Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By : Jochen Nickel
Book Image

Mastering Identity and Access Management with Microsoft Azure - Second Edition

By: Jochen Nickel

Overview of this book

Microsoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively. You’ll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies.

Related Content you might be interested in

Current Title:

Small book image
Mastering Identity and Access Management with Microsoft Azure - Second Edition
Jochen Nickel
Feb, 2019 | 698 pages
Small book image
Microsoft 365 Identity and Services Exam Guide MS-100
Aaron Guilmette
Jun, 2023 | 462 pages
Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
Microsoft Identity and Access Administrator Exam Guide
Dwayne Natwick
Mar, 2022 | 452 pages
Table of Contents (23 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Building and Managing Azure Active Directory
Building and Managing Azure Active Directory
Implementation scenario overview
Implementing a solid Azure Active Directory
Creating and managing users and groups
Assign roles to administrative units
Protect your administrative accounts
Provide user and group-based application access
Password reset self-service capabilities
Using standard security monitoring
Integrating Azure AD Join for Windows 10 clients
Configuring a custom domain
Configure Azure AD Domain Services
Summary
2
Understanding Identity Synchronization
Understanding Identity Synchronization
Technology overview
Synchronization scenarios
Synchronization terms and processes
Summary
3
Exploring Advanced Synchronization Concepts
Exploring Advanced Synchronization Concepts
Preparing your lab environment
Understanding declarative provisioning and expressions
Synchronization rules explained
Special considerations in advanced synchronization concepts
Summary
4
Monitoring Your Identity Bridge
Monitoring Your Identity Bridge
How Azure AD Connect Health works
Azure AD monitoring and logs
Azure Security Center for monitoring and analytics
Summary
5
Configuring and Managing Identity Protection
Configuring and Managing Identity Protection
Microsoft Identity Protection solutions
Azure ATP and how to use it
Azure AD Identity Protection
Using Azure AD PIM to protect administrative privileges
Summary
6
Managing Authentication Protocols
Managing Authentication Protocols
Microsoft identity platform
Common token standards in a federated world
Security Assertion Markup Language (SAML) 2.0
WS-Federation
OAuth 2.0
OpenID Connect (OIDC)
Pass-through authentication and seamless SSO
Multi-factor authentication
Summary
7
Deploying Solutions on Azure AD and ADFS
Deploying Solutions on Azure AD and ADFS
Basic environment installation and configuration
Azure AD authentication deployments
ADFS Authentication deployments
Integrating Azure MFA (YD1ADS01)
Summary
8
Using the Azure AD App Proxy and the Web Application Proxy
Using the Azure AD App Proxy and the Web Application Proxy
Configuring additional applications for Azure AD and ADFS
Publishing with Windows server and Azure AD Web Application Proxy
Using conditional access
Summary
9
Deploying Additional Applications on Azure AD
Deploying Additional Applications on Azure AD
Preparing your lab environment
What defines single- and multi-tenant applications
Deploying a single-tenant application including roles and claims
Moving the single-tenant app to a multi-tenant scenario
Deploying another multi-tenant app with OpenID Connect
Summary
10
Exploring Azure AD Identity Services
Exploring Azure AD Identity Services
Preparing your lab environment
Understanding Azure AD B2B
Exploring Azure AD B2C
Extending Active Directory solutions with Azure AD Domain Services
AD FS as an on-premise identity service for the cloud
Summary
11
Creating Identity Life Cycle Management in Azure
Creating Identity Life Cycle Management in Azure
Lab environment readiness
Handling the guest user life cycle
Azure services for automation
Summary
12
Creating a Security Culture
Creating a Security Culture
Why do we need a security culture?
Pillars of a good security culture
General overview of data classification
Azure Information Protection (AIP) overview
Summary
13
Identifying and Detecting Sensitive Data
Identifying and Detecting Sensitive Data
Extending your lab environment
Understanding and using AIP capabilities for data in motion
Understanding and using AIP capabilities for data at rest
Summary
14
Understanding Encryption Key Management Strategies
Understanding Encryption Key Management Strategies
Azure Information Protection key basics
How Azure RMS works under the hood
Summary
15
Configuring Azure Information Protection Solutions
Configuring Azure Information Protection Solutions
Preparing to configure and manage AIP
Azure RMS management with PowerShell
Configuring AIP
Summary
16
Azure Information Protection Development
Azure Information Protection Development
Technical requirements
Microsoft Information Protection solutions
Understanding the Microsoft Information Protection SDK
Preparing your Azure AD environment for tests
Using MIP binaries to explore functionality
Using PowerShell with Azure Information Protection
Overview of the RMS 2.1 and 4.2 SDKs
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Using standard security monitoring

In this section, we will configure and simulate some typical events that get reported in the Azure AD Monitoring section.

First, we configure a Password protection feature, Custom smart lockout. We set the value to 10 incorrect logins:

Azure AD password protection features

You should receive the following message if you provide a wrong password 10 times:

Locked message dialog

You can see the activity under Monitoring | Sign-In:

Azure AD monitoring capabilities

You can also test Sign-ins from multiple geographies with simulation software such as CyberGhost (http://www.cyberghostvpn.com/en_us). Another option would be to use an Azure Virtual Machine.

Log in with an account between geographic regions that are far apart, such as Europe and Asia. This requires a remote machine from your location and in a different time zone, with logons as close together as possible:

To configure users with an anomalous sign-in activity, you can use the Tor browser:

Open the Tor browser, go to https://myapps.microsoft.com, and log in as [email protected]. Your user account will be locked.

The following result is expected in security monitoring:

Security monitoring overview - Azure AD

Now that we have had a short journey through the security-monitoring options, we will integrate our Windows 10 client into Azure AD.

Previous Section
End of Section 9
Next Section