Mastering Identity and Access Management with Microsoft Azure
图书信息
| 作者 | Jochen Nickel |
| 出版社 | Packt Publishing |
| ISBN | 9781789131154 |
| 出版时间 | 2019-02-26 |
| 字数 | 44.7万 |
| 分类 | 进口书,外文原版书,电脑,网络 |
读书简介
Start empowering users and protecting corporate data, while managing identities and access with Microsoft Azure in different environments Key Features * Understand how to identify and manage business drivers during transitions * Explore Microsoft Identity and Access Management as a Service (IDaaS) solution * Over 40 playbooks to support your learning process with practical guidelines Book Description Microsoft Azure and its Identity and access management are at the heart of Microsoft's software as service products, including Office 365, Dynamics CRM, and Enterprise Mobility Management. It is crucial to master Microsoft Azure in order to be able to work with the Microsoft Cloud effectively. You’ll begin by identifying the benefits of Microsoft Azure in the field of identity and access management. Working through the functionality of identity and access management as a service, you will get a full overview of the Microsoft strategy. Understanding identity synchronization will help you to provide a well-managed identity. Project scenarios and examples will enable you to understand, troubleshoot, and develop on essential authentication protocols and publishing scenarios. Finally, you will acquire a thorough understanding of Microsoft Information protection technologies. What you will learn * Apply technical descriptions to your business needs and deployments * Manage cloud-only, simple, and complex hybrid environments * Apply correct and efficient monitoring and identity protection strategies * Design and deploy custom Identity and access management solutions * Build a complete identity and access management life cycle * Understand authentication and application publishing mechanisms * Use and understand the most crucial identity synchronization scenarios * Implement a suitable information protection strategy Who this book is for This book is a perfect companion for developers, cyber security specialists, system and security engineers, IT consultants/architects, and system administrators who are looking for perfectly up–to-date hybrid and cloud-only scenarios. You should have some understanding of security solutions, Active Directory, access privileges/rights, and authentication methods. Programming knowledge is not required but can be helpful for using PowerShell or working with APIs to customize your solutions.
目录
Title Page
Copyright and Credits
Mastering Identity and Access Management with Microsoft Azure Second Edition
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Identity Management and Synchronization
Building and Managing Azure Active Directory
Implementation scenario overview
Implementing a solid Azure Active Directory
Configuring your administrative workstation
Custom company branding
Summary and recommendations of the help information
Creating and managing users and groups
Set group owners for organizational groups
Delegated group management for organizational groups
Configure self-service group management
Create the sales internal news group as an Office 365 (distribution group)
Configure dynamic group memberships
Assign roles to administrative units
Creating an administrative unit
Adding users to an administrative unit
Scoping administrative roles
Test your configuration
Protect your administrative accounts
Provide user and group-based application access
Assign applications to users and define login information
Assign applications to groups and define login information
Self-service application management
Password reset self-service capabilities
Configure notifications
Test the password reset process
Using standard security monitoring
Integrating Azure AD Join for Windows 10 clients
Join your Windows 10 client to Azure AD
Verify the newly joined Windows 10 client
Configuring a custom domain
Configure Azure AD Domain Services
Test and verify your new Azure AD Domain Services
Summary
Understanding Identity Synchronization
Technology overview
Microsoft Identity Manager (MIM) 2016
MIM synchronization service
MIM synchronization service extensions
MIM service and portal
MIM service extensions
MIM password reset and user account unlock
MIM privileged access management
Additional solution
Cloud deployment based on identity director service
On-premises deployment based on MIM 2016
Azure Active Directory Connect
Synchronization scenarios
Single-forest integration
Multi-forest integration
Multi-Azure Active Directory Integration
Azure Active Directory Domain Services Integration
Stretched Active Directory to Azure IaaS
Azure Active Directory B2B integration
Azure Active Directory and Microsoft Office 365 synchronization
Identity and password-hash synchronization including SSO options
Identity synchronization including PingFederate integration
Identity and password-hash synchronization including ADFS integration
Azure Active Directory Connect high availability
Synchronization terms and processes
UserPrincipalName suffix decisions
Active Directory preparations
Source Anchor decisions
Connected Directories
Import flow
Placeholder objects
Synchronization flows
Inbound synchronization
Outbound synchronization
Joins
Connector objects
Disconnector objects
Export flow
Summary
Exploring Advanced Synchronization Concepts
Preparing your lab environment
Understanding declarative provisioning and expressions
Synchronization rules explained
Special considerations in advanced synchronization concepts
Using standard filters to exclude users and groups
Building a custom rule for filtering
Connecting Azure AD Connect to the second forest
Summary
Monitoring Your Identity Bridge
How Azure AD Connect Health works
Azure AD monitoring and logs
Azure Security Center for monitoring and analytics
Summary
Configuring and Managing Identity Protection
Microsoft Identity Protection solutions
Azure ATP and how to use it
Azure AD Identity Protection
Using Azure AD PIM to protect administrative privileges
Summary
Section 2: Authentication and Application Publishing
Managing Authentication Protocols
Microsoft identity platform
Common token standards in a federated world
Security Assertion Markup Language (SAML) 2.0
Key facts about SAML
WS-Federation
Key facts about WS-Federation
OAuth 2.0
Key facts about OAuth 2.0
Main OAuth 2.0 flow facts
Authorization code flow
Client credential flow
Implicit grant flow
Resource owner password credentials flow
OpenID Connect (OIDC)
Key facts about OIDC
Pass-through authentication and seamless SSO
Multi-factor authentication
Azure MFA
Certificate authentication
Device authentication
Biometric authentication
Summary
Deploying Solutions on Azure AD and ADFS
Basic environment installation and configuration
Create the certificate for your environment with let's encrypt
Installing the ADFS farm on YDADS01
Installing the Web Application Proxy on YD1URA01
Installing demo applications on (YD1APP01) for ADFS
Subscribing to demo apps (Azure AD)
Azure AD authentication deployments
ADFS Authentication deployments
Integrating Azure MFA (YD1ADS01)
Summary
Using the Azure AD App Proxy and the Web Application Proxy
Configuring additional applications for Azure AD and ADFS
Publishing with Windows server and Azure AD Web Application Proxy
Using conditional access
Summary
Deploying Additional Applications on Azure AD
Preparing your lab environment
What defines single- and multi-tenant applications
Deploying a single-tenant application including roles and claims
Moving the single-tenant app to a multi-tenant scenario
Deploying another multi-tenant app with OpenID Connect
Summary
Exploring Azure AD Identity Services
Preparing your lab environment
Understanding Azure AD B2B
Providing resource access to external partners (on-premise)
Exploring Azure AD B2C
Azure AD B2C tenant creation
Demo app registration
User flow creation
Visual Studio code modification
Comparing Azure AD B2B and B2C
Comparing AD FS with Azure B2B and B2C
Extending Active Directory solutions with Azure AD Domain Services
AD FS as an on-premise identity service for the cloud
Typical single-forest deployment
Two or more Active Directory forests running separate AD FS instances
Running one AD FS instance for multiple trusted forests
One AD FS instance for multiple Active Directory forests without an AD trust
Using a local CP trust to support multiple Active Directory forests
Using a shared Active Directory environment
Microsoft Cloud Solution Provider summary
Summary
Creating Identity Life Cycle Management in Azure
Lab environment readiness
Handling the guest user life cycle
Use Case 1 – Exploring the invitation process with different user types
Using the Azure AD B2B portal and use cases
Installation and configuration
Usage of the portal
Special considerations
On-premise application access for guest users
Azure services for automation
Summary
Section 3: Data Classification and Information Protection
Creating a Security Culture
Why do we need a security culture?
Pillars of a good security culture
Leadership support
Training
Testing
Continuous communication
General overview of data classification
Methods of data classification
Data classification and unstructured data
Data classification and Data Leakage/Loss Prevention
Data classification and compliance
Storage optimization
Access control to data
Classification scheme and policy example
Description of the classification scheme
Visual markings and rules based on the classification label
General desired behavior example
Defining the data-processing roles
Change of classification
Azure Information Protection (AIP) overview
Summary
Identifying and Detecting Sensitive Data
Extending your lab environment
Understanding and using AIP capabilities for data in motion
Scenario 1 – Usage of Azure Information Protection
Scenario 2 – Monitoring with Windows Defender ATP
Scenario 3 – Identifying sensitive information in your cloud ecosystem
Scenario 4 – Data leakage prevention in Office 365
Understanding and using AIP capabilities for data at rest
Summary
Understanding Encryption Key Management Strategies
Azure Information Protection key basics
Microsoft-managed keys
Bring your own key
What is an HSM?
What is the Azure Key Vault?
Hold your own key
How Azure RMS works under the hood
Algorithms and key lengths
User environment-initialization flow
Content-protection flow
Content-consumption flow
Summary
Configuring Azure Information Protection Solutions
Preparing to configure and manage AIP
Azure RMS management with PowerShell
Azure RMS super users
Onboarding controls
Azure RMS templates
Azure RMS logging
AIP client PowerShell
Configuring AIP
Creating the classification schema
Creating sub-labels and scoped policies
Using visual markings
Configuring automatic classification and protection
Using justification
Configuring protection options
Activating unified labeling
Lab challenge
Summary
Azure Information Protection Development
Technical requirements
Microsoft Information Protection solutions
Understanding the Microsoft Information Protection SDK
Preparing your Azure AD environment for tests
Using MIP binaries to explore functionality
Using PowerShell with Azure Information Protection
Useful Azure RMS cmdlets
Overview of the RMS 2.1 and 4.2 SDKs
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
- 北大国学课(文章)
- 犹忆武林人未远——民国武林忆旧及安慰武学遗录(安慰)
- 不见长安(则慕)
- 粗糙且含糊不清的怪盗预告信:警察厅特案专职搜查课事件簿([日] 仓知淳)
- 00后整顿职场指南(赵雪)
- 五灯会元校注(第二册)(曾琦云 校注)
- Dead Cat Bounce(Green, Norman)
- 图说天下学生版 超级兵器传奇 世界王牌武器陆海空大阅兵(套装共3册)(试读本)(薛金冉 编著)
