舉報 
會員
Mastering Identity and Access Management with Microsoft Azure
MicrosoftAzureanditsIdentityandaccessmanagementareattheheartofMicrosoft'ssoftwareasserviceproducts,includingOffice365,DynamicsCRM,andEnterpriseMobilityManagement.ItiscrucialtomasterMicrosoftAzureinordertobeabletoworkwiththeMicrosoftCloudeffectively.You’llbeginbyidentifyingthebenefitsofMicrosoftAzureinthefieldofidentityandaccessmanagement.Workingthroughthefunctionalityofidentityandaccessmanagementasaservice,youwillgetafulloverviewoftheMicrosoftstrategy.Understandingidentitysynchronizationwillhelpyoutoprovideawell-managedidentity.Projectscenariosandexampleswillenableyoutounderstand,troubleshoot,anddeveloponessentialauthenticationprotocolsandpublishingscenarios.Finally,youwillacquireathoroughunderstandingofMicrosoftInformationprotectiontechnologies.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- Overview of the RMS 2.1 and 4.2 SDKs
- Useful Azure RMS cmdlets
- Using PowerShell with Azure Information Protection
品牌:中圖公司
上架時間:2021-07-02 12:25:01
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-07-02 12:58:14
- Other Books You May Enjoy
- Summary
- Overview of the RMS 2.1 and 4.2 SDKs
- Useful Azure RMS cmdlets
- Using PowerShell with Azure Information Protection
- Using MIP binaries to explore functionality
- Preparing your Azure AD environment for tests
- Understanding the Microsoft Information Protection SDK
- Microsoft Information Protection solutions
- Technical requirements
- Azure Information Protection Development
- Summary
- Lab challenge
- Activating unified labeling
- Configuring protection options
- Using justification
- Configuring automatic classification and protection
- Using visual markings
- Creating sub-labels and scoped policies
- Creating the classification schema
- Configuring AIP
- AIP client PowerShell
- Azure RMS logging
- Azure RMS templates
- Onboarding controls
- Azure RMS super users
- Azure RMS management with PowerShell
- Preparing to configure and manage AIP
- Configuring Azure Information Protection Solutions
- Summary
- Content-consumption flow
- Content-protection flow
- User environment-initialization flow
- Algorithms and key lengths
- How Azure RMS works under the hood
- Hold your own key
- What is the Azure Key Vault?
- What is an HSM?
- Bring your own key
- Microsoft-managed keys
- Azure Information Protection key basics
- Understanding Encryption Key Management Strategies
- Summary
- Understanding and using AIP capabilities for data at rest
- Scenario 4 – Data leakage prevention in Office 365
- Scenario 3 – Identifying sensitive information in your cloud ecosystem
- Scenario 2 – Monitoring with Windows Defender ATP
- Scenario 1 – Usage of Azure Information Protection
- Understanding and using AIP capabilities for data in motion
- Extending your lab environment
- Identifying and Detecting Sensitive Data
- Summary
- Azure Information Protection (AIP) overview
- Change of classification
- Defining the data-processing roles
- General desired behavior example
- Visual markings and rules based on the classification label
- Description of the classification scheme
- Classification scheme and policy example
- Access control to data
- Storage optimization
- Data classification and compliance
- Data classification and Data Leakage/Loss Prevention
- Data classification and unstructured data
- Methods of data classification
- General overview of data classification
- Continuous communication
- Testing
- Training
- Leadership support
- Pillars of a good security culture
- Why do we need a security culture?
- Creating a Security Culture
- Section 3: Data Classification and Information Protection
- Summary
- Azure services for automation
- On-premise application access for guest users
- Special considerations
- Usage of the portal
- Installation and configuration
- Using the Azure AD B2B portal and use cases
- Use Case 1 – Exploring the invitation process with different user types
- Handling the guest user life cycle
- Lab environment readiness
- Creating Identity Life Cycle Management in Azure
- Summary
- Microsoft Cloud Solution Provider summary
- Using a shared Active Directory environment
- Using a local CP trust to support multiple Active Directory forests
- One AD FS instance for multiple Active Directory forests without an AD trust
- Running one AD FS instance for multiple trusted forests
- Two or more Active Directory forests running separate AD FS instances
- Typical single-forest deployment
- AD FS as an on-premise identity service for the cloud
- Extending Active Directory solutions with Azure AD Domain Services
- Comparing AD FS with Azure B2B and B2C
- Comparing Azure AD B2B and B2C
- Visual Studio code modification
- User flow creation
- Demo app registration
- Azure AD B2C tenant creation
- Exploring Azure AD B2C
- Providing resource access to external partners (on-premise)
- Understanding Azure AD B2B
- Preparing your lab environment
- Exploring Azure AD Identity Services
- Summary
- Deploying another multi-tenant app with OpenID Connect
- Moving the single-tenant app to a multi-tenant scenario
- Deploying a single-tenant application including roles and claims
- What defines single- and multi-tenant applications
- Preparing your lab environment
- Deploying Additional Applications on Azure AD
- Summary
- Using conditional access
- Publishing with Windows server and Azure AD Web Application Proxy
- Configuring additional applications for Azure AD and ADFS
- Using the Azure AD App Proxy and the Web Application Proxy
- Summary
- Integrating Azure MFA (YD1ADS01)
- ADFS Authentication deployments
- Azure AD authentication deployments
- Subscribing to demo apps (Azure AD)
- Installing demo applications on (YD1APP01) for ADFS
- Installing the Web Application Proxy on YD1URA01
- Installing the ADFS farm on YDADS01
- Create the certificate for your environment with let's encrypt
- Basic environment installation and configuration
- Deploying Solutions on Azure AD and ADFS
- Summary
- Biometric authentication
- Device authentication
- Certificate authentication
- Azure MFA
- Multi-factor authentication
- Pass-through authentication and seamless SSO
- Key facts about OIDC
- OpenID Connect (OIDC)
- Resource owner password credentials flow
- Implicit grant flow
- Client credential flow
- Authorization code flow
- Main OAuth 2.0 flow facts
- Key facts about OAuth 2.0
- OAuth 2.0
- Key facts about WS-Federation
- WS-Federation
- Key facts about SAML
- Security Assertion Markup Language (SAML) 2.0
- Common token standards in a federated world
- Microsoft identity platform
- Managing Authentication Protocols
- Section 2: Authentication and Application Publishing
- Summary
- Using Azure AD PIM to protect administrative privileges
- Azure AD Identity Protection
- Azure ATP and how to use it
- Microsoft Identity Protection solutions
- Configuring and Managing Identity Protection
- Summary
- Azure Security Center for monitoring and analytics
- Azure AD monitoring and logs
- How Azure AD Connect Health works
- Monitoring Your Identity Bridge
- Summary
- Connecting Azure AD Connect to the second forest
- Building a custom rule for filtering
- Using standard filters to exclude users and groups
- Special considerations in advanced synchronization concepts
- Synchronization rules explained
- Understanding declarative provisioning and expressions
- Preparing your lab environment
- Exploring Advanced Synchronization Concepts
- Summary
- Export flow
- Disconnector objects
- Connector objects
- Joins
- Outbound synchronization
- Inbound synchronization
- Synchronization flows
- Placeholder objects
- Import flow
- Connected Directories
- Source Anchor decisions
- Active Directory preparations
- UserPrincipalName suffix decisions
- Synchronization terms and processes
- Azure Active Directory Connect high availability
- Identity and password-hash synchronization including ADFS integration
- Identity synchronization including PingFederate integration
- Identity and password-hash synchronization including SSO options
- Azure Active Directory and Microsoft Office 365 synchronization
- Azure Active Directory B2B integration
- Stretched Active Directory to Azure IaaS
- Azure Active Directory Domain Services Integration
- Multi-Azure Active Directory Integration
- Multi-forest integration
- Single-forest integration
- Synchronization scenarios
- Azure Active Directory Connect
- On-premises deployment based on MIM 2016
- Cloud deployment based on identity director service
- Additional solution
- MIM privileged access management
- MIM password reset and user account unlock
- MIM service extensions
- MIM service and portal
- MIM synchronization service extensions
- MIM synchronization service
- Microsoft Identity Manager (MIM) 2016
- Technology overview
- Understanding Identity Synchronization
- Summary
- Test and verify your new Azure AD Domain Services
- Configure Azure AD Domain Services
- Configuring a custom domain
- Verify the newly joined Windows 10 client
- Join your Windows 10 client to Azure AD
- Integrating Azure AD Join for Windows 10 clients
- Using standard security monitoring
- Test the password reset process
- Configure notifications
- Password reset self-service capabilities
- Self-service application management
- Assign applications to groups and define login information
- Assign applications to users and define login information
- Provide user and group-based application access
- Protect your administrative accounts
- Test your configuration
- Scoping administrative roles
- Adding users to an administrative unit
- Creating an administrative unit
- Assign roles to administrative units
- Configure dynamic group memberships
- Create the sales internal news group as an Office 365 (distribution group)
- Configure self-service group management
- Delegated group management for organizational groups
- Set group owners for organizational groups
- Creating and managing users and groups
- Summary and recommendations of the help information
- Custom company branding
- Configuring your administrative workstation
- Implementing a solid Azure Active Directory
- Implementation scenario overview
- Building and Managing Azure Active Directory
- Section 1: Identity Management and Synchronization
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the author
- Contributors
- Packt.com
- Why subscribe?
- About Packt
- Mastering Identity and Access Management with Microsoft Azure Second Edition
- Copyright and Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Copyright and Credits
- Mastering Identity and Access Management with Microsoft Azure Second Edition
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Section 1: Identity Management and Synchronization
- Building and Managing Azure Active Directory
- Implementation scenario overview
- Implementing a solid Azure Active Directory
- Configuring your administrative workstation
- Custom company branding
- Summary and recommendations of the help information
- Creating and managing users and groups
- Set group owners for organizational groups
- Delegated group management for organizational groups
- Configure self-service group management
- Create the sales internal news group as an Office 365 (distribution group)
- Configure dynamic group memberships
- Assign roles to administrative units
- Creating an administrative unit
- Adding users to an administrative unit
- Scoping administrative roles
- Test your configuration
- Protect your administrative accounts
- Provide user and group-based application access
- Assign applications to users and define login information
- Assign applications to groups and define login information
- Self-service application management
- Password reset self-service capabilities
- Configure notifications
- Test the password reset process
- Using standard security monitoring
- Integrating Azure AD Join for Windows 10 clients
- Join your Windows 10 client to Azure AD
- Verify the newly joined Windows 10 client
- Configuring a custom domain
- Configure Azure AD Domain Services
- Test and verify your new Azure AD Domain Services
- Summary
- Understanding Identity Synchronization
- Technology overview
- Microsoft Identity Manager (MIM) 2016
- MIM synchronization service
- MIM synchronization service extensions
- MIM service and portal
- MIM service extensions
- MIM password reset and user account unlock
- MIM privileged access management
- Additional solution
- Cloud deployment based on identity director service
- On-premises deployment based on MIM 2016
- Azure Active Directory Connect
- Synchronization scenarios
- Single-forest integration
- Multi-forest integration
- Multi-Azure Active Directory Integration
- Azure Active Directory Domain Services Integration
- Stretched Active Directory to Azure IaaS
- Azure Active Directory B2B integration
- Azure Active Directory and Microsoft Office 365 synchronization
- Identity and password-hash synchronization including SSO options
- Identity synchronization including PingFederate integration
- Identity and password-hash synchronization including ADFS integration
- Azure Active Directory Connect high availability
- Synchronization terms and processes
- UserPrincipalName suffix decisions
- Active Directory preparations
- Source Anchor decisions
- Connected Directories
- Import flow
- Placeholder objects
- Synchronization flows
- Inbound synchronization
- Outbound synchronization
- Joins
- Connector objects
- Disconnector objects
- Export flow
- Summary
- Exploring Advanced Synchronization Concepts
- Preparing your lab environment
- Understanding declarative provisioning and expressions
- Synchronization rules explained
- Special considerations in advanced synchronization concepts
- Using standard filters to exclude users and groups
- Building a custom rule for filtering
- Connecting Azure AD Connect to the second forest
- Summary
- Monitoring Your Identity Bridge
- How Azure AD Connect Health works
- Azure AD monitoring and logs
- Azure Security Center for monitoring and analytics
- Summary
- Configuring and Managing Identity Protection
- Microsoft Identity Protection solutions
- Azure ATP and how to use it
- Azure AD Identity Protection
- Using Azure AD PIM to protect administrative privileges
- Summary
- Section 2: Authentication and Application Publishing
- Managing Authentication Protocols
- Microsoft identity platform
- Common token standards in a federated world
- Security Assertion Markup Language (SAML) 2.0
- Key facts about SAML
- WS-Federation
- Key facts about WS-Federation
- OAuth 2.0
- Key facts about OAuth 2.0
- Main OAuth 2.0 flow facts
- Authorization code flow
- Client credential flow
- Implicit grant flow
- Resource owner password credentials flow
- OpenID Connect (OIDC)
- Key facts about OIDC
- Pass-through authentication and seamless SSO
- Multi-factor authentication
- Azure MFA
- Certificate authentication
- Device authentication
- Biometric authentication
- Summary
- Deploying Solutions on Azure AD and ADFS
- Basic environment installation and configuration
- Create the certificate for your environment with let's encrypt
- Installing the ADFS farm on YDADS01
- Installing the Web Application Proxy on YD1URA01
- Installing demo applications on (YD1APP01) for ADFS
- Subscribing to demo apps (Azure AD)
- Azure AD authentication deployments
- ADFS Authentication deployments
- Integrating Azure MFA (YD1ADS01)
- Summary
- Using the Azure AD App Proxy and the Web Application Proxy
- Configuring additional applications for Azure AD and ADFS
- Publishing with Windows server and Azure AD Web Application Proxy
- Using conditional access
- Summary
- Deploying Additional Applications on Azure AD
- Preparing your lab environment
- What defines single- and multi-tenant applications
- Deploying a single-tenant application including roles and claims
- Moving the single-tenant app to a multi-tenant scenario
- Deploying another multi-tenant app with OpenID Connect
- Summary
- Exploring Azure AD Identity Services
- Preparing your lab environment
- Understanding Azure AD B2B
- Providing resource access to external partners (on-premise)
- Exploring Azure AD B2C
- Azure AD B2C tenant creation
- Demo app registration
- User flow creation
- Visual Studio code modification
- Comparing Azure AD B2B and B2C
- Comparing AD FS with Azure B2B and B2C
- Extending Active Directory solutions with Azure AD Domain Services
- AD FS as an on-premise identity service for the cloud
- Typical single-forest deployment
- Two or more Active Directory forests running separate AD FS instances
- Running one AD FS instance for multiple trusted forests
- One AD FS instance for multiple Active Directory forests without an AD trust
- Using a local CP trust to support multiple Active Directory forests
- Using a shared Active Directory environment
- Microsoft Cloud Solution Provider summary
- Summary
- Creating Identity Life Cycle Management in Azure
- Lab environment readiness
- Handling the guest user life cycle
- Use Case 1 – Exploring the invitation process with different user types
- Using the Azure AD B2B portal and use cases
- Installation and configuration
- Usage of the portal
- Special considerations
- On-premise application access for guest users
- Azure services for automation
- Summary
- Section 3: Data Classification and Information Protection
- Creating a Security Culture
- Why do we need a security culture?
- Pillars of a good security culture
- Leadership support
- Training
- Testing
- Continuous communication
- General overview of data classification
- Methods of data classification
- Data classification and unstructured data
- Data classification and Data Leakage/Loss Prevention
- Data classification and compliance
- Storage optimization
- Access control to data
- Classification scheme and policy example
- Description of the classification scheme
- Visual markings and rules based on the classification label
- General desired behavior example
- Defining the data-processing roles
- Change of classification
- Azure Information Protection (AIP) overview
- Summary
- Identifying and Detecting Sensitive Data
- Extending your lab environment
- Understanding and using AIP capabilities for data in motion
- Scenario 1 – Usage of Azure Information Protection
- Scenario 2 – Monitoring with Windows Defender ATP
- Scenario 3 – Identifying sensitive information in your cloud ecosystem
- Scenario 4 – Data leakage prevention in Office 365
- Understanding and using AIP capabilities for data at rest
- Summary
- Understanding Encryption Key Management Strategies
- Azure Information Protection key basics
- Microsoft-managed keys
- Bring your own key
- What is an HSM?
- What is the Azure Key Vault?
- Hold your own key
- How Azure RMS works under the hood
- Algorithms and key lengths
- User environment-initialization flow
- Content-protection flow
- Content-consumption flow
- Summary
- Configuring Azure Information Protection Solutions
- Preparing to configure and manage AIP
- Azure RMS management with PowerShell
- Azure RMS super users
- Onboarding controls
- Azure RMS templates
- Azure RMS logging
- AIP client PowerShell
- Configuring AIP
- Creating the classification schema
- Creating sub-labels and scoped policies
- Using visual markings
- Configuring automatic classification and protection
- Using justification
- Configuring protection options
- Activating unified labeling
- Lab challenge
- Summary
- Azure Information Protection Development
- Technical requirements
- Microsoft Information Protection solutions
- Understanding the Microsoft Information Protection SDK
- Preparing your Azure AD environment for tests
- Using MIP binaries to explore functionality
- Using PowerShell with Azure Information Protection
- Useful Azure RMS cmdlets
- Overview of the RMS 2.1 and 4.2 SDKs
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-02 12:58:14
