Mastering Identity and Access Management with Microsoft Azure: Empower users by managing and protecting identities and data

Cover
Title Page
Copyright and Credits
About Packt
Contributors
Table of Contents
Preface
Section 1: Identity Management and Synchronization
Chapter 1: Building and Managing Azure Active Directory
	Implementation scenario overview
	Implementing a solid Azure Active Directory
		Configuring your administrative workstation
		Custom company branding
			Summary and recommendations of the help information 
	Creating and managing users and groups
		Set group owners for organizational groups
		Delegated group management for organizational groups
		Configure self-service group management
			Create the sales internal news group as an Office 365 (distribution group)
		Configure dynamic group memberships
	Assign roles to administrative units
		Creating an administrative unit
		Adding users to an administrative unit
		Scoping administrative roles
		Test your configuration
	Protect your administrative accounts
	Provide user and group-based application access
		Assign applications to users and define login information
		Assign applications to groups and define login information
		Self-service application management
	Password reset self-service capabilities
		Configure notifications
		Test the password reset process
	Using standard security monitoring
	Integrating Azure AD Join for Windows 10 clients
		Join your Windows 10 client to Azure AD
		Verify the newly joined Windows 10 client
	Configuring a custom domain
	Configure Azure AD Domain Services
		Test and verify your new Azure AD Domain Services
	Summary
Chapter 2: Understanding Identity Synchronization
	Technology overview
		Microsoft Identity Manager (MIM) 2016
			MIM synchronization service
				MIM synchronization service extensions
			MIM service and portal
				MIM service extensions
			MIM password reset and user account unlock
			MIM privileged access management
			Additional solution
				Cloud deployment based on identity director service
				On-premises deployment based on MIM 2016
		Azure Active Directory Connect
	Synchronization scenarios
		Single-forest integration
		Multi-forest integration
		Multi-Azure Active Directory Integration
		Azure Active Directory Domain Services Integration
		Stretched Active Directory to Azure IaaS
		Azure Active Directory B2B integration
		Azure Active Directory and Microsoft Office 365 synchronization
		Identity and password-hash synchronization including SSO options
		Identity synchronization including PingFederate integration
		Identity and password-hash synchronization including ADFS integration
		Azure Active Directory Connect high availability
	Synchronization terms and processes
		UserPrincipalName suffix decisions
		Active Directory preparations
		Source Anchor decisions
		Connected Directories
		Import flow
			Placeholder objects
		Synchronization flows
		Inbound synchronization
		Outbound synchronization
		Joins
			Connector objects
			Disconnector objects
		Export flow
	Summary
Chapter 3: Exploring Advanced Synchronization Concepts
	Preparing your lab environment
	Understanding declarative provisioning and expressions
	Synchronization rules explained
	Special considerations in advanced synchronization concepts
		Using standard filters to exclude users and groups
		Building a custom rule for filtering
		Connecting Azure AD Connect to the second forest
	Summary
Chapter 4: Monitoring Your Identity Bridge
	How Azure AD Connect Health works
	Azure AD monitoring and logs
	Azure Security Center for monitoring and analytics
	Summary
Chapter 5: Configuring and Managing Identity Protection
	Microsoft Identity Protection solutions
	Azure ATP and how to use it
	Azure AD Identity Protection
	Using Azure AD PIM to protect administrative privileges
	Summary
Section 2: Authentication and Application Publishing
Chapter 6: Managing Authentication Protocols
	Microsoft identity platform
	Common token standards in a federated world
	Security Assertion Markup Language (SAML) 2.0
		Key facts about SAML
	WS-Federation
		Key facts about WS-Federation
	OAuth 2.0
		Key facts about OAuth 2.0
		Main OAuth 2.0 flow facts
			Authorization code flow
			Client credential flow
			Implicit grant flow
			Resource owner password credentials flow
	OpenID Connect (OIDC)
		Key facts about OIDC
	Pass-through authentication and seamless SSO
	Multi-factor authentication
		Azure MFA
		Certificate authentication
		Device authentication
		Biometric authentication
	Summary
Chapter 7: Deploying Solutions on Azure AD and ADFS
	Basic environment installation and configuration
		Create the certificate for your environment with let\'s encrypt
		Installing the ADFS farm on YDADS01
		Installing the Web Application Proxy on YD1URA01
		Installing demo applications on (YD1APP01) for ADFS
		Subscribing to demo apps (Azure AD)
	Azure AD authentication deployments
	ADFS Authentication deployments
	Integrating Azure MFA (YD1ADS01)
	Summary
Chapter 8: Using the Azure AD App Proxy and the Web Application Proxy
	Configuring additional applications for Azure AD and ADFS
	Publishing with Windows server and Azure AD Web Application Proxy
	Using conditional access
	Summary
Chapter 9: Deploying Additional Applications on Azure AD
	Preparing your lab environment
	What defines single- and multi-tenant applications
	Deploying a single-tenant application including roles and claims
	Moving the single-tenant app to a multi-tenant scenario
	Deploying another multi-tenant app with OpenID Connect
	Summary
Chapter 10: Exploring Azure AD Identity Services
	Preparing your lab environment
	Understanding Azure AD B2B
		Providing resource access to external partners (on-premise)
	Exploring Azure AD B2C
		Azure AD B2C tenant creation
		Demo app registration
		User flow creation
		Visual Studio code modification
		Comparing Azure AD B2B and B2C
		Comparing AD FS with Azure B2B and B2C
	Extending Active Directory solutions with Azure AD Domain Services
	AD FS as an on-premise identity service for the cloud
		Typical single-forest deployment
		Two or more Active Directory forests running separate AD FS instances
		Running one AD FS instance for multiple trusted forests
		One AD FS instance for multiple Active Directory forests without an AD trust
		Using a local CP trust to support multiple Active Directory forests
		Using a shared Active Directory environment
		Microsoft Cloud Solution Provider summary
	Summary
Chapter 11: Creating Identity Life Cycle Management in Azure
	Lab environment readiness
	Handling the guest user life cycle
		Use Case 1 – Exploring the invitation process with different user types
		Using the Azure AD B2B portal and use cases
			Installation and configuration
			Usage of the portal
			Special considerations
		On-premise application access for guest users
	Azure services for automation
	Summary
Section 3: Data Classification and Information Protection
Chapter 12: Creating a Security Culture
	Why do we need a security culture?
	Pillars of a good security culture
		Leadership support
		Training
		Testing
		Continuous communication
	General overview of data classification
		Methods of data classification
		Data classification and unstructured data
		Data classification and Data Leakage/Loss Prevention
		Data classification and compliance
		Storage optimization
		Access control to data
		Classification scheme and policy example
			Description of the classification scheme
			Visual markings and rules based on the classification label
			General desired behavior example
		Defining the data-processing roles
			Change of classification
	Azure Information Protection (AIP) overview
	Summary
Chapter 13: Identifying and Detecting Sensitive Data
	Extending your lab environment
	Understanding and using AIP capabilities for data in motion
		Scenario 1 – Usage of Azure Information Protection
		Scenario 2 – Monitoring with Windows Defender ATP
		Scenario 3 – Identifying sensitive information in your cloud ecosystem
		Scenario 4 – Data leakage prevention in Office 365
	Understanding and using AIP capabilities for data at rest
	Summary
Chapter 14: Understanding Encryption Key Management Strategies
	Azure Information Protection key basics
		Microsoft-managed keys
		Bring your own key
			What is an HSM?
			What is the Azure Key Vault?
		Hold your own key
	How Azure RMS works under the hood
		Algorithms and key lengths
		User environment-initialization flow
		Content-protection flow
		Content-consumption flow
	Summary
Chapter 15: Configuring Azure Information Protection Solutions
	Preparing to configure and manage AIP
	Azure RMS management with PowerShell
		Azure RMS super users
		Onboarding controls
		Azure RMS templates
		Azure RMS logging
		AIP client PowerShell
	Configuring AIP
		Creating the classification schema
		Creating sub-labels and scoped policies
		Using visual markings
		Configuring automatic classification and protection
		Using justification
		Configuring protection options
		Activating unified labeling
		Lab challenge
	Summary
Chapter 16: Azure Information Protection Development
	Technical requirements
	Microsoft Information Protection solutions
	Understanding the Microsoft Information Protection SDK
	Preparing your Azure AD environment for tests
	Using MIP binaries to explore functionality
	Using PowerShell with Azure Information Protection
		Useful Azure RMS cmdlets
	Overview of the RMS 2.1 and 4.2 SDKs
	Summary
Other Books You May Enjoy
Index