AZ-100/AZ-103 – Implement and manage hybrid identities – Study Notes #20

This article covers the “Implement and manage hybrid identities” section of the AZ-100 and AZ-103 Exams and is part of my AZ-100 Study Notes series.


Install and configure Azure AD Connect

Azure AD Connect allows you to connect and sync between an On-Premise Active Directory and AAD.

Detailed information on setting up Azure AD Connect can be found at – https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-express

Configure federation and single sign-on

AD FS can be deployed to Azure to provide secure identity federation and Single sign-on capabilities using On-Premise credentials.

Deployment design
Suggested setup for AD FS in Azure

I’d suggest going through the entire setup using the Microsoft “Steps to deploy AD FS in Azure” guide – https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs

Single Sign-On allows users that are already authenticated via AD DS credentials to automatically authenticate with Azure AD.

The primary benefits of SSO are –

  • Automatic sign into on-premise and cloud-based applications
  • No need to repeatedly enter credentials once authenticated

For a detailed walk through of setting up SSO look here – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Manage Azure AD Connect

For details on managing Azure AD Connect and adding admins and the likes refer to – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-post-installation

Manage password sync and writeback

Password Sync is configured via the Azure AD Connect software and allows you to synchronize user password from an on-premises instance of Active Directory to Azure AD. This is done by copying the hashed password of each user every 2 minutes

Detailed information on configuring this can be found at – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enable-password-hash-synchronization

Password Writeback allows user password changes in Azure to synchronize with an on-premise AD instance instantaneously. Detailed information on the functionality itself may be found at – https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback and information on setting it up may be found at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

Advertisements

One thought on “AZ-100/AZ-103 – Implement and manage hybrid identities – Study Notes #20

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.