SlideShare ist ein Scribd-Unternehmen logo

ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs and hybrid identity

ITProceed
ITProceed

Active Directory Federation Services (AD FS) is the Microsoft technology to bridge your on-premises Identity systems towards cloud Identity providers like Azure Active Directory. Colleagues depend on a reliable, yet cost effective deployment of AD FS and it’s our jobs as IT Pros to make it happen. This session covers the 10 most common mistakes we see in the field In organizations that have deployed AD FS and performed a hybrid identity deployment. Learn from their mistakes, so you don’t have to make them.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Ten most common mistakes with AD FS and Hybrid Identity Sander Berkouwer Tweet and win an Ignite 2016 ticket #itproceed#activedirectory #hybrididentity
Agenda Federation A small primer on the open protocols used today for federating identity and achieving hybrid identity Most common mistakes when planning, deploying and operating AD FS … and how to avoid them to get the most out of your hybrid identity implementation
Federation On claims, identity providers and relying party trusts
Why we need federation NTLM and Kerberos Kerberos (1993) was designed for ‘safe’ networks NTLM and Kerberos have serious problems Active Directory Active Directory domain memberships are typically Windows-only Domain trusts leak information and scale badly Granular device-agnostic authentication We need device-agnostic, open protocols, designed for the web We need multi-factor authentication
Under the hood 4 1 Colleague Claims-aware App Active Directory Federation Services (acting as STS) Active Directory Domain Services 3 5 6 7 2
Behind the mist On Premises Active Directory Domain Services Azure Active Directory 1 Active Directory Federation Services Active Directory Federation Trust 4 5 6 7 8Colleague Directory Synchronization Tool Azure Active Directory Management API Azure Active Directory integrated Application Internet 2 3
Federation benefits SAML and Oauth2 are Internet-ready Transport over Universal Firewall Bypass Protocol (TCP443) Tickets are compressed, optionally encrypted Relying Party trusts are very flexible Ticket content and authentication is defined per relying party trust Relying party trusts are flexible and scalable Multi-factor authentication AD FS in Windows Server 2012 R2 is extensible Extensions are configurable per relying party trust, per network
Common mistakes
Some organizations need their own AD FS infrastructure Local authentication requirements (legal, multi-factor authentication) Local authentication possibilities (claims issuance, transformation rules) Azure Active Directory with Password Sync 2488 Software-as-a-Service apps in the Azure Active Directory App Gallery Easily configure Single Sign-On and user account management Azure Active Directory Azure Active Directory Free may contain up to 500,000 accounts Federating with up to 5 apps is free. Online accounts may suffice 1. AD FS when you don’t need it
2. Build upon an unhealthy Active Directory Attribute integrity and lingering objects Objects, attributes on some Domain Controllers, not on others Resulting in unpredictable AD FS authentication Private top level domains DNS Domain Name for domains ending with .local, .int User Principal Name (UPN) needs to be added and changed UPN syntax mismatches Critical for solutions with Directory Sync Tool / Azure Active Directory Sync Use the IdFix DirSync Error Remediation Tool
3. The AD FS Service Account Password changes, security implications AD FS is usually Internet-facing, so it benefits from extra security We want regular password changes, host restrictions, etc. group Managed Service Accounts (gMSAs) gMSAs solve ‘the service account problem’ for farms, AD FS supported gMSAs offer Automatic SPN and password management Windows Server 2008 DFL 2008 Domain Functional Level offers automatic SPN management Windows 8 and Windows Server 2012 (and up) offer Cmdlets
4. Designing the right AD FS infrastructure AD FS Server Farms AD FS can easily be deployed highly available, if need be with Windows NLB AD FS Proxies / Web App Proxies can be deployed in perimeter networks Windows Internal Database or SQL Server A WID farm has a limit of five federation servers, does not support token replay detection or artifact resolution SQL Server High Availability Take advantage of your existing SQL Server investments Take advantage of database mirroring, failover clustering, monitoring
5. Skewed Time Synchronization Time Sync within an Active Directory environment W32time follows Active Directory hierarchy and sites configuration Set the time for an environment through the PDCe Time Sync within Virtual Machines Virtual machines always sync time with host on boot Continuous time sync is configured with VMware tools, Hyper-V ICs, etc. Time Sync within Perimeter Networks Could be virtual machine time sync, could be an external source Will be none, if you don’t configure it…
6. Certificate Distrust Certificates in use by AD FS Token-signing and token-decryption certificates Service communication certificate Certificates with 1024bit key length Certificates under 1024bits key length are blocked Request and use certificates with 2048bits key length throughout the chain Certificates with SHA-1 hash algorithm Starting 2016, SHA-1 will be deprecated Request and use certs with SHA-2 hash algorithms throughout the chain
7. Forget Enterprise Registration AD FS in Windows Server 2012 R2 Many new features! Workplace Join Device-agnostic silent Single Sign-On (SSO) Employees verify devices, enroll a certificate, get cookie EnterpriseRegistration WorkPlace Join AutoDiscover requires DNS Record per UPN Suffix Use enterpriseregistration.domain.tld as Subject Alternative Name
8. Windows Updates, anyone? AD FS is regularly updated Security updates, like MS15-062 Scalability and stability updates AD FS uses Windows Update AD FS updates don’t require Microsoft Update :-) AD FS updates only light up after installing the Server Role Wait, test, then deploy updates Wait two weeks before deploying updates, or Deploy updates to a test network before production
9. Best Practices Analyzers Best Practices Analyzers Part of Server Manager in Windows Server 2008 R2 and up Avoid 90% of situations with data or functionality loss AD FS Best Practices Analyzer Checks the Active Directory Federation service Will be updated with additional checks in the future Other BPAs of use: Active Directory Domain Services Best Practices Analyzer Active Directory Certificate Services Best Practices Analyzer
10. Processes, processes, processes Monitoring of the AD FS Service Check the availability and/or usage of the AD FS infrastructure Use Systems Center Operations Manager with GSM, Azure Operational Insights and/or the Azure Active Directory Connect Health Service * Auditing of the AD FS Service AD FS offers built-in auditing and logging of errors, warnings, information Auditing of claims issuance Logging of success and failure audits Log suspicious or unintended activity
Concluding
Avoid the mistakes and you’ll be fine 1. Don’t build AD FS when you don’t need to 2. Don’t build upon an unhealthy Active Directory 3. Use gMSAs instead of ‘ordinary’ service acounts for AD FS 4. Design the right infrastructure 5. Take care of adequate time synchronization 6. Use certificates with 2048+bit keylength and SHA-2 algorithm 7. Don’t forget to plan for Enterprise Registration 8. Don’t forget to install Windows Update 9. Don;’t forget to use the Best Practice Analyzers 10. Monitor, audit and backup the AD FS infrastructure
Rules of thumb AD FS is an extension to Active Directory Make sure Active Directory is healthy Rename, migrate or restructure .local domains Plan your AD FS implementation Set requirements, plan accordingly, deploy securely Take care of adequate time synchronization Don’t forget to manage AD FS Use the Best Practices Analyzers (BPAs) Take care of information security, like monitoring, auditing, backup
And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
Thank you!
Belgiums’ biggest IT PRO Conference

