Azure AD Refresh of new features and options released during Ignite and afterward. A look into new future features to enforce governance upon cloud applications and service principals
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
Improve security posture by implementing new Azure AD Security features for better protection for M365 and Azure.
Azure AD Enterprise Application
Azure AD Application Registration
https://www.meetup.com/CoLabora/events/284462324/
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
This document discusses basic governance in Azure, including Azure AD PIM, Azure Locks, and Azure AD Access Review. It provides an overview of Azure Sentinel for security information and event management. It also discusses managing secrets with Azure Key Vault and using managed identities for Azure resources.
The document summarizes a meeting about connecting on-premises identities to Azure Active Directory. It discusses the options of Azure PTA, ADFS, and desktop SSO. It provides details on how Pass-Through Authentication and Desktop SSO work, including the setup process and runtime flows. It also compares PTA and SSO to ADFS, covering what each option offers and required ports.
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGRoy Kim
A presentation at a technology meetup.
Roy Kim will walk through various access scenarios and capabilities using Azure AD services and features to access SharePoint 2013/2016 server. This will include a comparison between AD Connect + Azure Application Proxy to publish an internal SharePoint application and 3rd Party Auth0 to assist in federating Azure AD and SSO integration. And also the recently supported Azure AD SAML 1.1 Token.
Roy will go through a demo, its architecture, and commentary of pros and cons. At the end you will have a good understanding of the technology capabilities to determine supporting access and user management scenarios.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Roy Kim
Azure Kubernetes Service (AKS) is a managed container orchestration service. With Kubernetes continuing to grow in popularity, many developers and IT engineers are curious to get started. Roy will demonstrate hosted microservices applications and the Istio service mesh. Along with how to manage your cluster with the Kubernetes Dashboard, Prometheus, Grafana and Azure Monitor. You will see a practical overview how all these pieces fit together.
www.roykim.ca
Twitter: @RoyKimYYZ
Github: https://github.com/RoyKimYYZ
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
This document provides an overview of monitoring, managing, and securing Microsoft Azure. It discusses various Azure services for monitoring like Azure Monitor and Application Insights. It also covers managing Azure through tools like Azure Advisor, log analytics, and Azure governance features. Finally, it outlines steps for securing Azure such as using Azure Active Directory, Privileged Identity Management, and security-related services. The document provides guidance on skills needed for working with Azure and recommends certifications and additional learning resources.
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
Improve security posture by implementing new Azure AD Security features for better protection for M365 and Azure.
Azure AD Enterprise Application
Azure AD Application Registration
https://www.meetup.com/CoLabora/events/284462324/
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
This document discusses basic governance in Azure, including Azure AD PIM, Azure Locks, and Azure AD Access Review. It provides an overview of Azure Sentinel for security information and event management. It also discusses managing secrets with Azure Key Vault and using managed identities for Azure resources.
The document summarizes a meeting about connecting on-premises identities to Azure Active Directory. It discusses the options of Azure PTA, ADFS, and desktop SSO. It provides details on how Pass-Through Authentication and Desktop SSO work, including the setup process and runtime flows. It also compares PTA and SSO to ADFS, covering what each option offers and required ports.
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGRoy Kim
A presentation at a technology meetup.
Roy Kim will walk through various access scenarios and capabilities using Azure AD services and features to access SharePoint 2013/2016 server. This will include a comparison between AD Connect + Azure Application Proxy to publish an internal SharePoint application and 3rd Party Auth0 to assist in federating Azure AD and SSO integration. And also the recently supported Azure AD SAML 1.1 Token.
Roy will go through a demo, its architecture, and commentary of pros and cons. At the end you will have a good understanding of the technology capabilities to determine supporting access and user management scenarios.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Roy Kim
Azure Kubernetes Service (AKS) is a managed container orchestration service. With Kubernetes continuing to grow in popularity, many developers and IT engineers are curious to get started. Roy will demonstrate hosted microservices applications and the Istio service mesh. Along with how to manage your cluster with the Kubernetes Dashboard, Prometheus, Grafana and Azure Monitor. You will see a practical overview how all these pieces fit together.
www.roykim.ca
Twitter: @RoyKimYYZ
Github: https://github.com/RoyKimYYZ
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
This document provides an overview of monitoring, managing, and securing Microsoft Azure. It discusses various Azure services for monitoring like Azure Monitor and Application Insights. It also covers managing Azure through tools like Azure Advisor, log analytics, and Azure governance features. Finally, it outlines steps for securing Azure such as using Azure Active Directory, Privileged Identity Management, and security-related services. The document provides guidance on skills needed for working with Azure and recommends certifications and additional learning resources.
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
การเพิ่มความปลอดภัยของการ Authentication ในรูปแบบต่างๆ โดย Azure Active Directory (AAD)
เช่น MFA (Multi Factor Authentication), Conditional Access and Windows Hello for Business
โดยคุณธัญพล ษณะนาคินทร์
Microsoft MVP (Azure)
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
This presentation covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.
This is the Lesson 4 of the "Azure Governance - Free training" serie.
This document presents Azure Policy in-depth and lists all key items you should now when designing your Azure Policy Model.
Finally, the document describes all methods/tools (GUI & CLI) you can use to create, manage and assign Policy (Definition and Initiative Definition) to your Azure environment.
Creating and using a Custom Policies is also detailed on this document.
This document provides information about an instructor named Mika Seitsonen. It includes his qualifications such as degrees from the University of Nottingham and Lappeenranta University of Technology. It also lists his certifications and experience as a senior consultant specializing in technology experts at Sovelto. The rest of the document discusses topics around Azure Active Directory including what it is, its editions, features, and how it can be used to manage user identities and applications in the cloud and on-premises.
This document provides an overview of Azure Active Directory and its capabilities for identity and access management. It discusses key use cases such as providing secure access to applications, protecting access to resources from threats, automating user lifecycle management, and complying with regulations. It describes Azure AD features for conditional access, multi-factor authentication, application management, user provisioning, privileged identity management, and more. The document also compares Azure AD and Azure AD B2C and their suitability for business and consumer-facing applications respectively.
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It authenticates over 1 trillion times since release and manages identity data for over 5 million organizations, including 86% of Fortune 500 companies using Microsoft Cloud services. Azure AD provides single sign-on, multi-factor authentication, and application access management across devices and platforms.
Windows Azure Active Directory presentation will show you how to set up your Azure AD account and how to connect existing ASP.NET MVC Web Application with Azure Active Directory to provide Single-Sign-On
This document summarizes a presentation about security on AWS. It discusses that security is a shared responsibility between AWS and customers. AWS provides security capabilities across people and procedures, network security, physical security, and platform security. Customers are responsible for security controls like access management, data handling, and incident response. The presentation emphasizes that customers have visibility, auditability, and control over their environments on AWS to securely manage access, encrypt data, and monitor systems. It provides examples of how AWS services like CloudTrail, IAM, and encryption help customers securely use AWS.
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
Learn how to hack Windows machines and reveal the password of the domain admin by hacking into the memory and Windows Services. This is Level 400 content with a lot of demos and it covers many security technologies like machine learning, post-breach defensive and pre-preach defensive controls.
I presented this session in the first BSides Security conference in Amman-Jordan and I am sharing the slides as requested by the audience.
I am also going to post the full video on my Youtube Channel: http://youtube.com/ammarhasayen , so, don't forget to subscribe.
I would like to hear your feedback on my session, so please connect with me on twitter @ammarhasayen and let me know what do you think.
About me: http://ahasayen.com
Blog: http://blog.ahasayen.com
Social Media (Twiiter, LinkedIn, Instagram): @ammarhasayen
Windows Advanced Threat and Defensive Technique
The document summarizes an Azure Saturday event on Azure governance. It discusses why governance is important, defines Azure governance, and covers key Azure governance tools and methods including tags, templates, and policies. The presentation provides examples and explanations of each tool and discusses how they help organize, standardize, and control access to Azure resources.
Azure Backup simplifies cloud backup and recovery strategies. It provides automatic storage management with unlimited scaling across multiple storage options. Backups can be application-consistent and have long-term retention without data limits. Azure Backup uses agents, servers, and encryption during the backup process from on-premise to Azure storage. Pricing information is also provided.
The document discusses how IT is transforming to play a more strategic role through increased cloud adoption. This is driving the need to better organize and govern resources as well as modernize applications to improve ROI. It provides an overview of key Azure services for security, monitoring, automation, governance, and resiliency to securely manage hybrid cloud environments at scale.
The document provides information about upcoming presentations for the Brisbane Azure User Group (BAUG) from February 2021 to December 2021. It also includes announcements about new Azure services and capabilities like Azure Static Web Apps going generally available, NVIDIA A100 GPU clusters on Azure, and Azure Cosmos DB features. Opportunities with Deloitte related to cloud integration skills are mentioned. Links to blog posts about new Azure capabilities like Bicep and Azure application services running on Azure Arc are provided.
Overview of Azure AD
Deployment lessons from the real world
Outline items that can accelerate your deployment
Avoid things that can slow you down
Deep Dive on common technical challenges and how to overcome them
The document discusses several features of Azure Active Directory (Azure AD) including:
1) Azure AD delegated application management, Terms of Use, Access Review, and integration with Azure Log Analytics which allows sending Azure AD logs to Log Analytics for analysis.
2) Azure AD Terms of Use provides a method for organizations to present information to end users and require consent before access.
3) Azure AD Access Review allows recertifying access for guest users, employees, and access to applications and groups.
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
The document provides an overview of lessons learned from the front lines of incident response. It discusses common causes of customer security events like insecure AWS resource configurations, unintended disclosure of credentials, and lack of vulnerability management. It outlines critical security patterns to prevent and detect these issues using AWS services like IAM, GuardDuty, and Security Hub. The presentation aims to help customers reduce security risks and recommends next steps like improving the top 10 security items in their AWS accounts.
Microsoft Azure provides cloud services for small and medium-sized businesses that offer flexibility and cost savings. Key benefits include only paying for resources used so there are no upfront costs, usage-based billing down to the minute so customers don't pay when virtual machines are stopped, and the ability to easily scale services up or down as needed. Microsoft sees continued momentum and growth in Azure subscriptions, databases, storage objects, developers, and other metrics. Azure aims to be the most trusted public cloud with enterprise-grade security, privacy protections, and compliance with standards for government use and sensitive data.
Azure Networking, Azure Storage, Enterprise Azure Active Directory, Daemon or Server application authentication workflow, Worker processes, Daemon, Daemon application to Web API, Azure Active Directory in old azure portal, ASM, Azure active directory and Mutl-tenant applications, Sharding, Federation, Shared singe, RBAC, Differences between AAD and AD DS, Azure AD Subscription models, Azure Domain Names, Manage Users, Groups,Co-Admin Role, Default Azure Active Directory, Adding access to another azure subscription. Contributor, Owner , Roles in Azure Subscriptions, Roles, MFA, Multi-Factor Authentication, How does MFA works, Scenarios for Azure MFA, Setting up MFA in Azure AD, Setting MFA, Azure Authenticator, Hybrid AD solutions, AD DS, Federated Trust, Domain Controller, AD, AAD Connecter, AD FS, AAD, Active Directory Password synchronization, Benefits of Active Directory, Active Directory Replication, vulnerabilities with multiple Domain Controller, Azure AD features, Synchronization with AD Connect, Write-back policies, Azure AD Health COnnect, Installing Azure AD COnnect Health,Integrating Azure AD and SaaS Applications, Benefits of using SaaS Solutions with your products, Benefits of SaaS Solutions, Azure Marketplace, DropBox Integrations with AAD, New Relic Integrations, New Relic, Dropbox, Azure AD Enterprise Application, VSTS integration for Automated Builds, Federation Overview, Claims, Single Sign On, Federated Trusts, Claim based authentications, Federated trusts, Claims Processing, Web Application Proxy, ADFS Proxy, ADFS 2.0 Proxy, How does ADFS proxy works for internal users, How does ADFS proxy works for internal users,Azure AD B2C Directory, B2C applications, Business 2 Customers application, 3rd Party Authentication, Bearer Token, OAuth, 3rd Party Identity Provider, OAuth server, Azure AD B2C Authentication & Authorization, Implementing Azure AD B2C Directory, Setting up Single Sign On with Facebook, Google, Microsoft. Linkedin, SignUP Policies, SignIN Policies, Email SignUp, SignUpSignIN PolicyID, Configuring Application with Azure Application ID,Modern Applications, Requirements for Modern Apps, API, Logic Applications, Mobile App, Web App, Function App, Go To Market, Microsoft Application Platform, App Service Plan, App Service Environment - Private Infrastructure, Why use App Service, App service Features & Capabilities, Azure App Service, Virtual Machine, Service Fabric & Cloud Services Comparison, Creating a Mobile App, Swagger UI, API Apps, API management, API APPS & API Management, Implementing API APP via Visual Studio,
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
การเพิ่มความปลอดภัยของการ Authentication ในรูปแบบต่างๆ โดย Azure Active Directory (AAD)
เช่น MFA (Multi Factor Authentication), Conditional Access and Windows Hello for Business
โดยคุณธัญพล ษณะนาคินทร์
Microsoft MVP (Azure)
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
This presentation covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.
This is the Lesson 4 of the "Azure Governance - Free training" serie.
This document presents Azure Policy in-depth and lists all key items you should now when designing your Azure Policy Model.
Finally, the document describes all methods/tools (GUI & CLI) you can use to create, manage and assign Policy (Definition and Initiative Definition) to your Azure environment.
Creating and using a Custom Policies is also detailed on this document.
This document provides information about an instructor named Mika Seitsonen. It includes his qualifications such as degrees from the University of Nottingham and Lappeenranta University of Technology. It also lists his certifications and experience as a senior consultant specializing in technology experts at Sovelto. The rest of the document discusses topics around Azure Active Directory including what it is, its editions, features, and how it can be used to manage user identities and applications in the cloud and on-premises.
This document provides an overview of Azure Active Directory and its capabilities for identity and access management. It discusses key use cases such as providing secure access to applications, protecting access to resources from threats, automating user lifecycle management, and complying with regulations. It describes Azure AD features for conditional access, multi-factor authentication, application management, user provisioning, privileged identity management, and more. The document also compares Azure AD and Azure AD B2C and their suitability for business and consumer-facing applications respectively.
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It authenticates over 1 trillion times since release and manages identity data for over 5 million organizations, including 86% of Fortune 500 companies using Microsoft Cloud services. Azure AD provides single sign-on, multi-factor authentication, and application access management across devices and platforms.
