How MIM and Azure AD Connect enables Hybrid Identity

How MIM and Azure AD
Connect enable Hybrid Identity
Conlusions
Microsoft cloud capabilities are developing we can see the
destination ever more clearly
Most organizations are still hybrid organizations, and still
need onpremise AD
MIM is great for organizing onpremises identities, and is
an important cloudenable in all but the simplest cases it
can be gradually wound down, but will also persist for some
time
Azure AD Connect is very capable and will be around from
some time.
Azure Application Proxy
HTTP(S) traffice is terminated in the cloud, blocking many
attacks
No incoming connections
Abnormalities detected & reported and autidting by
Azure AD
Sign Signon experience from Azure AD to onpremise
applications
Hybrid Identity
Most organizations are using cloud services (Azure)
Few of them are able to become all cloud. Users
typically have a cloud and an onpremises "persona"
(identity)
At leat on ecloud and onepremises persona
Admin: "one" identity to manage, one place.
User: same signon or single signon
Security: consistent and timely identity data
Goverance: knowing what you know about users
Azure AD Connect is to hybrid identity management,
what MIM is to onpremises identity management
Azure AD Connect
A free tool which does a lot out of the box
Based on MIM, but it is different and does
more
Fully supported as an AD/AAD sync engine
Benefits
Objects and attributes synchronized (users, contacts,
groups and their memberships, and devices)
Alows (some) cloud secrutiy and governance features
Various authentication options
Consolitating Identities
Managed Authentication
Methods
Password Hash Sync (PHS) least effort,
no real time onpremises dependency,
leaked credential protection
PHS
PassThrough Authentication (PTA) AD
in control, lightweight agents, only
outbound networking
PTA
Federated Authentication
Federation
Seamless SSO
configures Azure AD as a Kerberos service
Hybrid Azure AD join
One of the two possible device
scenarios in Azure AD Connect
Suitably configured AD joined computers
can become Hybrid Azure AD Joined
Certificatebased SSO
Integrating HR
MIM
Admin: one identity to manage
User: same signon
Security: consistent and timely identity data across systems
Governance: knowing what you know about users and their entitlements
MIM's ongoing importance
Azure Active Directory (AAD)
Maintains cloud identities for the same reason that AD maintains
onpremises identities
Protects identity information and makes it available for any
cloud service to use for authentication and authorization
purposes
26 1 1