In this video, learn about Azure Active Directory, including single sign-on, hybrid scenarios, and Azure AD Connect.
- [Instructor] Because Windows 10 has been designed to work with the cloud, it's worth taking a look at how Windows 10 works with Azure Active Directory. With the cloud, we're moving away from the traditional scenarios where a user works on one device only. Nowadays, users can access their email or work files from laptops, smartphones, and desktops both at work and remote sites, such as home, or from a cafe. Modern enterprises therefore need a flexible, always available authentication solution that provides the management and security to access corporate resources and applications. Azure Active Directory is the management layer which provides this functionality, and it sits between the user or device and the resource available from anywhere on the internet. You can think of it as the glue that connects the users to services, and connects different cloud-based services together. Azure AD is essentially a lightweight, cloud-based database of users and devices, together with their associated permissions. Just like active directory in a domain environment, only much more efficient, and using a simplified schema or database. Because it's been built with modern internet protocols in mind, it's able to integrate, communicate, and be used back by the cloud services. So when, for example, user accounts are created in Office 365, the actual user accounts are created in Azure AD. They're then able to be used by other Microsoft cloud services. One of the major benefits of Azure AD is that it provides single sign-on. This means that users only need to provide their authentication once, and then this access token is used to gain access to all cloud-based services and resources to which they've been granted permissions. This can be internal services, such as your account software, or Office 365, or Dynamics 365, or external resources, such as your corporate Twitter and Instagram account. Some organizations require a hybrid setup. This is where they have both an on-premises environment, and a cloud-based environment at the same time. Perhaps they're migrating to the cloud, or they have resources that cannot be fully migrated, and therefore they need an on-premises environment. In a hybrid scenario, they'll need to manage identity services for both. However, because Azure Active Directory uses internet protocols, it cannot be used to manage an on-premises environment, and conversely, because active directory is not compatible with modern cloud-based services, it cannot be used to manage cloud-based environments. This is where we can extend Azure Active Directory functionality to on-premises environments by using a tool called Azure Active Directory Connect, or AD Connect. Azure AD Connect is a tool that allows you to connect both to the on-premises and cloud-based environments together, meaning that your users only need to have one single identity, or user name and password, that can be used across both environments. This can be on a permanent basis, or temporary, as you migrate your systems to the cloud. After you've installed AD Connect onto your domain, you can use the AD Connect wizard to configure this sync between Active Directory and Azure AD. You can modify the AD Connect settings, for example, to change the sync to manual, or amend the default, automatic 30 minute setting. You can also configure what information Azure AD Connect synchronizes relating to the user objects stored within the directory. For example, you can allow pass through authentication, or permit password hash synchronization, depending on your security requirements.
This course closely aligns to the first two domains of exam MD-101: Managing Modern Desktops: Deploy and update operating systems and Manage policies and profiles.
- Implementing Windows 10
- Provisioning packages
- Deploying Windows 10 using Windows Autopilot
- Upgrading to Windows 10
- Managing Windows Update for Business
- Managing device authentication
- Working with user profiles
- Managing Windows 10 using Microsoft Intune
- Managing policy precedence