How MIM and Azure AD Connect enable Hybrid Identity

Get Started. It's Free
or sign up with your email address
How MIM and Azure AD Connect enable Hybrid Identity by Mind Map: How MIM and Azure AD Connect enable Hybrid  Identity

1. Azure Active Directory (AAD)

1.1. Maintains cloud identities for the same reason that AD maintains on-premises identities

1.2. Protects identity information and makes it available for any cloud service to use for authentication and authorization purposes

2. MIM

2.1. Admin: one identity to manage

2.2. User: same sign-on

2.3. Security: consistent and timely identity data across systems

2.4. Governance: knowing what you know about users and their entitlements

2.5. MIM's ongoing importance

3. Azure AD Connect

3.1. A free tool which does a lot out of the box

3.2. Based on MIM, but it is different and does more

3.3. Fully supported as an AD/AAD sync engine

3.4. Benefits

3.4.1. Objects and attributes synchronized (users, contacts, groups and their memberships, and devices)

3.4.2. Alows (some) cloud secrutiy and governance features

3.4.3. Various authentication options

3.5. Consolitating Identities

3.6. Managed Authentication Methods

3.6.1. Password Hash Sync (PHS) - least effort, no real time on-premises dependency, leaked credential protection

3.6.1.1. PHS

3.6.2. Pass-Through Authentication (PTA) - AD in control, light-weight agents, only outbound networking

3.6.2.1. PTA

3.7. Federated Authentication

3.7.1. Federation

3.8. Seamless SSO

3.8.1. configures Azure AD as a Kerberos service

3.9. Hybrid Azure AD join

3.9.1. One of the two possible device scenarios in Azure AD Connect

3.9.2. Suitably configured AD joined computers can become Hybrid Azure AD Joined

3.9.3. Certificate-based SSO

3.10. Integrating HR

4. Hybrid Identity

4.1. Most organizations are using cloud services (Azure)

4.2. Few of them are able to become all cloud. Users typically have a cloud and an on-premises "persona" (identity)

4.3. At leat on ecloud and one-premises persona

4.4. Admin: "one" identity to manage, one place.

4.5. User: same sign-on or single sign-on

4.6. Security: consistent and timely identity data

4.7. Goverance: knowing what you know about users

4.8. Azure AD Connect is to hybrid identity management, what MIM is to on-premises identity management

5. Azure Application Proxy

5.1. HTTP(S) traffice is terminated in the cloud, blocking many attacks

5.2. No incoming connections

5.3. Abnormalities detected & reported and autidting by Azure AD

5.4. Sign Sign-on experience from Azure AD to on-premise applications

6. Conlusions

6.1. Microsoft cloud capabilities are developing - we can see the destination ever more clearly

6.2. Most organizations are still hybrid organizations, and still need on-premise AD

6.3. MIM is great for organizing on-premises identities, and is an important cloud-enable in all but the simplest cases - it can be gradually wound down, but will also persist for some time

6.4. Azure AD Connect is very capable and will be around from some time.