Administering Authentication Methods (FIDO2/Passwordless) Issues with passwords: People get phished People use the same password for many systems Passwordless Based Authentication Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know. Azure and Azure Government offer the following three Passwordless authentication options: Windows Hello for…
Author: sean
9. Planning and Implementing Azure Multifactor Authentication (MFA)
Understanding the Concepts of Multifactor Authentication What is MFA? Authentication methods: Something you know: password, pin etc… Something you have: smart card, key fob, mobile phone etc… Something you are: biometrics MFA is using a combination of these methods. No single step authentication is strong enough on its own in today’s cyber security climate. Two step verification significantly…
8. Implementing & Managing Hybrid Identity
Migration of On Premise Users and Groups You don’t have to sync your whole domain to the cloud. You can select which users to sync using OU’s and Groups. You can include and exclude specific OU’s and Groups Understanding SSO, PHS, PTA and ADFS Federation Concepts Azure AD Auth uses different languages to AD on premise. Azure…
7. Understanding SSO, PHS, PTA & ADFS SAML Identity Strategies and Concepts
Evaluating Requirements and Solutions – Sync for PHS, PTA and ADFS SAML Federation Authentication for Hybrid Identity Managed Authentication: Azure AD will handle the authentication locally by using a locally stored hashed version of the password or sends the credentials to an on-premise software agent to be authenticated on the premise by AD DS Federated Authentication: Azure AD redirects…
6. Managing Domains for Hybrid Configuration with On-Premise
Configuring On-Premise Active Directory to Support Additional Domains Seamless SSO The goal with this is for users to logon to the local domain and be automatically logged in to Microsoft 365 Adding another UPN (User Principal Name) To allow your users to be associated with another domain you need to add a UPN for that domain in Active Directory. To…
5. Planning for Hybrid Identity Management
Planning for Azure AD/Microsoft 365 Hybrid On-Premise Infrastructure You can integrate M365 with existing directory services and on premises Exchange Server etc…. You can synchronise and manage user accounts for both environments. You can add password hash synchronisation or SSO so users can logon to both environments with their on premise credentials When integrating with on premise server products…
4. Implementing and Managing External Identities
Managing External Collaboration Settings in Azure Active Directory Business to Business collaboration is about sharing resources Go to Azure AD -> Users -> Users Settings Scroll down and click on “Manage External Users Collaboration settings” From here you can set Guest user settings such as: – Access restrictions: which level of access to resources they have – Guest Invite…
3. Creating, Configuring and Managing Identities
Understanding the concepts of user identities The term identity is used for using 1 identity to sign in to multiple accounts (SSO) Azure AD is the central directory services store Identities can be sync’d from on premise AD Some people say this is less secure because if a hacker gets your account details they have access to all your different…
2. Managing Services with PowerShell
Foundation of Administration with PowerShell PowerShell uses the verb-noun system. Verb examples Get Set Move Copy Start Connecting PowerShell to Manage Cloud Services You first have to install the modules for the commands to manage the cloud services. To search and see if you have the commands: Searching for Microsoft Online 365 commands- Get-command -noun *msol* …
1. Implementing the initial configuration of Azure Active Directory
Concepts to know about Microsoft Cloud Services Things are constantly changing You must be agile in utilising Microsoft’s cloud services Basics of Using Azure AD Portal Login: portal.azure.com All users and groups in Microsoft 365 are stored in Azure AD. Azure and Microsoft 365 share the Azure AD Services You can see users and groups in both Azure and…