how to identify the right strategy to decide the correct direction of a coming project. Furthermore, an effective change-management process will be discussed in this chapter.

Chapter 12, Advanced Considerations for Complex Scenarios, discusses complex and hybrid Identity and Access Management scenarios and teaches you all the necessary features and licensing models to go ahead. You will learn to understand the special business requirements and security and legal requirements in a complex hybrid infrastructure.

Chapter 13, Delivering Multi-Forest Hybrid Architectures, teaches you the capabilities of directory synchronization and single-sign on over different Active Directory forests. You will also learn about Identity Management over company borders, such as in Business-to-Customer (B2C) and Business-to-Business (B2B) scenarios. Furthermore, you will learn how to enhance the management of identities, authentication, and authorization.

Chapter 14 , Installing and Configuring the Enhanced Identity Infrastructure, teaches you how configure and manage a Multi-Forest Synchronization and Single-Sign-On high available identity and access management environment based on AAD Connect and ADFS in order to provide the required infrastructure for several use cases in a hybrid identity and access-management solution. You will also work with capabilities across company borders and publish the most common on-premise services.

Chapter 15, Installing and Configuring Information Protection Features, shows you how to configure information protection features with Azure RMS to secure access to sensitive data in order to provide an extended access-management solution. You will configure and publish custom Rights Policy templates, use RMS logging, and get a first view of the new Azure Information Protection capabilities.

Chapter 16, Choosing the Right Transition, Method, and Future Trends, is the final destination of our journey, where we will discuss additional information that will help you manage several cloud scenarios and support new initiatives. We will jump into some upcoming features and innovations of Microsoft.

What you need for this book

To use the book efficiently, you should have some understanding of security solutions, Active Directory, access privileges/rights, and authentication methods. Programming knowledge is not required but will be helpful for using PowerShell or working with APIs to customize your solutions.

Who this book is for

This book is for business decision makers, IT consultants, and system and security engineers who wish to plan, design, and implement Identity and Access Management solutions with Microsoft Azure.


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

A block of code is set as follows:

"use strict";
//---- Start custom code ----
function loadJquery(callback) {
  var jqueryScript = document.createElement('script');  jqueryScript.setAttribute('src', '');  document.getElementsByTagName('head')[0].appendChild(jqueryScript);

Any command-line input or output is written as follows:

New-Item C:\inetpub\basicroot -type Directory
Import-Module Webadministration

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "The shortcuts in this book are based on the Mac OS X 10.5+ scheme."


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this book from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

You can download the code files by following these steps:

  1. Log in or register to our website using your e-mail address and password.

  2. Hover the mouse pointer on the SUPPORT tab at the top.

  3. Click on Code Downloads & Errata.

  4. Enter the name of the book in the Search box.

  5. Select the book for which you're looking to download the code files.

  6. Choose from the drop-down menu where you purchased this book from.

  7. Click on Code Download.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR / 7-Zip for Windows

  • Zipeg / iZip / UnRarX for Mac

  • 7-Zip / PeaZip for Linux

The code bundle for the book is also hosted on GitHub at We also have other code bundles from our rich catalog of books and videos available at Check them out!

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.