JL
Hochgeladen vonJohannes Linder
PPTX, PDF135 aufrufe

Office 365 next level security - Web Service Impersonation in Azure Active Directory

See a sample Impersonation of a Web Service (dox42) in Azure AD

Präsentation einbetten

Downloaden Sie, um offline zu lesen
Office 365 next level Security: Web Service Impersonation in AzureAD Johannes Linder
Johannes Linder SharePoint since 2010 Dynamics CRM since 2013 dox42 since 2013 Lego since 1989 & 2001
IT Security in 2017 What is Azure Active Directory? What is dox42? Live Time: Impersonation Client and Server Call Webservice / Generate Document in SharePoint Register Client/Server in Azure AD Call Webservice from Client/Server Q&A Agenda
There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again. Robert Mueller, FBI Direktor
IT Security in 2017  General Data Protection Regulation (GDPR)  Ransomware  Data Leaks and Breaches  On-Premises vs. Cloud  Multi App Environment – Multi Leak Environment  Big Data, IoT, digital Transformation
IT Security in 2017Where to start?
Which authentication method makes sense? Anonymous low security requirement transformation only Website Service Account easy to maintain Password Management IP Restriction on-premise (Server-Domain Communication) Impersonation traceability full person/group control Implementation (Kerberos, AAD, Apps, ADFS, Windows Accounts) Security / Traceability / Complexity
Azure Active Directory Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
Azure Active Directory
Impersonation with Azure AD for selected Office 365 Application  service "is" the client  per User  per Application  Token Authentication  User / App maintenance in AAD  communication between Office 365 Apps
Server Client Access in Client/Server Environment Server Add-Ins
Automatically generate documents from any Application Admin and User friendly Data, images, tables, dynamic diagrams, bar-codes, text modules,…
Generate in Office Client or through IIS Webservice
WebService Data Base Custom SharePoint MS Dynamics CRM, NAV, AX Online & on Prem Integrate data from various sources Office 365 & on Prem
Client and Server Impersonation Add-Ins Design User Server Button | Workflow | URL IIS Webservice
Open Save Mail Print Custom Outputoptions – Impersonation sometimes is essential
Livetime: How to AAD Impersonation
LIVE DEMO  SP connect und generate  Add-In MA Liste generieren– Abfrage Microsoft Account  AAD Admin Portal: • App registrations – Server und Add-In > Properties Application ID; Redirect URL (könnte iwas sein); • SP Datenquelle> Test>Config Office AAD > Add-In reg und Server reg > Consent bestätigen • Client Key ist „Silent Login“ – benötigt damit sich der Server wirklich einloggen darf – Meldet sich mit Token und Client Key im Azure an • Server ist Web App in der Reg; Add-In ist „Native“ > Login durch User am Client • Javascript macht die Zauberei, dass Server sich einloggt; Add-In ist über O365 AAD Konfig korrekt eingeloggt  2ter User mit Celina Bentley - impersonierung für dox42; Szenario am SPS Belgium auggebaut  2. Szenario Sales Report; 3. Szenario PPT  Doku: Product > AAD
Impersonation Button in SharePoint
Download Document
Word Template and generated PDF
Login in Client
Generated with Impersonation in Word
Settings in Office 365 AAD Admin Center
Settings for Server
Grant Permissions to Service
Saved to SharePoint with User Impersonation
Server Client Access Structure in Client/Server Environment Server Add-Ins Access with Token #2 Data with Token #1 Data with Token #2 Access with Token #1
Sources / Link to Blog Article with Walkthrough Rob Windsor, MVP: https://blogs.msmvps.com/windsor/2017/03/12/walkth rough-building-a-custom-web-api-for-use-with- sharepoint-online/
IT Security in 2017 What is Azure Active Directory? What is dox42? Live Time: Impersonation Client and Server Call Webservice / Generate Document in SharePoint Register Client/Server in Azure AD Call Webservice from Client/Server Q&A Recap
Takeaways
Almost SharePint o‘clock! But First Q+A!
Johannes Linder johannes.linder@dox42.com @jo_linder johanneslinder

Weitere ähnliche Inhalte

PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
vonOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
vonSocialHRCamp
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
vonChiara Aliotta
 
PDF
2024 State of Marketing Report – by Hubspot
vonMarius Sescu
 
PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
vonSearch Engine Journal
 
PDF
Everything You Need To Know About ChatGPT
vonExpeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
vonPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
vonThinkNow
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
vonOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
vonSocialHRCamp
 
Storytelling For The Web: Integrate Storytelling in your Design Process
vonChiara Aliotta
 
2024 State of Marketing Report – by Hubspot
vonMarius Sescu
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
vonSearch Engine Journal
 
Everything You Need To Know About ChatGPT
vonExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
vonPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
vonThinkNow
 

Kürzlich hochgeladen

PPTX
The Abomination of AI – keynote at ICoSCI 2026
vonAlan Dix
 
PDF
Manual Grabadora laser ACMER S1 User Manual(English).pdf
vonAadrianVar
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
vonTopmate
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
vonKerry Millar
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
vonbalajichess314
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
vonPrecisely
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
vonAtal Networks
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
von6xfrnmdp4b
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
vonDanBrown980551
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
vonCrafterQ
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
vonAtal Networks
 
PPTX
Microsoft Azure News - January 2026 - BAUG
vonDaniel Toomey
 
PDF
6 Insights from the Patron Saint of AI Failure
vonScott M. Graffius
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
vonDianaGray10
 
PPTX
congo red stain nd PAS STAIN histopathology
vonbushrariaz1240
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
vonAtal Networks
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
vonGavin Ellis
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
vonSlide_N
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
vonUiPathCommunity
 
PDF
Chapter 2 Computer Threat .pdf
vonGetnet Tigabie Askale -(GM)
 
The Abomination of AI – keynote at ICoSCI 2026
vonAlan Dix
 
Manual Grabadora laser ACMER S1 User Manual(English).pdf
vonAadrianVar
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
vonTopmate
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
vonKerry Millar
 
computer science class 11 ( phishing and fraud mails) .pptx
vonbalajichess314
 
Pervasive Encryption - Keeping Data Secure.pdf
vonPrecisely
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
vonAtal Networks
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
von6xfrnmdp4b
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
vonDanBrown980551
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
vonCrafterQ
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
vonAtal Networks
 
Microsoft Azure News - January 2026 - BAUG
vonDaniel Toomey
 
6 Insights from the Patron Saint of AI Failure
vonScott M. Graffius
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
vonDianaGray10
 
congo red stain nd PAS STAIN histopathology
vonbushrariaz1240
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
vonAtal Networks
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
vonGavin Ellis
 
Mercury Computer Systems & The Cell Broadband Engine
vonSlide_N
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
vonUiPathCommunity
 
Chapter 2 Computer Threat .pdf
vonGetnet Tigabie Askale -(GM)
 

Empfohlen

PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
vonmarketingartwork
 
PDF
Skeleton Culture Code
vonSkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
vonNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
voncontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
vonAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
vonKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
vonSearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
vonSpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
vonClark Boyd
 
PDF
Getting into the tech field. what next
vonTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
vonLily Ray
 
PDF
How to have difficult conversations
vonRajiv Jayarajah, MAppComm, ACC
 
PDF
Introduction to Data Science
vonChristy Abraham Joy
 
PDF
Time Management & Productivity - Best Practices
vonVit Horky
 
PDF
The six step guide to practical project management
vonMindGenius
 
PDF
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
vonRachelPearson36
 
PDF
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
vonApplitools
 
PDF
12 Ways to Increase Your Influence at Work
vonGetSmarter
 
PDF
ChatGPT webinar slides
vonAlireza Esmikhani
 
PDF
More than Just Lines on a Map: Best Practices for U.S Bike Routes
vonProject for Public Spaces & National Center for Biking and Walking
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
vonmarketingartwork
 
Skeleton Culture Code
vonSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
vonNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
voncontently
 
How to Prepare For a Successful Job Search for 2024
vonAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
vonKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
vonSearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
vonSpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
vonClark Boyd
 
Getting into the tech field. what next
vonTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
vonLily Ray
 
How to have difficult conversations
vonRajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
vonChristy Abraham Joy
 
Time Management & Productivity - Best Practices
vonVit Horky
 
The six step guide to practical project management
vonMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
vonRachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
vonApplitools
 
12 Ways to Increase Your Influence at Work
vonGetSmarter
 
ChatGPT webinar slides
vonAlireza Esmikhani
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
vonProject for Public Spaces & National Center for Biking and Walking
 

Office 365 next level security - Web Service Impersonation in Azure Active Directory

