Beruflich Dokumente
Kultur Dokumente
Video: Getting Started with Microsoft Infographic: Cloud identity and access Azure Hybrid Identity Design
Azure Active Directory management Considerations Guide
More information https://mva.microsoft.com/en-US/training- http://go.microsoft.com/fwlink/p/ https://gallery.technet.microsoft.com/
courses/getting-started-with-microsoft-azure- ?LinkId=524282 Azure-Hybrid-Identity-b06c8288
active-directory-8448?l=hvlTSEWz_5704984382
August 2016 © 2016 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.
Microsoft Cloud Identity What IT architects need to know about designing
identity for organizations using Microsoft cloud
With this foundation, you can add other applications to Microsoft's cloud and
apply the same set of authentication and identity security features for access
to these apps. For example, you can develop new line of business (LOB)
applications using cloud-native features in Microsoft Azure and integrate
these apps with your Azure AD tenant. This includes your custom SharePoint
add-ins.
Your provider-hosted
SharePoint add-in
Office 365
Microsoft Intune
Your LOB application
Dynamics CRM Windows 10 automatically authenticates with Azure AD and your on-
premises directory, providing single-sign on without the need for AD FS.
Windows 10
Your Azure AD tenant
Your Azure AD tenant
SaaS
Software as a Service
Office 365
With 6 million organizations already using Azure AD, chances are good that Here is an example for the fictional Proseware organization.
your partner organization already has an Azure AD tenant, so you can start
collaborating instantly. But even if they don't, Azure AD's B2B capabilities
make it easy for you to send them an automated invitation which will get
them up and running with Azure AD in a matter of minutes.
Azure PaaS
SaaS
Software as a Service
Proseware s Proseware s
Azure AD B2B consumer-facing Azure AD
collaboration Web site B2C tenant
relationship
Salesforce
Proseware s Azure
Your Azure AD Your partner s AD tenant
tenant Azure AD tenant Customers
Virtual network
Application Proxy
Azure AD
Organization
Connector Connector
network
Domain Services Azure AD
App App
Services and
More Microsoft Platform Options Security Identity Storage
cloud IT resources aka.ms/cloudarchoptions aka.ms/cloudarchsecurity aka.ms/cloudarchidentity aka.ms/cloudarchstorage
August 2016 © 2016 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.
Microsoft Cloud Identity What IT architects need to know about designing
identity for organizations using Microsoft cloud
Your on-premises or private cloud datacenter Your on-premises or private cloud datacenter
This is the simplest option and the recommended option for most enterprise Federation provides additional enterprise capabilities. It is also more complex
organizations. and introduces more dependencies for access to cloud services.
User accounts are synchronized from your on-premises directory to your All authentication to Azure AD is performed against the on-premises
Azure AD tenant. The on-premises directory remains the authoritative directory via Active Directory Federation Services (AD FS) or another
source for accounts. federated identity provider.
Azure AD performs all authentication for cloud-based services and Works with non-Microsoft identity providers.
applications. Password hash sync adds the capability to act as a sign -in backup for
Supports multi-forest synchronization. federated sign-in (if the federation solution fails).
Prepare to provision users through Ignite 2015: Extending On-Premises Azure Multi-Factor Authentication
directory synchronization to Office 365 Directories to the Cloud Made Easy http://go.microsoft.com/fwlink/p/
http://go.microsoft.com/fwlink/p/ https://channel9.msdn.com/Events/ ?LinkId=524285
?LinkId=524284 Ignite/2015/BRK3862
August 2016 © 2016 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.
Microsoft Cloud Identity What IT architects need to know about designing
identity for organizations using Microsoft cloud
ExpressRoute Virtual
machine
running the
Azure AD
Connect tool
Windows Server AD
Azure AD
If you haven t already deployed AD FS on-premises, consider whether the
benefits of deploying this workload to Azure makes sense for your Direct connection for Outbound
organization. proxied authentication connection only
Provides autonomy for authentication to cloud services (no on -premises On-premises network Azure IaaS
dependencies).
Reduces servers and tools hosted on-premises.
Uses a site-to-site VPN gateway on a two-node failover cluster to connect LB
to Azure (new). Web
Application
Uses ACLs to ensure that Web Application Proxy servers can only
Proxy servers
communicate with AD FS, not domain controllers or other servers directly. Site-to-site
VPN
Node 2
This solution works with:
LB
Applications that require Kerberos
AD FS servers
All of Microsoft s SaaS services Site-to-site
Applications in Azure that are Internet-facing VPN
AD Connect
Domain Controllers Node 1 Domain Controllers
Applications in Azure IaaS or PaaS that require authentication with your tool
organization Windows Server AD Replication
For more information, see Guidelines for Deploying Windows Server Active
Directory on Azure Virtual Machines.
August 2016 © 2016 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.
Microsoft Cloud Identity What IT architects need to know about designing
identity for organizations using Microsoft cloud
Services and
More Microsoft Platform Options Security Identity Storage
cloud IT resources aka.ms/cloudarchoptions aka.ms/cloudarchsecurity aka.ms/cloudarchidentity aka.ms/cloudarchstorage
August 2016 © 2016 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.