azure:az-500:alt:hybrid_identity

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:hybrid_identity [2023/01/31 17:36] – [AD Connect] mmuzeazure:az-500:alt:hybrid_identity [2023/03/03 20:29] (current) – [Hybrid Identity] mmuze
Line 8: Line 8:
   * **Azure AD joined/workplace joined:** is when a device is joined to Azure AD and organization credentials (as opposed to personal) are required.   * **Azure AD joined/workplace joined:** is when a device is joined to Azure AD and organization credentials (as opposed to personal) are required.
   * **[[https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid|hybrid Azure AD joined:]]** devices are joined to your on-premises Active Directory and registered with Azure Active Directory   * **[[https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid|hybrid Azure AD joined:]]** devices are joined to your on-premises Active Directory and registered with Azure Active Directory
 +  * [[https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso|Seamless SSO]]
 +
 +> Azure Active Directory Seamless single sign-on (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network.
  
 === Hybrid Azure AD Use Cases === === Hybrid Azure AD Use Cases ===
Line 37: Line 40:
   * **Password writeback** is an option with AAD that will sync password changes made in AAD back to the on-prem AD.   * **Password writeback** is an option with AAD that will sync password changes made in AAD back to the on-prem AD.
       * This does not require any inbound firewall rules; it works over the Azure Service Bus relay on the outbound connection of port 443.       * This does not require any inbound firewall rules; it works over the Azure Service Bus relay on the outbound connection of port 443.
 +      * **//self-service password reset (SSPR)//** is the feature that allows users to change passwords in AAD that get synced back to Windows AD. This requires AAD P1 or above.
  
 === Choosing an authentication method === === Choosing an authentication method ===
Line 55: Line 59:
 ====== AD Connect ====== ====== AD Connect ======
   * [[https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions|Permissions]] needed to install AD Connect   * [[https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions|Permissions]] needed to install AD Connect
-  * **Three** accounts are needed to install AD Connect and **three** other accounts are needed to run AD Connect.+  * **Three** accounts are needed to install AD Connect and **three** other accounts are needed to run AD Connect and synchronize Windows AD to AAD.
   * AD Connect used local MSSQL Server 2012 Express Edition for its datastore   * AD Connect used local MSSQL Server 2012 Express Edition for its datastore
  
  
  • azure/az-500/alt/hybrid_identity.1675186597.txt.gz
  • Last modified: 2023/01/31 17:36
  • by mmuze