  • 1.
    Office 365 nextlevel Security: Web Service Impersonation in AzureAD Johannes Linder
  • 2.
    Johannes Linder SharePoint since2010 Dynamics CRM since 2013 dox42 since 2013 Lego since 1989 & 2001
  • 3.
    IT Security in2017 What is Azure Active Directory? What is dox42? Live Time: Impersonation Client and Server Call Webservice / Generate Document in SharePoint Register Client/Server in Azure AD Call Webservice from Client/Server Q&A Agenda
  • 4.
    There are onlytwo types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again. Robert Mueller, FBI Direktor
  • 5.
    IT Security in2017  General Data Protection Regulation (GDPR)  Ransomware  Data Leaks and Breaches  On-Premises vs. Cloud  Multi App Environment – Multi Leak Environment  Big Data, IoT, digital Transformation
  • 6.
    IT Security in2017Where to start?
  • 7.
    Which authentication methodmakes sense? Anonymous low security requirement transformation only Website Service Account easy to maintain Password Management IP Restriction on-premise (Server-Domain Communication) Impersonation traceability full person/group control Implementation (Kerberos, AAD, Apps, ADFS, Windows Accounts) Security / Traceability / Complexity
  • 8.
    Azure Active Directory AzureActive Directory (Azure AD) is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management.
  • 9.
  • 10.
    Impersonation with AzureAD for selected Office 365 Application  service "is" the client  per User  per Application  Token Authentication  User / App maintenance in AAD  communication between Office 365 Apps
  • 11.
    Server Client Access in Client/ServerEnvironment Server Add-Ins
  • 12.
    Automatically generate documentsfrom any Application Admin and User friendly Data, images, tables, dynamic diagrams, bar-codes, text modules,…
  • 13.
    Generate in OfficeClient or through IIS Webservice
  • 14.
    WebService Data Base Custom SharePoint MSDynamics CRM, NAV, AX Online & on Prem Integrate data from various sources Office 365 & on Prem
  • 15.
    Client and ServerImpersonation Add-Ins Design User Server Button | Workflow | URL IIS Webservice
  • 16.
    Open Save MailPrint Custom Outputoptions – Impersonation sometimes is essential
  • 17.
    Livetime: How toAAD Impersonation
  • 18.
    LIVE DEMO  SPconnect und generate  Add-In MA Liste generieren– Abfrage Microsoft Account  AAD Admin Portal: • App registrations – Server und Add-In > Properties Application ID; Redirect URL (könnte iwas sein); • SP Datenquelle> Test>Config Office AAD > Add-In reg und Server reg > Consent bestätigen • Client Key ist „Silent Login“ – benötigt damit sich der Server wirklich einloggen darf – Meldet sich mit Token und Client Key im Azure an • Server ist Web App in der Reg; Add-In ist „Native“ > Login durch User am Client • Javascript macht die Zauberei, dass Server sich einloggt; Add-In ist über O365 AAD Konfig korrekt eingeloggt  2ter User mit Celina Bentley - impersonierung für dox42; Szenario am SPS Belgium auggebaut  2. Szenario Sales Report; 3. Szenario PPT  Doku: Product > AAD
  • 19.
  • 20.
  • 21.
    Word Template andgenerated PDF
  • 22.
  • 23.
  • 24.
    Settings in Office365 AAD Admin Center
  • 25.
  • 26.
  • 27.
    Saved to SharePointwith User Impersonation
  • 28.
    Server Client Access Structure inClient/Server Environment Server Add-Ins Access with Token #2 Data with Token #1 Data with Token #2 Access with Token #1
  • 29.
    Sources / Linkto Blog Article with Walkthrough Rob Windsor, MVP: https://blogs.msmvps.com/windsor/2017/03/12/walkth rough-building-a-custom-web-api-for-use-with- sharepoint-online/
  • 30.
    IT Security in2017 What is Azure Active Directory? What is dox42? Live Time: Impersonation Client and Server Call Webservice / Generate Document in SharePoint Register Client/Server in Azure AD Call Webservice from Client/Server Q&A Recap
  • 31.
  • 33.
  • 34.

Hinweis der Redaktion

  • #4 Before we get into the Session: Who is developer? Who is Administrator? Who is a User?
  • #6 Ransom Trojan in Hospitals Equifax half of American Population; Yahoo 500 Million Users; Linkedin: Hacked in 2012 – revelead 2016
  • #14 schrift
  • #15 symbol
  • #19 SP connect und generate Add-In MA Liste generieren– Abfrage Microsoft Account AAD Admin Portal: App registrations – Server und Add-In > Properties Application ID; Redirect URL (könnte iwas sein); SP Datenquelle> Test>Config Office AAD > Add-In reg und Server reg > Consent bestätigen Client Key ist „Silent Login“ – benötigt damit sich der Server wirklich einloggen darf – Meldet sich mit Token und Client Key im Azure an Server ist Web App in der Reg; Add-In ist „Native“ > Login durch User am Client Javascript macht die Zauberei, dass Server sich einloggt; Add-In ist über O365 AAD Konfig korrekt eingeloggt 2ter User mit Celina Bentley - impersonierung für dox42; Szenario am SPS Belgium auggebaut 2. Szenario Sales Report; 3. Szenario PPT
  • #31 Before we get into the Session: Who is developer? Who is Administrator? Who is a User?