SlideShare a Scribd company logo

Managing enterprise applications, permissions, and consent in Azure Active Directory

CoLaboraDK
CoLaboraDK

Session about Managing Enterprise Application, Permissions and consent in Azure Active Directory by Peter Selch Dahl (MVP)

Technology
1 of 26
Download to read offline
CoLabora User Group Meeting – June 2018 - Managing enterprise applications, permissions, and consent in Azure Active Directory Peter Selch Dahl – Azure MVP – I’m ALL Cloud First  Level 200-300
Microsoft MCSA: Cloud Platform - Certified 2018, Microsoft MCSA: Office 365 - Certified 2018, Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018 Microsoft MCSA: 2016 Windows Server 2016, Microsoft MCSA: 2012 Windows Server 2012, Microsoft MCITP: 2008 Server and Enterprise Administrator, Microsoft MCSA: 2008 Windows Server 2008, Microsoft MCSA/MCSE : 2003 Security, Microsoft MCSA/MCSE : 2000 Security, VMWare Certified Professional VI3/VI4/VI5, CompTIA A+, Network+, EC-Council: Certified Ethical Hacker (CEH v7), And more Peter Selch Dahl Freelance Cloud Architect, Azure MVP Twitter: @PeterSelchDahl www: www.peterdahl.net Blog : http://blog.peterdahl.net
• You understand admin consent! • You know how to provide API consent for applications • You know how to block end-user consent
What is Application Consent?  Organizational data permissions  Applications organizational data permissions application consent admin end user permissions end user admin developer
Application Consent and Permissions (Bad) Sharing Portal Access’s any user’s SharePoint, then attaches a file as an email sent by the signed in user, to share externally. Developer(s) [internal or external] Tenant SharePoint Data Read items in all site collections (E.g., do something as the app) Admin must consent Exchange Data Send mail as a user (E.g, do something as the user) User Can Consent 1 2 End-User 3 Administrator 4 End-User 5 Administrator Manage consent policies and access over time 6
What is Application Consent? Users can consent to apps that access personal information only Admins must consent to apps that require broader permissions Admins can consent on behalf of all users in an organization
App types and permission types App type Permission type Who can consent Effective Permissions Get access on behalf of users Get access as a service Mobile, Web and Single page app Service and Daemon Users can consent for their data Admin can consent for them or for all users Only admin can consent App permission s User permission s App permission s Application permissionDelegated permission (user permission)
What I will be talking about…. Protecting data!
What I will be talking about…. KnowBe4's Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working "ransomcloud" strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was :"Holy $#!+". https://community.spiceworks.com/topic/2104688-heads-up-new-ransomware-strain-encrypts-cloud-email-real-time-video
What I will be talking about…. https://community.spiceworks.com/topic/2104688-heads-up-new-ransomware-strain-encrypts-cloud-email-real-time-video
Notes on V1 vs V2 Endpoint This presentation focuses on the AAD V1 endpoint and the associated application, consent, and permissions model There are some key differences to be aware of with consent on V2: • Support for Dynamic/Incremental consent • New URL paths including separate admin consent endpoint • Applications registered at apps.dev.microsoft.com as opposed to portal.azure.com https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-appmodel-v2-overview
Endpoint v1 Runtime – When is consent prompted for? The most common scenario: • The first time using a application that requires access to personal or organizational resources Some scenarios that may not be expected: • The set of permissions required by the application have changed • Consent was revoked after being granted initially • The application is using incremental and dynamic consent to request additional permissions after consent was initially granted. This is often used when optional features of an application additional require permissions beyond those required for baseline functionality.
Introducing MSAL (Microsoft Authentication Library) https://blogs.technet.microsoft.com/ad/2016/03/31/microsoft-identity-at-build-2016/ https://blogs.technet.microsoft.com/ad/2015/08/12/now-in-public-preview-the-converged-microsoft- account-and-azure-active-directory-programming-model/ https://blogs.technet.microsoft.com/ad/2016/02/23/for-developers-the-first-use-cases-of-the- converged-microsoft-account-and-azure-active-directory-programming-model-are-now-ga/
We expose hard choices to developers BOTH MSA AAD Azure Office
Azure AD Applications • Single tenant application • App for users in a single organization • Admin or user registers app in directory tenant • Sign in at: https://login.windows.net/contoso.com/<protocol> • Multi-tenant application • App for users in multiple organizations • Admin or USER registers app in developer’s directory tenant • Admin configures application to be multi-tenant • Sign in at: https://login.windows.net/common/<protocol> • User prompted to consent based on permissions required by application • Consent registers application in user’s tenant
Azure AD Graph API: Azure AD consent behind the scenes https://blog.peterdahl.net/2018/05/14/azure-ad-v2-apps-vs-the-brick-wall/
Manageability – Common challenges  Where did this application come from I have no idea how Susie got assigned no idea what power These need not be mysteries any longer
Manageability – Common challenges  What happens in the admin view when someone consents what permissions an application has what consented applications are assigned revoke a consent grant request administrator-level consent control how consent works
Manageability – Common challenges  What happens in the admin view when someone consents what permissions an application has what consented applications are assigned revoke a consent grant request administrator-level consent control how consent works
Manageability – Common challenges
https://blog.azure.com https://feedback.azure.com http://Github.com

Recommended

Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 

Recommended

Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure DevelopersKrunal Trivedi
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App SecurityAlvaro Rezende
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivityDiana Carolina Torres Viasus
 
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...Vincent Biret
 
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...Vincent Biret
 

More Related Content

What's hot

EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure DevelopersKrunal Trivedi
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittalManoj Mittal
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivityDiana Carolina Torres Viasus
 

What's hot (20)

Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure Developers
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and Teams
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
IAM Cloud
IAM CloudIAM Cloud
IAM Cloud
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App Security
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
 

Similar to Managing enterprise applications, permissions, and consent in Azure Active Directory

#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...Vincent Biret
 
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...Vincent Biret
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveBenedek Menesi
 
To sign in and beyond: Doing more with your applications and Azure AD
To sign in and beyond: Doing more with your applications and Azure ADTo sign in and beyond: Doing more with your applications and Azure AD
To sign in and beyond: Doing more with your applications and Azure ADMicrosoft Tech Community
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champKumton Suttiraksiri
 
Cloud Foundry UAA as an Identity Gateway
Cloud Foundry UAA as an Identity GatewayCloud Foundry UAA as an Identity Gateway
Cloud Foundry UAA as an Identity GatewayVMware Tanzu
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
 
Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Benedek Menesi
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...How can Power Apps and Microsoft Flow allow your Power Users to quickly build...
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...BizTalk360
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 

Similar to Managing enterprise applications, permissions, and consent in Azure Active Directory (20)

#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
#SPSottawa The SharePoint Framework and The Microsoft Graph on steroids with ...
 
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
#SPSToronto The SharePoint Framework and the Microsoft Graph on steroids with...
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's Perspective
 
To sign in and beyond: Doing more with your applications and Azure AD
To sign in and beyond: Doing more with your applications and Azure ADTo sign in and beyond: Doing more with your applications and Azure AD
To sign in and beyond: Doing more with your applications and Azure AD
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champ
 
Cloud Foundry UAA as an Identity Gateway
Cloud Foundry UAA as an Identity GatewayCloud Foundry UAA as an Identity Gateway
Cloud Foundry UAA as an Identity Gateway
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck Wrong slides! Please check description for correct deck
Wrong slides! Please check description for correct deck
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...How can Power Apps and Microsoft Flow allow your Power Users to quickly build...
How can Power Apps and Microsoft Flow allow your Power Users to quickly build...
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 

More from CoLaboraDK

Secure Communication with Office 365
Secure Communication with Office 365Secure Communication with Office 365
Secure Communication with Office 365CoLaboraDK
 
