GABC2019: AzureAD - Identity Management and more by Patrick Fontana
With AzureAD you don't have only a identity table for O365, you can achive more. From MFA to Conditional Access, from App publishing to Application Proxy and Security related Features with a lot of Demos.
• MCT, MCSE, MCSA and many more • System Engineering & Consulting since 19 year’s in the world of Windows, Azure, System Center, WAC @itworksmart http://itworksmart.azurewebsites.net https://www.linkedin.com/in/patrick-fontana-2b7bab87/
AzureAD _ MFA Preconfiguration Methodes possibility _ Integration of other product over Netscaler / NPS Server possible -> But issue in the NPS extension provides issues with certificate _ Licence «per-Autorisation» on Onprem-MFA is removed -> Guest Account Authorisation in Licence integrated (1:5)
LAN is ok, but perimeter security is gone by the requirment of «mobility» Consequece: Protecting your ressources and data has to be established on the source and the target!
to a file server or have big files! _ AzureAD Domain Service is the required _ Creating custom roles for share permission _ Connect the volume to a VM net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share> /user:Azure\<storage-account-name> _ NTFS Permissions over Icacls icacls <mounted-drive-letter><Directory> /grant <user-upn>:(f) icacls <mounted-drive-letter><Directory> /grant <user-upn>:(d,wdac) icacls <mounted-drive-letter><Directory> /grant <user-upn>:(rx)
_ Login over AzureAD (Capt) _ MFA policy available (Hulk) _ Published over WebAppProxy (Ironman) _ Conditional Access integrated (Blackwidow) _ The door for other cloud services