Azure Active Directory for Secure Application Development

By : Sjoukje Zaal

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.

Preface

What this book covers

To get the most out of this book

Download the color images

Download the example code files

Conventions used

Get in touch

Share Your Thoughts

Part 1: Getting Started with the Microsoft Identity Platform

Free Chapter

Chapter 1: Microsoft Identity Platform Overview

Learning about the Microsoft identity platform

Understanding the evolution of the Microsoft identity platform

Introducing Azure AD

Introducing Azure AD B2B

Introducing Azure AD B2C

Setting up an Azure AD tenant

Adding a user to Azure AD

Cleaning up the resources

Summary

Further reading

Chapter 2: Azure AD Application Model

Technical requirements

Introducing the Azure AD application model

Learning about application and service principal objects in Azure AD

Registering an application with the Microsoft identity platform

Setting redirect URIs

Understanding permissions and consent

Understanding certificates and secrets

Restricting your Azure AD app to a set of users

Registering an application using PowerShell and the CLI

Summary

Further reading

Chapter 3: Application Types and User Consent

Technical requirements

Public client and confidential client applications

Understanding the authorization code flow

Understanding the different application types

Building a web app that authenticates users using Azure AD

Understanding the Azure AD application consent experience

Understanding how end users consent to applications

Publisher verification

Summary

Further reading

Part 2: Authentication and Protocols

Chapter 4: The Basics and Evolution of Authentication

Evolution of identity protocols

Authentication versus authorization

Pre-claims authentication techniques

Claims-based identity

First-generation protocols

Modern protocols

Summary

Further reading

Chapter 5: Securing Applications with OAuth 2.0, OpenID Connect, and MSAL

Technical requirements

The OAuth 2.0 framework and its specifications

The OpenID Connect protocol and its specifications

The OAuth 2.0 and OpenID Connect flows

An overview of the Microsoft Identity Web authentication library

An overview of MSAL

Securing your application using OAuth 2.0, OpenID Connect, and MSAL

Summary

Further reading

Chapter 6:Building Secure Services Using the Microsoft Graph API

Technical requirements

An overview of Microsoft Graph

Accessing data and methods

Queries, batching, throttling, and paging

The Microsoft Graph SDK

Building a web application that uses the Microsoft Graph API

Summary

Further reading

Part 3: Azure AD B2C

Chapter 7: Introducing Azure Active Directory B2C

Technical requirements

Introducing Azure AD B2C

Creating an Azure AD B2C tenant and adding a user

Registering an application in Azure AD B2C

Understanding user flows

Setting up the custom web application

Summary

Further reading

Chapter 8: Advanced Features of Azure AD B2C

Technical requirements

Identity providers in Azure AD B2C

Customizing the UI

Localization and language customization

Azure AD B2C and Microsoft Graph

Custom domains for Azure AD B2C

Summary

Further reading

Chapter 9: Azure AD B2C Custom Policies

Technical requirements

Understanding custom policies

Introducing the Identity Experience Framework

Creating a custom policy

Summary

Further reading

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Introducing Azure AD B2B

This book is focusing on Azure AD from a developer's perspective. This means that, as a developer, you will not work with Azure AD B2B very often, although Microsoft Graph does offer APIs for Azure AD B2B that you can leverage inside your custom applications. You may encounter Azure AD B2B users in the solutions you build.

But, to give a complete overview of the different products and services that Azure AD has to offer, I will give a short introduction to this feature as well.

Azure AD B2B collaboration is a feature on top of Azure AD. You can add external identities to your Azure AD tenant to collaborate with external users inside your organization. Partners or individuals are not required to have an Azure AD or even an IT department. Azure AD B2B uses a simple redemption process to give access to your company resources, Azure environment, or Office 365 environment, using their own credentials. Partners use their own Azure identity management solution with Azure AD B2B. This reduces the administrative overhead that comes with managing accounts with external users. External users can log in to Azure AD-connected apps and services using their own work, school, personal, or social media identities.

Azure AD B2B APIs (using Microsoft Graph) can be used by developers to customize the invitation process or write applications such as self-service sign-up portals. Azure AD External Identities uses a billing model based on monthly active users (MAU), which is basically the same for Azure AD B2C. The first 50,000 users are free, then there is a monthly charge per monthly active user.

Azure AD B2B offers the following features:

Management portal: Azure AD B2B is part of Azure AD, which means that all external users can be managed from the Azure portal. This is fully integrated with Azure AD, and the user experience is completely the same as for internal users.
Groups: You can create groups for external users or add them to dynamic groups. With dynamic groups, administrators can set up rules to populate groups based on user attributes.
Conditional Access: With Conditional Access, you can set conditions for your users. You can enforce external users to use MFA or give them access to certain applications or access from limited locations or devices.
Auditing and reporting: Azure AD B2B is an add-on to Azure AD, which means you can use the auditing ad reporting capabilities that are part of Azure AD. For instance, you can look into the invitation history and acceptance details.

In the next section, we will introduce Azure AD B2C.

Azure Active Directory for Secure Application Development

By : Sjoukje Zaal

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Related Content you might be interested in

Current Title:

Azure Active Directory for Secure Application Development

Cloud Identity Patterns and Strategies

Mastering Identity and Access Management with Microsoft Azure.

Architecting Microsoft Azure Solutions - Exam Guide 70-535

Introducing Azure AD B2B