Empfohlen

The Internet of your things by Jan Tielens
The Internet of your things by Jan TielensThe Internet of your things by Jan Tielens
The Internet of your things by Jan TielensITProceed
 
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITProceed
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenOffice Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenITProceed
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITProceed
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectRonny de Jong
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureMicrosoft Azure
 

Empfohlen

The Internet of your things by Jan Tielens
The Internet of your things by Jan TielensThe Internet of your things by Jan Tielens
The Internet of your things by Jan TielensITProceed
 
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...
ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...ITProceed
 
Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenOffice Track: SharePoint Apps for the IT Pro - Thomas Vochten
Office Track: SharePoint Apps for the IT Pro - Thomas VochtenITProceed
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
ITPROCEED_WorkplaceMobility_Windows 10 in the enterpriseITProceed
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Get your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectGet your Hybrid Identity in 4 steps with Azure AD Connect
Get your Hybrid Identity in 4 steps with Azure AD ConnectRonny de Jong
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureMicrosoft Azure
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesAndre Debilloez
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azureMohammad Ilyas Malik
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureMartyn Coupland
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSMorgan Simonsen
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaBipeen Sinha
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectoryThurupathan Vijayakumar
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Single Sign On using ADFS.pptx
Single Sign On using ADFS.pptxSingle Sign On using ADFS.pptx
Single Sign On using ADFS.pptxAlireza Vafi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesAndre Debilloez
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureMartyn Coupland
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSMorgan Simonsen
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaBipeen Sinha
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 

Was ist angesagt? (20)

Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter Vanhove
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from Atidan
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Azure with citrix by bipeen sinha
Azure with citrix by bipeen sinhaAzure with citrix by bipeen sinha
Azure with citrix by bipeen sinha
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 

Ähnlich wie ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs and hybrid identity

Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Single Sign On using ADFS.pptx
Single Sign On using ADFS.pptxSingle Sign On using ADFS.pptx
Single Sign On using ADFS.pptxAlireza Vafi
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...Kenny Buntinx
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?Vignesh Ganesan I Microsoft MVP
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Office 365 MCSA TechEd
Office 365 MCSA TechEdOffice 365 MCSA TechEd
Office 365 MCSA TechEdRobert Gabos
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
Understanding the Windows Azure Platform - Dec 2010
Understanding the Windows Azure Platform - Dec 2010Understanding the Windows Azure Platform - Dec 2010
Understanding the Windows Azure Platform - Dec 2010DavidGristwood
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followNCCOMMS
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2WinWire Technologies Inc
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...DIWUG
 
2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes MainstreamIngram Micro Cloud
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudMaarten Balliauw
 
Cloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupCloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupJ.D. Wade
 

Ähnlich wie ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs and hybrid identity (20)

Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
 
Single Sign On using ADFS.pptx
Single Sign On using ADFS.pptxSingle Sign On using ADFS.pptx
Single Sign On using ADFS.pptx
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
SCUGBE_Lowlands_Unite_2017_Achieving productivity without an on premises infr...
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
 
Office 365 MCSA TechEd
Office 365 MCSA TechEdOffice 365 MCSA TechEd
Office 365 MCSA TechEd
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identities
 
Understanding the Windows Azure Platform - Dec 2010
Understanding the Windows Azure Platform - Dec 2010Understanding the Windows Azure Platform - Dec 2010
Understanding the Windows Azure Platform - Dec 2010
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream2015: The Year Hybrid Cloud Goes Mainstream
2015: The Year Hybrid Cloud Goes Mainstream
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloud
 
Cloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users GroupCloud Security Fundamentals - St. Louis O365 Users Group
Cloud Security Fundamentals - St. Louis O365 Users Group
 

Mehr von ITProceed

Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel Coenye Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel CoenyeITProceed
 
Azure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsAzure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsITProceed
 
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITProceed
 
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITProceed
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITProceed
 
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITProceed
 
Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...ITProceed
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckITProceed
 
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...ITProceed
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonITProceed
 
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersOffice Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersITProceed
 
SQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellSQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellITProceed
 
SQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsSQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsITProceed
 
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesSQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesITProceed
 
SQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerSQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerITProceed
 
SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014ITProceed
 
SQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceSQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceITProceed
 
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...ITProceed
 
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...ITProceed
 
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsSysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsITProceed
 

Mehr von ITProceed (20)

Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel Coenye Optimal Azure Database Development by Karel Coenye
Optimal Azure Database Development by Karel Coenye
 
Azure stream analytics by Nico Jacobs
Azure stream analytics by Nico JacobsAzure stream analytics by Nico Jacobs
Azure stream analytics by Nico Jacobs
 
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteAppITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
ITPROCEED_WorkplaceMobility_Delivering applications with Azure RemoteApp
 
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
ITPROCEED_TransformTheDatacenter_Automate yourself service management like a ...
 
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
ITPROCEED_WorkplaceMobility_Creating a seamless experience with ue v and wind...
 
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
ITPROCEED2015_WorkplaceMobility_Configuration Manager 2012’s latest Service P...
 
Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...Office Track: Information Protection and Control in Exchange Online/On Premis...
Office Track: Information Protection and Control in Exchange Online/On Premis...
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
 
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
Office Track: SharePoint Online Migration - Asses, Prepare, Migrate & Support...
 
