Index
A
- Active Directory Domain Services (ADDS) / How Azure AD Connect Health works
- Active Directory Rights Management Service (AD RMS) / Azure Information Protection key basics
- Active Directory solutions
- extending, with Azure AD Domain Services / Extending Active Directory solutions with Azure AD Domain Services
- AD Authentication Library (ADAL) / Microsoft identity platform
- ADFS
- demo applications, installing on YD1APP01 / Installing demo applications on (YD1APP01) for ADFS
- authentication deployments / ADFS Authentication deployments
- applications, configuring for / Configuring additional applications for Azure AD and ADFS
- versus Azure AD B2B / Comparing AD FS with Azure B2B and B2C
- versus Azure AD B2C / Comparing AD FS with Azure B2B and B2C
- AD FS, as on-premise identity service for cloud
- about / AD FS as an on-premise identity service for the cloud
- typical single-forest deployment / Typical single-forest deployment
- multiple Active Directory forests, running / Two or more Active Directory forests running separate AD FS instances
- AD FS instance, running for multiple trusted forests / Running one AD FS instance for multiple trusted forests
- AD FS instance, for multiple Active Directory forests without AD trust / One AD FS instance for multiple Active Directory forests without an AD trust
- local CP trust, used for supporting multiple Active Directory forests / Using a local CP trust to support multiple Active Directory forests
- shared Active Directory environment, using / Using a shared Active Directory environment
- ADFS farm
- installing, on YDADS01 / Installing the ADFS farm on YDADS01
- ADFS Health Agent
- fundamental values / How Azure AD Connect Health works
- administrative accounts
- protecting / Protect your administrative accounts
- administrative privileges
- protecting, Azure AD PIM used / Using Azure AD PIM to protect administrative privileges
- administrative roles
- scoping / Scoping administrative roles
- administrative units (AUs)
- roles, assigning / Assign roles to administrative units
- about / Assign roles to administrative units
- creating / Creating an administrative unit
- users, adding to / Adding users to an administrative unit
- configuration, testing / Test your configuration
- administrative workstation
- configuring / Configuring your administrative workstation
- advanced synchronization concepts
- considerations / Special considerations in advanced synchronization concepts
- Advanced Threat Analytics (ATA) / Azure ATP and how to use it
- AIP capabilities
- for data, at rest / Understanding and using AIP capabilities for data at rest
- AIP capabilities, for data in motion
- about / Understanding and using AIP capabilities for data in motion
- Azure Information Protection usage / Scenario 1 – Usage of Azure Information Protection
- Windows Defender ATP / Scenario 2 – Monitoring with Windows Defender ATP
- sensitive information, identifying in cloud ecosystem / Scenario 3 – Identifying sensitive information in your cloud ecosystem
- data leakage prevention, in Office 365 / Scenario 4 – Data leakage prevention in Office 365
- AIP client PowerShell / AIP client PowerShell
- applications
- configuring, for Azure AD / Configuring additional applications for Azure AD and ADFS
- configuring, for ADFS / Configuring additional applications for Azure AD and ADFS
- authentication / Access control to data
- authentication, legacy
- reference / Microsoft Identity Protection solutions
- authorization / Access control to data
- Azure Active Directory
- implementing / Implementing a solid Azure Active Directory
- Azure Active Directory (Azure AD) Identity Protection
- reference / Azure AD Identity Protection
- Azure Active Directory B2B integration / Azure Active Directory B2B integration
- Azure Active Directory Connect / Azure Active Directory Connect
- Azure Active Directory Connect high availability / Azure Active Directory Connect high availability
- Azure Active Directory Domain Services Integration / Azure Active Directory Domain Services Integration