OneDrive for Business - Summer update
OneDrive for Business - Summer updateOneDrive for Business - Summer update
OneDrive for Business - Summer updateCoLaboraDK
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
CoLabora - Hybrid inside out - Nov 2015
CoLabora - Hybrid inside out - Nov 2015CoLabora - Hybrid inside out - Nov 2015
CoLabora - Hybrid inside out - Nov 2015CoLaboraDK
 
CoLabora - Identity in a World of Cloud - november 2015
CoLabora - Identity in a World of Cloud - november 2015CoLabora - Identity in a World of Cloud - november 2015
CoLabora - Identity in a World of Cloud - november 2015CoLaboraDK
 
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange Archiving
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange ArchivingCoLabora Nov 2015 - Ofice 365 Compliance and Exchange Archiving
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange ArchivingCoLaboraDK
 
CoLabora - Skype for Business upgrade
CoLabora - Skype for Business upgradeCoLabora - Skype for Business upgrade
CoLabora - Skype for Business upgradeCoLaboraDK
 
CoLabora - Protecting Company data using EMS - June 2015
CoLabora - Protecting Company data using EMS - June 2015CoLabora - Protecting Company data using EMS - June 2015
CoLabora - Protecting Company data using EMS - June 2015CoLaboraDK
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLaboraDK
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLaboraDK
 

More from CoLaboraDK (10)

Secure Communication with Office 365
Secure Communication with Office 365Secure Communication with Office 365
Secure Communication with Office 365
 
OneDrive for Business - Summer update
OneDrive for Business - Summer updateOneDrive for Business - Summer update
OneDrive for Business - Summer update
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
CoLabora - Hybrid inside out - Nov 2015
CoLabora - Hybrid inside out - Nov 2015CoLabora - Hybrid inside out - Nov 2015
CoLabora - Hybrid inside out - Nov 2015
 
CoLabora - Identity in a World of Cloud - november 2015
CoLabora - Identity in a World of Cloud - november 2015CoLabora - Identity in a World of Cloud - november 2015
CoLabora - Identity in a World of Cloud - november 2015
 
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange Archiving
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange ArchivingCoLabora Nov 2015 - Ofice 365 Compliance and Exchange Archiving
CoLabora Nov 2015 - Ofice 365 Compliance and Exchange Archiving
 
CoLabora - Skype for Business upgrade
CoLabora - Skype for Business upgradeCoLabora - Skype for Business upgrade
CoLabora - Skype for Business upgrade
 
CoLabora - Protecting Company data using EMS - June 2015
CoLabora - Protecting Company data using EMS - June 2015CoLabora - Protecting Company data using EMS - June 2015
CoLabora - Protecting Company data using EMS - June 2015
 
CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015CoLabora - Identity in a World of Cloud - June 2015
CoLabora - Identity in a World of Cloud - June 2015
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Managing enterprise applications, permissions, and consent in Azure Active Directory

  • 1. CoLabora User Group Meeting – June 2018 - Managing enterprise applications, permissions, and consent in Azure Active Directory Peter Selch Dahl – Azure MVP – I’m ALL Cloud First  Level 200-300
  • 2. Microsoft MCSA: Cloud Platform - Certified 2018, Microsoft MCSA: Office 365 - Certified 2018, Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018 Microsoft MCSA: 2016 Windows Server 2016, Microsoft MCSA: 2012 Windows Server 2012, Microsoft MCITP: 2008 Server and Enterprise Administrator, Microsoft MCSA: 2008 Windows Server 2008, Microsoft MCSA/MCSE : 2003 Security, Microsoft MCSA/MCSE : 2000 Security, VMWare Certified Professional VI3/VI4/VI5, CompTIA A+, Network+, EC-Council: Certified Ethical Hacker (CEH v7), And more Peter Selch Dahl Freelance Cloud Architect, Azure MVP Twitter: @PeterSelchDahl www: www.peterdahl.net Blog : http://blog.peterdahl.net
  • 3. • You understand admin consent! • You know how to provide API consent for applications • You know how to block end-user consent
  • 4.
  • 5.
  • 6. What is Application Consent?  Organizational data permissions  Applications organizational data permissions application consent admin end user permissions end user admin developer
  • 7. Application Consent and Permissions (Bad) Sharing Portal Access’s any user’s SharePoint, then attaches a file as an email sent by the signed in user, to share externally. Developer(s) [internal or external] Tenant SharePoint Data Read items in all site collections (E.g., do something as the app) Admin must consent Exchange Data Send mail as a user (E.g, do something as the user) User Can Consent 1 2 End-User 3 Administrator 4 End-User 5 Administrator Manage consent policies and access over time 6
  • 8. What is Application Consent? Users can consent to apps that access personal information only Admins must consent to apps that require broader permissions Admins can consent on behalf of all users in an organization
  • 9. App types and permission types App type Permission type Who can consent Effective Permissions Get access on behalf of users Get access as a service Mobile, Web and Single page app Service and Daemon Users can consent for their data Admin can consent for them or for all users Only admin can consent App permission s User permission s App permission s Application permissionDelegated permission (user permission)
  • 10. What I will be talking about…. Protecting data!
  • 11. What I will be talking about…. KnowBe4's Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working "ransomcloud" strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was :"Holy $#!+". https://community.spiceworks.com/topic/2104688-heads-up-new-ransomware-strain-encrypts-cloud-email-real-time-video
  • 12. What I will be talking about…. https://community.spiceworks.com/topic/2104688-heads-up-new-ransomware-strain-encrypts-cloud-email-real-time-video
  • 13.
  • 14. Notes on V1 vs V2 Endpoint This presentation focuses on the AAD V1 endpoint and the associated application, consent, and permissions model There are some key differences to be aware of with consent on V2: • Support for Dynamic/Incremental consent • New URL paths including separate admin consent endpoint • Applications registered at apps.dev.microsoft.com as opposed to portal.azure.com https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-appmodel-v2-overview
  • 15. Endpoint v1 Runtime – When is consent prompted for? The most common scenario: • The first time using a application that requires access to personal or organizational resources Some scenarios that may not be expected: • The set of permissions required by the application have changed • Consent was revoked after being granted initially • The application is using incremental and dynamic consent to request additional permissions after consent was initially granted. This is often used when optional features of an application additional require permissions beyond those required for baseline functionality.
  • 16. Introducing MSAL (Microsoft Authentication Library) https://blogs.technet.microsoft.com/ad/2016/03/31/microsoft-identity-at-build-2016/ https://blogs.technet.microsoft.com/ad/2015/08/12/now-in-public-preview-the-converged-microsoft- account-and-azure-active-directory-programming-model/ https://blogs.technet.microsoft.com/ad/2016/02/23/for-developers-the-first-use-cases-of-the- converged-microsoft-account-and-azure-active-directory-programming-model-are-now-ga/
  • 17. We expose hard choices to developers BOTH MSA AAD Azure Office
  • 18. Azure AD Applications • Single tenant application • App for users in a single organization • Admin or user registers app in directory tenant • Sign in at: https://login.windows.net/contoso.com/<protocol> • Multi-tenant application • App for users in multiple organizations • Admin or USER registers app in developer’s directory tenant • Admin configures application to be multi-tenant • Sign in at: https://login.windows.net/common/<protocol> • User prompted to consent based on permissions required by application • Consent registers application in user’s tenant
  • 19. Azure AD Graph API: Azure AD consent behind the scenes https://blog.peterdahl.net/2018/05/14/azure-ad-v2-apps-vs-the-brick-wall/
  • 20. Manageability – Common challenges  Where did this application come from I have no idea how Susie got assigned no idea what power These need not be mysteries any longer
  • 21. Manageability – Common challenges  What happens in the admin view when someone consents what permissions an application has what consented applications are assigned revoke a consent grant request administrator-level consent control how consent works
  • 22. Manageability – Common challenges  What happens in the admin view when someone consents what permissions an application has what consented applications are assigned revoke a consent grant request administrator-level consent control how consent works
  • 24.
  • 25.