Migration of On Premise Users and Groups You don’t have to sync your whole domain to the cloud. You can select which users to sync using OU’s and Groups. You can include and exclude specific OU’s and Groups Understanding SSO, PHS, PTA and ADFS Federation Concepts Azure AD Auth uses different languages to AD on premise. Azure…
Category: Technology
7. Understanding SSO, PHS, PTA & ADFS SAML Identity Strategies and Concepts
Evaluating Requirements and Solutions – Sync for PHS, PTA and ADFS SAML Federation Authentication for Hybrid Identity Managed Authentication: Azure AD will handle the authentication locally by using a locally stored hashed version of the password or sends the credentials to an on-premise software agent to be authenticated on the premise by AD DS Federated Authentication: Azure AD redirects…
6. Managing Domains for Hybrid Configuration with On-Premise
Configuring On-Premise Active Directory to Support Additional Domains Seamless SSO The goal with this is for users to logon to the local domain and be automatically logged in to Microsoft 365 Adding another UPN (User Principal Name) To allow your users to be associated with another domain you need to add a UPN for that domain in Active Directory. To…
5. Planning for Hybrid Identity Management
Planning for Azure AD/Microsoft 365 Hybrid On-Premise Infrastructure You can integrate M365 with existing directory services and on premises Exchange Server etc…. You can synchronise and manage user accounts for both environments. You can add password hash synchronisation or SSO so users can logon to both environments with their on premise credentials When integrating with on premise server products…
4. Implementing and Managing External Identities
Managing External Collaboration Settings in Azure Active Directory Business to Business collaboration is about sharing resources Go to Azure AD -> Users -> Users Settings Scroll down and click on “Manage External Users Collaboration settings” From here you can set Guest user settings such as: – Access restrictions: which level of access to resources they have – Guest Invite…
3. Creating, Configuring and Managing Identities
Understanding the concepts of user identities The term identity is used for using 1 identity to sign in to multiple accounts (SSO) Azure AD is the central directory services store Identities can be sync’d from on premise AD Some people say this is less secure because if a hacker gets your account details they have access to all your different…
2. Managing Services with PowerShell
Foundation of Administration with PowerShell PowerShell uses the verb-noun system. Verb examples Get Set Move Copy Start Connecting PowerShell to Manage Cloud Services You first have to install the modules for the commands to manage the cloud services. To search and see if you have the commands: Searching for Microsoft Online 365 commands- Get-command -noun *msol* …
25. Monitor Resources using Azure Monitor
Overview of Azure Monitor Azure Monitor is a centrally place to monitor applications and infrastructure. It can monitor: VMs Applications Storage accounts Containers Networks SQL By default Azure Monitor doesn’t do anything until you connect your infrastructure to it. “Azure Monitor collects monitoring telemetry from a variety of on-premises and Azure sources. Management tools, such as those in Azure Security…
24. Monitor and troubleshoot virtual networking
Azure Monitor for Networks “Azure Monitor Network Insights provides a comprehensive view of health and metrics for all deployed network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitor, flow logging for network security groups (NSGs), and Traffic Analytics.” From <https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-insights-overview> Monitoring Networks Go to “azure Portal -> Monitor -> Networks” From here you can see your different networks and…
22. Secure Access to Virtual Networks
NSGs (Network Security Groups) “You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and…