6 hours 59 minutes
welcome submarines to the M s 3 65 Security Administration course
I'm your shorter Jim Daniels. And today we're going to start a model to identity and access lesson to identity synchronization.
Upon completion of the short lesson,
you will learn
synchronization of on premises out of directory with azure active directory and different provisioning options. Within M s 3. 65
as your active directory or as a lady
is the cloud based user identity authentication service, as used by office 3 65 as well as invest 3 65 as a whole to manage identities and authentication
as your A D is included with any office for 65 subscription
as your A D Premium one is also included in a possibility of security E three sweet lessons as well as an M s 3 65 e three sweet lessons
as your 80 premium plan to
that's included in the Enterprise inability of security E five sweet license.
And yes, it m s 3 65 e five sweet license
We hit on this earlier. We're going to expand on it now
The M s 3. 60 fall of authentication and provisioning options. I'm someone cloud. Only users are created and managed direct in Azure 80. This requires zero on premises infrastructure
you don't have to have at a directory already rolled out
in your internal network.
Zero directory services is required.
Dr. Resync with pastor authentication
uses were created and Manners one. Premises 80 and sink into Azure 80.
With this, you typically used as your A D connect.
And you can also have a hybrid
provisioning option toe, where you can create both
cloud only users, as well as users that will be synchronized
from on premises.
The third option is SSO with a DFS.
Users are created and managed one premises at a directory and sing to Azure 80.
In that model, a DFS provides all of the authentication services
so as your A D doesn't actually provide authentication services with this particular option,
directory Synchronisation is a synchronization of director identities or objects between two different directories.
We have application servers that utilize on premises. L dap.
We have a third party cloud servers that utilize as your A D for authentication. It is best practice to leverage your directory services for authentication whenever you can.
The azure at the directory connect all as Radi Connect is the officially recommended the Writer synchronization tool for M s Racist E five.
It has constantly updated features, and it actually recently has taken place
of even someone's of federation features that used to be available only on a DFS infrastructure is now starting to appear in ads. Radio Connect.
It's made up of three forced synchronization services,
Federation services, peace and a monitoring piece.
Azure 80 requires a single source of authority for every object.
When you use as your 80 connect
your on premises at the directory. Is that source of authority?
Let's test your knowledge. Do you notice when you Poisson sso with a DFS?
Where does authentication take place?
Is to take place in as radi
in the authentication panel in Asir.
Is it take place in a DFS
or is authentication for losers?
If you chose de,
please go back to us and one model one
and start from there
because that's just still s is nonsense.
Give you a few more seconds to this is one of the more challenging ones.
It takes place in a DFS
again. Federation Services.
That's one of the issues in the past with using a DFS is you have that single point of failure.
One. Print your own Primedia. This.
Once we get in a more detailed A DFS, we'll see how this has been tackled over the last few years, and some of the additional federation options that you have that one
have that single point of failure present itself.
So in recap,
Azar 80 is a cloud based user identity and authentication service that's used
by office 3 65
and M s 3 65 to manners, identities and authentication
over. See for the next lesson,