Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Mastering Identity and Access Management with Microsoft Azure

You're reading from  Mastering Identity and Access Management with Microsoft Azure

Product type Book
Published in Sep 2016
Publisher Packt
ISBN-13 9781785889448
Pages 692 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Jochen Nickel Jochen Nickel
Profile icon Jochen Nickel
LinkedIn
Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe.
See other products by Jochen Nickel

Table of Contents (22) Chapters

Mastering Identity and Access Management with Microsoft Azure
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
1. Getting Started with a Cloud-Only Scenario 2. Planning and Designing Cloud Identities 3. Planning and Designing Authentication and Application Access 4. Building and Configuring a Suitable Azure AD 5. Shifting to a Hybrid Scenario 6. Extending to a Basic Hybrid Environment 7. Designing Hybrid Identity Management Architecture 8. Planning Authorization and Information Protection Options 9. Building Cloud from Common Identities 10. Implementing Access Control Mechanisms 11. Managing Transition Scenarios with Special Scenarios 12. Advanced Considerations for Complex Scenarios 13. Delivering Multi-Forest Hybrid Architectures 14. Installing and Configuring the Enhanced Identity Infrastructure 15. Installing and Configuring Information Protection Features 16. Choosing the Right Technology, Methods, and Future Trends

Chapter 5. Shifting to a Hybrid Scenario

After discussing and implementing a cloud-only identity strategy we will explore some necessary information for a transition process into a hybrid IAM architecture with a single or multi forest On-Premise Active Directory environment. In this chapter, we describe the architecture changes and relevant tasks that need to be applied to provide a successful solution shift. This chapter provides you with the big picture; it will be filled with these details in related chapters:

  • Identifying the business drivers and changes for a hybrid move

  • Special handling for moving to a multi forest Active Directory environment

  • Describing the architecture and needed changes

Identifying business drivers and changes for a hybrid move

There are many reasons why a company needs or wants to move to a hybrid IAM strategy. The first relevant argument is that such a strategy builds the base infrastructure to support all other cloud solutions by providing authentication and authorization over company borders. Another very important side-effect is that you start to support new services and workloads. Furthermore, to be realistic, most companies drive their own On-Premise infrastructure, which needs to be integrated and added with additional functionality to support different cloud scenarios. Typical questions you will receive are:

  • Does the company need to support different cloud delivery models such as SaaS or PaaS?

  • Does the company need to support legacy applications or do they try to move them to the cloud?

  • Does the company need a central solution to manage On-Premise and cloud services at the same time?

  • Does the company need to integrate external identities to work with...

Special handling for moving to a multi-forest Active Directory environment

Microsoft provides three main integration scenarios that can be used standalone or combined in a hybrid IAM architecture. The first scenario builds the cloud identity scenario which we have already discussed and implemented in the first chapters of the book. The next two scenarios are:

  • Synchronized Identities: Azure AD Connect with password synchronization

  • Federated Identities: Azure AD Connect and ADFS for federation and local passwords will be used

As you can see, the Azure AD Connect tool is always required for any hybrid scenario you drive. So we need to start the supported topologies so that you can move to a single or multi forest scenario combined with single or multiple Azure Active Directories.

Supported topologies

The following topologies are supported by Microsoft:

  • Single Forest mapped to single Azure AD

  • This scenario is a commonly used one. Single forest and a single instance of Azure AD. For this scenario...

Describing architectures and needed changes

In this section, we will describe different architectures including the needed changes in big picture scenarios. In particular, we will discuss the integration of On-Premise applications with the whole authentication and authorization strategy. Furthermore, we start to take the first steps in the hybrid usage of MFA and Azure Rights Management Services (RMS) with typical examples.

Authentication integration

Azure AD provides the capability to integrate On-Premise applications with the Azure Active Directory Application proxy service. To use these capabilities, you just need to install the dependent module, the application proxy connector on your existing Windows Server 2012 R2 Web Application proxy server. With this installation and the necessary configuration, you have taken the first step in this hybrid authentication solution. The following figure shows this scenario to provide you with a better idea about this concept:

Note

The Azure Active Directory...

Summary

Now that you have finished working through this chapter, you will be able to identify some business drivers, feature sets, and architecture changes involved in stepping into a hybrid IAM scenario. You are also in a position to handle the special requirements of a hybrid approach with a single or multi forest On-Premise Active Directory. Remember that this chapter just provides overview information. However, don't worry, as we will get into all the details in the next couple of chapters.

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 22
Next Chapter arrow right
You have been reading a chapter from
Mastering Identity and Access Management with Microsoft Azure
Published in: Sep 2016 Publisher: Packt ISBN-13: 9781785889448
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime}

Authors (1)

Profile icon Jochen Nickel
LinkedIn
Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe.
Read more
See other products by Jochen Nickel

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon