We had two great speakers for the month of July. A thank you to Max Fritz and Ryan Ephgrave.
Notes from Max's presentation:
Max gave an overview of Azure AD and identity sync using AD Connect. AD Connect is the newest tool to sync a local on premise AD to Azure AD. You can read more about Azure AD connect here. Max went over some best practices when configuring and setting up the AD Connect. Although it is supported to install on a DC, you will want to install it on a separate box. Also, it is important to setup AD Connect as close as possible to a DC. When users are signing in via Azure AD, the further the AD Connect broker is from the DC will increase the amount of time it takes for the authentication to happen. AD Connect can be implemented with or without AD FS (federated services).
One of the benefits of using Azure AD is app integration. You have the ability to setup SSO (single sign-on) for cloud applications (SaaS), shared accounts, or on premise applications. Max gave a very good demo of integrating this with Twitter. Another benefit is Azure AD join which will allow you to join Windows 10 devices to Azure and have this sync back into your AD environment. Lastly, is the ability to have self service password resets for AD accounts.
Max also went over MFA (multi-factor authentication) which can be setup in Azure, on premise as a standalone solution, or as a hybrid solution. MFA is included in Azure AD premium but is free of Office 365 administrators. If you are an O365 administrator and you do not have this enabled on your account you should immediately set it up. MFA provides real time alerts for Azure access, third party application access, and location access. You can set this up either to be forced on for everyone or to enable users to sign up themselves.
Notes from Ryan's presentation.
Ryan did an awesome job going over Azure Automation and providing a deep dives into runbooks and webhooks. Remember, if you want to try out Azure Automation yourself you can setup free accounts either via OMS or Azure Automation.
To get started with Azure Automation there are three things that need to be in place first.
- AD User - service account
- OMS Hybrid Worker - needed to run code on premise. This hybrid worker will query Azure every minute or two for jobs.
- Automation Account(s) - you can have as many as you want. You should use one account for each thing you are doing as permissions to runbooks can only apply to accounts or resource groups.
Ryan has a great article here on how to set all of these up.
As mentioned during the demos, use the PowerShell ISE add-on for Azure to make creating the runbooks easier. Below are some links to Ryan's blog with a ton of information on Azure Automation.