Windows Azure Active Directory presentation will show you how to set up your Azure AD account and how to connect existing ASP.NET MVC Web Application with Azure Active Directory to provide Single-Sign-On
This document summarizes a presentation about security on AWS. It discusses that security is a shared responsibility between AWS and customers. AWS provides security capabilities across people and procedures, network security, physical security, and platform security. Customers are responsible for security controls like access management, data handling, and incident response. The presentation emphasizes that customers have visibility, auditability, and control over their environments on AWS to securely manage access, encrypt data, and monitor systems. It provides examples of how AWS services like CloudTrail, IAM, and encryption help customers securely use AWS.
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
Learn how to hack Windows machines and reveal the password of the domain admin by hacking into the memory and Windows Services. This is Level 400 content with a lot of demos and it covers many security technologies like machine learning, post-breach defensive and pre-preach defensive controls.
I presented this session in the first BSides Security conference in Amman-Jordan and I am sharing the slides as requested by the audience.
I am also going to post the full video on my Youtube Channel: http://youtube.com/ammarhasayen , so, don't forget to subscribe.
I would like to hear your feedback on my session, so please connect with me on twitter @ammarhasayen and let me know what do you think.
About me: http://ahasayen.com
Blog: http://blog.ahasayen.com
Social Media (Twiiter, LinkedIn, Instagram): @ammarhasayen
Windows Advanced Threat and Defensive Technique
The document summarizes an Azure Saturday event on Azure governance. It discusses why governance is important, defines Azure governance, and covers key Azure governance tools and methods including tags, templates, and policies. The presentation provides examples and explanations of each tool and discusses how they help organize, standardize, and control access to Azure resources.
Azure Backup simplifies cloud backup and recovery strategies. It provides automatic storage management with unlimited scaling across multiple storage options. Backups can be application-consistent and have long-term retention without data limits. Azure Backup uses agents, servers, and encryption during the backup process from on-premise to Azure storage. Pricing information is also provided.
The document discusses how IT is transforming to play a more strategic role through increased cloud adoption. This is driving the need to better organize and govern resources as well as modernize applications to improve ROI. It provides an overview of key Azure services for security, monitoring, automation, governance, and resiliency to securely manage hybrid cloud environments at scale.
The document provides information about upcoming presentations for the Brisbane Azure User Group (BAUG) from February 2021 to December 2021. It also includes announcements about new Azure services and capabilities like Azure Static Web Apps going generally available, NVIDIA A100 GPU clusters on Azure, and Azure Cosmos DB features. Opportunities with Deloitte related to cloud integration skills are mentioned. Links to blog posts about new Azure capabilities like Bicep and Azure application services running on Azure Arc are provided.
Overview of Azure AD
Deployment lessons from the real world
Outline items that can accelerate your deployment
Avoid things that can slow you down
Deep Dive on common technical challenges and how to overcome them
The document discusses several features of Azure Active Directory (Azure AD) including:
1) Azure AD delegated application management, Terms of Use, Access Review, and integration with Azure Log Analytics which allows sending Azure AD logs to Log Analytics for analysis.
2) Azure AD Terms of Use provides a method for organizations to present information to end users and require consent before access.
3) Azure AD Access Review allows recertifying access for guest users, employees, and access to applications and groups.
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
The document provides an overview of lessons learned from the front lines of incident response. It discusses common causes of customer security events like insecure AWS resource configurations, unintended disclosure of credentials, and lack of vulnerability management. It outlines critical security patterns to prevent and detect these issues using AWS services like IAM, GuardDuty, and Security Hub. The presentation aims to help customers reduce security risks and recommends next steps like improving the top 10 security items in their AWS accounts.
Microsoft Azure provides cloud services for small and medium-sized businesses that offer flexibility and cost savings. Key benefits include only paying for resources used so there are no upfront costs, usage-based billing down to the minute so customers don't pay when virtual machines are stopped, and the ability to easily scale services up or down as needed. Microsoft sees continued momentum and growth in Azure subscriptions, databases, storage objects, developers, and other metrics. Azure aims to be the most trusted public cloud with enterprise-grade security, privacy protections, and compliance with standards for government use and sensitive data.
Azure Networking, Azure Storage, Enterprise Azure Active Directory, Daemon or Server application authentication workflow, Worker processes, Daemon, Daemon application to Web API, Azure Active Directory in old azure portal, ASM, Azure active directory and Mutl-tenant applications, Sharding, Federation, Shared singe, RBAC, Differences between AAD and AD DS, Azure AD Subscription models, Azure Domain Names, Manage Users, Groups,Co-Admin Role, Default Azure Active Directory, Adding access to another azure subscription. Contributor, Owner , Roles in Azure Subscriptions, Roles, MFA, Multi-Factor Authentication, How does MFA works, Scenarios for Azure MFA, Setting up MFA in Azure AD, Setting MFA, Azure Authenticator, Hybrid AD solutions, AD DS, Federated Trust, Domain Controller, AD, AAD Connecter, AD FS, AAD, Active Directory Password synchronization, Benefits of Active Directory, Active Directory Replication, vulnerabilities with multiple Domain Controller, Azure AD features, Synchronization with AD Connect, Write-back policies, Azure AD Health COnnect, Installing Azure AD COnnect Health,Integrating Azure AD and SaaS Applications, Benefits of using SaaS Solutions with your products, Benefits of SaaS Solutions, Azure Marketplace, DropBox Integrations with AAD, New Relic Integrations, New Relic, Dropbox, Azure AD Enterprise Application, VSTS integration for Automated Builds, Federation Overview, Claims, Single Sign On, Federated Trusts, Claim based authentications, Federated trusts, Claims Processing, Web Application Proxy, ADFS Proxy, ADFS 2.0 Proxy, How does ADFS proxy works for internal users, How does ADFS proxy works for internal users,Azure AD B2C Directory, B2C applications, Business 2 Customers application, 3rd Party Authentication, Bearer Token, OAuth, 3rd Party Identity Provider, OAuth server, Azure AD B2C Authentication & Authorization, Implementing Azure AD B2C Directory, Setting up Single Sign On with Facebook, Google, Microsoft. Linkedin, SignUP Policies, SignIN Policies, Email SignUp, SignUpSignIN PolicyID, Configuring Application with Azure Application ID,Modern Applications, Requirements for Modern Apps, API, Logic Applications, Mobile App, Web App, Function App, Go To Market, Microsoft Application Platform, App Service Plan, App Service Environment - Private Infrastructure, Why use App Service, App service Features & Capabilities, Azure App Service, Virtual Machine, Service Fabric & Cloud Services Comparison, Creating a Mobile App, Swagger UI, API Apps, API management, API APPS & API Management, Implementing API APP via Visual Studio,
This document provides an overview of a training module on Microsoft Azure Active Directory. The training will cover configuring access to SaaS applications, multi-factor authentication, premium features of Azure AD, and running Windows Server AD workloads in Azure Virtual Machines. It consists of 7 modules that introduce Azure, cover Azure Virtual Machines, networking, Azure AD, cloud services/websites, and SQL Server/SharePoint. The instructor is introduced as well.
Dirk-jan Mollema
How does one research the cloud? With solutions such as Azure AD and Office 365, the underlying platform architecture and designs are not publicly documented or accessible in the same way as on-premise. This makes analyzing the security of the platform harder for external researchers. In this talk I will explain the journey and discoveries of a year of trying to understand Azure AD, including the vulnerabilities discovered in the process. This ranges from gathering information about Azure AD via undocumented APIs to installing invisible backdoors and escalating privileges via limited roles or via the link with on-premise. While some of these vulnerabilities have been resolved, several of these are unintended consequences of Azure AD's architecture and thus are important to consider when evaluating the security of your Azure AD environment. A basic understanding of Azure AD, Office 365 and its terminology is assumed for this talk.
The document provides an overview of securing identity infrastructure in Azure. It discusses five key steps:
1. Strengthening credentials by implementing strong authentication like multi-factor authentication and password policies.
2. Reducing the attack surface by blocking legacy authentication protocols and restricting access points.
3. Automating threat response with tools like Azure AD Identity Protection for automated risk detection and remediation.
4. Utilizing cloud intelligence by monitoring Azure AD logs, events, and health to detect anomalies and threats.
5. Enabling self-service options for users like self-service password reset and access reviews to balance security and productivity.
The document provides examples and recommendations for each step and references
Cloudreach Voices - Azure AD and the Public CloudCloudreach
Part of our new series inspired by our thought leadership blog posts about the cloud. You can find the original posts on our website. This deck, written by one of our Cloud Systems Engineers in the Netherlands, Sebastiaan Peters, covers the topic of how to mobilise your workforce using the public cloud, focussed on Microsoft Azure's Active Directory.
พบกับเซสชั่น "Microsoft Graph for Microsoft 365 and Power Platform" ในงาน Microsoft 365 Developer Bootcamp
- แนะนำ Microsoft Graph
- เรียนรู้การเรียกใช้งาน REST API เพื่อเข้าถึงข้อมูลบนบริการต่าง ๆ ของ Microsoft 365
โดยคุณแชมป์ Narisorn Limpaswadpaisarn (Microsoft Certified Trainer)
October 2022 CIAOPS Need to Know WebinarRobert Crane
Recording of monthly Need to Know webinar for October 2022 that focused on providing a deep dive into Microsoft 365 security. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It provides identity management capabilities for cloud, mobile, and on-premises applications. Azure AD uses the same Active Directory that many organizations already have on-premises but extends it to cloud services. It allows single sign-on for access to Office 365, Azure, and thousands of SaaS applications. Azure AD Premium provides additional advanced capabilities for security, access management, application management, and identity protection.
This document summarizes the Azure Active Directory developer platform for managing identity and access. It discusses permissions and consent with Microsoft Graph, provisioning users and applications, and managing Azure AD. The platform provides a unified way to develop applications that integrate with Microsoft identity services through consistent APIs, libraries, and tools. It aims to simplify identity development across platforms and applications.
