Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15

Video Transcription

00:00
Hello, Siberians. Welcome to the first lesson off Moody. One off this car stated is that there is a one Microsoft azure architect design.
00:10
My name is David. Okay, today and I'll be your instructor. Trout, discuss
00:15
some quick information on what will be covering in this Forest service off lessons.
00:20
This lesson is divided into three parts. Twin Charlotte concept covered. I kept short and simple
00:27
in part. One of this lesson will start by covering what, as your 80 east. On what As your lady is not
00:34
for my experience, know what a joy it is not is as important as knowing what has your hideous
00:41
wouldn't explain the differences between on premises active directory on as your active directory so that they use cases off about solutions are clear to you
00:52
in parts two off. This lesson will cover some information on the different as you're 80 additions that exist so that you have the information that you need to select the Vied option for different requirements and the use cases.
01:06
Well, then proceeds to cover. Another solution in Hajer called as your active directory domains service is as your a. D. D. S expand on this service and the use cases.
01:18
Finally in poetry will have some quiz questions on some supplementary material references to help you in further studies of the concepts discussed.
01:29
Let's get right into this.
01:30
So first of all, let's cover what is a joy Haiti.
01:34
And we'll start by talking about what as your lady is not.
01:38
So the first thing I want to start with these as your lady is not on premises Active directory in Hasher It very easy to make this mistake because of the similarities in the name on, because many of us are familiar with the concept of active directory on premises with the authentication protocols like Kabir was an N T L E M,
01:59
and it's very easy to assume them. When we talk about JD, we're just talking about the same active directory on Lee diets. Now, all stayed in Hajer.
02:07
That is not the case with anxiety. As a matter of fact, it has a different years case. It has a different structure,
02:14
so I personally olive coded as your identity service Awesome order name so that we helped to avoid confusion with active directory on premises. But I think what Microsoft wanted to do was the one tends to keep the active directory brand name going.
02:30
So
02:31
if I join A D is not on premises. Aidan Hazar What is it, then?
02:36
So here's my false description Off what Azure radio Hiss as your Eddie is. The identity provider for Microsoft Cloud Service is
02:47
what we mean by this.
02:51
Let's take this illustration.
02:53
If you go online to sign up for any Microsoft Cloud Service, that could be Microsoft Azure that could be a fish 365 That could be dynamic stresses. Five.
03:02
When you sign up for this, cloud service is
03:06
transparently in the background. It creates as your A D tenants for you.
03:12
On that is the as yet as the identity provider for the service is that you're using. So when you're creating your users, your groups in office straight 65 to you, you think that they're starting office 365 But that's not the case. Off a straight 65 is on the front and application the back and identity provider behind that.
03:31
It's a joy, Eddie,
03:32
and it's the same. If you have a nice just description. I just subscription. When you signed up for hit
03:38
transparently create an aggravated tenant in the background on That's where your identities a stop.
03:44
So now we can create a different actually, did tenant in the case off just description on. Then we can transfer our subscription toe trust the new actually D tenant. But I will show you that when we get to the demo.
03:59
So what are our description? Do we have 5 80
04:03
as your head? Is Microsoft implementation off modern authentication protocols again? What do we mean by this as what we mean by that? We first need to understand the reason why we needed new authentication protocols to begin with.
04:19
So if you have a non premises 80 infrastructure, you're probably familiar with authentication protocols like Cabral's on and tell him
04:28
you also probably familiar with the query language of the query protocol that on premises active directory supports like l'd up.
04:38
So the field with this protocols, I'm talking specifically about cameras and and tell them now. So the friend with them is that the great when applications on the identity provider exist on the same network and dollars, the situation for many. Yes,
04:54
Buffy's have changed around the beats by for many organizations.
04:58
Majority of the applications now live in the cloud thehe serum applications. There h our application, their facilities application. This the salesforce application. All this different applications now live in the cloud in someone else's organization,
05:13
right? So if I want to ask a question, how many of you will be comfortable with opening Hope? How the parts that camera's needs right to the Internet so you'll be able to make this authentication walk with your on premises? Domain controller?
05:29
Probably not very many of you, because for they will be doing that on Dhe. That's good sense on your part.
05:34
So what that means is that in the modern reality that we live in with multiple cloud applications, we need new authentication protocols that allows us to walk fluently in situations where were applications, leave in other people's organizations, applications that we use it.
05:53
And that's where modern authentication protocols liked up. US. Fed Samir Open I d connect with old fort organization. That's where they come in right on. That's the description that I gave for Majority. It's one of Microsoft's implementation off this modern authentication protocols,
06:11
so
06:12
let's go back and let's talk about the primary use case off a joy it. So I mentioned here that the primary use case off a giant D It's the identity provided for cloud applications that supports modern authentication protocols. What I mean by this is that, as your Eddie goes beyond, just Microsoft Cloud service is
06:30
if you have any cloud application that support any of this modern authentication protocols that we talked about,
06:35
you can use a joy ideas. The identity provider for door service is now. Don't get me wrong as your Haiti can help with on premises applications also right. But I'm talking about the primary use case and that that's what I'm referring to here. So it goes beyond Microsoft Cloud Service. Is it for
06:54
any Web application that supports modern
06:57
authentication protocols?
07:00
Let's cover very quickly the differences between on Premises A. D and I J D.
07:05
And then I'll move on to the next part of this lesson.
07:09
So the first differences around out here quick. So I mentioned earlier on Premises Active Directory Square read
07:15
using a protocol called Elder, which works anticipate Port story at nine on. If there is an out of secure that works anticipate apart 686
07:25
in the case off a Joy D It's queer Read Use investor P I over http and https and actually divest FBI endpoint of anxiety. It's some friend referred to as the Microsoft graph. You've probably heard that if you've been around makes after Joe for a while.
07:42
The other difference Greatest surrounds the protocols that it supports. I mentioned this earlier
07:46
on Premises Active Directory Uses Capitals and Intel. Emma's its authentication protocols, which I'll refer to them as legacy authentication protocols. Why, as your lady uses protocols that support Web transport. So for the cause, they used htp on https like Sam O. W s Fed
08:05
Open I D. Connect for authentication and then order for authorization
08:09
so as you're ready, includes native federation service. So in the case off on Premises Active directory, you're probably familiar with another service for myself called Active Director. Federation Service is a D. F. S. If you want. That's recreate federation between the your identity provide on other organizations. Identity provider.
08:28
You have to use idea for us to kind of be the middleman.
08:31
But when it comes to enjoy, the federation is natively beauty, and we'll see a little bit of this one. We'll talk later about a J D. B to B
08:41
on, then finally, as your 80 users and groups are created in a flat structure so it does not use a hierarchical structure like on premises active directory years with organization units, it's simply use the flat structure on it. There's also no support for things like group policy
08:58
with Azure 80.
09:01
So one Audrey's house. Stop this recording here for this video.
09:05
And then in the very next video, our pick up. From where I stop here, we'll start talking about
09:09
as your 80 addition. So now that you have an understanding off one a joy D is what it is not. Let's start talking about the different additions off a jury 80 on the differences between them. You need that information to be able to pass the exam. So see you in the next video

Up Next

AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor