Book Image

Azure Active Directory for Secure Application Development

By : Sjoukje Zaal
Book Image

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.
Table of Contents (14 chapters)
Part 1: Getting Started with the Microsoft Identity Platform
Part 2: Authentication and Protocols
Part 3: Azure AD B2C

Introducing Azure AD

Azure AD provides a cloud-based enterprise directory and identity management service. It offers features to give users seamless access to all types of resources, internal and external. For instance, it enables the traditional method of user authentication through a username and password, along with the management of roles and permissions to give users access to a variety of resources and products, such as the Azure portal, applications inside of the corporate network, and also Software as a Service (SaaS) applications and Office 365.

It offers traditional username and password management as well as roles and permissions management. On top of that, it offers more enterprise-grade features, such as multi-factor authentication (MFA), and SSO for your applications. It also offers different monitoring and alerting capabilities out of the box.

Azure AD offers different pricing plans, all coming with different types of features and capabilities:

  • Free: You can gain access to the most basic features by choosing this plan. This consists of support for approximately 500,000 identity objects, seamless SSO, device registration, Azure AD Join, user and group management, external identities with Azure AD B2B, Pass-Through Authentication (PTA), self-service password change, groups, and standard security reports.
  • Office 365 apps: This offers no object limit, has an Service-level Agreement (SLA) for 99.9% uptime, self-service password reset for cloud users, company branding features, and device write-back (a two-way sync for device objects between on-premises directories and Azure).
  • Premium P1: This offers advanced reporting, MFA and Conditional Access, Advanced Group Access Management, support for the application proxy, which can be used to provides secure remote access to on-premises web applications, Azure Information Protection (AIP) integration, Microsoft Cloud App Discovery, Azure AD Join, MDM auto-enrollment, and local admin policy customization.
  • Premium P2: This offers identity protection, Privileged Identity Management (PIM), access reviews, and entitlement management.

    Important Note

    For a detailed overview of all the different features for each pricing plan, you can refer to the following site:

Azure AD is also used to manage user identities in Microsoft 365. Microsoft 365 is a collection of different services, such as Windows 10, Office 365, and Enterprise Mobility. By default, your Microsoft 365 subscription comes with the free plan of Azure AD, but you can also purchase different plans to get more features.

For developers, Azure AD is primarily used for issuing tokens that enable users to sign in to applications. Before these tokens can be issued, applications need to be registered inside Azure AD, permissions need to be set, and users need to be added that can access the applications or have access to Microsoft 365 data. This is mainly done by IT administrators, but it is also important for developers to know how to put this in place. Developers can also make use of the enterprise-grade security features in Azure AD, such as Conditional Access policies and SSO, for example.

Next to the fact that an Azure AD tenant is created together with your sign-up for an Azure, Microsoft 365, Office 365, or Intune account, you can also create an Azure AD tenant manually. An Azure AD tenant is basically a representation of an organization. You create a dedicated instance of Azure AD bound to the organization. It is also possible to create multiple Azure AD tenants. Each Azure AD tenant is completely separated from other Azure AD tenants and has its own work or school identities, Azure AD B2C consumer identities, and app registrations. An app registration can be single-tenant, which only allows authentications from accounts within the tenant where it is registered, or multi-tenant, which allows authentications from all tenants.

In the next sections, we will briefly introduce Azure AD Business to Business (B2B) and Azure AD Business to Consumer (B2C).