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
Are you using Microsoft 365 or Google Workspace? Are you curious to learn advanced authentication setups and batching capabilities? This webinar is for you.
Discover how to:
- Understand which Authentication type (Delegated/Application) best fits your requirements.
- Explore the advantages of the new Google Workspace scope.
- Differentiate between Integration Service Connection and the new Google Workspace scope.
- Learn the process of configuring Microsoft 365 Scope using the Asset Method.
- Determine the necessary Scopes for your automation needs.
️🗣️ Speakers:
Alexandru Crijman, Product Manager, UiPath
Nisarg Kadam, UiPath MVP 2024 & AI Ambassador, UiPath
📩 Useful resources:
JSON format for Asset Creation:
https://docs.uipath.com/activities/other/latest/productivity/how-to-use-microsoft-activities-integration-service#microsoft-office-365-scope-asset
How to create Azure App with Restricted SharePoint Site Access: https://view.highspot.com/viewer/6605801c6ff9043b514449e3
⏩ Register for our upcoming Dev Dives April session: Streamline document processing with UiPath Studio Web
EMEA&APJ: https://bit.ly/Dev_Dives_April_EMEA_APJ
AMER: https://bit.ly/Dev_Dives_April_AMER
This session was streamed live on March 28, 2024.
Check out all our upcoming Dev Dives 2024 sessions at:
🚩https://bit.ly/Dev_Dives_2024
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
Slides supporting the session at the granite state user group meeting of January 2019. Talking as well about #Azure Active directory and lots of other things
This document provides an overview of APIs, API management, integration, and API security. It discusses why organizations adopt APIs to accelerate mobile app development, foster reuse, and allow external developers to innovate. The document outlines components of API management like the API gateway and developer portal. It also discusses how SOA, ESB, and APIs can converge in the API facade pattern to provide simple interfaces to complex systems. The presentation demonstrates this pattern using WSO2 API Manager and ESB and discusses API security techniques like OAuth for identity delegation.
SharePoint Fest DC 2018 - Everything your need to know about the Microsoft Gr...Sébastien Levert
Since the launch of the Microsoft Graph, a ton of new possibilities are being made available to the Office 365 and SharePoint Developers. The unified API of all the Office 365 is one of the greatest Microsoft innovation of the last few years and is changing the way that solutions are built on Office 365 and SharePoint Online. The launch of the SharePoint endpoints on the Microsoft Graph will enhance our development story and lead to amazing cloud solutions.
This session is a deep-dive into the Microsoft Graph by analyzing the current /v1.0 version of the API and what is coming on the future /beta endpoint. The focus of the session will be on the SharePoint-specific features that the Graph is now offering to the SharePoint developers.
This very demo-intensive session will make sure that at the end you get those 3 key takeaways :
Understand the role of the Microsoft Graph in the Office 365 ecosystem
Leverage and interact with your SharePoint data from the Microsoft Graph
Change the way you will think for your next SharePoint Online solution
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP SlidesXamarin
Xamarin and SAP have collaborated to help developers build performant, native mobile enterprise apps. Using the new Xamarin SDK for SAP Mobile Platform, businesses gain secure access to on-premise and cloud-based data in Xamarin apps.
Bill Clark, Global Vice President of Mobile Strategy at SAP, Kiran Karunakaran, Director of Product Management at SAP, and Zack Gramana, Technical Marketing Manager at Xamarin, as they discuss the collaboration between Xamarin and SAP, demo the Xamarin Test Cloud and SAP .NET SDK from Xamarin, and walkthrough the SAP Mobile Platform.
Watch the webinar recording at:
http://xamarin.wistia.com/medias/xcak8ronxu
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
** Microsoft Azure Certification Training: https://www.edureka.co/microsoft-azure-training**
This Edureka "Azure Active Directory” tutorial will give you a thorough and insightful overview of Microsoft Azure Active Directory and help you understand other related terms like Tenants, Domain services etc. Following are the offerings of this tutorial:
1. What is Azure Active Directory?
2. Azure AD vs Windows AD
3. Azure AD Audience
4. Azure AD Editions
5. Azure AD Tenants
6. Demo-Creating and using Active Directory
Check out our Playlists: https://goo.gl/A1CJjM
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...Vincent Biret
This document summarizes a presentation about integrating Microsoft Graph, SharePoint Framework, and Azure Functions. The presentation discusses:
1. Using the SharePoint Framework and Azure Functions together for building applications that leverage Microsoft Graph and custom APIs.
2. How Azure Functions provide a serverless platform for developing solutions with triggers and bindings to services like Microsoft Graph.
3. How Microsoft Graph provides a unified API and data model for accessing information in Office 365, Windows 10, and other Microsoft services.
This document discusses three often overlooked capabilities in Azure Active Directory (Azure AD): Azure AD Domain Services, Azure AD App Proxy, and Azure Managed Service Identity.
Azure AD Domain Services allows organizations to set up an Active Directory domain in Azure that can be joined by virtual machines for authentication using Kerberos and NTLM. Azure AD App Proxy enables secure remote access to on-premises web apps by routing traffic through the Azure AD proxy service. Managed Service Identity provides a way for Azure resources like virtual machines to authenticate to Azure services without needing credentials stored in the resource.
Similar to EWUG - Something about the Cloud - Unit IT - January 14, 2020 (20)
This document provides information about the Global Azure Bootcamp 2019 event in Aarhus, Denmark. It includes the hashtags to use on social media (#GABDK, #AZUGDK, #GlobalAzure), a link to the agenda with sessions on governance, lessons learned, Windows Autopilot, Intune app protection, Azure Monitor and logs. It thanks the event sponsor and AZUG.dk sponsor and encourages attendees to have a great Azure day.
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...Peter Selch Dahl
How Nordic Aviation Capital A/S made the transition from a hybrid cloud infrastructure (IaaS) to a pure/native cloud (PaaS/SaaS). As one of the first companies to adopt both Microsoft Office 365 and Microsoft Azure in Denmark. We will talk about the bold vision to GO ALL Cloud, the impact on the business and IT department, challenges along the journey, touch a bit on Capex vs. Opex (Cost) and explain which approaches and technologies that was implemented to support the business.
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffPeter Selch Dahl
This document provides information about the Global Azure Bootcamp 2018 event in Aarhus, Denmark. The event includes tracks on IT Pro topics like securing access to Azure and Windows 10 security, as well as Developer/DevOps topics like managing secrets and automating with Azure. The all day event will include presentations, ask the expert sessions, demonstrations with HoloLens, and a Kahoot quiz. Attendees are encouraged to share their experiences on social media using the hashtags #GABDK, #AZUGDK, and #GlobalAzure.
Global azure bootcamp 2018 aarhus denmark - kickoffPeter Selch Dahl
This document provides information about the Global Azure Bootcamp 2018 event in Aarhus, Denmark. The event includes tracks on IT Pro topics like securing access to Azure and Windows 10 security, as well as Developer/DevOps topics like managing secrets and automating with Azure. The all day event will include presentations, opportunities to ask experts questions, demonstrations of the HoloLens, and a Kahoot quiz. Attendees are encouraged to share their experiences on social media using the hashtags #GABDK, #AZUGDK, and #GlobalAzure.
EWUG - Bridging the legacy gap in modern workplacesPeter Selch Dahl
This document discusses how Microsoft is bridging the gap between legacy and modern workplace environments. It notes that Microsoft is heavily investing in cloud-only scenarios to compete in a changing market. While most legacy applications can be moved to the cloud, hybrid identity is important for bridging legacy and modern authentication. The document outlines several of Microsoft's solutions for enabling single sign-on, supporting legacy applications, and providing a modern user experience while maintaining compatibility with existing authentication.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
EWUG - Something about the Cloud - Unit IT - January 14, 2020
1. “Something about the Cloud”
- EWUG.DK - Level 200-300
Peter Selch Dahl - Cloud Architect and Microsoft Azure MVP
2. Microsoft MCSA: Cloud Platform - Certified 2018,
Microsoft MCSA: Office 365 - Certified 2018,
Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018
Microsoft MCSA: 2016 Windows Server 2016,
Microsoft MCSA: 2012 Windows Server 2012,
Microsoft MCITP: 2008 Server and Enterprise Administrator,
Microsoft MCSA: 2008 Windows Server 2008,
Microsoft MCSA/MCSE : 2003 Security,
Microsoft MCSA/MCSE : 2000 Security,
VMWare Certified Professional VI3/VI4/VI5,
CompTIA A+, Network+,
EC-Council: Certified Ethical Hacker (CEH v7),
And more
Peter Selch Dahl
Cloud Architect, Azure MVP
Twitter: @PeterSelchDahl
www: www.peterdahl.net
Blog : http://blog.peterdahl.net
Mail : psd@apento.com
3. • Enterprise Admin Consent Request Management
• Service Principals permissions and monitoring
• Microsoft Graph scope policies
• Staged rollout of CloudAuth
• Azure AD Connect Cloud Provisioning
• Azure AD Join support in Azure VM
• And more
4. Consent of principals
JANUARY 14, 2020
@EWUGDK
4
http://blog.peterdahl.net/2018/05/14/azure-ad-v2-apps-vs-the-brick-wall/
5. Consent of principals
JANUARY 14, 2020
@EWUGDK
5
•Application permissions — are permissions given to
the application itself. In this scenario, the resource given
access to does not have any knowledge of the
permissions of the end user. In earlier literature from
Microsoft patterns and practices, this model is also
referred to as the “trusted subsystem” model where the
idea is that the API resource trust the caller system to do
the proper authorization of end users. For example, for
web applications this has “always” been the model used
for calling an SQL server.
•Delegated permissions — are permissions that the
end-user delegates to the application for access to the
user’s data/resources. For instance, the application can
be given access to the end user’s mailbox. This is
analogue to what in earlier literature is referred to as
“impersonation”, meaning that the
application impersonates the end user when calling the
API resource. The application acts on behalf of the end
user, for instance a third party application might post on
your Twitter timeline.
6. Consent of principals
JANUARY 14, 2020
@EWUGDK
6
https://portal.cloudappsecurity.com/#/app-permissions/
Delegated Access
Will soon be available within the Azure Portal as well.
7. Public Preview: Admin consent workflow
JANUARY 14, 2020
@EWUGDK
7
• Users can request access when user consent
is disabled
• Users can request access when apps request
permissions that require admin consent
• Gives admins a secure way to receive and
process access requests
• Users are notified of admin action
https://aka.ms/adminconsentworkflow/
15. Conditional access for MS Graph
JANUARY 14, 2020
@EWUGDK
15
Issue:
Gitlab doesnt play well with Azure AD Conditional Access compliant device policy
Cause:
“Conditional access policy was applied because the GitLab app calls Windows Azure Active
Directory and a policy has been applied to this resource. The policy requires a compliant
device.”
Conditional access policy was applied because the GitLab app calls Windows Azure Active
Directory and a policy has been applied to this resource. The policy requires a compliant
device.
A policy with a location condition was evaluated:
- InsideCorpnet claim was not set
- IP allowed due to tenant strong auth policy: False
Policy Name: All Apps: Require Domain Joined device (Specific Groups, Apps
Exempted/Excluded)
Policy Id: 10c9a77e-d561-4cdf-ab7e-75681f957dbf
Application Name: GitLab
Application Id: ddf3c150-4813-4e90-b73b-72ba13224c0a
Action: RequireCompliantDevice
Solution:
Since the Conditional Access Policy is configured to apply to all applications, will apply
to Windows Azure Active Directory blocking the access.
Unfortunately, Windows Azure Active Directory is not an app that we can select at the moment
to be excluded. For a possible solution, you can change the Conditional Access Policy to target
only the required applications instead of all applications, exclude the user or change the access
controls to require for example MFA
16. Conditional access for MS Graph
JANUARY 14, 2020
@EWUGDK
16
Current behavior
• Policy applied to MS Graph if it is set on EXO or SPO
Future
• Apply policy directly to permissions
• Example use case : An org can apply policy to mail access
without restricting access to contacts, tasks etc…
23. AzureAD: Cloud Provisioning
JANUARY 14, 2020
@EWUGDK
23
• Disconnected Active Directory forests
provisioned to a single Azure AD tenant
• Sync complexity and data transform logic
moved to the cloud
• No heavyweight, on-premises sync server
Azure AD
Active Directory
Disconnected
Active Directory
forests
25. Staged rollout of cloud authentication
JANUARY 14, 2020
@EWUGDK
25
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout
• Configure groups of users
to use cloud authentication
instead of federation
26. Do I really need ADFS?
JANUARY 14, 2020
@EWUGDK
26
• 99% of companies doesn’t need ADFS anymore! What about the 1% of companies?
• The 1% is REALLY difficult! Very advanced technical scenarios require ADFS mostly for better
hybrid support.
• https://docs.microsoft.com/en-us/archive/blogs/pie/do-i-really-need-adfs
• https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-
business/hello-feature-remote-desktop
gives end users a way to request access to applications that require admin consent.
Without an admin consent workflow, a user in a tenant where user consent is disabled will be blocked when they try to access any app that requires permissions to access organizational data. The user sees a generic error message that says they're unauthorized to access the app and they should ask their admin for help. But often, the user doesn't know who to contact, so they either give up or create a new local account in the application. Even when an admin is notified, there isn't always a streamlined process to help the admin grant access and notify their users.
The admin consent workflow gives admins a secure way to grant access to applications that require admin approval. When a user tries to access an application but is unable to provide consent, they can send a request for admin approval. The request is sent via email to admins who have been designated as reviewers. A reviewer takes action on the request, and the user is notified of the action.
To approve requests, a reviewer must be a global administrator, cloud application administrator, or application administrator. The reviewer must already have one of these admin roles assigned; simply designating them as a reviewer doesn't elevate their privileges.
Select users to review admin consent requests. Select reviewers for this workflow from a set of users that have the global administrator, cloud application administrator, and application administrator roles.
Selected users will receive email notifications for requests. Enable or disable email notifications to the reviewers when a request is made.
Selected users will receive request expiration reminders. Enable or disable reminder email notifications to the reviewers when a request is about to expire.
Consent request expires after (days). Specify how long requests stay valid.
Where and how should our organization consume cloud computing services?
How will we access, secure, manage, integrate and govern across hybrid environments?
How does cloud computing factor into our application strategy and architecture?
How should our existing data center and infrastructure approaches and technologies change?
Where will our business become a cloud computing service provider to others?
https://www.gartner.com/smarterwithgartner/5-questions-to-answer-when-building-a-cloud-strategy/
De-coupled architecture simplifies the complexity of an enterprise network
But it comes with a price:
Not having a routed private network changes every design
Security now comes from the application and not the network
Adoption of new features each quarter of the year….. continuous adoption