Scribd
Upload
138 views29 pages

Implement Azure AD

This document provides an overview of implementing Azure Active Directory (Azure AD). It covers creating and managing Azure AD directories, configuring application integration with Azure AD, and an overview of Azure AD Premium. Some key topics include adding custom domains, managing users and groups, configuring multi-factor authentication for admin accounts, adding applications to Azure AD, and enabling single sign-on. The document also includes instructions for a lab to administer an Azure AD tenant, configure single sign-on, and test multi-factor authentication.

Uploaded by

Alok Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
138 views29 pages

Implement Azure AD

This document provides an overview of implementing Azure Active Directory (Azure AD). It covers creating and managing Azure AD directories, configuring application integration with Azure AD, and an overview of Azure AD Premium. Some key topics include adding custom domains, managing users and groups, configuring multi-factor authentication for admin accounts, adding applications to Azure AD, and enabling single sign-on. The document also includes instructions for a lab to administer an Azure AD tenant, configure single sign-on, and test multi-factor authentication.

Uploaded by

Alok Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29

Module 10

Implement Azure AD
Module Overview

Create and Manage Azure AD Directories


Configuring Application Integration with Azure AD
• Overview of Azure AD Premium
Lesson 1: Create and Manage Azure AD Directories

Demonstration: Prepare the Environment


Active Directory as a Component of Azure
Overview of Azure Active Directory
Manage Custom Domains
Demonstration: Adding a Custom Domain
Manage Users and Groups by Using Azure
Management Portal and Azure PowerShell
Manage Multi-Factor Authentication for Admin
Accounts
Demonstration: Configuring Multi-Factor
Authentication
Demonstration: Prepare the Environment

• Sign in to your Microsoft Azure subscription


• Enable preview features
• Prepare the Azure environment
Active Directory as a Component of Azure

Compute Data Services Network Services


Virtual Machines Storage Virtual Networks

PaaS Cloud Services SQL Database Traffic Manager

Websites Backup ExpressRoute

Mobile Services Site Recovery

App Services
Media Services Active Directory Automation

Service Bus MFA CDNs

Push Notifications
Overview of Azure Active Directory

On-premises
Active Directory

Active Directory
on Azure VM

Azure Active
Directory
Manage Custom Domains

Custom domain tasks:


• Add a custom domain to the existing Azure AD
directory
• Verify a custom domain
• Change the primary domain
Demonstration: Adding a Custom Domain

In this demonstration, you will see how to:


• Connect to the full Azure portal
• Add a custom domain and view the verification
DNS records
Manage Users and Groups by Using Azure
Management Portal and Azure PowerShell

Users tasks:
• Add, edit, delete a user
• Reset user's password
Group tasks:
• Add, edit, delete a group
• Manage group membership
Tools:
• Portal
• PowerShell
• Bulk creation and editing versus directory sync
Manage Multi-Factor Authentication for Admin Accounts

Azure Multi-Factor Authentication (MFA) adds a


second level of authentication:
• text message
• phone call
• mobile app

• Global Administrators can use free subset of MFA


features

• Global Administrator MFA does not require


Multi-Factor Auth provider
Demonstration: Configuring Multi-Factor Authentication

In this demonstration, you will see how to:


• Create a new directory called AdatumDemo
• Create a new Global Administrator user account
• Configure multi-factor authentication for the new
user
• Set up multi-factor authentication for the new
user
Manage Multiple Azure AD Directories

Uses for multiple directories:


• Live directory
• Test directory
• Sync directory
• Multiple cloud services:
• Azure
• Office 365
• Intune

• Users from one directory can be added to


another directory
Lesson 2: Configuring Application Integration
with Azure AD

Overview of Application Access Enhancements in


Azure AD
Adding Gallery Applications to Azure AD
Adding Custom Azure AD-aware Web Apps to
Azure AD
• Managing Multi-Tenant Applications
Overview of Application Access Enhancements in
Azure AD

• Single sign-on
• Account sync
• Centralized application access management
• Unified reporting and monitoring
Adding Gallery Applications to Azure AD

• AD application gallery:
http://azure.microsoft.com/en-us/gallery/active-
directory/

• Gallery apps provide:


