Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
welcome submarines to the M s 3 65 Security Administration course
00:05
I'm your shorter Jim Daniels. And today we're going to start a model to identity and access lesson to identity synchronization.
00:15
Upon completion of the short lesson,
00:18
you will learn
00:19
synchronization of on premises out of directory with azure active directory and different provisioning options. Within M s 3. 65
00:28
as your active directory or as a lady
00:31
is the cloud based user identity authentication service, as used by office 3 65 as well as invest 3 65 as a whole to manage identities and authentication
00:43
as your A D is included with any office for 65 subscription
00:47
as your A D Premium one is also included in a possibility of security E three sweet lessons as well as an M s 3 65 e three sweet lessons
00:58
as your 80 premium plan to
01:00
that's included in the Enterprise inability of security E five sweet license.
01:06
And yes, it m s 3 65 e five sweet license
01:11
We hit on this earlier. We're going to expand on it now
01:15
The M s 3. 60 fall of authentication and provisioning options. I'm someone cloud. Only users are created and managed direct in Azure 80. This requires zero on premises infrastructure
01:29
you don't have to have at a directory already rolled out
01:32
in your internal network.
01:34
Zero directory services is required.
01:38
Dr. Resync with pastor authentication
01:41
uses were created and Manners one. Premises 80 and sink into Azure 80.
01:47
With this, you typically used as your A D connect.
01:51
And you can also have a hybrid
01:53
provisioning option toe, where you can create both
01:57
cloud only users, as well as users that will be synchronized
02:00
from on premises.
02:04
The third option is SSO with a DFS.
02:07
Users are created and managed one premises at a directory and sing to Azure 80.
02:14
In that model, a DFS provides all of the authentication services
02:19
so as your A D doesn't actually provide authentication services with this particular option,
02:24
directory Synchronisation is a synchronization of director identities or objects between two different directories.
02:31
We have application servers that utilize on premises. L dap.
02:36
We have a third party cloud servers that utilize as your A D for authentication. It is best practice to leverage your directory services for authentication whenever you can.
02:49
The azure at the directory connect all as Radi Connect is the officially recommended the Writer synchronization tool for M s Racist E five.
02:58
It has constantly updated features, and it actually recently has taken place
03:04
of even someone's of federation features that used to be available only on a DFS infrastructure is now starting to appear in ads. Radio Connect.
03:14
It's made up of three forced synchronization services,
03:16
optional
03:17
Federation services, peace and a monitoring piece.
03:22
Azure 80 requires a single source of authority for every object.
03:27
When you use as your 80 connect
03:30
your on premises at the directory. Is that source of authority?
03:34
Let's test your knowledge. Do you notice when you Poisson sso with a DFS?
03:39
Where does authentication take place?
03:43
Is to take place in as radi
03:46
in the authentication panel in Asir.
03:49
Is it take place in a DFS
03:52
or is authentication for losers?
03:55
If you chose de,
03:58
please go back to us and one model one
04:01
and start from there
04:03
because that's just still s is nonsense.
04:08
Give you a few more seconds to this is one of the more challenging ones.
04:13
It takes place in a DFS
04:15
again. Federation Services.
04:18
That's one of the issues in the past with using a DFS is you have that single point of failure.
04:26
One. Print your own Primedia. This.
04:28
Once we get in a more detailed A DFS, we'll see how this has been tackled over the last few years, and some of the additional federation options that you have that one
04:39
have that single point of failure present itself.
04:43
So in recap,
04:44
Azar 80 is a cloud based user identity and authentication service that's used
04:49
by office 3 65
04:51
and M s 3 65 to manners, identities and authentication
04:57
over. See for the next lesson,
04:59
take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor