Many organizations leverage Active Directory for authentication and a centralized identity internally and look to extend this to cloud services. This course will show how to extend Active Directory to Azure based services and how to leverage Azure AD for a single identity throughout all services while integrating with your existing AD.
John Savill is an 11-time MVP, and he holds many Microsoft certifications
including Azure Infrastructure and Azure Architecture specialist. John is
the author of the popular FAQ for Windows and a senior contributing editor
to Windows IT Pro. John has written eight books on Microsoft technologies
including Mastering Microsoft Azure Infrastructure Services and Mastering
Windows Server 2016 Hyper-V.
Discovering Cloud Applications Used in Your Organization Discovering Cloud Applications Used in Your Organization. We previously looked at this fantastic ability to add applications to your Azure AD instance. These are applications either federated with Azure or they're using some kind of credential staffing, but the upshot of that is, I don't have to manually maintain those relationships. Azure is doing that for me. I simply add applications to my Azure AD instance and then I provision them to users or groups of users and that's fantastic, but a question is going to arise. Which applications do I need to add in my organization? Now as an IT department, I'll have an idea of the ones that I think are used the most. I know we use Office 365. I know we use Azure, but what about the business units? What are they using? How do you find out the applications they're using that they've gone and provisioned just with their corporate cards? How do you know? And so the goal of this module is to understand the types of applications that may be being used in your organization and then how to discover the applications used within your company. So the types of applications there are and then which particular ones are being used, because with that information, I can then actually go and decide well these are the applications I should add to my Azure AD instance. These are the groups of users I should provision them to and I'll know how many users in which groups, what ones should I prioritize?
Implementing MFA Using Azure AD Implementing MFA using Azure AD, so multi-factor authentication and there are a number of drivers behind this, so I want to cover why password are terrible. We don't want to use them anymore and this is very much an industry trend. If you look at Windows, Windows is really pushing to try and move away from passwords. We saw it with the picture password, a number of gestures on the screen, and we see it with Windows Hello where it recognizes a 3D image of our face. Pins are emphasized and a lot of times you think well these things sound simpler than a password so why is this a good thing? I'll get to that in a second, but just accept passwords are pretty crappy, we don't like those, and so using multi-factor authentication with Azure AD because multi-factor authentication can be intimidating. How do I get started with this? I often see these complex tokens and there must be a huge amount of infrastructure. Azure AD is flipping a switch. Now potentially the license is involved, but the actual implementation is very light, very easy to do. And then beyond MFA because we still have a password, enabling self-service password reset. So users forget their password. How can they reset it without having to go through the help desk? So looking at how Azure AD can enable that and even enable that to write back to your On-Premises Active Directory.
Reporting and Monitoring with Azure AD Reporting and Monitoring with Azure AD. We've moved to this cloud identity. This is the focus for all of our connectivity to all of those cloud SaaS applications out there and we're going to make it as secure as possible. We're going to use things like MFA, but it does have the potential for more attacks. I'm using this single identity across all these different services. So in this module I want to look at some of the reporting and overall monitoring we can do to really make sure our identities are secure and well monitored as possible. So my goal is the need for the insight into Azure Active Directory using the Azure AD reports and also monitoring the health of the Azure AD Connect. Remember, this is what replicates the On-Premises Active Directory identities to the Azure AD identities, so if that's not healthy and it's not replicating correctly, then I'm going to get problems so I want to make sure that's as healthy as possible and there's a great solution to actually help me with that.