• Identity and access management
• User access panel:
• Lists users' applications
• Single sign-on (SSO) access to applications
• No application-specific passwords
Adding Custom Azure AD-aware Web Apps to Azure AD

1. Register web app in Azure AD tenant.


2. Add logic or code to web app:
a) Unauthenticated requests blocked and redirected
b) Authenticated requests granted access
Managing Multi-Tenant Applications
Application

2 Sign-In Page

3
1 T 6
AAD tenant 2

4 AAD tenant 1
T

T Token
Lesson 3: Overview of Azure AD Premium

Features in Azure AD Premium


Technical Scenarios for Azure Multi-Factor
Authentication
Configuring Advanced Multi-Factor Authentication
Settings
Demonstration: Configuring and Using Azure AD
Premium AD Multi-Factor Authentication
Multi-Factor Authentication for On-Premises
Resources
• Azure AD Application Proxy
Features in Azure AD Premium

• Company branding
• Group-based application access
• Self-service password reset
• Self-service group management
• Advanced security reports and alerts
• Multi-Factor Authentication
• Password reset
• Azure AD Sync bidirectional synchronization
• Azure AD Application Proxy
• Enterprise SLA of 99.9 percent
Technical Scenarios for Azure Multi-Factor Authentication

• Azure Multi-Factor Authentication can be used to


provide:
• Multi-Factor Authentication for Office 365
• Azure Multi-Factor Authentication options for
Federated Users

• Azure Multi-Factor Authentication can be used


with Remote Desktop Gateway using RADIUS
• Azure Multi-Factor Authentication can be used
with Active Directory Federation Services
Configuring Advanced Multi-Factor Authentication
Settings

• Fraud Alert
• One-Time Bypass
• Custom Voice Messages
• Trusted IPs
• App Passwords
Demonstration: Configuring and Using Azure AD
Premium AD Multi-Factor Authentication

In this demonstration, you will see how to:


• Create a multi-factor authentication provider
• Configure fraud alerts
• View fraud alert reports
• Configure one-time bypass settings
• Create a one-time bypass
• Configure voice messages
• Configure trusted IP addresses
• Enable users to create app passwords
Multi-Factor Authentication for On-Premises Resources

How to enable Azure Multi-Factor Authentication


Server:
1. Install Azure Multi-Factor Authentication
Server.
2. Configure Azure Multi-Factor Authentication
Server.
3. Install Azure Multi-Factor Authentication Users
Portal.
4. Initiate user enrollment and self-management.
5. Deploy Azure Multi-Factor Authentication
Server Mobile App Web Service.
Azure AD Application Proxy

• Use Azure AD to manage access to internal


browser-based applications, such as:
• SharePoint Sites
• Outlook Web Access
• IIS-based applications

• Make apps available to authenticated users only


• Uses a cloud proxy hosted in Azure
Lab: Implementing Azure Active Directory

Exercise 1: Administering Azure AD


Exercise 2: Configure Single Sign-On
• Exercise 3: Configuring Multi-Factor
Authentication

Logon Information
Virtual Machine: 20533B-MIA-CL1
User Name: Student
Password: Pa$$w0rd

Estimated Time: 45 minutes


Lab Scenario

The IT department at A. Datum currently uses on-


premises Active Directory, and a range of AD-
aware applications. As part of A. Datum’s
evaluation of Microsoft Azure, you need to test
the migration of some users from on-premises
Active Directory to Azure AD. As part of this
testing, you need to create some pilot users and
groups in Azure AD.
 A. Datum are also planning to deploy Azure-
aware applications, and require users to use single
sign-on for these applications. There is then no
additional administration overhead in maintaining
separate user accounts for each application.
Lab Scenario (continued)

As part of A. Datum’s evaluation of Microsoft


Azure, you need to install and configure a test
application, and confirm successful single sign-on.
 A. Datum also require applications to use multi-
factor authentication for all authentication requests
from outside the company intranet. As part of A.
Datum’s evaluation of Microsoft Azure, you need to
configure and test MFA for global administrators.
Lab Review

• Which PowerShell module do you use to manage


user accounts in Microsoft Azure?
• What do you have to do to enable single sign-on
for Azure AD gallery applications?
• What MFA provider settings are required in order
to enable MFA for Azure global administrators?
Module Review and Takeaways

• Review Question(s)

You might also like