Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this lesson titled As Your Heady Connects Parts, too.
00:06
This lesson is part of the second model off the A's at 500 Microsoft Azure Security Technologies costs
00:14
in this video out proceed from where stopped in the last video. Talking about Azure 80 connects the federation option.
00:24
Let's cover the benefits and downsides off federation.
00:28
The first benefit is that password ashes stay with dainty organization on authentication happens on premises.
00:35
The second benefit is I support single Sign on so that users can authenticate once on premises without a niche. Toby Authenticate again. Toe access Cloud applications.
00:47
It's got benefits. It's diet. Support advances, assigning scenarios like smartcard certificate or on premises M a fi service for authentication. So it's the only option that supports this. The foot benefit is I support on premises. She's a level security policies
01:06
like user logon restrictions,
01:07
because authentication happens on premises in the wait. What about the downsides of federation?
01:14
The first downside is that authentication to cloud applications relies on the stability of our on premises infrastructure.
01:22
On if the hair DFS service experience downtime,
01:26
no one cannot indicates the cloud applications.
01:30
The second downside is that the functionalities off a joy 80 protection that relies on password as she's been present in natural Haiti will not walk. So these are place to, for example, the legs credential report off as your 80 identity protection.
01:46
The final A Joy Haiti Connect option.
01:49
It's called Pashtu authentication
01:52
fast when starting Azure Lady connects to learn premises, and this creates the connection between on Prem, 80 and Azure Haiti.
02:00
It synchronizes to use the objects and attributes, but not the password, ashes off the users.
02:07
In this scenario, another agent called the pastor agent is introduced,
02:12
and this can be installed on the same several that we use for azure hair. D connect.
02:17
When a user goes to access cloud applications,
02:21
the other directors to Azure Haiti, which collects the authentication information on places, eats in a queue
02:30
the pastoral agents makes on our bound, secure connections. That's que to retrieve all the indication requests and for fused those on premises.
02:39
Let's talk about the benefits and downside off pastoral authentication.
02:44
The first benefit is that passed what Ashley stays within the organization on authentication apples on premises.
02:52
The second benefit is that with similar single sign on option, and neighborhood and configured users can authenticate once on premises without the needs. Toby authenticate again toe access cloud applications.
03:05
It thought. Benefit is that it supports as your a d Cloud, M F A and self service password reset
03:12
on the fourth benefit is I support on premises user level security policies. Because of the indication happens on premises.
03:21
What about the downsides off pastoral authentication?
03:23
The 1st 1 is that the functionality off azure Haiti identity protection that relies on past what ash has been present in Nigeria, Haiti will not work.
03:32
The second downside is they does not support advanced user sign in scenarios like smart CAD certificates on premises. MM face of our authentication.
03:44
There are additional us, in our view, is that we can enable Were organization. May wants to configure password as synchronization for disaster recovery scenarios so that they could fed over to azure Haiti if there's a significant downtime off on premises infrastructure.
04:01
So this is possible for board Pastoral indication on federation.
04:08
Let's talk about azure Haiti connect elf.
04:11
So this is it true that provides monitoring off our on premises identity infrastructure by a letting us to issues that may arise with them.
04:19
It requires extra agents that were installed on our on premises identity infrastructure. To achieve these
04:27
there. Three men capabilities off azure 80 connect elf.
04:31
The first capability is that it can monitor the synchronization between on Premises 80 on Azure Haiti on it can let us toe Detective Issues
04:44
for Decisions case. We may not need to install an additional agent as newer visions off the Azure. 80 connects To comes with this agent.
04:53
Next, it can monitor our own premise a tedious infrastructure, and it can also monitor our on premises a DFS implementations
05:03
for us to use this solution.
05:05
There's a requirement off Azure 80 premium P one opinion Peter.
05:11
One of the good thing about this is that monitoring and reporting information is uploaded to the azure a D. Connect else. Evie's in the Azure portal.
05:19
Yes, I'm quiz questions related to what we've discussed in this lesson. Quiz Question one.
05:28
The network contains an active directory Forest name Test cloud of X y Z
05:32
on a Joy D Tenants named Test Cloud of X, y Z.
05:38
You plan to configure synchronization by using the express settings installation option in Azure Haiti connect
05:46
in this to identify which rose and groups are required to perform the plant configuration.
05:53
The solution must use the principal off lease privilege,
05:56
which to those and groups should you identify
06:00
if you select that the global administrative Oh, in azure Haiti
06:04
on the Enterprise admits group in azure Haiti you would be correct,
06:11
because if we're using the express installation is gonna ask us to provide a credential that has global admit permission in Nigeria. Haiti on enterprise at men, Permission in on Prem Haiti, as we mentioned, is gonna use boots off discreet in shells to create other credentials that it's actually gonna be using for the synchronization
06:30
quiz. Question number two
06:32
And that's what contents is. Single domain on premise. Ease named Tess Cloud of X y Z.
06:39
You also have an azure A D Tenants named Tess Claudia X, Y Z.
06:44
You plan to deploy as your a D Connect on toe Integrate active directory on the azure Haiti tenant.
06:49
It needs to recommend an integration solution that Mr Following requirements
06:56
and shows that password policies and user logon restrictions apply to user accounts that are sinks to the tenant on minimizes the number off service required for the solution.
07:06
Which authentication methods should you include in your recommendation?
07:12
If you selected past short indication with seamless single sign on option number three, it would be correct, because in this particular case, we need to ensure password policies and user logon restrictions apply.
07:26
So for user logon restrictions to apply what indication needs to happen on premises on that we hit a B Federated our past, wrote indication
07:34
on. Because the requirement states that we need to minimize the number of sevens required.
07:40
Pastor authentication fits this the best.
07:44
Here's some supplementary links for further studies on the topics covered in this lesson
07:48
in summary. Here the topics are recovered in this Lessing
07:54
we started by talking about what is your heady connect is on the recommended steps to prepare for it installation,
08:01
but then proceeded to discuss the two options for installing as your 80 connect, namely the express installation or the custom installation,
08:09
and then would discuss the synchronization options for Joy. 80 Connect, which are password as synchronization federation and pastoral indication,
08:20
finally would discussed as your lady connect elf, which is an agent that can be used to monitor on premises identity infrastructure.
08:28
This brings us to the hand off this lesson.
08:31
Thanks very much for watching. And I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor