The Pass-through Authentication
This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.
Benefits of the solution
This solution offers the following benefits :
- The same password for cloud-based applications and on-premise applications
- When user change password, the modification for cloud-based application is instantaneous
- Easy to deploy: only one agent to install
- Passwords are never stored in the cloud
- Agents can be installed on multiple on-premises servers to provide high availability
We have had the possibility for many years to join a machine to an Active Directory domain. With cloud services (Office 365, Azure AD, …) identity management has become a very important point. Microsoft implemented in Windows 10, the functionality Azure AD Join (previously Workplace Join) allowing the junction of the machine in Azure AD Join.
Several hybridization scenarios can be implemented:
- Device Writeback : To allow a computer join to Azure AD to access internal resources.
- Azure AD hybrid : This scenario allows a computer attached to an AD domain to access cloud resources.
Manage Licence on Azure Portal
Licensing is an important part of a cloud service. It allows a user to access and use the service concerned (Office 365, Azure AD, …). This action was operating through the Office 365 console, so Microsoft now enables licenses to be enabled from the new Azure console (Ibiza).
Cloud APP Discovery
It is unfortunately common to see in a company of cloud applications (dropbox,…) used in services unless the IT team is aware. This can cause data loss and security problems. Cloud App Discovery is a feature present with the Premium of Azure AD version, it allows to perform application detection cloud used by the company.
MAM Without Enrollment
Microsoft has implemented a MAM (Mobile Application Management) solution in Intune. However, this solution requires enroll the device in the MDM (Mobile Device Management). For people not wishing to add their equipment in a type MDM platform, it is possible to proceed with the creation of rules MAM without enrollment.
Groups Azure AD
The group management has been implemented in Azure AD, this feature allows easier administration of access to resources. These may be local (resources present in the Azure Active Directory) or external (SharePoint site, SAAS application,…). Access to a resource can be done in several ways:
Azure AD Connect Health
Azure AD Connect Health is a tool that allows the administrator to monitor infrastructure AD On Premise. Until now several tools was provides the administrator (Scom – System Center Operation Manager-, event log,…)
It is now possible to conduct surveillance through Azure AD Connect Health. This can very quickly see performance alerts or sync error… You can also monitor your infrastructure ADFS (Active Directory Federation Service) 2.0 and 3.0 with Azure AD Connect Health.
EMS pack includes several bricks which Azure AD Premium. This features provides the advantage of an Active Directory in the Cloud Microsoft. It is now easier to use applications directly in the cloud. This system simplifies administration (right to access an application, …) for IT of a company.