Azure AD Join

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey, everybody, and welcome to
00:00
this lecture on Azure AD Join.
00:00
In this lecture, we're going to be talking about what
00:00
Azure AD Join is and what are the features,
00:00
learn about how it works.
00:00
Then we're going to talk
00:00
about the Azure AD Join device setting requirements.
00:00
Azure AD Join grants users within
00:00
an organization the ability to use their identities,
00:00
their Active Directory identities,
00:00
to join their devices to workstations.
00:00
This is to talk a little bit
00:00
more about what we were just covering in
00:00
the last lecture which was about device identity.
00:00
Azure AD Join is the way that you're able to
00:00
leverage your Active Directory credentials to
00:00
actually connect the devices to
00:00
the Azure Active Directory environment.
00:00
For those that are doing their BYOD,
00:00
their Bring Your Own Device type situation,
00:00
you can use AD Join to connect those devices.
00:00
Ideally, what you're connecting this
00:00
to is the Azure AD tenants,
00:00
whatever the tenant may be.
00:00
Remember when we talked earlier,
00:00
tenants are basically a grouping method of
00:00
how you manage multiple users and groups.
00:00
You can create multiple tenants
00:00
within your Azure account,
00:00
and using Azure AD Join,
00:00
you can connect the devices to the AD tenants.
00:00
To help expand on the example,
00:00
I've put together this illustration.
00:00
Right here, we have this gentleman
00:00
who's trying to register
00:00
this device into the organization Azure AD tenant.
00:00
What he's going to do is login to the device locally.
00:00
He's going to go through the process
00:00
of registering the device.
00:00
At that point, he'll reboot the computer,
00:00
all will go well,
00:00
and the device will now allow him to
00:00
use the organization account to login to the device.
00:00
It's like creating another profile
00:00
on the local machine but
00:00
that profile could be tied to this Azure AD environment.
00:00
Think of this like the process of adding
00:00
a device to a domain, it's very similar.
00:00
But instead of a domain which is going to require
00:00
a local domain controller and it's going to
00:00
tie into the Active Directory Server,
00:00
On-Premise, you're doing all this in the Cloud.
00:00
It's Cloud-first or Cloud-only.
00:00
This is the situation there.
00:00
It is a more modern way of
00:00
approaching this device management.
00:00
You're not having to deal with
00:00
domain controllers and domains necessarily because
00:00
it's going to be tied directly into
00:00
your Azure AD Environment.
00:00
There are a couple of things to keep in mind with this.
00:00
For one, once you've tied in a device,
00:00
like we mentioned earlier,
00:00
policies are going to start to be
00:00
enforced on the device,
00:00
and your admins could issue
00:00
applications or restrict applications
00:00
for running on the device,
00:00
depending on what those policies are.
00:00
Those are some things to keep in mind,
00:00
some things that you may want
00:00
>> to express to any users in
00:00
>> your organization that might want to tie
00:00
their personal devices to the Azure AD tenant.
00:00
These are some things that will take place.
00:00
Azure AD Join device settings are as follows.
00:00
It basically grants users to permissions to
00:00
add the device to the Azure AD environment.
00:00
Now, you can actually restrict this
00:00
from Azure AD if you're an admin.
00:00
You can prevent them from only allowing certain devices,
00:00
you can allow them to enroll all devices,
00:00
or you can restrict it exclusively and say no.
00:00
We're not going to allow you to do that,
00:00
only admins can do that,
00:00
or we'll just give you a device that's already
00:00
been enrolled so it's already pre-set up for you.
00:00
You can select Azure AD users to be local admins.
00:00
This is a premium feature so you
00:00
will want an upgraded version of Azure AD,
00:00
but it is possible.
00:00
You can increase your security posture by
00:00
requiring secure authentication using MFA.
00:00
Not required, there again,
00:00
but it is recommended.
00:00
I don't work in a regulated environment and we
00:00
do have it implemented just because it's best practice.
00:00
I also have worked for
00:00
the Federal Government where we do have
00:00
MFA and there's various ways that we have MFA.
00:00
It varies.
00:00
I would recommend doing it
00:00
just from a security perspective.
00:00
You can also restrict the number of users to
00:00
devices that can join the Azure AD environment.
00:00
Now, that could be like, hey,
00:00
you only want to restrict to 50 users and 50 devices,
00:00
you can also restrict number of devices
00:00
to users that joined the Azure AD tenant.
00:00
Going back to Conditional Access Policies,
00:00
there's a lot you can do with this,
00:00
and it's pretty great.
00:00
Getting to see this firsthand,
00:00
I've really enjoyed the process of
00:00
having that access just from a security perspective.
00:00
As a security admin,
00:00
I want to make sure that my people
00:00
in the organization are staying safe and then
00:00
I'm able to monitor if things don't look
00:00
right and to help them and to help secure them.
00:00
That's the whole goal here.
00:00
With conditional access policies,
00:00
you can help do that by restricting
00:00
access certain resources until
00:00
the device has been added to the Azure AD environment.
00:00
This is a good way to,
00:00
let's say you have a lot of sensitive data,
00:00
they're held in certain data stores.
00:00
You only want authenticated devices
00:00
to have access to those because at that point,
00:00
you can deploy policies
00:00
and restrict certain applications for being installed
00:00
on those local devices before
00:00
the device is used to access the sensitive data stores,
00:00
this is a good way to do that.
00:00
Conditional access policies allow you
00:00
to govern the devices a little bit more granular
00:00
and prevents any potential threats from
00:00
being used as a vehicle
00:00
to gain access to those sensitive data stores.
00:00
Then the conditional access policies
00:00
can restrict access to
00:00
users and devices until certain conditions are met.
00:00
What I mean by that is like
00:00
where maybe the user needs to be
00:00
connected to a VPN prior to
00:00
authenticating into the corporate intranet.
00:00
That is a pretty broad example but,
00:00
I mean, that is
00:00
a pretty broadly used example
00:00
but it definitely does apply here.
00:00
That about wraps up this lecture.
00:00
Just to summarize real quick,
00:00
at a high level overview,
00:00
we covered how Azure AD Join works.
00:00
We also talked about how you can
00:00
use device setting requirements to
00:00
protect your accounts and protect how users gain
00:00
access to the sensitive data stores and resources,
00:00
and how you can
00:00
implement conditional access control policies.
00:00
Again, expanding on various opportunities
00:00
and ways that you can protect the resources by
00:00
using certain conditions that have to be met in
00:00
order for the devices to gain access
00:00
to the resources and
00:00
data that the users would want access to.
00:00
That about wraps up this lecture.
00:00
I will see you guys in the next one.
Up Next
Use RBAC and Design a Custom Role Lab
1h
Module 2 Conclusion
1m
Introduction to Module 3
2m