舉報 
會員
Mastering Identity and Access Management with Microsoft Azure
MicrosoftAzureanditsIdentityandaccessmanagementareattheheartofMicrosoft'ssoftwareasserviceproducts,includingOffice365,DynamicsCRM,andEnterpriseMobilityManagement.ItiscrucialtomasterMicrosoftAzureinordertobeabletoworkwiththeMicrosoftCloudeffectively.You’llbeginbyidentifyingthebenefitsofMicrosoftAzureinthefieldofidentityandaccessmanagement.Workingthroughthefunctionalityofidentityandaccessmanagementasaservice,youwillgetafulloverviewoftheMicrosoftstrategy.Understandingidentitysynchronizationwillhelpyoutoprovideawell-managedidentity.Projectscenariosandexampleswillenableyoutounderstand,troubleshoot,anddeveloponessentialauthenticationprotocolsandpublishingscenarios.Finally,youwillacquireathoroughunderstandingofMicrosoftInformationprotectiontechnologies.
目錄(268章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Mastering Identity and Access Management with Microsoft Azure Second Edition
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Section 1: Identity Management and Synchronization
- Building and Managing Azure Active Directory
- Implementation scenario overview
- Implementing a solid Azure Active Directory
- Configuring your administrative workstation
- Custom company branding
- Summary and recommendations of the help information
- Creating and managing users and groups
- Set group owners for organizational groups
- Delegated group management for organizational groups
- Configure self-service group management
- Create the sales internal news group as an Office 365 (distribution group)
- Configure dynamic group memberships
- Assign roles to administrative units
- Creating an administrative unit
- Adding users to an administrative unit
- Scoping administrative roles
- Test your configuration
- Protect your administrative accounts
- Provide user and group-based application access
- Assign applications to users and define login information
- Assign applications to groups and define login information
- Self-service application management
- Password reset self-service capabilities
- Configure notifications
- Test the password reset process
- Using standard security monitoring
- Integrating Azure AD Join for Windows 10 clients
- Join your Windows 10 client to Azure AD
- Verify the newly joined Windows 10 client
- Configuring a custom domain
- Configure Azure AD Domain Services
- Test and verify your new Azure AD Domain Services
- Summary
- Understanding Identity Synchronization
- Technology overview
- Microsoft Identity Manager (MIM) 2016
- MIM synchronization service
- MIM synchronization service extensions
- MIM service and portal
- MIM service extensions
- MIM password reset and user account unlock
- MIM privileged access management
- Additional solution
- Cloud deployment based on identity director service
- On-premises deployment based on MIM 2016
- Azure Active Directory Connect
- Synchronization scenarios
- Single-forest integration
- Multi-forest integration
- Multi-Azure Active Directory Integration
- Azure Active Directory Domain Services Integration
- Stretched Active Directory to Azure IaaS
- Azure Active Directory B2B integration
- Azure Active Directory and Microsoft Office 365 synchronization
- Identity and password-hash synchronization including SSO options
- Identity synchronization including PingFederate integration
- Identity and password-hash synchronization including ADFS integration
- Azure Active Directory Connect high availability
- Synchronization terms and processes
- UserPrincipalName suffix decisions
- Active Directory preparations
- Source Anchor decisions
- Connected Directories
- Import flow
- Placeholder objects
- Synchronization flows
- Inbound synchronization
- Outbound synchronization
- Joins
- Connector objects
- Disconnector objects
- Export flow
- Summary
- Exploring Advanced Synchronization Concepts
- Preparing your lab environment
- Understanding declarative provisioning and expressions
- Synchronization rules explained
- Special considerations in advanced synchronization concepts
- Using standard filters to exclude users and groups
- Building a custom rule for filtering
- Connecting Azure AD Connect to the second forest
- Summary
- Monitoring Your Identity Bridge
- How Azure AD Connect Health works
- Azure AD monitoring and logs
- Azure Security Center for monitoring and analytics
- Summary
- Configuring and Managing Identity Protection
- Microsoft Identity Protection solutions
- Azure ATP and how to use it
- Azure AD Identity Protection
- Using Azure AD PIM to protect administrative privileges
- Summary
- Section 2: Authentication and Application Publishing
- Managing Authentication Protocols
- Microsoft identity platform
- Common token standards in a federated world
- Security Assertion Markup Language (SAML) 2.0
- Key facts about SAML
- WS-Federation
- Key facts about WS-Federation
- OAuth 2.0
- Key facts about OAuth 2.0
- Main OAuth 2.0 flow facts
- Authorization code flow
- Client credential flow
- Implicit grant flow
- Resource owner password credentials flow
- OpenID Connect (OIDC)
- Key facts about OIDC
- Pass-through authentication and seamless SSO
- Multi-factor authentication
- Azure MFA
- Certificate authentication
- Device authentication
- Biometric authentication
- Summary
- Deploying Solutions on Azure AD and ADFS
- Basic environment installation and configuration
- Create the certificate for your environment with let's encrypt
