Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:hybrid_identity [2022/06/19 22:37] – [Hybrid Identity] mmuze | azure:az-500:hybrid_identity [2022/07/22 14:52] (current) – mmuze | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| * **Azure AD Connect** is the service that integrates on-prem AD with Azure AD. | * **Azure AD Connect** is the service that integrates on-prem AD with Azure AD. | ||
| * Keep in mind the difference between authentication and authorization. | * Keep in mind the difference between authentication and authorization. | ||
| + | |||
| + | ===== Hybrid Identity Authentication ===== | ||
| + | * [[https:// | ||
| + | * There are three options for hybrid authentication | ||
| + | * password hash sync | ||
| + | * pass-thru authentication | ||
| + | * federated authentication | ||
| + | * [[https:// | ||
| ===== Azure AD Authentication Features ===== | ===== Azure AD Authentication Features ===== | ||
| Line 9: | Line 17: | ||
| * **Pass-through authentication.** A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn' | * **Pass-through authentication.** A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn' | ||
| * Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method. | * Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method. | ||
| - | * When a user authenticates against AAD ADD passes the request to on-prem AD to complete the authentication. | + | * When a user authenticates against AAD it passes the request to on-prem AD via the auth agent to complete the authentication. |
| * PTA uses a lightweight on-premises agent that listens for and responds to password validation requests. | * PTA uses a lightweight on-premises agent that listens for and responds to password validation requests. | ||
| * **Federation integration.** Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments. | * **Federation integration.** Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments. | ||
| Line 28: | Line 36: | ||
| - If you do need on-premises Active Directory integration, | - If you do need on-premises Active Directory integration, | ||
| - If you need on-premises Active Directory integration, | - If you need on-premises Active Directory integration, | ||
| + | |||
| + | ====== Azure AD Join ====== | ||
| + | * Azure AD Join allows a Windows 10/11 desktop to be joined to Azure AD for the purposes of controlling access to resources and enforcing requirements on devices. | ||
| + | * For example, an AAD joined BYOD phone could be Intune managed and be required to not be rooted or jail broken to access company resources. | ||
| + | |||
| + | ====== AD Connect ====== | ||
| + | * [[https:// | ||