10
Copyright ©2015 Cloudreach limited Not if. When Cloudreach Voices Cloudy Issues Explored Our take on Cloud Technology

Cloudreach Voices - Azure Active Directory

Embed Size (px)

Citation preview

Copyright ©2015 Cloudreach limitedNot if. When

Cloudreach Voices Cloudy Issues Explored Our take on Cloud Technology

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

Azure Active

Directory

February 2016

Petr Hecko, DevOps Lead, Cloudreach Canada

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

Everyone knows what Active Directory is

but how about Azure Active Directory?

Well, Azure AD is a cloud based directory and identity management service introduced by Microsoft back in 2011.

Here at Cloudy Towers, we hear about Azure AD more and more often now, and many organizations, including healthcare companies McKesson or Presence Health, are using this Azure service in their production.

Are you ready to give Azure AD a go?

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

But what is Azure AD, and what does it do?

To understand what Azure AD is, just imagine a service which lets you run the traditional Active Directory in the cloud.

However, while in principle traditional AD and Azure AD serve the same purpose, there are major differences in their design.

While traditional AD provides applications with access to on-premises resources and uses protocols like Kerberos and LDAP, Azure AD was specifically designed to support web-based services and uses different web-based protocols (like SAML and OAuth2.0).

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

So what are the benefits of utilizing Azure AD?

Is it going to fit your organizational needs?

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

If your organization is fairly small and is not utilizing any AD yet, but is looking for this kind of solution, a stand alone version of Azure AD running completely in the cloud could be a good option.

Of course, big organizations currently using on-premise AD can take advantage of Azure AD as well.

In this case, organizations can integrate their on-premise AD with Azure AD easily, using the Azure AD Connect tool. Once this integration is complete, your users can use their existing credentials to connect to Azure Cloud applications, as well as to thousands of SaaS applications like Salesforce, DropBox or Office365.

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

What editions of Azure AD are available?

All offer features including:

● Users and Group management

● SSO-based user access to SaaS or Azure AD Connect for sync between on-premise and cloud directories.

Basic and Premium offer additionally:

● Azure AD sign-in page logo

● Offloading IT support when utilizing self-service password reset

● Azure AD offering of high availability SLA uptime (99.9%

● Self-service group management

● Machine learning based advanced anomaly security reports

● Multi-Factor Authentication.

Of course the additional features comes with extra cost, which can vary for each organization as the cost depends on the Enterprise Agreement terms.

If you want to find out more about that, then the detailed comparison of the three editions can be found on the Azure AD editions website.

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

Can I get programmatic access to Azure AD?

You can easily programmatically access the entities in Azure AD, by using Azure AD Graph API.

Azure AD Graph API provides programmatic access to Azure AD through REST API endpoints.

Graph API gives you CRUD (Create, Read, Update and Delete) capabilities so you can do

things such as query the directory to get information about users or groups, or make

changes to the directories (such as creating, deleting or updating users).

Graph API is not limited to changes of users or groups, but can also access any other entity in the directory.

Copyright ©2015 Cloudreach limited

Cloudreach Voices: Azure Active Directory

Copyright ©2016 Cloudreach Limited

In conclusion

If you are an IT administrator, Azure AD could be a service which can make your life easier.

With the SSO access to thousands of cloud SaaS applications and easy to use self-service capabilities, the employee productivity will improve and the IT admin can focus on more complex tasks than managing user’s access!

When adding additional features like MFA, Role Based Access Control (RBAC), application usage monitoring, auditing, security monitoring and alerting, Azure AD can be a game changer for any eligible organization.

Cloudreach Voices: Azure Active Directory

Copyright ©2014 Cloudreach limited

Liked this Deck?

Follow our Twitter, LinkedIn and Blog below

Copyright ©2016 Cloudreach Limited