10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES Setting Up Azure AD For SharePoint Admins Todd Klindt
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Setting Up Azure AD For SharePoint Admins
Todd Klindt
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Todd Klindt
• 14 Year SharePoint MVP
• Writer, speaker, podcaster, consultant at Sympraxis Consulting, SysKit Chief Evangelist
[email protected]@toddklindtwww.toddklindt.comwww.toddklindt.com/Thrive2019
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Agenda
• Marketing schlock
• Terminology and Topology
• Syncing a domain for fun and profit
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure Active Directory
• If you are going to do anything with Office 365 this is step one
• This is a very valuable skill set to add to the resume
• Stop reinventing the authentication wheel
• Be able to speak intelligently to your auth team
• Walk through guide• https://www.youtube.com/watch?v=duYYmqzx0Rc
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Identity Bridge
Active Directory
LDAP
Azure AD Connect(sync + sign on)
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Lululemon Story• Azure AD Connect implementation and Self Service
Password Reset (SSPR) migration from the old tool (6 weeks)
• MFA registration, Azure AD conditional access, and Azure AD Identity Protection (7 weeks)
• Microsoft Advanced Threat Analytics (3 weeks)
• Group-based licensing (3 days)
• Azure Information Protection (8 weeks)
• Azure AD Privileged Identity Management (3 days!)
• Countless apps (each in a matter of hours!)
• https://www.toddklindt.com/lululemon
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
How Azure AD Protects you from leaks• May 2016• 272 million stolen username and passwords• 9.62% of the usernames matched an account• 1.03% had a matching password
• Less than 0.1% of the list had a valid match for username and password
• 58.3% already protected• Of all the accounts in this list, 0.042 % of them were actually at
risk• automated mitigations kick in to protect them
https://www.toddklindt.com/ProtectAAD
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Terminology and Topology
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Defining Terminology
• (Windows) Active Directory
• User Principal Name (UPN)
• Azure Active Directory (AAD)
• Identity as a Service
• Hybrid
• DirSync
• ADFS
• Azure AD Connect (AADC)
• SSO
• The other SSO
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Topology & Security
• ADFS vs DirSync vs Pass-Through• Federation starts with synchronization
• Pass-through, best of both worlds?
• Multifactor Auth• Yours or theirs
• Flip of a switch
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Same sign on scenario
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Single sign on scenario
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Pass-through Auth
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Active Directory core concepts and concerns
• FSMO roles, AD DNS, WINS, etc
• Dirty Directories
• 2003 Everyone group -> 2008 Authenticated Users group
• IsCriticalSystemObject objects are not synced• I’m looking at you Domain Users
• UPN issues
• Schema Extensions
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
On-Prem Server, Cloud Auth
• Azure AD with your on-prem SharePoint Server
• Spence has a session on this here at Thrive• 17:25 - 18:25, Stebrov
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure AD Connect Walkthrough
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Assumptions
• Windows Active Directory Domain• It works
• Forest and Domain Windows 2003 functional level or higher
• Not Single Level or dotted
• AD Connect Server• Windows 2008 or greater
• Own an Internet domain and control DNS
• Have an Azure or Office 365 Tenant
• Domain admin and tenant admin creds
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Before Picture
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Add Internet Domain
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Verify Domain
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
TXT Record Shuffle
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Your DNS Host
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Verifying…
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
The Easy Way
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
With PowerShell• V1• New-MSOLDomain
• Get-MsolDomainVerificationDns
• Confirm-MsolDomain
• Set-MsolDomain
• V2• New-AzureADDomain
• Get-AzureADDomainVerificationDnsRecord
• Confirm-AzureADDomain
• Set-AzureADDomain
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Now, Another Word about DNS
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Again with the DNS
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Function Check
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
New Before
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Start Syncing
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Install and Config
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Almost there
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
The Pudding
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Advanced Moves
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Viewing AADC
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Customizing AADC
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
miiscient
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
PowerShell
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Security articleAzure AD Connect for Red Teamers
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Questions?
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Thank you Sponsors#ThriveITconf
Silver
Evening event sponsor
Material
Media
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Contact Me
[email protected]@toddklindtwww.toddklindt.comwww.toddklindt.com/Thrive2019