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan DelimonOffice Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
Office Track: Lync & Skype Federation v2 Deep Dive - Johan Delimon
 
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim BorgersOffice Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
Office Track: Lync in a VDI Infrastructure - Ruben Nauwelaers & Wim Borgers
 
SQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershellSQL Track: Restoring databases with powershell
SQL Track: Restoring databases with powershell
 
SQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizationsSQL Track: Get more out of your data visualizations
SQL Track: Get more out of your data visualizations
 
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sidesSQL Track: SQL Server unleashed meet SQL Server's extreme sides
SQL Track: SQL Server unleashed meet SQL Server's extreme sides
 
SQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL ServerSQL Track: In Memory OLTP in SQL Server
SQL Track: In Memory OLTP in SQL Server
 
SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014SQL Track: Hybrid cloud with sql server 2014
SQL Track: Hybrid cloud with sql server 2014
 
SQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligenceSQL: Enough business intelligence time for administration intelligence
SQL: Enough business intelligence time for administration intelligence
 
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with Sy...
 
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
Sysctr Track: Can SCOM monitor other stuff than Windows thingies Euhm yes it ...
 
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public cloudsSysctr Track: SMA, the hybrid provisioning engine for public clouds
Sysctr Track: SMA, the hybrid provisioning engine for public clouds
 

