Learn how Azure AD extends identity beyond the firewall to the cloud.
- [Narrator] Since we now need to bridge the gap between our two traditional on-premises identity and access management solutions, and new cloud solutions, we need to have a way to have identity in the cloud especially since we've talked about how the firewall is no longer the central point of control where we can delineate where data is and who has access to it, we also need to provide that control point in the cloud. And as you'll see as we walk through this course, identity is really going to be the control plan, that central point of control where you can define who has access to data, where they have access to it from, and even how they access it.
And to do this we need to extend our on-premises identities which are sorted in active directory, traditionally, to the cloud. And with Microsoft, the way we do that is with Azure Active Directory. And what you'll hear us talk about is this concept of hybrid identity where we talk your on-premises identity and we also extend it to the cloud so that it works across both locations. In order to do that with Azure Active Directory, let's take a look at how the architecture works. We'll take our existing active directory domain that you already have. And now we're going to setup what's called an Azure Active Directory tenant.
You can think of a tenant as a place where all your identities in the cloud are stored. And in order to bridge the gap between those two we're going to install a new service that runs on a server on-premises, called Azure Active Directory connect, or sometimes you'll see this called AAD connect. What AAD connects responsible for is synchronizing data from your on-premises active directory up to Azure Active Directory. It's primarily a one-way sink where data flows from active directory to Azure Active Directory, but as we look at some of the self-service capabilities and some of the features in Office 365, there's also scenarios where Azure Active Directory can send things back to your on-premises active directory.
And Azure Active Directory Connect is responsible for that as well. A great example of this of this that we'll take a look at is how self-service pass should reset works. When you reset your password in Azure Active Directory, is works with Azure AD connect to write that back to your on-premises directory. Now that you have all your identities synchronized with Azure AD, we can look at how we can take advantage of Azure AD to provide identity for cloud applications and services. First-party Microsoft applications like Office 365, rely on Azure Active Directory to provide their identities.
Other services that we'll talk about in this course, like Microsoft Intune, also use Azure Active Directory for their identity management. But you can extend this even further so that Azure AD isn't just about providing identity for Microsoft service. You can use Azure Active Directory to provide identity for third-party SAS applications and even applications that you develop in house. You'll see, we have applications that are federated with Azure Active Directory and they use that hybrid identity to provide authentication and even authorization to those applications.
We can extend so that the power of Azure Active Directory can also be used to provide identity management for on-premises applications. And we use this by deploying something called the Azure Application Proxy. The Azure Application Proxy creates a secure tunnel to Azure Active Directory and it works to authenticate users on their behalf to on-premises applications via the secure tunnel. To access on of these applications the URL actually points to Azure Active Directory, it authenticate the Azure Active Directory, and then I'm securely proxied through the application proxy to an on-premises application.
We'll see how this removes the need for firewall rolls and VPMs, and still allows us to provide secure access to on-premises applications. All these components together comprise Microsoft's hybrid identity model.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security