Azure Active DirectoryThe Practical Guide

Sasha Rosenbaum@DivineOpsSeptember 2015

The “What”

Where did it all start?

Windows Active Directory•Centralized storage of information about all network objects (users, computers, etc.)•Authentication •Access control providing permission levels•Audit trail for monitoring network activity

@DivineOps

@DivineOps

Active Directory

Azure Active Directory

@DivineOps

Azure Active DirectoryIdentity as a Service• Identity Management•Directory Services•Application Access Management

@DivineOps

New Features

The “Why”

When should you choose

Identity as a Service

@DivineOps

You already have!

Every Azure, Office365, Microsoft Intune and Dynamics CRM tenant is an AAD tenant

@DivineOps

Dynamics CRM

@DivineOps

Office 365

@DivineOps

Microsoft Intune

@DivineOps

Integration

@DivineOps

ProtocolsOpenID ConnectOAuth 2.0WS-FederationSAML-P

@DivineOps

TiersTIER FREE BASIC PREMIUM

Directory as a Service Yes Yes YesUser and Group Management Yes Yes YesDevice registration Yes Yes YesDirectory Objects 1 500 K Unlimited UnlimitedEnd User Access Panel Yes Yes YesSSO for SaaS Apps 10 Apps /

User 210 Apps /

User 2Unlimited

Directory Synchronization Yes Yes YesUser-based Access Management and Provisioning

Yes Yes Yes

Basic Security Reports Yes Yes Yes

@DivineOps

TiersTIER FREE BASIC PREMIUM

Logon/Access Panel Branding Customization

-- Yes Yes

Group-based Access Management and Provisioning

-- Yes Yes

Self-Service Password Reset for Cloud Users

-- Yes Yes

Secure Remote Access and SSO to on-premises web applications

-- Yes Yes

Self-Service Password Reset for Users w/ writeback to on-premises directories

-- -- Yes

Self-service group management for cloud users

-- -- Yes

@DivineOps

TiersTIER FREE BASIC PREMIUM

Multi-Factor Authentication (for cloud and on-premises applications)

-- -- Yes

Advanced Usage and Security Reports

-- -- Yes

Connect Health -- -- Yes

Cloud App Discovery -- -- Yes

Microsoft Identity Manager User CAL

-- -- Yes

Service Level Agreement -- 99.9% 99.9%

@DivineOps

Scenarios•Green field applications•Web•Mobile

@DivineOps

ADAL•Web Browser to Web Application (.Net)• Single Page Application (JavaScript, .Net) •Native Application to Web API (.Net, ObjC, Java) •Web Application to Web API (.Net, Nodejs)•Calling Azure AD Graph API (.Net, Java, PHP)

@DivineOps

Scenarios•SaaS Applications•Over 2500 apps, including

@DivineOps

Scenarios•On-Premise Applications• Integration with Local AD

The “How”

How do you get started?

Demo Active Directory Sync

Azure AD Connect Demo Slides

@DivineOps

Azure AD Connect

@DivineOps

Azure AD Connect•Azure AD Global Administrator account•Enterprise Administrator account for your local Active Directory•SQL Server database to store identity data•Meet server version and hardware requirements

Demo Greenfield Application Development

AAD with new MVC app Demo Slides

The “Where”are we headed?

@DivineOps

What’s New•Azure AD Connect with Connect Health is GA•Multi-Factor Authentication per app•Dynamic groups for applications and licenses•Out-of-the-box dedicated user group “All Users”•Azure Active Directory Application Proxy updates•Password write-back from AAD to AD is GA

@DivineOps

B2C AADAs of September 2015 Business to Consumer AAD is in public preview!•Self-registration•Registration with social accounts•Customer defined UX•Security and scalability of Azure Cloud B2C AAD Overview