Secure Resources with Hybrid Identities

Active Directory Federation Services (AD FS) is the Microsoft implementation of the ws-Federation Passive Requestor Profile protocol. AD FS allows domain to be extended to external networks however Azure AD provides modern functionality.

Directory Synchronisation (DirSync), now part of AD Connect, allows synchronisation of an on premise AD domain to Azure AD. Directory synchronisation relies upon:

  • Connector space: shadow copies of AD objects with a subset of attributes added here ready for synchronisation
  • Metaverse: central, consolidated view of objects being synchronised
  • Synchronisation Rules: define which and how objects are synchronised

Password hashes can be optionally synchronised. Enable Hybrid Deployment to sync Azure AD changes back on on premise. Matching Rules can be used to determine how objects across multiple directories are synchronised together e.g. 2 user accounts in 2 directories both representing the same user.

Azure AD Application Proxy exposes on premise applications to the cloud with Azure AD protection. Publish applications that will be accessible from outside your network with an external Azure provided  URL and a configured URL pointing to the on premise application. Assign users and groups rights to access the application. Users can view and access applications assigned to them in the Azure AD Access Panel using a web browser.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s