Book description
Start empowering users and protecting corporate data, while managing Identities and Access with Microsoft Azure in different environments
About This Book
- Deep dive into the Microsoft Identity and Access Management as a Service (IDaaS) solution
- Design, implement and manage simple and complex hybrid identity and access management environments
- Learn to apply solution architectures directly to your business needs and understand how to identify and manage business drivers during transitions
Who This Book Is For
This book is for business decision makers, IT consultants, and system and security engineers who wish to plan, design, and implement Identity and Access Management solutions with Microsoft Azure.
What You Will Learn
- Apply technical descriptions and solution architectures directly to your business needs and deployments
- Identify and manage business drivers and architecture changes to transition between different scenarios
- Understand and configure all relevant Identity and Access Management key features and concepts
- Implement simple and complex directory integration, authentication, and authorization scenarios
- Get to know about modern identity management, authentication, and authorization protocols and standards
- Implement and configure a modern information protection solution
- Integrate and configure future improvements in authentication and authorization functionality of Windows 10 and Windows Server 2016
In Detail
Microsoft Azure and its Identity and Access Management is at the heart of Microsoft’s Software as a Service, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is an essential tool to master in order to effectively work with the Microsoft Cloud. Through practical, project based learning this book will impart that mastery.
Beginning with the basics of features and licenses, this book quickly moves on to the user and group lifecycle required to design roles and administrative units for role-based access control (RBAC). Learn to design Azure AD to be an identity provider and provide flexible and secure access to SaaS applications. Get to grips with how to configure and manage users, groups, roles, and administrative units to provide a user- and group-based application and self-service access including the audit functionality.
Next find out how to take advantage of managing common identities with the Microsoft Identity Manager 2016 and build cloud identities with the Azure AD Connect utility. Construct blueprints with different authentication scenarios including multi-factor authentication. Discover how to configure and manage the identity synchronization and federation environment along with multi -factor authentication, conditional access, and information protection scenarios to apply the required security functionality.
Finally, get recommendations for planning and implementing a future-oriented and sustainable identity and access management strategy.
Style and approach
A practical, project-based learning experience explained through hands-on examples.
Table of contents
-
Mastering Identity and Access Management with Microsoft Azure
- Mastering Identity and Access Management with Microsoft Azure
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Getting Started with a Cloud-Only Scenario
- 2. Planning and Designing Cloud Identities
-
3. Planning and Designing Authentication and Application Access
-
Using Azure AD as an identity provider
- Azure Active Directory Authentication endpoints
- Common features for application access in Azure AD
- Common token standards in a federated world
- Security Assertion Markup Language (SAML) 2.0
- WS-Federation
- OAuth 2.0
- OpenID Connect
- Azure Active Directory Domain Services
- Azure Active Directory B2B
- Azure Active Directory B2C
- By example - SharePoint claims-based authentication
- User and group-based application access management
- Managing authentication reporting capabilities
- Summary
-
Using Azure AD as an identity provider
-
4. Building and Configuring a Suitable Azure AD
- Implementation scenario overview
- Implementing a solid Azure Active Directory
- Creating and managing users and groups
- Assigning roles and administrative units
- Providing user-and group-based application access
- Activating password reset self-service capabilities
- Using standard security reports
- Integrating Azure AD join for Windows 10 clients
- Configuring a custom domain
- Configuring Azure AD Domain Services
- Summary
- 5. Shifting to a Hybrid Scenario
- 6. Extending to a Basic Hybrid Environment
-
7. Designing Hybrid Identity Management Architecture
- Key design concepts
- Management of common identities with Microsoft Identity Manager and Active Directory
- Choosing the best directory synchronization scenario for cloud identities
- Delivering password management capabilities
- Using multiple identity providers and authentication scenarios
- Enabling strong authentication scenarios
- How does advanced identity and authentication reporting work?
- Summary
-
8. Planning Authorization and Information Protection Options
- Designing and applying risk-based Access Control
- Delivering authentication and authorization improvements with Windows Server 2016
- Enabling advanced application Access Control
-
Getting in touch with information protection
- Overview and needs
- Deployment models
- Important user attributes and information
- Azure RMS
- High availability
- Azure rights management key material
- Azure Rights Management Super User
- Azure Rights Management templates
- Logging services
- Azure rights management trusts
- RMS for individuals
- RMS clients and application usage scenarios
- How does authorization and information protection reporting work?
