I have Windows server 2016 VM running, so how can I give all the O365 users permissions to login in this VM using their O365 credentials only. Is there any way to do this and please provide link as well so that I will go through with the link.
In every link I am getting how to Sync on-prem AD with Azure AD. so please provide some other link.
By default, we can't use Azure AD users to login Azure VM directly.
How can I give all the O365 users permissions to login in this VM
using their O365 credentials only. Is there any way to do this and
please provide link as well so that I will go through with the link.
Do you mean you want to use Azure AD users to login Azure VM?
If you want to connect remotely to machines joined to the domain via Remote Desktop, you should use AAD DS(Azure AD Domain Services). More information about AAD DS, refer to the link.
In every link I am getting how to Sync on-prem AD with Azure AD. so please provide some other link.
To Sync on-prem AD to Azure AD, we need to install Azure AD connect, more information about Azure AD connect, refer to the link.
Related
we have an Infrastructure for one customer in Azure which require many configurations like MFA with VPN and Remote Desktop (this one is the reason why I'm confused with Azure AD).
The installation should be only in Azure, that's mean there is no local AD which could be synced to it.
I've created an seperated Azure Directory for them and configured an AD DS inside it so I can join the Azure VMs to it.
My problem here is I was asked to configure MFA for remote desktop users along with the VPN connection. The requirement the MFA that I should install an local NPS with MFA Extenstion and the local AD users should be synced with Azure AD. Which in my case it's not possible to do it since there is no local Network for this customer.
This problem as I understood is because that we don't have permissions to administrate Azure AD DS Active Directory and by this we can't register the NPS with MFA Extension with it. here are some Links related to this topic:
Request to Support NPS/RADIUS for Azure AD Domain Services
Integrate Remote Desktop Gateway with Azure MFA
Integrate VPN with Azure MFA
My question here is:
1) the seperated Azure AD for this tenant is a good Idea? Is it not better to just create an Azure AD Domain Services inside our Company Azure AD and sync the required groups to it? what is the best practice for this situation?
2) In order to use the Azure MFA here, what should I do? is there any other option in Azure to implement such a scenario?
I will be glad for any help or explaination.
In our organization, we are using Google Apps for Work for emails, calendar, document repository.
We also have some other services that we are using our google account to authenticate with SSO support. Simply google account is our SSO account that we want to use in all services we are using.
There are few exceptional services that we were not able to setup Google as identity provider. One of them is Azure Services. In azure, you can provision Azure Active Directory and create accounts in it and use that accounts to access many other Azure Services, such as Azure SQL Databases. If you are using Visual Studio Team Service, you can also configure VSTS to backed by AAD, then you can access to VSTS using AAD Account.
My question is, is there a way to configure AAD to delegate authentication on google side ?
If we can do this, then we would be able to use our Google Account to access all azure services
No, Microsoft services pretty much don't support any accounts other than Azure AD & Microsoft Account at this time.
You could set up Azure AD as the Identity Provider for your Google Apps account. I'm sure there would be some tedious steps in the process to get your users moved over but it should work. When your users attempt to login to Google Apps they would get redirected to an Azure AD sign in page and then redirected back to Google.
Some marketing material can be found here:
https://azure.microsoft.com/en-us/marketplace/partners/google/googleapps/
Currently AD is in on-premises & Authentication is in place for this Application.
I would like to migrate this ASP.Net application(from on-premises) to Azure VM(IaaS). How this authentication & Authorization of this application can be done when one AD is in On-premises & other AD is not existing in Cloud?
In order to access on-prem resources, you will need to establish a site-to-site VPN between Azure and your on-prem datacenter.
See this link for more information.
The other option is to use ADConnect to sync AD(on-prem) with Azure Active Directory. You would then have to update you application to use Azure Active Directory as an authentication source.
See this link for more information.
Lastly, you could try using Azure AD Domain Services to act as an AD in Azure and keep the authentication the same in your application.
See this link for more information.
I successfully installed Azure AD Connect on my domain controller which is an Azure VM. However, my Azure AD users are not in the Domain.
My goal is to be able to login on my workstation which is part of the domain using my Office 365 credentails. which is already part of Azure AD.
User Writeback was a preview feature in an earlier release of AAD Connect. However, it was removed in version 1.0.8667. When this will be added back into the tool is unknown at this time.
I have an Windows Azure Subscription when the administrator has a Microsoft Account.
This account has a Default active directory and I need to configure my Office365 domain to authenticate my applications with corporate accounts.
I cant remove the default directory.
Thank you
The management portal will not let you do what you are asking. It will not let you associate your Azure account with an existing Windows Azure Active Directory (WAAD) instance, and manage it through the Azure portal. You can, however, still use your Office365 instance of WAAD to as an identity provider through Azure Access Control Service (ACS). For a good starting place on using ACS for adding claims based authentication to your web application look here. For instructions on how to provision a WAAD tenant as an IdP for ACS look here.