Azure AD Hybrid Identity Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

14 hours 28 minutes
Video Transcription
Hello, Siberians. Welcome to lesson 1.5 Off money, one off. This cost titled Is it visual? One. Microsoft Azure architect. Design
some quick information on what will be covering in this service. Off lessons
and the first part off the service Who styled by carving what as your a D connect ese.
Well, then cover some information on how to prepare your on premises. 80. Infrastructure. If you're planning to synchronize your identities to anxiety,
then we'll starts to cover this inclination options that are available on the use cases off which option.
So this will give you the information needed to select the right synchronization option based on your designs. Scenario
in Parts two. Who conclude our lesson on synchronization options wouldn't cover as your 80 connect elf, which is a tool that can help with the monitoring off our own premises. Identity infrastructure
wouldn't give some information on the self service password ofhis set feature off Lady.
Finally, in Pat Story would go to some quiz questions and share supplementary material references with you for for the studies of the concept that we've discussed. Let's get into this.
So let's go ahead and talk about as your lady connect and what, exactly these two lists.
So for many organizations, they're not going to be starting from scratch when they start adopting makes off the job. So many organizations already have the identity, infrastructure and business critical applications set up in local data centers on premises.
So for those organizations,
it will be beneficial for them. Tow have a way to synchronize their existence. Identities from on premises. 80 toe a joy. 80.
The way to do that is azure. 80 Connects. It's due to that proved fight synchronization capabilities between our own premises. Identity infrastructure in terms of active directory toe as your aid.
So let's delve deeper into Azure a d connect. First of all, it's a wizard Bates, too. So there's a tool that we can go to download, either from the azure Pato on are we can go straight to the max off websites to download things, too.
Some of you will be familiar with the holder. Think, too. So this is sort of like an improvement on evolution off that software, so it's actually being redesigned on its way much more robust than the old thirsting, too.
So this too once you've installed it on the mission that's joined to on on premises domain infrastructure.
It enables connectivity between your on premises identity and as your 80. So it's sort of like a bridge between those two identity environment
for you to be able to install this to the requirement. Is it domain joint computer? So you do not have to install these two on your domain controller. Actually, that's not good practice to do that. So the recommended practices gather mission that's joint two year on premises domain on. That's where you install this, too.
So before we even start talking about synchronizing our identities from on premises treasure 80 the ascendant fees that we need to do
Andi has a quick list about some useful tasks for you to go true before you begin this process. Number one if you want to clean up your existing 80 objects. So this is a very good time to clean up your Iraqi cleanup. Still objecting in active directory
on Just get rid off unnecessary stuff.
you want to fix object attributes issues with two called idee fixe. So what is this talking about is when you download the lady connects to
and you're using the synchronized our identities to Azure 80
one of the things to keep in mind. These
if you're hab Jackson premises have
incorrect values are have values that are not allowed the national Haiti that will cost the synchronization of the objects to fill.
So what we can do this? We have a free to provided by Microsoft Court idee fix that we can download on. We can run that against our own premises. Active directory on what these two would do is it will run through our objects on premises and identify any objects that have a tribute values
that will not be synchronized to azure Haiti
so that we can go ahead and fix that. And I'll show you a demo of this When we said when we get to the demonstration section
the dot friend that wanted this want to matter on premises A. D. D. S European with joy. The ups. So what this is referring to is,
for example, the environment that I showed you in the last lesson. I have my hodja here, Lieutenant, which is now super clouds that X y Z
for many organization. That's probably not what stay using on premises, maybe a using something that's not even publicly, um, palatable of the table. However, you pronounce that maybe you're using something like it's stopped the main off your mein Damen.
But for single sign on properties and other use for reasons you don't want your users to get confused, you want to make That's to match so that your on premises U p and that your users I using the signing is the same as what they use when they try to access cloud applications.
And then, finally, you want to predetermine what future in options that you use. What that means is you want to avenge your identity, infrastructure and premises in such a way that it matches the way that you're going to be using the future or two. Synchronized graduated. What at mrs, for example,
let's say you decide to use all you based filtering.
That means you want to move your objects around so that the objects that you want to synchronize into azure Haiti in the all use that you want them to be
right, so that would make it easy for you to be able to select the right or use when you're configuring your synchronization Or if you want to use groups, you have to make sure that account in the right groups if you want to use the men based or attribute based filtering.
Haftar we've installed the Azure Adie connects to,
and when we begin to come, forget the synchronization.
It's gonna allow hostile select from 11 off three options. So the first option that we have is something called password ash synchronization
on what passed What synchronization allows us to do from where you can see in the diagram that I'm showing you. I have a name premises 80 infrastructure on the left hand side on my joi de talent on the right Inside
first I installed my azure lady connects to on my own premises infrastructure
which enables the synchronization between as your hair Dion on premises Active directory.
Now, if I select past what a synchronization is going to synchronize my user objects on the attribute of the user object included the ashes off the password. So what? This Mrs if I have uses that needs to access cloud application that just as your Haiti as
the Identity Provida
gotta be redirected towards Joy. Haiti, which will be ableto authenticates them because as your head, he actually has the password hodge sink on Ninth Street.
So quick, somebody off. What password A synchronization option is so it's going to sink. Manages the objects on the password ashes from on Premises 82 as your Haiti
right so it gives us sign into actual 80. Service is using the simple past what they use on premises again, as your lady has the password that synchronized to eat. So that's good.
This option actually support seamless single sign in so that once users have authenticated on premises, they don't need to be authenticate to be able to access cloud applications on it. Also support functionalities like Cloud Emma fee and self service. Password reset.
Moving on to option number two that we can select if way, when we're configuring this synchronization using the Azure 80 connects to
on the left hand side again, we have the on premises
infrastructure and undivided and said we have actually detail int, so we start out by downloading and installing the actual 80 connects to.
But in this case,
after the connection is made,
only the user object on attributes would be synchronized to a jury. 80 knots. The password ashes. In this case, you say, Why would somebody want to do that? Some organizations are very careful about synchronizing their password ashes outside something that we did India control. So in that case, this is an option that they can use.
What that means is whenever users goes to access cloud applications that used as your Haiti as the identity provider,
the situation is a bit different because how are they gonna be able to authenticate? So we're going to introduce
a new component, which is an idea First, ever active director Federation seven Sever
into that so that Eddie F s ever will have a trust relationship between azure Haiti and Idea festival
so that when users goes toe access cloud applications to get redirected towards your Haiti, which recognizes to user on, then redirects them So they're on premises ADF s environment, which we now authenticate them against the on premises
80 which means authentication always happens on premises. If you select this use case on the scenario,
so one out do is go ahead and our pass the video from here
on in the very next powder in patch to off this lesson out quiet and talk about the tot option that we have in this case.
Up Next
AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By