Azure AD Hybrid Identity Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

14 hours 28 minutes
Video Transcription
Hello, Siberians. Welcome to listen. 1.6 off. This is it. Tour is over. One cuss.
This lesson is a continuation of the previous lesson.
So what I'll do is I'll pick up from where I stopped in the last video
where I explained how the federation option off 80 connect how that works.
One of the things that I want to highlight here it was the disadvantage of fuse and this option because it's a disadvantage to eat the disadvantages you're relying on the stability of your own premises infrastructure, for example, if that idea for seven that we have there if that were to go down,
that means that Jesus would not be ableto authenticate toe cloud applications. Because as your Eddie cannot indicate teases because it does not have their password credentials, it has to redirect them on premises for the other indication talker. So what? Many organizations react religions. They will have modern. One idea for 70 will have
or problem mom.
And then because it's also no good practice Thio, expose your idea for servers directly to the public. You probably have a web application proxy sitting in front, which means you end up with about 47 at a minimum.
And for many organization, that sort of like backward, because what they're trying to do is they're trying to get away from managing infrastructure. And now, because of this, this scenario divides to actually manage my infrastructure. So this is not like a really popular option, but it does exist.
Let's talk about option number three,
which is called Passed throughout, Indication.
So with past rot Indication again you're gonna installed the Azure 80 connects to
that buttes the connectivity between on prime Adie and a jury 80
by In this case, where we going to do ese?
That's going to synchronize the user objects and attributes on Lee
Knots, the password that she's also.
But then we introduce another agent.
This agent is called the past True. Hey, agents.
What this pasture agent also does is that when when when you install it and set it up,
we're going into it is another concept off a queue on the side of azure Haiti.
So here's what's this scenario? It's going to look like
users try to access cloud application that uses as a as a Haiti as the identity provider
they get redirected to Aisha Haiti, which doesn't have the password Ashley cannot authentic. It's too user. What are your lady? We do. It is we collects to Creadon shows on. It's gonna place it in the kill
and then the agents that you haven't premises the past a region which again is stolen the same. Sever that where you have your usual 80 connect agent. Can you start the past regent in that the pastor agents makes an outbound call every two seconds to disk you,
and then it's going to retrieve the authentication request from that, and it's gonna fulfill it on premises. So this helps you to achieve a similar for into what many people want to achieve in the case of federation, with doubts the extra added infrastructure on without having toe open inbound Fire War Bos
To be able to get that to walk. So this is an option that's popular
far for that's that scenario. If you don't want the password ashes to leave your environment,
so a quick summary of the functionalities available for pastor authentication, it's a free feature that you can enable with joy. The connect is not something that you pay extra for
UM it supports is assigning into a Web
browser based applications. It also supports similar single sign and so that once you just have what indicated on premises, they can just go ahead and use the existing Not indication, I'm talking that they have to authenticate against cloud applications on it also supports as Ray the Cloud of Fear and Self Service password reset
Scenario CE.
And when it comes to trends and other indication and recommended, best practice for Microsoft makes it actually recommend password ash synchronization. So that showing you that when it comes to trend off, Federated Out indication that's falling.
And you can see that when password as information was introduced, federation was following when pastoral indication was introduced. Federation kept
following attempts off adoption, so recommended it for Mike's office to use password asked synchronization,
which means that you're as your lady is going to be able to do the other indication. And again, as Reed is a very robust environment, right,
let's talk about as your lady connect elf
and what's this service makes available?
So this is an additional service that you can implement it part of a joy. 80.
It has its own separate agents.
So number one thing that you want to know about this
service is that you can only use it if you've paid for your lady. Premium P one was ready. Premium, Peter,
Why'd allows you to do this? Is going to give you certain agents for active directory.
It has an agent for active director. Federation Service is now you can download any stops. So when you download and install this age NT down your premises active directory or either on a d. F s,
it's gonna be collecting certain information and sending them to the Azure 80 service on specifically under the actual 80 connect elf section. You'll be able to see this information, and then you be ableto configure notifications from here.
So what is the last use of this is gonna monitor on an LP to get insight into your on premises identity infrastructure again, that doesn't That's not just the main controllers. That includes a d. F s.
It's going to also help in the cases off monitoring and getting insight into synchronization that apple in between on premises, active directory and agile 80. It's a very good use case off the service distance. You want to configure email notifications off any issues that has to do with directory synchronization. Seven. So you've configured graduated connect.
You wants to be able to get proactive notification going on if if their synchronization issues
this is a great service that you can implement that can help you out with that, and you can configure email notifications for that.
There's another feature sets that I want to quickly. I light is called Azure 80 Self service password reset. This feature is only available in with as a lady Premium P one and premium Pete Peter Options. So what is every allows you to do is to take off
the walk loads from your ITIs service desk right from where they I having to help you. That's all the time to reset passwords, so where you just can't go ahead. And this sets their own password. Many users had used without experience already, or they used to die experience.
They used to the experience off the forgotten their Facebook password. You can just click on Forgot in my password. They're going to get
it cords to their phone, and the canvas sets their own password Why can't they do that on premises?
The great stink, though, is that you can have it where
they can be password right back. So what? That's Mrs. For example, the user has access to a cloud application already forgotten. The password. The click I forgot in my past. What? It's gonna allow them to reset their password against our Julie 80 because that's the identity provider for the cloud application. But then, if you have password right back
configured with self service password, he said,
it can actually rewrite that password back to on premises 80. So in that case uses I able to
we set their own passwords.
So quick summary of what we covered in this video we covered. What, as your lady connect is
we covered out of PPL on premises directory for synchronization to Azure Haiti. And then we covered synchronization options for your lady connects, which is the password as synchronization Federation and past wrote indication. And then we talked about as your a d connect elf,
um, alongside which to other functionalities
I'm off actually a d in terms off themselves, every spouse what we said we'd pass what? Right back.
So thanks very much for watching this video on. Just watching this lesson on. I'll see you in the next lesson. We are demonstrating what we've discussed.
Up Next
AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By