Is it possible to use Azure AD Password Protection with other directories apart from Microsoft AD?
Unfortunately, as far as I know, the Azure AD password protection function currently only exists in the AD tenant, and it cannot currently be used with other directories other than the AD tenant. Moreover, Microsoft also does not provide api or sdk for other directories to use.
Related
I am following a tutorial Build Java apps with Microsoft Graph
and after using my personal account for Azure AD to register the application. I am not able to sign in using my personal account but I set the support account as 'Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts. Any help?
Screenshot
You need to change the /tenant id endpoint to the /common endpoint.
The /tenant id endpoint only allows users with work/school accounts
of a specific Azure AD tenant to log in to the application. It does
not support personal accounts.
Only the /common endpoints will allow personal Microsoft accounts to
log in to the application.
we have been using office 365 E3 for the past number of years. we would like to configure a windows 2019 essentials server locally for file storage and a few shared applications (ie quickbooks multi-user).
is there a process to pull the user information from azure active directory to the local server? any advice is greatly appreciated.
thank you!!
If my understanding is correct, you really want is to be able to grant admin rights to your Azure AD users and allow them to login to the server with their regular Azure AD credentials.
If yes, then most optimum way of doing is to have on prem AD and have you user synced up from Azure AD to local AD. Azure AD Connect comes pretty handy in this scenario.
You can also take a look at Azure AD DS, Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication that is fully compatible with Windows Server Active Directory. You use these domain services without the need to deploy, manage, and patch domain controllers in the cloud. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview
Check this link as well for additional reference:
https://serverfault.com/questions/808047/how-to-manage-on-premise-servers-using-azure-ad-credentials
Hope it helps.
Background:
We have a samba file server using security = user, authenticating users in local linux, works great.
We migrated our cloud solution to Office 365, which includes a Azure AD.
Question:
Is that possible to Samba authenticate users in Azure AD and map to local linux users?
I wouldn't like to join samba as domain member, actually, don't even know if it is possible, too cumbersome.
I'd like a simple solution to this issue.
According to the note of the offical document Overview of Azure Active Directory authentication over SMB for Azure Files (preview), as below, it seems to be impossible for authenticating Samba with AAD although this document is for Azure File Storage.
Azure AD authentication over SMB is not supported for Linux VMs for the preview release. Only Windows Server VMs are supported.
However, a workaround way I think is to combine a LDAP with Azure AD and then to authenticate Samba with LDAP. You can try to refer to the documents below to know how to do.
Configure secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
LDAP-based authentication for Samba
As above, it seems to be not a simple solution. Maybe you need to consider for your scenario using Samba to develop a web application with Azure AD authentication.
I am reading about the DUO two-factor authentication extension for Microsoft Azure Active Directory, and the documentation is here. However, it doesn't seem that DUO is integrable with Azure AD B2C because these instructions are specific for Azure AD (for example, under the "Create the Duo MFA Custom Control" header, step #2 says "Go to Azure Active Directory -> Conditional Access"; yet the Azure AD B2C page in the portal doesn't have a Conditional Access tab).
Therefore, my questions are:
How is DUO above different than the built-in multi-factor authentication Azure AD B2C solution?
Does DUO integrate with Azure AD B2C or not?
Duo is integrated with the conditional access feature that is available for the Azure AD "Enterprise" service.
This feature is not available for the Azure AD B2C service.
Azure AD B2C's multi-factor authentication provider is limited to the second-factor authentication of users by a phone call or a phone message.
Duo supports a phone call, a phone message, as well as a push notification to Duo's phone app.
You might be able to integrate Azure AD B2C with Duo using an Azure AD B2C custom policy and the Duo Auth API.
For an example of how Azure AD B2C can be integrated with a third-party multi-factor authentication provider, such as Authy, see the Wingtip custom policies and watch this walkthrough video.
How is DUO above different than the built-in multi-factor authentication Azure AD B2C solution?
Duo Security
Duo Security is used to provide second form-factor authentication for remote access to our corporate information. It provides cloud-based two-factor authentication. Duo’s technology can be deployed to protect users, data, and applications from breaches, credential theft, and account takeover.
Microsoft Azure Multi-Factor Authentication
Azure Multi-Factor Authentication reduces organizational risk and helps enable regulatory compliance by providing an extra level of authentication. It is being used for custom applications and as a way to help secure them.
Generally, Duo Security is more popular than Microsoft Azure Multi-Factor Authentication. Some other details, you could refer to the articles, 1 and 2.
Does DUO integrate with Azure AD B2C or not?
It seems that DUO Security does not integrate with Azure AD B2C currently, I could not find the Conditional Access in my b2c tenant and any related official documentation.
How do I migrate an existing OU-structure from the old AD to the new Azure AD?
I have been trying to configure the Azure AD Connector Synchronization Tool for this but without success. Not sure what configuration it is supposed to have.
Anyone know? Thanks.
Do you mean the “old AD” is on-premise AD? In some ways, Windows Azure AD is an extension of the on-premise Active Directory, but not all features available in Azure AD. Azure AD does have a domain name, it does contain users and groups. It contains Service Principals, like on-premise AD, that represent applications. But there is no tree of domains, no trusts between domains or forests. Indeed there are no forests, no Group Policy, no OUs.
If you want to create OU, please try Azure AD Domain Services which supports to create custom Organizational Units and group policy in some limited way.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-features/