7. WWW.COLLAB365.EVENTS
What is Azure Active Directory?
A comprehensive identity and access management
cloud solution
It combines directory services, advanced identity
governance, application access management and
a rich standards-based platform for developers
Azure Active Directory Premium is an advanced
offering that includes IAM capabilities for on-
premises, hybrid and cloud environments
8. WWW.COLLAB365.EVENTS
Identity and Access Management for the Cloud
Provides a robust set of capabilities to
manage users and groups
Comes in three editions
Free, Basic, Premium
https://msdn.microsoft.com/library/azure/dn
532272.aspx
9. WWW.COLLAB365.EVENTS
Simplify user access to any cloud app
Enable single sign-on to thousands of cloud
applications from Windows, Mac, Android
and iOS devices.
Works with third party identity providers.
10. WWW.COLLAB365.EVENTS
Protect access to enterprise apps
Built-in security features, like “you
can’t be in two places at once”
Security reporting that tracks
inconsistent access patterns, analytics
and alerts.
11. WWW.COLLAB365.EVENTS
Protect access to enterprise apps
Security reporting that tracks
inconsistent access patterns,
analytics, and alerts.
Ensure secure access by
enabling MFA
17. WWW.COLLAB365.EVENTS
Identity and Access Management for the Cloud
Synchronizes users, passwords, security groups, distribution lists, contacts,
and conference rooms.
Enables unified Global Address List with Exchange Online
Support multiple sync scenarios i.e. DirSync, DirSync/Password,
DirSync/SSO
18. WWW.COLLAB365.EVENTS
Directory Quota Limit
Up to 50k objects with no verified domain
Up to 500k objects with first verified domain
Each tenant is only granted one increase
Unlimited if you have Azure Active Directory Basic or Premium
subscription
19. WWW.COLLAB365.EVENTS
Synchronization interval
Default every 3 hours.
Can be modified by updating
Microsoft.Online.DirSync.Scheduler.exe.Config
Find the key: <add key="SyncTimeInterval" value="3:0:0"
/> and replace value with your desired time.
Restart the Windows Azure Active Directory Sync Service
20. WWW.COLLAB365.EVENTS
Password Sync
Does not mean its SSO as there is not token sharing
Passwords are synchronized every two minutes
The synchronization of a password has no impact on currently logged on
users.
21. WWW.COLLAB365.EVENTS
Source of Authority
Location which is original source of Active Directory objects
Azure AD requires a single source of authority for every object.
By default, Azure AD directory objects are mastered in the cloud.
22. WWW.COLLAB365.EVENTS
Changing Source of Authority
Three scenarios where source of authority may get changed for an object
Activate
Deactivate
Reactivate*
24. WWW.COLLAB365.EVENTS
Directory Sync
Most commonly-known product is the Directory Sync tool (DirSync).
Download link from the Office 365 portal.
Relies on Forefront Identity Manager (FIM) for Synchronization.
25. WWW.COLLAB365.EVENTS
Azure Active Directory Synchronization (AAD Sync)
Successor to DirSync and eventually will replace DirSync.
Supports Multi-Forest Synchronization.
Advanced provisioning, mapping and filtering rules for objects and
attributes.
26. WWW.COLLAB365.EVENTS
Azure Active Directory Connect
At some point in the future AADConnect will be the single choice.
Will also assist you to set up AD FS
AADConnect will simplify the deployment and configuration of your end-
to-end identity setup.
COMPARE FEATURES:
https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx
28. WWW.COLLAB365.EVENTS
Directory Synchronization Computer - OS
64-bit edition of Windows Server 2008 Standard, Enterprise, or
Datacenter edition with SP1 or later
Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition
with SP1 or later
Windows Server 2012 Standard or Datacenter
Windows Server 2012 R2 Standard or Datacenter
29. WWW.COLLAB365.EVENTS
Directory Synchronization Computer
It must be joined to Active Directory.
It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft
.NET Framework 4.5.1
It must run Windows PowerShell
It must be located in an access-controlled environment.
30. WWW.COLLAB365.EVENTS
Directory Synchronization – Domain Controller
Windows Server 2003 forest functional mode or higher
32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise
Edition with Service Pack 1 (SP1)
32-bit or 64-bit edition of the Windows Server 2008 STD or ENT,
Windows Server 2008 R2 Standard or Enterprise, or Windows Server
2008 Datacenter or Windows Server 2008 R2 Datacenter.
Windows Server 2012 Standard or Datacenter.
31. WWW.COLLAB365.EVENTS
Permissions
You must have administrator permissions for the following:
The computer running the Directory Sync tool.
Your company’s local Active Directory.
Your company’s Microsoft cloud service administrator account.
32. WWW.COLLAB365.EVENTS
DirSync on Domain Controller
DirSync can be installed on Domain Controller
Steps to install DirSync on a DC is exactly the same.
Just because you can does not mean you should.
Follow the best practice and install DirSync on separate server.
35. WWW.COLLAB365.EVENTS
Sign up for Azure free one month trial
http://azure.microsoft.com/en-us/pricing/free-trial/
Create Domain Controller in Azure using the following HOL
http://azure.microsoft.com/en-us/documentation/articles/active-
directory-new-forest-virtual-machine/
Sign-up for Office 365 trial (30 day)
https://portal.office.com/partner/partnersignup.aspx?type=Trial&id
=3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477
37. Join us at #SharePint sponsored by Kemp Technologies at
World of Beer of Reston in the Towncenter just across
the bridge
Why? To network with fellow SharePoint professionals
What? SharePint!!!
When? 6:15 PM
Where?
World of Beer Reston
1888 Explorer Street
Reston, VA 20190
Thanks to
Kemp Technologies