Beruflich Dokumente
Kultur Dokumente
About the
Instructor
Michael Washam
Microsoft Azure Trainer
http://www.opsgility.com
Twitter: @MWashamTX
michael@Opsgility.com
Microsoft Azure
Active Directory
Agenda
Microsoft Azure Active Directory Introduction
Application Access
Azure AD Application Proxy
Multi-Factor Authentication (MFA)
Company Branding
Directory Integration
Running Windows Server AD / AD FS on Azure
VMs
Identities Everywhere
Microsoft Cloud
Applications
Windows Server
Active Directory
Microsoft Azure
Active Directory
LAB 6
Microsoft Azure Active Directory
Access Panel
http://myapps.microsoft.com
This is where users can discover the applications they have access to.
http://azure.microsoft.com/en-us/gallery/active-directory/
LAB 7
Application Access with Azure Active Directory
and Password-Based Single Sign-On
DEMO
Application Access with Azure Active Directory
and Federation-Based Single Sign-On
EC2
force.com
Salesforce.co
m
Amazon.com
AWS
System Center
Private cloud
Cloud
App
Discovery
How it
works
AD Agent
Logs
Active Directory
Cloud App Discovery
Azure AD Application
Proxy
PREVIE
W
Reverse-Proxy as a Service
Builds on the Web Application Proxy capabilities in Windows
Server 2012 R2.
Supports browser-based applications - http(s).
Cloud Connector Pattern
Simpler On-Premises Deployment
Connectors can be redundant for HA
Stateless Architecture (as compared to WAP with AD FS)
PREVIE
W
Microsoft
Azure
Azure AD
Application Proxy
Service
Request/Respon
se Queue
On-Premises Network
https://benefitscontoso.cwap.net
Connector
Expense
App
Connector
Benefits
App
Multi-Factor
Authentication
password
2. Microsoft Azure MFA
Challenge
3. Response to challenge from device
How it works?
Requiring any two or more verification methods
Something you know (typically a password)
Something you have (a trusted device that is not easily
duplicated, like a phone)
28
LAB 8
Multi-Factor Authentication
Company Branding
Directory Sync
Synchronizes Users,
Groups, and Contacts to
Windows Azure AD.
Users will have a different
password in Windows
Azure AD than they have
for the on-premise AD.
Monitoring DirSync
Directory Synchronization logs events in the
Windows Application Event Log.
Event Source: Directory Synchronization
Apps-Subnet
PPE-DC
PPEDirSync
ppelabs.onmicrosoft.co
m
DEMO
Directory Sync w/Password Sync
Azure VM Considerations
From an Existing Physical Machine
P2V a physical machine and move to Windows Azure
Move the DCs VHD file to Windows Azure
Create the VM from the VHD
Azure VM Considerations
(continued)
Azure VM Considerations
(continued)
IP Addressing
Azure VM Considerations
(continued)
Running AD FS on Azure
Virtual Machines
Cloud Service
On-Premises
Environment
FSP1
Internal Load
Balancer
FSP2
Cloud Service
FS1
FS2
Summary
Microsoft Azure Active Directory Introduction
Application Access
Azure AD Application Proxy
Multi-Factor Authentication (MFA)
Company Branding
Directory Integration
Running Windows Server AD / AD FS on Azure
VMs
Coming Up Next . . .
Cloud Services and Websites
Thank You