TODD KLINDT todd@toddklindt.com @toddklindt www.toddklindt.com - PowerPoint PPT Presentation

EMBRACE THE ECOSYSTEM  Not saying to abandon SharePoint but time to augment your skills  Take a look at one of the Online bolt-ons  PowerApps – Replace InfoPath and Access web apps with this tool  Power BI – Finally, the BI tool we have all been looking for with Kerberos  Microsoft Flow – Workflows and then about a million things more  All of these tools integrate with SharePoint well and let you build and expand what you can do by starting in a familiar place

AUTHENTICATION

AZURE ACTIVE DIRECTORY  If you are going to do anything with Office 365 this is step one  This is a very valuable skill set to add to the resume  Stop reinventing the authentication wheel  Walk through guide  https://www.youtube.com/watch?v=duYYmqzx0Rc

IDENTITY BRIDGE Azure AD Connect Active (sync + sign on) Directory LDAP

DEFINING TERMINOLOGY  (Windows) Active Directory  DirSync  User Principal Name (UPN)  ADFS  Azure Active Directory (AAD)  Azure AD Connect (AADC)  Identity as a Service  SSO  Hybrid  The other SSO

TOPOLOGY & SECURITY  ADFS vs DirSync vs Pass-Through  Federation starts with synchronization  Pass-through, best of both worlds?  Multifactor Auth  Yours or theirs  Flip of a switch

SAME SIGN ON SCENARIO

SINGLE SIGN ON SCENARIO

PASS-THROUGH AUTH

ACTIVE DIRECTORY CORE CONCEPTS AND CONCERNS  FSMO roles, AD DNS, WINS, etc  Dirty Directories  2003 Everyone group -> 2008 Authenticated Users group  IsCriticalSystemObject objects are not synced  I’m looking at you Domain Users  UPN issues  Schema Extensions

ON-PREM SERVER, CLOUD AUTH  Azure AD with your on-prem SharePoint Server  Get Azure AD set up  Set up SSL  Create new Enterprise Application in Azure AD  Configure new Trusted ID in SharePoint 2016  Set permissions on SharePoint 2016  Enable SAML 1.1 token in Azure AD  Verify provider  Some cleanup  Kirk’s Instructions here

SECURITY STUFFS

AZURE IDENTITY MANAGEMENT SECURITY OVERVIEW  Single sign-on  Reverse proxy  Multi-factor authentication  Security monitoring, alerts, and machine learning-based reports  Consumer identity and access management  Device registration  Privileged identity management  Identity protection  Hybrid identity management  https://docs.microsoft.com/en-us/azure/security/security-identity- management-overview

WHAT’S IN EMS E5?

AZURE AD CONNECT WALKTHROUGH

ASSUMPTIONS  Windows Active Directory Domain  It works  Forest and Domain Windows 2003 functional level or higher  Not Single Level or dotted  AD Connect Server  Windows 2008 or greater  Own an Internet domain and control DNS  Have an Azure or Office 365 Tenant  Domain admin and tenant admin creds

BEFORE PICTURE

ADD INTERNET DOMAIN

VERIFY DOMAIN

TXT RECORD SHUFFLE

YOUR DNS HOST

THE EASY WAY

VERIFYING…

WITH POWERSHELL  V1  New-MSOLDomain  Get-MsolDomainVerificationDns  Confirm-MsolDomain  Set-MsolDomain  V2  New-AzureADDomain  Get-AzureADDomainVerificationDnsRecord  Confirm-AzureADDomain  Set-AzureADDomain

NOW, ANOTHER WORD ABOUT DNS

DIY

FUNCTION CHECK

FUNCTION CHECK