This article covers the “Implement and manage hybrid identities” section of the AZ-100 and AZ-103 Exams and is part of my AZ-100 Study Notes series.
Install and configure Azure AD Connect
Azure AD Connect allows you to connect and sync between an On-Premise Active Directory and AAD.
Detailed information on setting up Azure AD Connect can be found at – https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-express
Configure federation and single sign-on
AD FS can be deployed to Azure to provide secure identity federation and Single sign-on capabilities using On-Premise credentials.
I’d suggest going through the entire setup using the Microsoft “Steps to deploy AD FS in Azure” guide – https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs
Single Sign-On allows users that are already authenticated via AD DS credentials to automatically authenticate with Azure AD.
The primary benefits of SSO are –
- Automatic sign into on-premise and cloud-based applications
- No need to repeatedly enter credentials once authenticated
For a detailed walk through of setting up SSO look here – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Manage Azure AD Connect
For details on managing Azure AD Connect and adding admins and the likes refer to – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-post-installation
Manage password sync and writeback
Password Sync is configured via the Azure AD Connect software and allows you to synchronize user password from an on-premises instance of Active Directory to Azure AD. This is done by copying the hashed password of each user every 2 minutes
Detailed information on configuring this can be found at – https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enable-password-hash-synchronization
Password Writeback allows user password changes in Azure to synchronize with an on-premise AD instance instantaneously. Detailed information on the functionality itself may be found at – https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback and information on setting it up may be found at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback