ebook img

Mastering Identity and Access Management with Microsoft Azure: Empower users by managing and protecting identities and data PDF

681 Pages·2019·30.895 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Mastering Identity and Access Management with Microsoft Azure: Empower users by managing and protecting identities and data

Mastering Identity and Access Management with Microsoft Azure Second Edition Empower users by managing and protecting identities and data Jochen Nickel BIRMINGHAM - MUMBAI Mastering Identity and Access Management with Microsoft Azure Second Edition Copyright © 2019 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Gebin George Acquisition Editor: Rahul Nair Content Development Editor: Deepti Thore Technical Editor: Mamta Yadav Copy Editor: Safis Editing Project Coordinator: Nusaiba Ansari Proofreader: Safis Editing Indexer: Tejal Daruwale Soni Graphics: Jisha Chirayil Production Coordinator: Aparna Bhagat First published: September 2016 Second edition: February 2019 Production reference: 1250219 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78913-230-4 www.packtpub.com mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Mapt is fully searchable Copy and paste, print, and bookmark content Packt.com Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the author Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe. About the reviewer Kasam Shaikh, a Microsoft Azure enthusiast, is a seasoned professional with a "can do" attitude and 11 years of industry experience, working as a cloud architect with one of the leading IT companies in Mumbai, India. He is a certified Azure architect, YouTuber, recognized as an MVP by a leading online community, as well as a global AI speaker, and has authored books on Azure Cognitive, Azure Bots, and Microsoft Bot frameworks. He is the founder of Dear Azure, (AZ-INDIA) community, the fastest-growing online community for learning Azure. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Section 1: Identity Management and Synchronization Chapter 1: Building and Managing Azure Active Directory 10 Implementation scenario overview 11 Implementing a solid Azure Active Directory 12 Configuring your administrative workstation 17 Custom company branding 20 Summary and recommendations of the help information 23 Creating and managing users and groups 25 Set group owners for organizational groups 27 Delegated group management for organizational groups 28 Configure self-service group management 30 Create the sales internal news group as an Office 365 (distribution group) 31 Configure dynamic group memberships 36 Assign roles to administrative units 39 Creating an administrative unit 39 Adding users to an administrative unit 39 Scoping administrative roles 40 Test your configuration 41 Protect your administrative accounts 41 Provide user and group-based application access 47 Assign applications to users and define login information 48 Assign applications to groups and define login information 50 Self-service application management 51 Password reset self-service capabilities 51 Configure notifications 53 Test the password reset process 55 Using standard security monitoring 55 Integrating Azure AD Join for Windows 10 clients 59 Join your Windows 10 client to Azure AD 59 Verify the newly joined Windows 10 client 61 Configuring a custom domain 62 Configure Azure AD Domain Services 65 Test and verify your new Azure AD Domain Services 69 Summary 76 Chapter 2: Understanding Identity Synchronization 77 Table of Contents Technology overview 78 Microsoft Identity Manager (MIM) 2016 80 MIM synchronization service 81 MIM synchronization service extensions 83 MIM service and portal 83 MIM service extensions 85 MIM password reset and user account unlock 85 MIM privileged access management 86 Additional solution 87 Cloud deployment based on identity director service 91 On-premises deployment based on MIM 2016 91 Azure Active Directory Connect 91 Synchronization scenarios 93 Single-forest integration 94 Multi-forest integration 94 Multi-Azure Active Directory Integration 99 Azure Active Directory Domain Services Integration 100 Stretched Active Directory to Azure IaaS 101 Azure Active Directory B2B integration 102 Azure Active Directory and Microsoft Office 365 synchronization 103 Identity and password-hash synchronization including SSO options 104 Identity synchronization including PingFederate integration 105 Identity and password-hash synchronization including ADFS integration 106 Azure Active Directory Connect high availability 107 Synchronization terms and processes 109 UserPrincipalName suffix decisions 112 Active Directory preparations 113 Source Anchor decisions 116 Connected Directories 118 Import flow 127 Placeholder objects 131 Synchronization flows 132 Inbound synchronization 134 Outbound synchronization 139 Joins 140 Connector objects 141 Disconnector objects 141 Export flow 142 Summary 143 Chapter 3: Exploring Advanced Synchronization Concepts 144 Preparing your lab environment 145 Understanding declarative provisioning and expressions 148 Synchronization rules explained 150 Special considerations in advanced synchronization concepts 158 Using standard filters to exclude users and groups 159 [ ii ] Table of Contents Building a custom rule for filtering 168 Connecting Azure AD Connect to the second forest 171 Summary 188 Chapter 4: Monitoring Your Identity Bridge 189 How Azure AD Connect Health works 189 Azure AD monitoring and logs 199 Azure Security Center for monitoring and analytics 208 Summary 212 Chapter 5: Configuring and Managing Identity Protection 213 Microsoft Identity Protection solutions 214 Azure ATP and how to use it 216 Azure AD Identity Protection 224 Using Azure AD PIM to protect administrative privileges 228 Summary 241 Section 2: Authentication and Application Publishing Chapter 6: Managing Authentication Protocols 243 Microsoft identity platform 244 Common token standards in a federated world 246 Security Assertion Markup Language (SAML) 2.0 246 Key facts about SAML 247 WS-Federation 249 Key facts about WS-Federation 250 OAuth 2.0 251 Key facts about OAuth 2.0 251 Main OAuth 2.0 flow facts 254 Authorization code flow 255 Client credential flow 257 Implicit grant flow 258 Resource owner password credentials flow 258 OpenID Connect (OIDC) 259 Key facts about OIDC 259 Pass-through authentication and seamless SSO 261 Multi-factor authentication 264 Azure MFA 265 Certificate authentication 266 Device authentication 266 Biometric authentication 267 Summary 267 Chapter 7: Deploying Solutions on Azure AD and ADFS 268 Basic environment installation and configuration 269 [ iii ] Table of Contents Create the certificate for your environment with let's encrypt 273 Installing the ADFS farm on YDADS01 277 Installing the Web Application Proxy on YD1URA01 278 Installing demo applications on (YD1APP01) for ADFS 280 Subscribing to demo apps (Azure AD) 286 Azure AD authentication deployments 287 ADFS Authentication deployments 299 Integrating Azure MFA (YD1ADS01) 308 Summary 310 Chapter 8: Using the Azure AD App Proxy and the Web Application Proxy 311 Configuring additional applications for Azure AD and ADFS 312 Publishing with Windows server and Azure AD Web Application Proxy 334 Using conditional access 352 Summary 358 Chapter 9: Deploying Additional Applications on Azure AD 359 Preparing your lab environment 360 What defines single- and multi-tenant applications 361 Deploying a single-tenant application including roles and claims 361 Moving the single-tenant app to a multi-tenant scenario 377 Deploying another multi-tenant app with OpenID Connect 380 Summary 390 Chapter 10: Exploring Azure AD Identity Services 391 Preparing your lab environment 392 Understanding Azure AD B2B 393 Providing resource access to external partners (on-premise) 394 Exploring Azure AD B2C 397 Azure AD B2C tenant creation 398 Demo app registration 403 User flow creation 408 Visual Studio code modification 411 Comparing Azure AD B2B and B2C 417 Comparing AD FS with Azure B2B and B2C 417 Extending Active Directory solutions with Azure AD Domain Services 419 AD FS as an on-premise identity service for the cloud 423 Typical single-forest deployment 424 Two or more Active Directory forests running separate AD FS instances 424 Running one AD FS instance for multiple trusted forests 425 [ iv ]

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.