EMBRACE THE ECOSYSTEM Not saying to abandon SharePoint but time to augment your skills Take a look at one of the Online bolt-ons PowerApps – Replace InfoPath and Access web apps with this tool Power BI – Finally, the BI tool we have all been looking for with Kerberos Microsoft Flow – Workflows and then about a million things more All of these tools integrate with SharePoint well and let you build and expand what you can do by starting in a familiar place
AUTHENTICATION
AZURE ACTIVE DIRECTORY If you are going to do anything with Office 365 this is step one This is a very valuable skill set to add to the resume Stop reinventing the authentication wheel Walk through guide https://www.youtube.com/watch?v=duYYmqzx0Rc
IDENTITY BRIDGE Azure AD Connect Active (sync + sign on) Directory LDAP
DEFINING TERMINOLOGY (Windows) Active Directory DirSync User Principal Name (UPN) ADFS Azure Active Directory (AAD) Azure AD Connect (AADC) Identity as a Service SSO Hybrid The other SSO
TOPOLOGY & SECURITY ADFS vs DirSync vs Pass-Through Federation starts with synchronization Pass-through, best of both worlds? Multifactor Auth Yours or theirs Flip of a switch
SAME SIGN ON SCENARIO
SINGLE SIGN ON SCENARIO
PASS-THROUGH AUTH
ACTIVE DIRECTORY CORE CONCEPTS AND CONCERNS FSMO roles, AD DNS, WINS, etc Dirty Directories 2003 Everyone group -> 2008 Authenticated Users group IsCriticalSystemObject objects are not synced I’m looking at you Domain Users UPN issues Schema Extensions
ON-PREM SERVER, CLOUD AUTH Azure AD with your on-prem SharePoint Server Get Azure AD set up Set up SSL Create new Enterprise Application in Azure AD Configure new Trusted ID in SharePoint 2016 Set permissions on SharePoint 2016 Enable SAML 1.1 token in Azure AD Verify provider Some cleanup Kirk’s Instructions here
SECURITY STUFFS
AZURE IDENTITY MANAGEMENT SECURITY OVERVIEW Single sign-on Reverse proxy Multi-factor authentication Security monitoring, alerts, and machine learning-based reports Consumer identity and access management Device registration Privileged identity management Identity protection Hybrid identity management https://docs.microsoft.com/en-us/azure/security/security-identity- management-overview
WHAT’S IN EMS E5?
AZURE AD CONNECT WALKTHROUGH
ASSUMPTIONS Windows Active Directory Domain It works Forest and Domain Windows 2003 functional level or higher Not Single Level or dotted AD Connect Server Windows 2008 or greater Own an Internet domain and control DNS Have an Azure or Office 365 Tenant Domain admin and tenant admin creds
BEFORE PICTURE
ADD INTERNET DOMAIN
VERIFY DOMAIN
TXT RECORD SHUFFLE
YOUR DNS HOST
THE EASY WAY
VERIFYING…
WITH POWERSHELL V1 New-MSOLDomain Get-MsolDomainVerificationDns Confirm-MsolDomain Set-MsolDomain V2 New-AzureADDomain Get-AzureADDomainVerificationDnsRecord Confirm-AzureADDomain Set-AzureADDomain
NOW, ANOTHER WORD ABOUT DNS
DIY
FUNCTION CHECK
FUNCTION CHECK
Recommend
More recommend