Active Directory from on-premises to the cloud – Azure AD whitepapers

Just recently the completion of the "Active Directory from on-premises to the cloud – Azure AD whitepapers" series was announced and available here: https://www.microsoft.com/en-us/download/details.aspx?id=36391.

This is a fantastic resource for organizations already using Identity Management-as-a-Service (IdMaaS) or planning to use IdMaaS

It also includes a new guide describing the Windows 10 integration with IdMaaS including step by step instructions which I have highlighted below.

 

Happy Readings.

 

UPDATE:

Be aware of the following:

The Windows 10 document claims you cannot do an Azure Domain Join with Passport in a Hybrid scenario with the build that was used when the document was written.

You actually can now do an Azure AD Join with a Windows 10 device and use Passport with the current build. I just did it J.

 


With the increase of IT security threats and a growing number of users making use of multiple devices along with the availability of more and more Software-as-a-Service (SaaS) applications, the continuous rise of hybrid solutions, identity federation alongside password sync continue to play an important role for controlling and securing access and how businesses ensure trust in a multi-device, mobile, and cloud world. Those are ones of the key enablers for a seamless hybrid identity. Identity indeed becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud. Windows 10 benefits in this context from specific features to enter this new open world. 

The availability of two new whitepapers on the Azure AD join feature of Windows 10, and identity federation (aka single sign-on) with Azure AD and Office 365:

  • Azure AD & Windows 10: Better together for Work and School whitepaper (NEW).

  • Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 (with Azure AD Connect) – Part 2bis whitepaper (NEW).

These two whitepapers complete a series of whitepapers on Azure AD offerings (free, Basic, and Premium) already available on the Microsoft Download Center here: https://www.microsoft.com/en-us/download/details.aspx?id=36391. Azure AD is the identity foundation for many Microsoft services like Office 365, Intune, and others.

Azure AD & Windows 10: Better together for Work and School whitepaper introduces how Windows 10 Pro and Windows 10 Enterprise editions will enable a device to connect to an organization’s Azure AD tenancy to seamlessly access SaaS applications in the cloud and traditional applications on-premises, and all of that without needing the traditional WSAD domains on-premises if you want to. It depicts the related experiences whether you are cloud-only, hybrid or have an on-premises AD infrastructure as well as how to enable them.

Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 (with Azure AD Connect) – Part 2bis whitepaper provide an end-to-end walkthrough to setup an Azure-based lab environment to further familiarize yourself on the modalities on how to enable single sign-on using corporate AD credentials and AD FS to Azure AD/Office 365. It leverages for that purpose the new tooling and service Azure AD Connect & Azure AD Connect Health.

Moreover, the cloud being a perpetual evolving environment in essence (continuous delivery), all the whitepapers in the series have also been updated to provide an accurate vision (to date) of our value propositions for Identity Management-as-a-Service (IdMaaS):

  • Active Directory from the on-premises to the cloud whitepaper (updated).

  • An overview of Azure AD whitepaper (updated).

  • Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 – Part 1 whitepaper (updated).

  • Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 – Part 2 whitepaper (updated).

  • Azure AD/Office 365 single sign-on with Shibboleth 2whitepaper (updated).

  • Leverage Multi-Factor Authentication with Azure AD whitepaper (updated).

  • Leverage Multi-Factor Authentication Server on your premises whitepaper (updated).

  • Azure AD/Office 365 single sign-on with Shibboleth 2 whitepaper (updated).

Active Directory from the on-premises to the cloud whitepaper introduces the trends that sustain a new identity model, the role of IdMaaS and presents in this context the Microsoft’s identity offerings in the hybrid era.

An overview of Azure AD whitepaper further presents the capabilities that can be leveraged to centralize the identity management needs of your modern business applications, and your SaaS subscriptions, whether they are cloud-based, hybrid, or even on-premises. The free edition of Azure AD is a complete offering that can help you take advantage of your on-premises existing investment, fully outsource to the cloud your users (and devices) management and anything in between.

For enterprises with more demanding needs an advanced offering, Azure AD Basic and Azure AD Premium help complete the set of capabilities that this identity and access management solution delivers.

Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012 R2 (Part1, Part 2, and Part 2bis) whitepapers provide an understanding of the different seamless sign-in deployment options with Azure AD/Office 365, how to enable single sign-on using corporate AD credentials and AD FS to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment, notably for conditional access. They also provide an end-to-end walkthrough to setup an Azure-based lab environment to further familiarize yourself with both the installation and configuration of the related infrastructure. (Scripts are also provided to illustrate how to leverage the remote Windows PowerShell capabilities along with the Windows Server automation with Windows PowerShell to setup the required virtual machines.)

As an addition, Leverage Multi-Factor Authentication Server on your premises whitepaper describes how to use Azure Multi-Factor Authentication (MFA) Server with AD FS in Windows Server 2012 R2 and to configure it to secure cloud resources such as Office 365 so that so that federated users will be prompted to set up additional verification the next time they sign in on-premises. This document leverages the instrumented walkthrough provided in the second part (bis) of the above whitepaper Azure AD/Office 365 single sign-on with AD FS in Windows Server 2012.

Likewise, Azure AD/Office 365 single sign-on with Shibboleth 2 whitepaper provides an understanding of how to enable single sign-on using corporate LDAP-based directory credentials and Shibboleth 2 with the SAML 2.0 protocol to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough of the related setup and configuration.

Leverage Multi-Factor Authentication with Azure AD whitepaper covers the Azure Multi-Factor Authentication paid offering and how to leverage it with Azure AD Premium.

Leverage Azure AD for modern Business Applications whitepaper further presents the aspects that relates to the development of solutions. Azure AD offers to developers and cloud ISVs an identity management platform to deliver access control to their modern business apps and web APIs, based on centralized policy and rules.