SlideShare a Scribd company logo

Azure AD Options

P
Prem Kumar

This document discusses various Azure Active Directory and mobile device management options. It compares hash sync versus pass-through authentication in Azure AD, registering devices versus joining devices, and different multi-factor authentication options like Authenticator, YubiKey, and Hello. It also covers the differences between cloud authentication and on-premises federation, and registering devices versus joining devices in Azure AD. Lastly, it provides a decision matrix for deploying multi-factor authentication and discusses Intune registration methods.

Technology
1 of 15
Azure AD & MDM Options
Design Decisions • Azure AD Authorization options: Hash Sync Vs Pass Through • Azure AD: Register Vs Join • Azure AD MFA: Authenticator Vs YubiKey Vs Hello
Azure AD
AD Federated Authentication On-Prem AD Authentication sent to Federation Server Internet Perimeter Azure AD On-premises Federation Proxy On-Prem Federation Server
Cloud Authentication vs Federation (ADFS) Cloud Federation Authentication Location In Cloud On-Prem Server Requirements None Two or more AD FS servers & WAP servers (in the perimeter/DMZ network) Network Requirements None(PHS)/ Outbound Internet Access(PTA) Inbound Internet Access & Network load balancing Advantages -Cost effective & Easiest deployment -Can login even if AD is down -High availability & Disaster recovery -Use Azure AD Identity Protection - More Intune feature sets -Authentication happens on-Prem -Immediate Account Lockout -Use ADFS Claim Rules -Azure AD Premium not required -Custom MFA provider
AD Password Hash Sync ADConnect On-premAD Password Hash Sync Password validated against Azure Hash* Internet Intranet Azure AD *MD4+salt+PBKDF2+HMAC-SHA256
AD Pass Through Authentication ADConnect On-premAD Credentials sent to On-Prem agent Internet Intranet AuthN Agent Azure AD
AAD Password Hash Sync Vs Pass Through Auth PHS PTA Password Location Azure AD (hash) On-Prem Account Lockout/Disable Next Cycle (disable) Immediate Azure AD Identity Protection Yes (Require Azure AD Premium P2 licenses) Advantages -Cost effective & Easiest deployment -Can login even if AD is down -Authentication happens on-Prem -Works with Azure Conditional access
Azure AD: Register vs Join Registering a device to Azure AD enables you to manage a device’s identity. When combined with a mobile device management(MDM) solution such as Intune, allows you to create conditional access rules that enforce access from devices to meet your standards for security and compliance Joining a device is an extension to registering a device; Provides all benefits of registration in addition to changing the local state of a device. This enables your users to sign-in to a device using an organizational work or school account
Azure AD: Register vs Join Register Join Hybrid Device Ownership Personal (BYOD) Firm Issued Firm Issued Device Type Win10 Devices Win8.1-10, Android, IOS (For devices that are not joined to an on- premises AD) Win7-10 PC’s (For devices that are joined to an on- premises AD) Registration/ Management • To manually register devices with Azure AD • MDM (Intune) • To manually register devices with Azure AD • To change the local state of a device • MDM (Intune) • To automatically register devices with Azure AD • To change the local state of a device • SCCM + GP Additional Functionality • Cloud + SSO • Conditional access using Intune • AD Connect + Device writeback • Windows Hello • Cloud + SSO • Conditional access using Intune • AD Connect + Device writeback • Windows Hello • Enterprise State Roaming • SSO • Access Win32 apps that rely on AD auth.
MFA Deployment: Decision Matrix Planning Considerations Decision Points Azure MFA verification options Authenticator, Call, SMS Network definition* Named locations or trusted IPs Azure conditional access policies* Cloud Apps, Users/Groups, Access Controls Azure MFA registration policy MFA for Everyone Or Limited to Admin Groups Remember MFA Yes/No (No of Days) Azure MFA rollout for users Pilot Deployment, Full Scale Rollout On-premises integration with Azure MFA Use with Legacy Apps, On-prem AD FS/Radius Apps?
Azure AD: 2FA Options Windows Hello Microsoft Authenticator FIDO2 Security Keys
Intune Registration Methods
14 Thank you
Authentication Decision Tree

Recommended

Introducing Azure SQL Database
Introducing Azure SQL DatabaseIntroducing Azure SQL Database
Introducing Azure SQL Database
James Serra
 
Benefits of the Azure cloud
Benefits of the Azure cloudBenefits of the Azure cloud
Benefits of the Azure cloud
James Serra
 
Microsoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global APIMicrosoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global API
C4Media
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
Neeraj Kumar
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Demystifying Data Warehousing as a Service (GLOC 2019)
Demystifying Data Warehousing as a Service (GLOC 2019)Demystifying Data Warehousing as a Service (GLOC 2019)
Demystifying Data Warehousing as a Service (GLOC 2019)
Kent Graziano
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 

Recommended

Introducing Azure SQL Database
Introducing Azure SQL DatabaseIntroducing Azure SQL Database
Introducing Azure SQL Database
James Serra
 
Benefits of the Azure cloud
Benefits of the Azure cloudBenefits of the Azure cloud
Benefits of the Azure cloud
James Serra
 
Microsoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global APIMicrosoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global API
C4Media
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
Neeraj Kumar
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Demystifying Data Warehousing as a Service (GLOC 2019)
Demystifying Data Warehousing as a Service (GLOC 2019)Demystifying Data Warehousing as a Service (GLOC 2019)
Demystifying Data Warehousing as a Service (GLOC 2019)
Kent Graziano
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
James Serra
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
Anoop Nair
 
Azure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdfAzure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdf
MaheshPandit16
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
Azure Availability Options
Azure Availability OptionsAzure Availability Options
Azure Availability Options
Emre Martin
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Chaitanya Atreya
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
Novosco
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft Private Cloud
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
Dinusha Kumarasiri
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
Amazon Web Services
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
Pedro Sousa
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
confluent
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
New Horizons Ireland
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architecture
Bui Kiet
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networking
AzureEzy1
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
Jason Condo
 
Cloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupCloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users Group
J.D. Wade
 

More Related Content

What's hot

Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
James Serra
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
Anoop Nair
 
Azure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdfAzure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdf
MaheshPandit16
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
Azure Availability Options
Azure Availability OptionsAzure Availability Options
Azure Availability Options
Emre Martin
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Chaitanya Atreya
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
Novosco
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft Private Cloud
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
Dinusha Kumarasiri
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
Amazon Web Services
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
Pedro Sousa
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
confluent
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
New Horizons Ireland
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architecture
Bui Kiet
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networking
AzureEzy1
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 

What's hot (20)

Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
 
Azure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdfAzure Data Factory Introduction.pdf
Azure Data Factory Introduction.pdf
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
 
Azure Availability Options
Azure Availability OptionsAzure Availability Options
Azure Availability Options
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations Presentation
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Real time data integration best practices and architecture
Real time data integration best practices and architectureReal time data integration best practices and architecture
Real time data integration best practices and architecture
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Az 104 session 5: Azure networking
Az 104 session 5: Azure networkingAz 104 session 5: Azure networking
Az 104 session 5: Azure networking
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 

Similar to Azure AD Options

Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
Jason Condo
 
Cloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupCloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users Group
J.D. Wade
 
M365 meetup hybrid identity well protected
M365 meetup hybrid identity well protectedM365 meetup hybrid identity well protected
M365 meetup hybrid identity well protected
Konrad Sagala
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
CoLaboraDK
 
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
Kenny Buntinx
 
Atea ems the next level
Atea ems the next levelAtea ems the next level
Atea ems the next level
Per Larsen
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
Robert Crane
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectRonny de Jong
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinha
Bipeen Sinha
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
SMB Authentication with Azure Ad
SMB Authentication with Azure AdSMB Authentication with Azure Ad
SMB Authentication with Azure Ad
Morro Data
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Max Fritz
 
Microsoft 365 UG Windows Autopilot 1st May 2019
Microsoft 365 UG Windows Autopilot 1st May 2019Microsoft 365 UG Windows Autopilot 1st May 2019
Microsoft 365 UG Windows Autopilot 1st May 2019
Andrew Bettany
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
Robin Vermeirsch
 

Similar to Azure AD Options (20)

Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
Cloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupCloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users Group
 
M365 meetup hybrid identity well protected
M365 meetup hybrid identity well protectedM365 meetup hybrid identity well protected
M365 meetup hybrid identity well protected
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
 
Atea ems the next level
Atea ems the next levelAtea ems the next level
Atea ems the next level
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD Connect
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinha
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
SMB Authentication with Azure Ad
SMB Authentication with Azure AdSMB Authentication with Azure Ad
SMB Authentication with Azure Ad
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Microsoft 365 UG Windows Autopilot 1st May 2019
Microsoft 365 UG Windows Autopilot 1st May 2019Microsoft 365 UG Windows Autopilot 1st May 2019
Microsoft 365 UG Windows Autopilot 1st May 2019
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

Azure AD Options

  • 1. Azure AD & MDM Options
  • 2. Design Decisions • Azure AD Authorization options: Hash Sync Vs Pass Through • Azure AD: Register Vs Join • Azure AD MFA: Authenticator Vs YubiKey Vs Hello
  • 4. AD Federated Authentication On-Prem AD Authentication sent to Federation Server Internet Perimeter Azure AD On-premises Federation Proxy On-Prem Federation Server
  • 5. Cloud Authentication vs Federation (ADFS) Cloud Federation Authentication Location In Cloud On-Prem Server Requirements None Two or more AD FS servers & WAP servers (in the perimeter/DMZ network) Network Requirements None(PHS)/ Outbound Internet Access(PTA) Inbound Internet Access & Network load balancing Advantages -Cost effective & Easiest deployment -Can login even if AD is down -High availability & Disaster recovery -Use Azure AD Identity Protection - More Intune feature sets -Authentication happens on-Prem -Immediate Account Lockout -Use ADFS Claim Rules -Azure AD Premium not required -Custom MFA provider
  • 6. AD Password Hash Sync ADConnect On-premAD Password Hash Sync Password validated against Azure Hash* Internet Intranet Azure AD *MD4+salt+PBKDF2+HMAC-SHA256
  • 7. AD Pass Through Authentication ADConnect On-premAD Credentials sent to On-Prem agent Internet Intranet AuthN Agent Azure AD
  • 8. AAD Password Hash Sync Vs Pass Through Auth PHS PTA Password Location Azure AD (hash) On-Prem Account Lockout/Disable Next Cycle (disable) Immediate Azure AD Identity Protection Yes (Require Azure AD Premium P2 licenses) Advantages -Cost effective & Easiest deployment -Can login even if AD is down -Authentication happens on-Prem -Works with Azure Conditional access
  • 9. Azure AD: Register vs Join Registering a device to Azure AD enables you to manage a device’s identity. When combined with a mobile device management(MDM) solution such as Intune, allows you to create conditional access rules that enforce access from devices to meet your standards for security and compliance Joining a device is an extension to registering a device; Provides all benefits of registration in addition to changing the local state of a device. This enables your users to sign-in to a device using an organizational work or school account
  • 10. Azure AD: Register vs Join Register Join Hybrid Device Ownership Personal (BYOD) Firm Issued Firm Issued Device Type Win10 Devices Win8.1-10, Android, IOS (For devices that are not joined to an on- premises AD) Win7-10 PC’s (For devices that are joined to an on- premises AD) Registration/ Management • To manually register devices with Azure AD • MDM (Intune) • To manually register devices with Azure AD • To change the local state of a device • MDM (Intune) • To automatically register devices with Azure AD • To change the local state of a device • SCCM + GP Additional Functionality • Cloud + SSO • Conditional access using Intune • AD Connect + Device writeback • Windows Hello • Cloud + SSO • Conditional access using Intune • AD Connect + Device writeback • Windows Hello • Enterprise State Roaming • SSO • Access Win32 apps that rely on AD auth.
  • 11. MFA Deployment: Decision Matrix Planning Considerations Decision Points Azure MFA verification options Authenticator, Call, SMS Network definition* Named locations or trusted IPs Azure conditional access policies* Cloud Apps, Users/Groups, Access Controls Azure MFA registration policy MFA for Everyone Or Limited to Admin Groups Remember MFA Yes/No (No of Days) Azure MFA rollout for users Pilot Deployment, Full Scale Rollout On-premises integration with Azure MFA Use with Legacy Apps, On-prem AD FS/Radius Apps?
  • 12. Azure AD: 2FA Options Windows Hello Microsoft Authenticator FIDO2 Security Keys

Editor's Notes

  1. https://samcogan.com/azure-active-directory-is-not-active-directory/
  2. https://samcogan.com/azure-active-directory-is-not-active-directory/ https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
  3. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-how-it-works https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
  4. Azure AD Identity Protection require Azure AD Premium P2 licenses.
  5. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs
  6. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-how-it-works https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
  7. Azure AD Identity Protection require Azure AD Premium P2 licenses.
  8. https://docs.microsoft.com/en-us/azure/active-directory/devices/overview
  9. https://docs.microsoft.com/en-us/azure/active-directory/devices/overview#summary
  10. Trusted IPs under Azure MFA Service Configuration need only be configured when you are not using Azure Conditional Access Policies Trusted IP ranges need only be defined when the Azure Active Directory tenant is managed (i.e. not federated with Active Directory Federation Services) Multi-Factor Authentication
  11. https://blogs.technet.microsoft.com/microscott/managing-windows-10-with-intune-the-many-ways-to-enrol/
  12. https://blogs.technet.microsoft.com/microscott/managing-windows-10-with-intune-the-many-ways-to-enrol/