- Installing the ADFS farm on YDADS01
- Installing the Web Application Proxy on YD1URA01
- Installing demo applications on (YD1APP01) for ADFS
- Subscribing to demo apps (Azure AD)
- Azure AD authentication deployments
- ADFS Authentication deployments
- Integrating Azure MFA (YD1ADS01)
- Summary
- Using the Azure AD App Proxy and the Web Application Proxy
- Configuring additional applications for Azure AD and ADFS
- Publishing with Windows server and Azure AD Web Application Proxy
- Using conditional access
- Summary
- Deploying Additional Applications on Azure AD
- Preparing your lab environment
- What defines single- and multi-tenant applications
- Deploying a single-tenant application including roles and claims
- Moving the single-tenant app to a multi-tenant scenario
- Deploying another multi-tenant app with OpenID Connect
- Summary
- Exploring Azure AD Identity Services
- Preparing your lab environment
- Understanding Azure AD B2B
- Providing resource access to external partners (on-premise)
- Exploring Azure AD B2C
- Azure AD B2C tenant creation
- Demo app registration
- User flow creation
- Visual Studio code modification
- Comparing Azure AD B2B and B2C
- Comparing AD FS with Azure B2B and B2C
- Extending Active Directory solutions with Azure AD Domain Services
- AD FS as an on-premise identity service for the cloud
- Typical single-forest deployment
- Two or more Active Directory forests running separate AD FS instances
- Running one AD FS instance for multiple trusted forests
- One AD FS instance for multiple Active Directory forests without an AD trust
- Using a local CP trust to support multiple Active Directory forests
- Using a shared Active Directory environment
- Microsoft Cloud Solution Provider summary
- Summary
- Creating Identity Life Cycle Management in Azure
- Lab environment readiness
- Handling the guest user life cycle
- Use Case 1 – Exploring the invitation process with different user types
- Using the Azure AD B2B portal and use cases
- Installation and configuration
- Usage of the portal
- Special considerations
- On-premise application access for guest users
- Azure services for automation
- Summary
- Section 3: Data Classification and Information Protection
- Creating a Security Culture
- Why do we need a security culture?
- Pillars of a good security culture
- Leadership support
- Training
- Testing
- Continuous communication
- General overview of data classification
- Methods of data classification
- Data classification and unstructured data
- Data classification and Data Leakage/Loss Prevention
- Data classification and compliance
- Storage optimization
- Access control to data
- Classification scheme and policy example
- Description of the classification scheme
- Visual markings and rules based on the classification label
- General desired behavior example
- Defining the data-processing roles
- Change of classification
- Azure Information Protection (AIP) overview
- Summary
- Identifying and Detecting Sensitive Data
- Extending your lab environment
- Understanding and using AIP capabilities for data in motion
- Scenario 1 – Usage of Azure Information Protection
- Scenario 2 – Monitoring with Windows Defender ATP
- Scenario 3 – Identifying sensitive information in your cloud ecosystem
- Scenario 4 – Data leakage prevention in Office 365
- Understanding and using AIP capabilities for data at rest
- Summary
- Understanding Encryption Key Management Strategies
- Azure Information Protection key basics
- Microsoft-managed keys
- Bring your own key
- What is an HSM?
- What is the Azure Key Vault?
- Hold your own key
- How Azure RMS works under the hood
- Algorithms and key lengths
- User environment-initialization flow
- Content-protection flow
- Content-consumption flow
- Summary
- Configuring Azure Information Protection Solutions
- Preparing to configure and manage AIP
- Azure RMS management with PowerShell
- Azure RMS super users
- Onboarding controls
- Azure RMS templates
- Azure RMS logging
- AIP client PowerShell
- Configuring AIP
- Creating the classification schema
- Creating sub-labels and scoped policies
- Using visual markings
- Configuring automatic classification and protection
- Using justification
- Configuring protection options
- Activating unified labeling
- Lab challenge
- Summary
- Azure Information Protection Development
- Technical requirements
- Microsoft Information Protection solutions
- Understanding the Microsoft Information Protection SDK
- Preparing your Azure AD environment for tests
- Using MIP binaries to explore functionality
- Using PowerShell with Azure Information Protection
- Useful Azure RMS cmdlets
- Overview of the RMS 2.1 and 4.2 SDKs
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-02 12:58:14
推薦閱讀
- Learning Python for Forensics
- 黑客攻防與電腦安全從新手到高手(微視頻+火力升級版)
- 可信計算3.0工程初步
- 數據安全實踐指南
- 移動APT:威脅情報分析與數據防護
- 云原生安全技術實踐指南
- 解密彩虹團隊非凡實戰能力:企業安全體系建設(共5冊)
- 情報驅動應急響應
- Mastering Reverse Engineering
- 無線傳感器網絡安全與加權復雜網絡抗毀性建模分析
- Bug Bounty Hunting Essentials
- Mastering Python for Networking and Security
- 網絡空間安全:拒絕服務攻擊檢測與防御
- Mastering Metasploit
- 黑客攻擊與防范實戰從入門到精通
- 物聯網信息安全技術
- 信息內容安全管理及應用
- 社會工程:防范釣魚欺詐(卷3)
- Real-World SRE
- INSTANT Microsoft Forefront UAG Mobile Configuration Starter
- ATT&CK框架實踐指南(第2版)
- 基于數據科學的惡意軟件分析
- 網絡安全等級保護2.0:定級、測評、實施與運維
- 數字頑疾:計算機病毒簡史
- 云安全:安全即服務
- 網絡安全管理
- Windows 7安全指南
- Hands-On Penetration Testing on Windows
- Cuckoo Malware Analysis
- 身邊的網絡安全:互聯網時代的生活安全攻略