- Azure Active Directory implementation
- administrative workstation, configuring / Configuring your administrative workstation
- custom company branding / Custom company branding
- Azure Active Directory Privileged Identity Management (PIM)
- using, to protect administrative privileges / Using Azure AD PIM to protect administrative privileges
- tasks / Using Azure AD PIM to protect administrative privileges
- Azure AD
- Windows 10 client, joining / Join your Windows 10 client to Azure AD
- monitoring / Azure AD monitoring and logs
- logs / Azure AD monitoring and logs
- authentication deployments / Azure AD authentication deployments
- applications, configuring for / Configuring additional applications for Azure AD and ADFS
- Azure AD B2B
- about / Understanding Azure AD B2B
- invitation flows / Understanding Azure AD B2B
- reference / Understanding Azure AD B2B
- resource access, providing to external partners / Providing resource access to external partners (on-premise)
- versus Azure AD B2C / Comparing Azure AD B2B and B2C
- versus AD FS / Comparing AD FS with Azure B2B and B2C
- Azure AD B2B portal
- using / Using the Azure AD B2B portal and use cases
- installing / Installation and configuration
- configuring / Installation and configuration
- usage / Usage of the portal
- considerations / Special considerations
- Azure AD B2C
- exploring / Exploring Azure AD B2C
- reference / Exploring Azure AD B2C
- tenant creation / Azure AD B2C tenant creation
- demo app registration / Demo app registration
- user flow creation / User flow creation
- Visual Studio code modification / Visual Studio code modification
- versus AD FS / Comparing AD FS with Azure B2B and B2C
- Azure AD Connect
- connecting, to AD forest / Connecting Azure AD Connect to the second forest
- Azure AD Connect Health
- working / How Azure AD Connect Health works
- Azure AD Domain Services
- configuring / Configure Azure AD Domain Services
- testing / Test and verify your new Azure AD Domain Services
- verifying / Test and verify your new Azure AD Domain Services
- Active Directory solutions, extending with / Extending Active Directory solutions with Azure AD Domain Services
- Azure AD environment
- preparing, for tests / Preparing your Azure AD environment for tests
- Azure AD Identity Protection
- about / Azure AD Identity Protection
- capabilities / Azure AD Identity Protection
- features / Azure AD Identity Protection
- Azure AD Join
- integrating, for Windows 10 clients / Integrating Azure AD Join for Windows 10 clients
- Azure AD Web Application Proxy
- publishing with / Publishing with Windows server and Azure AD Web Application Proxy
- Azure ATP
- using / Azure ATP and how to use it
- guidance, reference / Azure ATP and how to use it
- Azure Information Protection (AIP)
- overview / Azure Information Protection (AIP) overview
- benefits / Azure Information Protection (AIP) overview
- basics / Azure Information Protection key basics
- Microsoft-managed keys / Microsoft-managed keys
- bring your own key (BYOK) / Bring your own key
- hold your own key / Hold your own key
- preparing, for configuration / Preparing to configure and manage AIP
- managing / Preparing to configure and manage AIP
- configuring / Configuring AIP
- classification schema, creating / Creating the classification schema
- sub-labels, creating / Creating sub-labels and scoped policies
- scoped policies, creating / Creating sub-labels and scoped policies
- visual markings / Using visual markings
- automatic classification / Configuring automatic classification and protection
- automatic protection / Configuring automatic classification and protection
- justification feature / Using justification
- protection options, configuring / Configuring protection options
- unified labeling, activating / Activating unified labeling
- lab challenge / Lab challenge
- PowerShell, using with / Using PowerShell with Azure Information Protection
- Azure Information Protection P2 licensing / Configuring automatic classification and protection
- Azure Key Vault / What is the Azure Key Vault?
- Azure MFA
- Azure MFA (YD1ADS01)
- integrating / Integrating Azure MFA (YD1ADS01)
- Azure Rights Management Service (RMS)
- about / Azure Information Protection key basics
- deployment models / Azure Information Protection key basics
- basic functionality / Azure Information Protection key basics
- algorithms / Algorithms and key lengths
- key lengths / Algorithms and key lengths
- user environment-initialization flow / User environment-initialization flow
- content-protection flow / Content-protection flow
- content-consumption flow / Content-consumption flow
- super users / Azure RMS super users
- onboarding controls / Onboarding controls
- templates / Azure RMS templates
- logging / Azure RMS logging
- cmdlets / Useful Azure RMS cmdlets
- Azure RMS management
- with PowerShell / Azure RMS management with PowerShell
- Azure Security Center / Azure Security Center for monitoring and analytics
- Azure services
- reference / Azure AD Identity Protection
- for automation / Azure services for automation
B
- basic environment
- installing / Basic environment installation and configuration
- configuring / Basic environment installation and configuration
- biometric authentication / Biometric authentication
- bring your own key (BYOK) / Azure Information Protection key basics
- BYOK deployment
- testing / What is the Azure Key Vault?
C
- certificate authentication / Certificate authentication
- claims, Azure AD
- classification scheme / Description of the classification scheme
- Cloud Access Security Broker (CASB) / Scenario 3 – Identifying sensitive information in your cloud ecosystem
- Cloud App Security service
- about / Microsoft Identity Protection solutions
- capabilities / Azure AD Identity Protection
- cloud deployment
- based on identity director service / Cloud deployment based on identity director service
- conditional access
- using / Using conditional access
- Connected Data Source (CD) / Azure Active Directory Connect
- connected directories (CDs) / Connected Directories
- connector objects / Connector objects
- connectors
- reference / MIM synchronization service
- connector space (CS) / MIM synchronization service, Azure Active Directory Connect
- considerations, advanced synchronization concepts
- standard filters, using to exclude users / Using standard filters to exclude users and groups
- standard filters, using to exclude group / Using standard filters to exclude users and groups
- custom rule, building for filtering / Building a custom rule for filtering
- Azure AD Connect, connecting to AD forest / Connecting Azure AD Connect to the second forest
- crawl-walk-run strategy / Microsoft Identity Protection solutions
- Create, Read, Update, Delete (CRUD) / MIM service and portal
- custom company branding
- about / Custom company branding
- summary of help information / Summary and recommendations of the help information
- recommendations of help information / Summary and recommendations of the help information
- custom domain
- configuring / Configuring a custom domain
- custom rule
- building, for filtering / Building a custom rule for filtering
- cyber security architecture, Microsoft
- reference / Azure Information Protection (AIP) overview
D
- data-processing roles
- defining / Defining the data-processing roles
- data owners / Defining the data-processing roles
- data managers / Defining the data-processing roles
- administrator / Defining the data-processing roles
- users / Defining the data-processing roles
- data classification
- overview / General overview of data classification
- aspects / General overview of data classification
- methods / Methods of data classification
- unstructured data / Data classification and unstructured data
- Data Leakage/Loss Prevention (DLP) / Data classification and Data Leakage/Loss Prevention
- compliance / Data classification and compliance
- storage optimization / Storage optimization
- access control, to data / Access control to data
- scheme / Classification scheme and policy example, Description of the classification scheme
- visual markings / Visual markings and rules based on the classification label
- general desired behavior example / General desired behavior example
- modifying / Change of classification
- Data Leakage/Loss Prevention (DLP) / Data classification and Data Leakage/Loss Prevention
- declarative provisioning / Understanding declarative provisioning and expressions
- demo applications
- installing, on YD1APP01 / Installing demo applications on (YD1APP01) for ADFS
- demo apps (Azure AD)
- subscribing to / Subscribing to demo apps (Azure AD)
- development environment
- preparing / Technical requirements
- device authentication / Device authentication
- disconnector objects / Disconnector objects
- dynamic group memberships
- configuring / Configure dynamic group memberships
E
- Enterprise Mobility Suite (EMS) / Implementing a solid Azure Active Directory
- export process / Azure Active Directory Connect
- expressions / Understanding declarative provisioning and expressions
F
- Fiddler Debugging tool / ADFS Authentication deployments
- Flexible Single Master Operation (FSMO) roles / How Azure AD Connect Health works
- flow facts, OAuth 2.0
- authorization code flow / Authorization code flow
- client credential flow / Client credential flow
- implicit grant flow / Implicit grant flow
- resource owner password credentials flow / Resource owner password credentials flow
- Forefront Identity Manager (FIM) / MIM service extensions
G
- General Data Protection Regulation (GDPR) / Access control to data
- Global Address List (GAL) / Multi-forest integration
- globally unique identifier (GUID) / Import flow
- group-based application access
- providing / Provide user and group-based application access
- group managed service account (gMSA) / Connecting Azure AD Connect to the second forest
- groups
- creating / Creating and managing users and groups
- managing / Creating and managing users and groups
- applications, assigning to / Assign applications to groups and define login information
- login information, defining / Assign applications to groups and define login information
- guest user life cycle
- handling / Handling the guest user life cycle
- invitation process, exploring with user types / Use Case 1 – Exploring the invitation process with different user types
- on-premise application access / On-premise application access for guest users
H
- Health Insurance Portability and Accountability Act (HIPAA) / Access control to data
- hold your own key (HYOK)
- about / Azure Information Protection key basics, Hold your own key
- limitations / Hold your own key
- benefits / Hold your own key
- HSM / What is an HSM?
- Hybrid Identity directory integration tools comparison
- reference / Technology overview
- HYOK deployment
- configuring / Hold your own key
- testing / Hold your own key
I
- Identity-Management (IdM) / MIM service and portal
- import process / Azure Active Directory Connect
- inbound synchronization / Inbound synchronization
- Industrial Control System (ICS) / Access control to data
- Information Protection SDK 2.1
- installation link / Technical requirements
- infrastructure as a service (IaaS) / Configure Azure AD Domain Services
- Integrated Windows Authentication (IWA) / On-premise application access for guest users
- Internet of Things (IoT) / Access control to data
J
- joins
- overview / Joins
K
- Kerberos Constrained Delegation (KCD) / On-premise application access for guest users
L
- lab environment
- preparing / Preparing your lab environment, Preparing your lab environment, Preparing your lab environment
- overview / Lab environment readiness
- extending / Usage of the portal, Extending your lab environment
- LDAPS configuration
- let's encrypt
- certificate, creating for environment / Create the certificate for your environment with let's encrypt
- Lightweight Directory Access Protocol (LDAP/S) / Extending Active Directory solutions with Azure AD Domain Services
- Lithnet AutoSync tool
- reference / MIM synchronization service extensions
M
- management agent (MA) / MIM synchronization service, Azure Active Directory Connect
- metaverse (MV) / MIM synchronization service, Azure Active Directory Connect, Import flow
- methods, data classification / Methods of data classification
- Microsoft Accounts (MSA) / Microsoft identity platform
- Microsoft Authentication Library (MSAL) / Microsoft identity platform
- Microsoft Azure
- implementation scenario / Implementation scenario overview
- Microsoft Cloud App Security Broker (MSCASB) / Microsoft Identity Protection solutions
- Microsoft Cloud Solution Provider / Microsoft Cloud Solution Provider summary
- Microsoft Identity Manager (MIM) 2016
- about / Technology overview, Microsoft Identity Manager (MIM) 2016
- components / Microsoft Identity Manager (MIM) 2016
- features / Microsoft Identity Manager (MIM) 2016
- password reset / MIM password reset and user account unlock
- Account Unlock functionality / MIM password reset and user account unlock
- privileged access management (PAM) / MIM privileged access management
- Organizational Management / Additional solution
- User Management / Additional solution
- Access Management / Additional solution
- Service Management / Additional solution
- Microsoft identity platform / Microsoft identity platform
- Microsoft Identity Protection
- solutions / Microsoft Identity Protection solutions
- Microsoft Information Protection SDK / Understanding the Microsoft Information Protection SDK
- Microsoft Information Protection solutions
- Microsoft Cloud App Security / Microsoft Information Protection solutions
- Conditional Access / Microsoft Information Protection solutions
- SharePoint / Microsoft Information Protection solutions
- Office 365 Message encryption / Microsoft Information Protection solutions
- Office 365 Data Loss Prevention / Microsoft Information Protection solutions
- Office 365 Advanced Data Governance / Microsoft Information Protection solutions
- Azure Security Center Information Protection / Microsoft Information Protection solutions
- Windows Information Protection / Microsoft Information Protection solutions
- Office Apps / Microsoft Information Protection solutions
- Adobe PDFs / Microsoft Information Protection solutions
- Microsoft Intelligent Security Graph
- reference / Azure ATP and how to use it
- Microsoft Rights Management SDK 2.1
- overview / Overview of the RMS 2.1 and 4.2 SDKs
- Microsoft Rights Management SDK 4.2
- overview / Overview of the RMS 2.1 and 4.2 SDKs
- MIM portal
- about / MIM service and portal
- reference / MIM service and portal
- MIM service / MIM service and portal
- MIM service extensions / MIM service extensions
- MIM synchronization service
- about / MIM synchronization service
- extensions / MIM synchronization service extensions
- MIP binaries
- used, for exploring functionality / Using MIP binaries to explore functionality
- Multi-Azure Active Directory Integration / Multi-Azure Active Directory Integration
- multi-factor authentication / Multi-factor authentication
- multi-forest integration / Multi-forest integration
- multi-tenant application
- about / What defines single- and multi-tenant applications
- deploying, with OpenID Connect / Deploying another multi-tenant app with OpenID Connect
- multi-tenant scenario
- single-tenant app, moving to / Moving the single-tenant app to a multi-tenant scenario
O
- OAuth 2.0
- about / OAuth 2.0
- principal facts / Key facts about OAuth 2.0
- flow facts / Main OAuth 2.0 flow facts, Authorization code flow
- OpenID Connect
- multi-tenant app, deploying / Deploying another multi-tenant app with OpenID Connect
- OpenID Connect (OIDC)
- about / OpenID Connect (OIDC)
- key facts / Key facts about OIDC
- organizational groups
- group owners, setting for / Set group owners for organizational groups
- delegated group management / Delegated group management for organizational groups
- outbound synchronization / Outbound synchronization
P
- pass-through authentication / Pass-through authentication and seamless SSO
- password, synchronization
- reference / Microsoft Identity Protection solutions
- password reset self-service capabilities
- about / Password reset self-service capabilities
- notifications, configuring / Configure notifications
- testing / Test the password reset process
- Payment Card Industry Data Security Standard (PCI DSS) / Access control to data
- placeholder objects / Placeholder objects
- PowerShell
- using, with Azure Information Protection / Using PowerShell with Azure Information Protection
- Privileged Access Management (PAM) / Using Azure AD PIM to protect administrative privileges
- Privileged Identity Management (PIM) / Test your configuration, Using Azure AD PIM to protect administrative privileges, Azure RMS super users
S
- SAML
- core principles / Security Assertion Markup Language (SAML) 2.0
- key facts / Key facts about SAML
- attribute profiles / Key facts about SAML
- SAML web SSO profile / Key facts about SAML
- SCIM provisioning feature
- seamless SSO / Pass-through authentication and seamless SSO
- Security Assertion Markup Language (SAML) 2.0 / Security Assertion Markup Language (SAML) 2.0
- security culture
- need for / Why do we need a security culture?
- pillars / Pillars of a good security culture
- leadership support / Leadership support
- training strategies / Training
- training approaches / Training
- testing / Testing
- continuous communication / Continuous communication
- security monitoring
- Security Token Service (STS) / WS-Federation
- self-service application management
- configuring / Self-service application management
- self-service group management
- configuring / Configure self-service group management
- sales internal news group, creating as Office 365 / Create the sales internal news group as an Office 365 (distribution group)
- Service Level Agreement (SLA) / Azure Information Protection key basics
- Simple Object Access Protocol (SOAP) / MIM service extensions, Azure Information Protection key basics
- single-forest integration / Single-forest integration
- single-tenant application
- about / What defines single- and multi-tenant applications
- deploying, including roles/claims / Deploying a single-tenant application including roles and claims
- moving, to multi-tenant scenario / Moving the single-tenant app to a multi-tenant scenario
- single page application (SPA) / Additional solution
- single sign-on (SSO) / Azure Active Directory Connect
- SQL Always-on Availability (AOA) Group support / Azure Active Directory Connect high availability
- staging / Azure Active Directory Connect
- standard filters
- using, to exclude users / Using standard filters to exclude users and groups
- using, to exclude groups / Using standard filters to exclude users and groups
- stateless security token service (STS) / Pass-through authentication and seamless SSO
- synchronization
- concepts / Synchronization terms and processes
- processes / Synchronization terms and processes
- UserPrincipalName suffix decisions / UserPrincipalName suffix decisions
- Active Directory preparations / Active Directory preparations
- Source Anchor decisions / Source Anchor decisions
- connected directories (CDs) / Connected Directories
- import flow / Import flow
- full import / Import flow
- inbound synchronization / Inbound synchronization
- outbound synchronization / Outbound synchronization
- synchronization flows / Synchronization flows
- synchronization process / Azure Active Directory Connect
- synchronization rules editor / Synchronization rules explained
- synchronization scenarios
- about / Synchronization scenarios
- single-forest integration / Single-forest integration
- multi-forest integration / Multi-forest integration
- Multi-Azure Active Directory Integration / Multi-Azure Active Directory Integration
- Azure Active Directory Domain Services Integration / Azure Active Directory Domain Services Integration
- stretched Active Directory, to Azure IaaS / Stretched Active Directory to Azure IaaS
- Azure Active Directory B2B integration / Azure Active Directory B2B integration
- Azure Active Directory, and Microsoft Office 365 synchronization / Azure Active Directory and Microsoft Office 365 synchronization
- Identity, and password-hash synchronization / Identity and password-hash synchronization including SSO options
- Identity synchronization, including PingFederate integration / Identity synchronization including PingFederate integration
- Identity and password-hash synchronization / Identity and password-hash synchronization including ADFS integration
- Azure Active Directory Connect high availability / Azure Active Directory Connect high availability
T
- Thales HSM implementation, in Azure RMS deployment
- benefits / What is an HSM?
- token formats
- Security Assertion Markup Language (SAML) 2.0 / Security Assertion Markup Language (SAML) 2.0
- WS-Federation / WS-Federation
- OAuth 2.0 / OAuth 2.0
- OpenID Connect (OIDC) / OpenID Connect (OIDC)
- token standards / Common token standards in a federated world
U
- user-based application access
- providing / Provide user and group-based application access
- users
- managing / Creating and managing users and groups
- creating / Creating and managing users and groups
- login information, defining / Assign applications to users and define login information
- applications, assigning to / Assign applications to users and define login information
- user sign-in process
- components / Pass-through authentication and seamless SSO
V
- Visual Basic for Applications (VBA) / Understanding declarative provisioning and expressions, Synchronization rules explained
W
- Web Application Proxy
- installing, on YD1URA01 / Installing the Web Application Proxy on YD1URA01
- Web Resource Authorization Profiles (WRAP) / Key facts about OAuth 2.0
- Windows 10 client
- joining, to Azure AD / Join your Windows 10 client to Azure AD
- verifying / Verify the newly joined Windows 10 client
- Windows Azure Pack (WAP) / How Azure AD Connect Health works
- Windows Communication Foundation (WCF) / MIM service extensions
- Windows server
- publishing with / Publishing with Windows server and Azure AD Web Application Proxy
- Workflow Activity Library (WAL) / Microsoft Identity Manager (MIM) 2016
- WS-Federation
- about / WS-Federation
- key facts / Key facts about WS-Federation
Y
- YD1APP01
- demo applications, installing on / Installing demo applications on (YD1APP01) for ADFS
- YD1URA01
- Web Application Proxy, installing on / Installing the Web Application Proxy on YD1URA01
- YDADS01
- ADFS farm, installing on / Installing the ADFS farm on YDADS01