Mastering Identity and Access Management with Microsoft Azure - Second Edition

Mastering Identity and Access Management with Microsoft Azure - Second Edition

by Jochen Nickel
Released February 2019
Publisher(s): Packt Publishing
ISBN: 9781789132304

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Start empowering users and protecting corporate data, while managing identities and access with Microsoft Azure in different environments

Key Features

  • Understand how to identify and manage business drivers during transitions
  • Explore Microsoft Identity and Access Management as a Service (IDaaS) solution
  • Over 40 playbooks to support your learning process with practical guidelines

Book Description

Microsoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively.

You'll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies.

What you will learn

  • Apply technical descriptions to your business needs and deployments
  • Manage cloud-only, simple, and complex hybrid environments
  • Apply correct and efficient monitoring and identity protection strategies
  • Design and deploy custom Identity and access management solutions
  • Build a complete identity and access management life cycle
  • Understand authentication and application publishing mechanisms
  • Use and understand the most crucial identity synchronization scenarios
  • Implement a suitable information protection strategy

Who this book is for

This book is a perfect companion for developers, cyber security specialists, system and security engineers, IT consultants/architects, and system administrators who are looking for perfectly up?to-date hybrid and cloud-only scenarios. You should have some understanding of security solutions, Active Directory, access privileges/rights, and authentication methods. Programming knowledge is not required but can be helpful for using PowerShell or working with APIs to customize your solutions.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Mastering Identity and Access Management with Microsoft Azure Second Edition
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  6. Section 1: Identity Management and Synchronization
  7. Building and Managing Azure Active Directory
    1. Implementation scenario overview
    2. Implementing a solid Azure Active Directory
      1. Configuring your administrative workstation
      2. Custom company branding
        1. Summary and recommendations of the help information 
    3. Creating and managing users and groups
      1. Set group owners for organizational groups
      2. Delegated group management for organizational groups
      3. Configure self-service group management
        1. Create the sales internal news group as an Office 365 (distribution group)
      4. Configure dynamic group memberships
    4. Assign roles to administrative units
      1. Creating an administrative unit
      2. Adding users to an administrative unit
      3. Scoping administrative roles
      4. Test your configuration
    5. Protect your administrative accounts
    6. Provide user and group-based application access
      1. Assign applications to users and define login information
      2. Assign applications to groups and define login information
      3. Self-service application management
    7. Password reset self-service capabilities
      1. Configure notifications
      2. Test the password reset process
    8. Using standard security monitoring
    9. Integrating Azure AD Join for Windows 10 clients
      1. Join your Windows 10 client to Azure AD
      2. Verify the newly joined Windows 10 client
    10. Configuring a custom domain
    11. Configure Azure AD Domain Services
      1. Test and verify your new Azure AD Domain Services
    12. Summary
  8. Understanding Identity Synchronization
    1. Technology overview
      1. Microsoft Identity Manager (MIM) 2016
        1. MIM synchronization service
          1. MIM synchronization service extensions
        2. MIM service and portal
          1. MIM service extensions
        3. MIM password reset and user account unlock
        4. MIM privileged access management
        5. Additional solution
          1. Cloud deployment based on identity director service
          2. On-premises deployment based on MIM 2016
      2. Azure Active Directory Connect
    2. Synchronization scenarios
      1. Single-forest integration
      2. Multi-forest integration
      3. Multi-Azure Active Directory Integration
      4. Azure Active Directory Domain Services Integration
      5. Stretched Active Directory to Azure IaaS
      6. Azure Active Directory B2B integration
      7. Azure Active Directory and Microsoft Office 365 synchronization
      8. Identity and password-hash synchronization including SSO options
      9. Identity synchronization including PingFederate integration
      10. Identity and password-hash synchronization including ADFS integration
      11. Azure Active Directory Connect high availability
    3. Synchronization terms and processes
      1. UserPrincipalName suffix decisions
      2. Active Directory preparations
      3. Source Anchor decisions
      4. Connected Directories
      5. Import flow
        1. Placeholder objects
      6. Synchronization flows
      7. Inbound synchronization
      8. Outbound synchronization
      9. Joins
        1. Connector objects
        2. Disconnector objects
      10. Export flow
    4. Summary
  9. Exploring Advanced Synchronization Concepts
    1. Preparing your lab environment
    2. Understanding declarative provisioning and expressions
    3. Synchronization rules explained
    4. Special considerations in advanced synchronization concepts
      1. Using standard filters to exclude users and groups
      2. Building a custom rule for filtering
      3. Connecting Azure AD Connect to the second forest
    5. Summary
  10. Monitoring Your Identity Bridge
    1. How Azure AD Connect Health works
    2. Azure AD monitoring and logs
    3. Azure Security Center for monitoring and analytics
    4. Summary
  11. Configuring and Managing Identity Protection
    1. Microsoft Identity Protection solutions
    2. Azure ATP and how to use it
    3. Azure AD Identity Protection
    4. Using Azure AD PIM to protect administrative privileges
    5. Summary
  12. Section 2: Authentication and Application Publishing
  13. Managing Authentication Protocols
    1. Microsoft identity platform
    2. Common token standards in a federated world
    3. Security Assertion Markup Language (SAML) 2.0
      1. Key facts about SAML
    4. WS-Federation
      1. Key facts about WS-Federation
    5. OAuth 2.0
      1. Key facts about OAuth 2.0
      2. Main OAuth 2.0 flow facts
        1. Authorization code flow
        2. Client credential flow
        3. Implicit grant flow
        4. Resource owner password credentials flow
    6. OpenID Connect (OIDC)
      1. Key facts about OIDC
    7. Pass-through authentication and seamless SSO
    8. Multi-factor authentication
      1. Azure MFA
      2. Certificate authentication
      3. Device authentication
      4. Biometric authentication
    9. Summary
  14. Deploying Solutions on Azure AD and ADFS
    1. Basic environment installation and configuration
      1. Create the certificate for your environment with let's encrypt
      2. Installing the ADFS farm on YDADS01
      3. Installing the Web Application Proxy on YD1URA01
      4. Installing demo applications on (YD1APP01) for ADFS
      5. Subscribing to demo apps (Azure AD)
    2. Azure AD authentication deployments
    3. ADFS Authentication deployments
    4. Integrating Azure MFA (YD1ADS01)
    5. Summary
  15. Using the Azure AD App Proxy and the Web Application Proxy
    1. Configuring additional applications for Azure AD and ADFS
    2. Publishing with Windows server and Azure AD Web Application Proxy
    3. Using conditional access
    4. Summary
  16. Deploying Additional Applications on Azure AD
    1. Preparing your lab environment
    2. What defines single- and multi-tenant applications
    3. Deploying a single-tenant application including roles and claims
    4. Moving the single-tenant app to a multi-tenant scenario
    5. Deploying another multi-tenant app with OpenID Connect
    6. Summary
  17. Exploring Azure AD Identity Services
    1. Preparing your lab environment
    2. Understanding Azure AD B2B
      1. Providing resource access to external partners (on-premise)
    3. Exploring Azure AD B2C
      1. Azure AD B2C tenant creation
      2. Demo app registration
      3. User flow creation
      4. Visual Studio code modification
      5. Comparing Azure AD B2B and B2C
      6. Comparing AD FS with Azure B2B and B2C
    4. Extending Active Directory solutions with Azure AD Domain Services
    5. AD FS as an on-premise identity service for the cloud
      1. Typical single-forest deployment
      2. Two or more Active Directory forests running separate AD FS instances
      3. Running one AD FS instance for multiple trusted forests
      4. One AD FS instance for multiple Active Directory forests without an AD trust
      5. Using a local CP trust to support multiple Active Directory forests
      6. Using a shared Active Directory environment
      7. Microsoft Cloud Solution Provider summary
    6. Summary
  18. Creating Identity Life Cycle Management in Azure
    1. Lab environment readiness
    2. Handling the guest user life cycle
      1. Use Case 1 – Exploring the invitation process with different user types
      2. Using the Azure AD B2B portal and use cases
        1. Installation and configuration
        2. Usage of the portal
        3. Special considerations
      3. On-premise application access for guest users
    3. Azure services for automation
    4. Summary
  19. Section 3: Data Classification and Information Protection
  20. Creating a Security Culture
    1. Why do we need a security culture?
    2. Pillars of a good security culture
      1. Leadership support
      2. Training
      3. Testing
      4. Continuous communication
    3. General overview of data classification
      1. Methods of data classification
      2. Data classification and unstructured data
      3. Data classification and Data Leakage/Loss Prevention
      4. Data classification and compliance
      5. Storage optimization
      6. Access control to data
      7. Classification scheme and policy example
        1. Description of the classification scheme
        2. Visual markings and rules based on the classification label
        3. General desired behavior example
      8. Defining the data-processing roles
        1. Change of classification
    4. Azure Information Protection (AIP) overview
    5. Summary
  21. Identifying and Detecting Sensitive Data
    1. Extending your lab environment
    2. Understanding and using AIP capabilities for data in motion
      1. Scenario 1 – Usage of Azure Information Protection
      2. Scenario 2 – Monitoring with Windows Defender ATP
      3. Scenario 3 – Identifying sensitive information in your cloud ecosystem
      4. Scenario 4 – Data leakage prevention in Office 365
    3. Understanding and using AIP capabilities for data at rest
    4. Summary
  22. Understanding Encryption Key Management Strategies
    1. Azure Information Protection key basics
      1. Microsoft-managed keys
      2. Bring your own key
        1. What is an HSM?
        2. What is the Azure Key Vault?
      3. Hold your own key
    2. How Azure RMS works under the hood
      1. Algorithms and key lengths
      2. User environment-initialization flow
      3. Content-protection flow
      4. Content-consumption flow
    3. Summary
  23. Configuring Azure Information Protection Solutions
    1. Preparing to configure and manage AIP
    2. Azure RMS management with PowerShell
      1. Azure RMS super users
      2. Onboarding controls
      3. Azure RMS templates
      4. Azure RMS logging
      5. AIP client PowerShell
    3. Configuring AIP
      1. Creating the classification schema
      2. Creating sub-labels and scoped policies
      3. Using visual markings
      4. Configuring automatic classification and protection
      5. Using justification
      6. Configuring protection options
      7. Activating unified labeling
      8. Lab challenge
    4. Summary
  24. Azure Information Protection Development
    1. Technical requirements
    2. Microsoft Information Protection solutions
    3. Understanding the Microsoft Information Protection SDK
    4. Preparing your Azure AD environment for tests
    5. Using MIP binaries to explore functionality
    6. Using PowerShell with Azure Information Protection
      1. Useful Azure RMS cmdlets
    7. Overview of the RMS 2.1 and 4.2 SDKs
    8. Summary
  25. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Mastering Identity and Access Management with Microsoft Azure - Second Edition
  • Author(s): Jochen Nickel
  • Release date: February 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781789132304