- Summary
-
9. Building Cloud from Common Identities
- Creating the basic lab environment
-
Installing and configuring the synchronization and federation environment
- Preparing the group management service account - GMSA
- Installing AD FS on IDB01
- Configuring AD FS on IDB01
- Testing AD FS functionality
- Installing a Web Application Proxy on URA01
- Configuring a Web Application Proxy on URA01
- Testing Web Application Proxy functionality
- Installing the Claims Web Application on APP01
- Configuring the Claims website
- Configuring the Kerberos website
- Configuring the AAD/Office 365 federation
- Installing and configuring Azure AD Connect
- AAD Connect stepping through the initial load
- Configuring attribute-based filtering
- Enabling password writeback
- Forcing a synchronization task after changes
- Creating dynamic groups
- Configuring self-service group management
- Implementing secure remote access and SSO for on premise web applications
- Enabling and configuring Multi-Factor Authentication
- Summary
- 10. Implementing Access Control Mechanisms
-
11. Managing Transition Scenarios with Special Scenarios
-
Identifying special Active Directory and ADFS considerations
- Single Forest scenario with multiple Azure AD tenants
- Extending your resource access to external partners (on-premise)
-
Modern service provider architectures and Azure IdAM integrations
- Fabric management - Active Directory
- Fabric management - identity synchronization
- Fabric management - identity management
- Tenant management - Active Directory
- Tenant management identity synchronization - tenant AD and Customer AD
- Tenant management - Federation Services
- Customer premises - Identity and Access Management
- Planning the correct connectivity to your Azure infrastructure
- Integrating Azure MFA in your MIM 2016 deployment
- Knowing the migrate from AD RMS to Azure RMS shortcut
- Summary
-
Identifying special Active Directory and ADFS considerations
- 12. Advanced Considerations for Complex Scenarios
-
13. Delivering Multi-Forest Hybrid Architectures
- Enabling identity synchronization in multi-forest environments
- Guidance through federation in multi-forest environments
-
Using alternate login ID and ADAL
- Disassociation of AAD UPN from AD DS UPN and trade-offs
- What does modern authentication mean?
- How Outlook authentication works today
- How authentication happens with Word and SharePoint Online
- Monitoring with AAD Connect Health
- Getting in touch with the AAD Connect Health service
- AAD Connect Health - Management interface
- AAD Connect Health - alerts, usage, and performance insights
- Comparing AD FS against Azure B2B/B2C
- Designing ADFS 4.0 identity and attribute stores
- Summary
-
14. Installing and Configuring the Enhanced Identity Infrastructure
- Important note for readers
- Creating the extended lab environment
- Installing and configuring the multi-forest synchronization environment
-
Installing and configuring the multi-forest and high availability Federation environments
- Building high availability - ADFS and Web Application Proxy in identityplus.ch
- Configuring ADFS to support multiple forests
- Configuring ADFS to support a partner organization
- Configuring Home Realm Discovery (HRD)
- Configuring ADLDS and ADFS - additional attribute store
- Delegating the administration of ADFS
- Configuring AAD Connect Health for Federation components
- Configuring AD FS to support Windows Integrated Authentication on certain browsers
- Configuring alternate login ID
- Configuring application access with ADFS, WAP, and AAD AP
- Configuring Multi-Factor authentication scenarios for Conditional Access
- Summary
-
15. Installing and Configuring Information Protection Features
- Preparing your admin workstation to manage Azure RMS
- Configuring onboarding controls
- Delegating administrative permissions
- Enabling Azure RMS super users
- Configuring Exchange Online to use Rights Management capabilities
- Configuring Exchange to use Rights Management capabilities
- Configuring SharePoint to use Rights Management capabilities
- Creating and publishing custom Rights Policy templates
- Verifying Azure RMS logging
- Preview of Azure Information Protection
- SAP integration as a special scenario
- Configuring a BYOK scenario
- Summary
-
16. Choosing the Right Technology, Methods, and Future Trends
-
MIM 2016 future improvements
- Synchronization engine merger
- REST API support
- PAM improvements
- MIM and Exchange Online integration
- MIM compatibility updates
- Advanced Conditional Access Helper
-
Conditional Access Client scenarios - mail access
- Client scenario Outlook 2010 on domain joined computer
- Client scenario Outlook 2013 on domain joined computer
- Client scenario Outlook 2013/16 on domain joined computer with Windows 7/8.1
- Client scenario Outlook 2013/16 on domain joined computer with Windows 10
- Client scenario iOS and Android ActiveSync Mail Clients
- Client scenario Outlook for iOS and Android
- Client scenario OWA for iOS and Android
- Client scenario Outlook WP8.1
- Client scenario Outlook 2016 Mac OS X
-
Conditional Access Client scenarios - SharePoint access
- Client scenario Browser from domain joined PC Windows 7/8.1
- Client scenario Browser from domain joined PC Windows 10
- Client scenario Browser from Mac OS
- Client scenario OD4B Client from domain joined PC Windows 7/8.1
- Client scenario OD4B Client from domain joined PC Windows 10
- Client scenario non-ADAL OD4B client
- Client scenario OD4B Client from mobile devices
- Summary
-
MIM 2016 future improvements
Product information
- Title: Mastering Identity and Access Management with Microsoft Azure
- Author(s):
- Release date: September 2016
- Publisher(s): Packt Publishing
- ISBN: 9781785889448
You might also like
book
Mastering Identity and Access Management with Microsoft Azure - Second Edition
Start empowering users and protecting corporate data, while managing identities and access with Microsoft Azure in …
book
Azure Active Directory for Secure Application Development
Develop secure applications using different features of Azure Active Directory along with modern authentication techniques and …
book
Learning Microsoft Azure
If your organization plans to modernize services and move to the cloud from legacy software or …
video
Identity Federation using Microsoft ADFS and Azure AD
When organizations want external parties to consume their applications (be it on-premises or cloud), federation comes …