3. IT Security in 2017
What is Azure Active Directory?
What is dox42?
Live Time: Impersonation Client and Server
Call Webservice / Generate Document in SharePoint
Register Client/Server in Azure AD
Call Webservice from Client/Server
Q&A
Agenda
4. There are only two types of companies: those that have been hacked,
and those that will be.
Even that is merging into one category: those that have been hacked
and will be again.
Robert Mueller, FBI Direktor
5. IT Security in 2017
General Data Protection Regulation (GDPR)
Ransomware
Data Leaks and Breaches
On-Premises vs. Cloud
Multi App Environment – Multi Leak Environment
Big Data, IoT, digital Transformation
7. Which authentication method makes sense?
Anonymous
low security requirement
transformation only
Website
Service Account
easy to maintain
Password Management
IP Restriction on-premise
(Server-Domain
Communication)
Impersonation
traceability
full person/group control
Implementation
(Kerberos, AAD, Apps, ADFS,
Windows Accounts)
Security / Traceability / Complexity
8. Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud
based directory and identity management service.
Azure AD combines core directory services, advanced identity
governance, and application access management.
10. Impersonation with Azure AD
for selected Office 365 Application
service "is" the client
per User
per Application
Token Authentication
User / App maintenance in
AAD
communication between
Office 365 Apps
18. LIVE DEMO
SP connect und generate
Add-In MA Liste generieren– Abfrage Microsoft Account
AAD Admin Portal:
• App registrations – Server und Add-In > Properties Application ID; Redirect URL (könnte iwas sein);
• SP Datenquelle> Test>Config Office AAD > Add-In reg und Server reg > Consent bestätigen
• Client Key ist „Silent Login“ – benötigt damit sich der Server wirklich einloggen darf – Meldet sich mit Token und
Client Key im Azure an
• Server ist Web App in der Reg; Add-In ist „Native“ > Login durch User am Client
• Javascript macht die Zauberei, dass Server sich einloggt; Add-In ist über O365 AAD Konfig korrekt eingeloggt
2ter User mit Celina Bentley - impersonierung für dox42; Szenario am SPS Belgium auggebaut
2. Szenario Sales Report; 3. Szenario PPT
Doku: Product > AAD
28. Server
Client
Access Structure in Client/Server Environment
Server
Add-Ins
Access with Token #2
Data with Token #1
Data with Token #2
Access with Token #1
29. Sources / Link to Blog Article with Walkthrough
Rob Windsor, MVP:
https://blogs.msmvps.com/windsor/2017/03/12/walkth
rough-building-a-custom-web-api-for-use-with-
sharepoint-online/
30. IT Security in 2017
What is Azure Active Directory?
What is dox42?
Live Time: Impersonation Client and Server
Call Webservice / Generate Document in SharePoint
Register Client/Server in Azure AD
Call Webservice from Client/Server
Q&A
Recap
Before we get into the Session: Who is developer? Who is Administrator? Who is a User?
Ransom Trojan in Hospitals
Equifax half of American Population; Yahoo 500 Million Users; Linkedin: Hacked in 2012 – revelead 2016
schrift
symbol
SP connect und generate
Add-In MA Liste generieren– Abfrage Microsoft Account
AAD Admin Portal:
App registrations – Server und Add-In > Properties Application ID; Redirect URL (könnte iwas sein);
SP Datenquelle> Test>Config Office AAD > Add-In reg und Server reg > Consent bestätigen
Client Key ist „Silent Login“ – benötigt damit sich der Server wirklich einloggen darf – Meldet sich mit Token und Client Key im Azure an
Server ist Web App in der Reg; Add-In ist „Native“ > Login durch User am Client
Javascript macht die Zauberei, dass Server sich einloggt; Add-In ist über O365 AAD Konfig korrekt eingeloggt
2ter User mit Celina Bentley - impersonierung für dox42; Szenario am SPS Belgium auggebaut
2. Szenario Sales Report; 3. Szenario PPT
Before we get into the Session: Who is developer? Who is Administrator? Who is a User?