azure:az-500:hybrid_identity

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:hybrid_identity [2022/06/23 02:17] – [Hybrid Identity] mmuzeazure:az-500:hybrid_identity [2022/07/22 14:52] (current) mmuze
Line 17: Line 17:
   * **Pass-through authentication.** A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.   * **Pass-through authentication.** A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.
       * Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method.       * Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method.
-      * When a user authenticates against AAD ADD passes the request to on-prem AD to complete the authentication.+      * When a user authenticates against AAD it passes the request to on-prem AD via the auth agent to complete the authentication.
       * PTA uses a lightweight on-premises agent that listens for and responds to password validation requests.       * PTA uses a lightweight on-premises agent that listens for and responds to password validation requests.
   * **Federation integration.** Federation is an optional part of Azure AD Connect and can be used to  configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.   * **Federation integration.** Federation is an optional part of Azure AD Connect and can be used to  configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.
Line 36: Line 36:
   - If you do need on-premises Active Directory integration, but you do not need to use cloud authentication, password protection, and your authentication requirements are natively supported by Azure AD, then you would use Pass-through Authentication Seamless SSO.   - If you do need on-premises Active Directory integration, but you do not need to use cloud authentication, password protection, and your authentication requirements are natively supported by Azure AD, then you would use Pass-through Authentication Seamless SSO.
   - If you need on-premises Active Directory integration, have an existing federation provider and your authentication requirements are NOT natively supported by Azure AD, then you would use Federation authentication.   - If you need on-premises Active Directory integration, have an existing federation provider and your authentication requirements are NOT natively supported by Azure AD, then you would use Federation authentication.
 +
 +====== Azure AD Join ======
 +  * Azure AD Join allows a Windows 10/11 desktop to be joined to Azure AD for the purposes of controlling access to resources and enforcing requirements on devices.
 +  * For example, an AAD joined BYOD phone could be Intune managed and be required to not be rooted or jail broken to access company resources.
 +
 +====== AD Connect ======
 +  * [[https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions|Permissions]] needed to install AD Connect
  
  • azure/az-500/hybrid_identity.1655950632.txt.gz
  • Last modified: 2022/06/23 02:17
  • by mmuze