Kürzlich hochgeladen

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs and hybrid identity

  • 1. Ten most common mistakes with AD FS and Hybrid Identity Sander Berkouwer Tweet and win an Ignite 2016 ticket #itproceed#activedirectory #hybrididentity
  • 2. Agenda Federation A small primer on the open protocols used today for federating identity and achieving hybrid identity Most common mistakes when planning, deploying and operating AD FS … and how to avoid them to get the most out of your hybrid identity implementation
  • 3. Federation On claims, identity providers and relying party trusts
  • 4. Why we need federation NTLM and Kerberos Kerberos (1993) was designed for ‘safe’ networks NTLM and Kerberos have serious problems Active Directory Active Directory domain memberships are typically Windows-only Domain trusts leak information and scale badly Granular device-agnostic authentication We need device-agnostic, open protocols, designed for the web We need multi-factor authentication
  • 5. Under the hood 4 1 Colleague Claims-aware App Active Directory Federation Services (acting as STS) Active Directory Domain Services 3 5 6 7 2
  • 6. Behind the mist On Premises Active Directory Domain Services Azure Active Directory 1 Active Directory Federation Services Active Directory Federation Trust 4 5 6 7 8Colleague Directory Synchronization Tool Azure Active Directory Management API Azure Active Directory integrated Application Internet 2 3
  • 7. Federation benefits SAML and Oauth2 are Internet-ready Transport over Universal Firewall Bypass Protocol (TCP443) Tickets are compressed, optionally encrypted Relying Party trusts are very flexible Ticket content and authentication is defined per relying party trust Relying party trusts are flexible and scalable Multi-factor authentication AD FS in Windows Server 2012 R2 is extensible Extensions are configurable per relying party trust, per network
  • 9. Some organizations need their own AD FS infrastructure Local authentication requirements (legal, multi-factor authentication) Local authentication possibilities (claims issuance, transformation rules) Azure Active Directory with Password Sync 2488 Software-as-a-Service apps in the Azure Active Directory App Gallery Easily configure Single Sign-On and user account management Azure Active Directory Azure Active Directory Free may contain up to 500,000 accounts Federating with up to 5 apps is free. Online accounts may suffice 1. AD FS when you don’t need it
  • 10. 2. Build upon an unhealthy Active Directory Attribute integrity and lingering objects Objects, attributes on some Domain Controllers, not on others Resulting in unpredictable AD FS authentication Private top level domains DNS Domain Name for domains ending with .local, .int User Principal Name (UPN) needs to be added and changed UPN syntax mismatches Critical for solutions with Directory Sync Tool / Azure Active Directory Sync Use the IdFix DirSync Error Remediation Tool
  • 11. 3. The AD FS Service Account Password changes, security implications AD FS is usually Internet-facing, so it benefits from extra security We want regular password changes, host restrictions, etc. group Managed Service Accounts (gMSAs) gMSAs solve ‘the service account problem’ for farms, AD FS supported gMSAs offer Automatic SPN and password management Windows Server 2008 DFL 2008 Domain Functional Level offers automatic SPN management Windows 8 and Windows Server 2012 (and up) offer Cmdlets
  • 12. 4. Designing the right AD FS infrastructure AD FS Server Farms AD FS can easily be deployed highly available, if need be with Windows NLB AD FS Proxies / Web App Proxies can be deployed in perimeter networks Windows Internal Database or SQL Server A WID farm has a limit of five federation servers, does not support token replay detection or artifact resolution SQL Server High Availability Take advantage of your existing SQL Server investments Take advantage of database mirroring, failover clustering, monitoring
  • 13. 5. Skewed Time Synchronization Time Sync within an Active Directory environment W32time follows Active Directory hierarchy and sites configuration Set the time for an environment through the PDCe Time Sync within Virtual Machines Virtual machines always sync time with host on boot Continuous time sync is configured with VMware tools, Hyper-V ICs, etc. Time Sync within Perimeter Networks Could be virtual machine time sync, could be an external source Will be none, if you don’t configure it…
  • 14. 6. Certificate Distrust Certificates in use by AD FS Token-signing and token-decryption certificates Service communication certificate Certificates with 1024bit key length Certificates under 1024bits key length are blocked Request and use certificates with 2048bits key length throughout the chain Certificates with SHA-1 hash algorithm Starting 2016, SHA-1 will be deprecated Request and use certs with SHA-2 hash algorithms throughout the chain
  • 15. 7. Forget Enterprise Registration AD FS in Windows Server 2012 R2 Many new features! Workplace Join Device-agnostic silent Single Sign-On (SSO) Employees verify devices, enroll a certificate, get cookie EnterpriseRegistration WorkPlace Join AutoDiscover requires DNS Record per UPN Suffix Use enterpriseregistration.domain.tld as Subject Alternative Name
  • 16. 8. Windows Updates, anyone? AD FS is regularly updated Security updates, like MS15-062 Scalability and stability updates AD FS uses Windows Update AD FS updates don’t require Microsoft Update :-) AD FS updates only light up after installing the Server Role Wait, test, then deploy updates Wait two weeks before deploying updates, or Deploy updates to a test network before production
  • 17. 9. Best Practices Analyzers Best Practices Analyzers Part of Server Manager in Windows Server 2008 R2 and up Avoid 90% of situations with data or functionality loss AD FS Best Practices Analyzer Checks the Active Directory Federation service Will be updated with additional checks in the future Other BPAs of use: Active Directory Domain Services Best Practices Analyzer Active Directory Certificate Services Best Practices Analyzer
  • 18. 10. Processes, processes, processes Monitoring of the AD FS Service Check the availability and/or usage of the AD FS infrastructure Use Systems Center Operations Manager with GSM, Azure Operational Insights and/or the Azure Active Directory Connect Health Service * Auditing of the AD FS Service AD FS offers built-in auditing and logging of errors, warnings, information Auditing of claims issuance Logging of success and failure audits Log suspicious or unintended activity
  • 20. Avoid the mistakes and you’ll be fine 1. Don’t build AD FS when you don’t need to 2. Don’t build upon an unhealthy Active Directory 3. Use gMSAs instead of ‘ordinary’ service acounts for AD FS 4. Design the right infrastructure 5. Take care of adequate time synchronization 6. Use certificates with 2048+bit keylength and SHA-2 algorithm 7. Don’t forget to plan for Enterprise Registration 8. Don’t forget to install Windows Update 9. Don;’t forget to use the Best Practice Analyzers 10. Monitor, audit and backup the AD FS infrastructure
  • 21. Rules of thumb AD FS is an extension to Active Directory Make sure Active Directory is healthy Rename, migrate or restructure .local domains Plan your AD FS implementation Set requirements, plan accordingly, deploy securely Take care of adequate time synchronization Don’t forget to manage AD FS Use the Best Practices Analyzers (BPAs) Take care of information security, like monitoring, auditing, backup
  • 22. And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
  • 23. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
  • 25. Belgiums’ biggest IT PRO Conference