todd klindt
play

TODD KLINDT todd@toddklindt.com @toddklindt www.toddklindt.com - PowerPoint PPT Presentation

TODD KLINDT todd@toddklindt.com @toddklindt www.toddklindt.com www.toddklindt.com/OmahaSPUG AGENDA 8 5ish Breaks once an hour or so Lunch noon-ish Name Company


  1. EMBRACE THE ECOSYSTEM  Not saying to abandon SharePoint but time to augment your skills  Take a look at one of the Online bolt-ons  PowerApps – Replace InfoPath and Access web apps with this tool  Power BI – Finally, the BI tool we have all been looking for with Kerberos  Microsoft Flow – Workflows and then about a million things more  All of these tools integrate with SharePoint well and let you build and expand what you can do by starting in a familiar place

  2. AUTHENTICATION

  3. AZURE ACTIVE DIRECTORY  If you are going to do anything with Office 365 this is step one  This is a very valuable skill set to add to the resume  Stop reinventing the authentication wheel  Walk through guide  https://www.youtube.com/watch?v=duYYmqzx0Rc

  4. IDENTITY BRIDGE Azure AD Connect Active (sync + sign on) Directory LDAP

  5. DEFINING TERMINOLOGY  (Windows) Active Directory  DirSync  User Principal Name (UPN)  ADFS  Azure Active Directory (AAD)  Azure AD Connect (AADC)  Identity as a Service  SSO  Hybrid  The other SSO

  6. TOPOLOGY & SECURITY  ADFS vs DirSync vs Pass-Through  Federation starts with synchronization  Pass-through, best of both worlds?  Multifactor Auth  Yours or theirs  Flip of a switch

  7. SAME SIGN ON SCENARIO

  8. SINGLE SIGN ON SCENARIO

  9. PASS-THROUGH AUTH

  10. ACTIVE DIRECTORY CORE CONCEPTS AND CONCERNS  FSMO roles, AD DNS, WINS, etc  Dirty Directories  2003 Everyone group -> 2008 Authenticated Users group  IsCriticalSystemObject objects are not synced  I’m looking at you Domain Users  UPN issues  Schema Extensions

  11. ON-PREM SERVER, CLOUD AUTH  Azure AD with your on-prem SharePoint Server  Get Azure AD set up  Set up SSL  Create new Enterprise Application in Azure AD  Configure new Trusted ID in SharePoint 2016  Set permissions on SharePoint 2016  Enable SAML 1.1 token in Azure AD  Verify provider  Some cleanup  Kirk’s Instructions here

  12. SECURITY STUFFS

  13. AZURE IDENTITY MANAGEMENT SECURITY OVERVIEW  Single sign-on  Reverse proxy  Multi-factor authentication  Security monitoring, alerts, and machine learning-based reports  Consumer identity and access management  Device registration  Privileged identity management  Identity protection  Hybrid identity management  https://docs.microsoft.com/en-us/azure/security/security-identity- management-overview

  14. WHAT’S IN EMS E5?

  15. AZURE AD CONNECT WALKTHROUGH

  16. ASSUMPTIONS  Windows Active Directory Domain  It works  Forest and Domain Windows 2003 functional level or higher  Not Single Level or dotted  AD Connect Server  Windows 2008 or greater  Own an Internet domain and control DNS  Have an Azure or Office 365 Tenant  Domain admin and tenant admin creds

  17. BEFORE PICTURE

  18. ADD INTERNET DOMAIN

  19. VERIFY DOMAIN

  20. TXT RECORD SHUFFLE

  21. YOUR DNS HOST

  22. THE EASY WAY

  23. VERIFYING…

  24. WITH POWERSHELL  V1  New-MSOLDomain  Get-MsolDomainVerificationDns  Confirm-MsolDomain  Set-MsolDomain  V2  New-AzureADDomain  Get-AzureADDomainVerificationDnsRecord  Confirm-AzureADDomain  Set-AzureADDomain

  25. NOW, ANOTHER WORD ABOUT DNS

  26. DIY

  27. FUNCTION CHECK

  28. FUNCTION CHECK

Recommend


More recommend