• Home

  • Documents

  • Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can...
15

Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Embed Size (px)

Citation preview

Page 1: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell
Page 2: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Agenda

• Introduction to the Azure AD Business-to-Business Feature

• Basic architecture review

• The main set of tasks for managing external users

• Collaboration demo

You’ll leave with an understanding of …• The benefits of collaborating with your business partners using

Azure AD B2B.

• An understanding of the core functional aspects of Azure AD B2B

Page 3: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Collaboration problems Azure AD B2B is trying to address

Approach 1: Federate with each partner

Security

No user level visibility

Unknown partner security posture

Expense

Small partners can’t afford the infrastructure

Small partners don’t have the expertise

Complexity

Complexity grows with each new partner

Complexity grows on partner side as well

Approach 2: Manage partner identities

Security

Access continues after external user terminated

Exploited external user puts whole org at risk

Too much default access

Expense

Password management

Signup process

Identity cleanup

Overhead of running a separate directory

Complexity

Partner user needs to manage new set of creds

Page 4: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Azure Active Directory

Page 5: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Quick wins with Azure B2B

• No credential management of external users

• Consistent application access mechanisms for SaaS Apps

• SharePoint Online integration

• Deletion/Disablement case covered for larger partners

• Bulk operations

• Azure AD’s security and protection

Page 6: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Managing B2B: Inviting Users

Prepare CSV:

• Required:Email: Email address of invited user. DisplayName: Display name for invited user (typically, first and last name).

Are you the right user and

Are you clicking in the right

place?

Page 7: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Managing B2B: Inviting Users

Prepare CSV:

• Optional:

InvitationText: Customize invitation email text after app branding and before the redemption link

InvitedToApplications: AppIDs to corporate applications to assign users. Get-MsolServicePrincipal | fl DisplayName, AppPrincipalId

InvitedToGroups: ObjectIDs for groups to add user to Get-MsolGroup | fl DisplayName, ObjectId

InviteRedirectURL: URL to direct an invited user after invite acceptance. Could be a landing page or a specific app. If not specified, users are directed to the App Access Panel URL specific to your tenant (https://account.activedirectory.windowsazure.com/applications/default.aspx?tenantId=<TenantID>)CcEmailAddress: Email address to copy emailed invitation. If the CcEmailAddress field is used, this invitation cannot be used for email-verified user or tenant creation

Language: Language for invitation email and redemption experience, with English as the default when unspecified. The other supported language codes are: de, es, fr, it, ja, ko, pt-BR, ru, zh-HANS, zh-HANT

Page 8: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Managing B2B: What the user sees

• Your directory name in the subject

• From Microsoft

• Link for consent and re-usable as a book mark to the application

Page 9: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Managing B2B: Checking on Invites

• Link to report appears after upload

• Standard report in the Reports tab

• Can see every batch uploaded

• Can re-download the batch

• Can download errors for each batch

Page 10: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Managing B2B: Managing Access

• Users are managed like all other users

• Can use direct assignment in the CSV

• Can use Group Assignment

• Can use Dynamic group membership (user.Type = Guest)

• Can use set any attribute via Azure AD Powershell for richer conditions

Page 11: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Demo

Page 12: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

What’s coming next for Azure B2B?

• Attestation

• Pricing

• Richer Office 365 integration

• Richer attribute management

• Invitation API

• Delegated Administration of B2B

Page 13: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

ResourcesAzure AD B2B Overview:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-collaboration-overview/

Detailed B2B Walkthrough:https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-detailed-walkthrough/

CSV File Format:https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-references-csv-file-format/

Current limitations:https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-current-preview-limitations/

Sign up for more webinars!- https://info.microsoft.com/AADP-Webinar-CLE_AADP-Main-Landing-Page.html?ls=Email

Deployment wizard -https://portal.office.com/onboarding/azureadpremium#/

Page 14: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Microsoft Azure

Q&A

Page 15: Azure AD B2B · PDF file · 2018-01-29landing page or a specific app. ... •Can use Dynamic group membership (user.Type = Guest) •Can use set any attribute via Azure AD Powershell

Automating AD Administration with Windows PowerShell

Automating AD Administration with Windows PowerShell

Documents
Building infrastructure with Azure Resource Manager using PowerShell

Building infrastructure with Azure Resource Manager using PowerShell

Technology
Managing Windows Azure Virtual Machines from PowerShell Speaker Title Organization

Managing Windows Azure Virtual Machines from PowerShell Speaker Title Organization

Documents
Azure AD Integration with Microsoft AD Using Azure AD Connect · Instructions: Azure AD Connect Installation, Configuration, Administration The Azure AD Connect tool needs to be installed

Azure AD Integration with Microsoft AD Using Azure AD Connect · Instructions: Azure AD Connect Installation, Configuration, Administration The Azure AD Connect tool needs to be installed

Documents
Automating Microsoft Azure with PowerShell - Sample Chapter

Automating Microsoft Azure with PowerShell - Sample Chapter

Documents
3-615 RDFE Azure DBService Bus Fabric Cluster Storage PowerShell Pink Poodle

3-615 RDFE Azure DBService Bus Fabric Cluster Storage PowerShell Pink Poodle

Documents
User Guide PowerShell Office365 Azure - Vodafone India · User Guide – PowerShell ... Windows PowerShell allows you to manage Office 365 using a single point of ... To set single

