Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:01
Hello, Siberians. Welcome to this lesson titled Has Your a D? Connect Pat one.
00:07
This lesson is path off the second model off the Is it 500. Microsoft Azure Security Technologies casts
00:16
quick information on what will be covering in this lesson.
00:20
Who started by covering what as Your Lady connect is on the recommended steps to prepare for its installation.
00:27
Who proceed to discuss the two options for installing a Jahidi Connect on its true synchronization options,
00:34
who conclude by discussing an additional two called Azure Haiti Connect Elf.
00:39
Let's get into this.
00:41
For many organizations,
00:43
they're not starting from scratch when they adopt Microsoft Azure.
00:47
They already have an existing identity infrastructure at the Microsoft Active Directory Solution set of on premises.
00:55
For those organizations, it will be beneficial to have a way to synchronize existing identities from on premises. 80 Toe Azure Haiti,
01:06
as your heady connect is the which were achieved. Us.
01:08
So what is this? As your lady connects to
01:12
fast, it's a wizard base to that can be downloaded and installed on the system that is joined to our on premises Active directory Domene.
01:22
This stolen neighbors connectivity rich in on premises, active directory environment on Azure Haiti. On it synchronizes objects and the Heart tribute toe Azure Haiti.
01:34
Actually, in some cases it facilitates right backs, which opens up interesting use cases for self service. I ity
01:41
with capabilities like self service Password Reset
01:45
Men. Advantage of Azure 80 Connect is a centralization off identity management on provision of a common identity for access in both cloud and on premise is resources.
01:57
As a mentioned earlier, this tune needs to be installed on a system that is joined so on premises domain.
02:05
Before you study, Najai, 80 connects
02:07
the a few steps that have recommended to prepare for the installation. So I go smoothly,
02:13
fast. We need to prepay system running Windows Server 2012 or above, and it's needs to be joined to arm premises domain.
02:23
Next, it's recommended to use the idee fixe to toe identify and resolve Object attributes issues such as duplicates and formatting problems on our own premises. A. D. D. S.
02:37
So this will help us to avoid getting evers due to dis reasons. When as your Haiti connect starts to synchronization toe as your Haiti
02:46
thehyperfix tool is a free downloads that is available on Microsoft websites.
02:52
Next
02:53
as a jury. 80 Connect Act as a bridge between Azure Haiti on on Premises 80 ds.
03:00
What needs to provide accounts that have the necessary permission for both identity systems.
03:06
For the majority connection,
03:08
we need to provide an account that has global administrative role in azure Haiti,
03:14
and it's important to note that this account is no use for the synchronization.
03:19
This account is used to set up another account, called the Azure 80 Connector Account, which has write access to Azure Haiti. This is what it's used for. The synchronization
03:30
for the on premises, a tedious connection
03:32
we can optionally provide on enterprise have mean credential. If we're installing using the express setting, this would make sense to you in a few minutes.
03:43
This account is also not used for the synchronization.
03:47
It is used to set up another account cause the tedious connector account, which has read, write access to on premises, domains and forest.
03:58
When installing a Joy d connect,
04:00
we have the option to use express settings or custom settings.
04:04
Express installation automatically uses certain defaults like the password as synchronization. So instead of presenting us with an option to select it automatically just passed. What hash
04:17
It also automatically synchronizes all uses in a single demand toe azure Haiti instead of giving us the option to future
04:27
and it's uses Sequel Express instead of giving us the option to specify standalone, sick or seven installation.
04:34
The custom settings are the custom in solution. Gives us the flexibility to select our deployment options on to customize the to for a specific requirement,
04:46
for instance, we can select what a jury 80 connect option we implement. We want to implement Password, ash Federation or passed through.
04:57
We can choose to use the password as synchronization as a backup if we using a DFS or federation. If weighs in past routes,
05:05
we can choose to use the butin sequel Express or in life. Since a course ever as the database,
05:13
we can customize a set up to walk for a multi Dement's Navajo.
05:16
We can choose to future the objects that we want to synchronize toe anxiety by the men, organization, units, group or even object attributes.
05:27
And finally, we can choose the object attributes that we want to synchronize from on premises toe a joy 80.
05:34
When we implement azure Haiti connect using custom settings,
05:40
we have the option to choose which connection method for years.
05:44
The first option is something called Password. As synchronization
05:48
fast were installed, the Azure 80 connect it'll on premises.
05:54
This creates the connection between on permits a D on azure Haiti. It synchronizes T user objects and attributes, but also synchronizes the password ashes off the uses to azure Haiti.
06:06
So if a user needs to access cloud applications, the redirected to Azure Haiti, which does the authentication because they have the password ashes off the users
06:16
here, the benefits off the password. Our sink option.
06:20
The First East. It has no reliance on on premises infrastructure for indication
06:27
so that users will still be ableto authenticates the cloud application if we experience on downtime on premises,
06:33
the second benefit is that with similar single sign on Option and neighborhood and configured Jesus can authenticate once on premises with doubts the need to the authenticate again toe access cloud applications.
06:47
The total benefit is that there is a feature off as your hated premium that will talk about called Azure 80 Identity protection.
06:56
Some aspect off. This feature relies on password as she's been present in Azure Haiti on password as synchronization option for fused this requirement.
07:06
Finally, it supports NFI and self service Password reset, provided that we have divided your hated license in for days. What about the downsides? Off password? A sink. The first downside is passed. What as she has been synchronized toe Hajer.
07:24
Some organizations had justifiably consent about stopping their password ashes on systems that is no completely India control.
07:32
And they may even be a complaints requirement for certain types of organizations that forbids them from being able to do this.
07:41
Second downside is that it doesn't support advances. Assign in scenarios like using smart cats is in certificates or using on premises. MF a sever for authentication.
07:54
Finally, it doesn't support on premises user level security policies like use a long gun restrictions because a jury 80 authenticates to use I itself on. It has no awareness off the configured user level security policies on premises, so those were not apply.
08:13
The second azure Haiti connect option is federation
08:18
fast. We installed the Azure 80 connect stolen premises, and it's creates the connection between on Premises 80 on Najai 80.
08:26
It synchronizes T user objects and attributes but it does not synchronize the password. Ashes off the users
08:33
within. Deploy a federation sever on premises, and this can be either a DFS or pink Fed rate.
08:39
We configured the federation or trust relationship between their own premises federations ever on azure Haiti.
08:48
And if a user needs to access cloud applications, the every director toe azure Haiti,
08:52
which would direct user to the A federation, sever
08:56
the federation. Sever does the authentication against on Premises 80 and returns it talking to the user.
09:03
The men issue with this scenario is that if a single federation survive experiences downtime, no user can access cloud applications, so we'll probably needs toe had one more federation sever
09:18
on. Because it is not advice to expose our federation service to the Internet, we usually have to have Web application proxies in front of them.
09:28
You can see that we end up with a lot more infrastructure with the scenario
09:33
to avoid a video going too long,
09:35
our pasta recorded right here. Thanks very much for watching this video will continue the same lesson in the next video

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor