How MIM and Azure AD Connect enable Hybrid Identity
por A.J. Houtman
1. Azure Active Directory (AAD)
1.1. Maintains cloud identities for the same reason that AD maintains on-premises identities
1.2. Protects identity information and makes it available for any cloud service to use for authentication and authorization purposes
2. MIM
2.1. Admin: one identity to manage
2.2. User: same sign-on
2.3. Security: consistent and timely identity data across systems
2.4. Governance: knowing what you know about users and their entitlements
2.5. MIM's ongoing importance
3. Azure AD Connect
3.1. A free tool which does a lot out of the box
3.2. Based on MIM, but it is different and does more
3.3. Fully supported as an AD/AAD sync engine
3.4. Benefits
3.4.1. Objects and attributes synchronized (users, contacts, groups and their memberships, and devices)
3.4.2. Alows (some) cloud secrutiy and governance features
3.4.3. Various authentication options
3.5. Consolitating Identities
3.6. Managed Authentication Methods
3.6.1. Password Hash Sync (PHS) - least effort, no real time on-premises dependency, leaked credential protection
3.6.1.1. PHS
3.6.2. Pass-Through Authentication (PTA) - AD in control, light-weight agents, only outbound networking
3.6.2.1. PTA
3.7. Federated Authentication
3.7.1. Federation
3.8. Seamless SSO
3.8.1. configures Azure AD as a Kerberos service
3.9. Hybrid Azure AD join
3.9.1. One of the two possible device scenarios in Azure AD Connect
3.9.2. Suitably configured AD joined computers can become Hybrid Azure AD Joined
3.9.3. Certificate-based SSO