User Guide PowerShell Office365 Azure - Vodafone India · User Guide – PowerShell ... Windows PowerShell allows you to manage Office 365 using a single point of ... To set single

Documents
PowerShell Saturday #009 (Singapore) - Azure + PowerShell

PowerShell Saturday #009 (Singapore) - Azure + PowerShell

Technology
Microsoft Azure AD External Identities: Use Cases Azure

Microsoft Azure AD External Identities: Use Cases Azure

Documents
An Introduction to Microsoft Azure - ergonweb.de · An Introduction to Microsoft Azure Malte Lantin Technical Evanglist ... ASP.NET MVC 5.1 ASP.NET Web API 2.1 AD support Powershell

An Introduction to Microsoft Azure - ergonweb.de · An Introduction to Microsoft Azure Malte Lantin Technical Evanglist ... ASP.NET MVC 5.1 ASP.NET Web API 2.1 AD support Powershell

Documents
Aprende a Crear y Administrar VM en PowerShell Azure

Aprende a Crear y Administrar VM en PowerShell Azure

Technology
Powershell für · Agenda 1. Powershell Basics 2. Advanced Powershell Remoting / WMI / COM / .NET 3. PS Integration Windows / IIS / SQL Server / TFS / Azure / Sharepoint

Powershell für · Agenda 1. Powershell Basics 2. Advanced Powershell Remoting / WMI / COM / .NET 3. PS Integration Windows / IIS / SQL Server / TFS / Azure / Sharepoint

Documents
Azure Powershell. Azure Automation

Azure Powershell. Azure Automation

Engineering
Azure Resource Manager - Meetupfiles.meetup.com/18259330/ARM Wrestling with MJ.pdf · Azure Resource Manager Overview Using Windows PowerShell with Resource Manager Using the Azure

Azure Resource Manager - Meetupfiles.meetup.com/18259330/ARM Wrestling with MJ.pdf · Azure Resource Manager Overview Using Windows PowerShell with Resource Manager Using the Azure

Documents
Automation Azure with PowerShell - files.informatandm.comfiles.informatandm.com/...with_PowerShell_Beyond_the_Azure_PowerShell... · #ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM PowerShell

Automation Azure with PowerShell - files.informatandm.comfiles.informatandm.com/...with_PowerShell_Beyond_the_Azure_PowerShell... · #ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM PowerShell

Documents
Identifying AD Built in Groups With Powershell

Identifying AD Built in Groups With Powershell

Documents
Azure + PowerShell

Azure + PowerShell

Technology
Azure AD and Office 365 Management Administrator Guide...Azure AD Group management tasks using Management Shell interface 39 Create a new Azure AD Group 39 Update the Azure AD Group

Azure AD and Office 365 Management Administrator Guide...Azure AD Group management tasks using Management Shell interface 39 Create a new Azure AD Group 39 Update the Azure AD Group

Documents
Automatische Erstellung einer SharePoint 2013 Entwicklungsumgebung in Microsoft Azure via PowerShell

Automatische Erstellung einer SharePoint 2013 Entwicklungsumgebung in Microsoft Azure via PowerShell

Software
Att&cking Active Directory for fun and profit · Azure AD Connect 10.1) Securing Azure AD Connect 10.2) Attacking Azure AD Connect

Att&cking Active Directory for fun and profit · Azure AD Connect 10.1) Securing Azure AD Connect 10.2) Attacking Azure AD Connect

Documents
What! WINDOWS AZURE AND POWERSHELL POWERED MALWARE BY KIERAN JACOBSEN

What! WINDOWS AZURE AND POWERSHELL POWERED MALWARE BY KIERAN JACOBSEN

Documents
Windows Azure and PowerShell DSC

Windows Azure and PowerShell DSC

Technology
Azure AD Connect

Azure AD Connect

Technology
Better Together: Microsoft Azure Virtual Machines & PowerShell Desired State Configuration

Better Together: Microsoft Azure Virtual Machines & PowerShell Desired State Configuration

Technology
Windows Powershell and Microsoft Azure : “Global Windows Azure BootCamp 2014 Slides

Windows Powershell and Microsoft Azure : “Global Windows Azure BootCamp 2014 Slides

Education
met ARM Templates & PowerShell - Experts Live Netherlands · Agenda Azure IaaS ARM Templates JSON formatting Az PowerShell Azure Automation Runbooks based on PowerShell Hybrid Workers

met ARM Templates & PowerShell - Experts Live Netherlands · Agenda Azure IaaS ARM Templates JSON formatting Az PowerShell Azure Automation Runbooks based on PowerShell Hybrid Workers

Documents
Pro PowerShell for Microsoft Azure - Home - Springer978-1-4842-06… ·  · 2017-08-25Pro PowerShell for Microsoft Azure Sherif Talaat ... Chapter 10: Azure Identity and ... Azure

Pro PowerShell for Microsoft Azure - Home - Springer978-1-4842-06… ·  · 2017-08-25Pro PowerShell for Microsoft Azure Sherif Talaat ... Chapter 10: Azure Identity and ... Azure

Documents
Azure AD Premium & Azure RMS

Azure AD Premium & Azure RMS

Engineering
Automating and Managing Windows Azure Solutions with Powershell

Automating and Managing Windows Azure Solutions with Powershell

Documents
Para Que Me Sirve Azure PowerShell

Para Que Me Sirve Azure PowerShell

Documents