Preface

• What this book covers
• What you need for this book
• Who this book is for
• Conventions
• Reader feedback
• Customer support

1. Getting Started with a Cloud-Only Scenario

• Identifying business needs and challenges
• An overview of feature and licensing decisions
• Defining the benefits and costs
• Principles of security and legal requirements
• Summary

2. Planning and Designing Cloud Identities FREE CHAPTER

• Understanding the user and group life cycle
• Employee life cycle (word smart)
• Designing roles and administrative units
• Managing identity reporting capabilities
• Summary

3. Planning and Designing Authentication and Application Access

• Using Azure AD as an identity provider
• User and group-based application access management
• Managing authentication reporting capabilities
• Summary

4. Building and Configuring a Suitable Azure AD

• Implementation scenario overview
• Implementing a solid Azure Active Directory
• Creating and managing users and groups
• Assigning roles and administrative units
• Providing user-and group-based application access
• Activating password reset self-service capabilities
• Using standard security reports
• Integrating Azure AD join for Windows 10 clients
• Configuring a custom domain
• Configuring Azure AD Domain Services
• Summary

5. Shifting to a Hybrid Scenario

• Identifying business drivers and changes for a hybrid move
• Special handling for moving to a multi-forest Active Directory environment
• Describing architectures and needed changes
• Summary

6. Extending to a Basic Hybrid Environment

• Identifying business needs for a hybrid approach
• Choosing the correct features
• Getting the benefits and costs
• Applying the right security strategy for legal requirements
• Summary

7. Designing Hybrid Identity Management Architecture

• Key design concepts
• Management of common identities with Microsoft Identity Manager and Active Directory
• Choosing the best directory synchronization scenario for cloud identities
• Delivering password management capabilities
• Using multiple identity providers and authentication scenarios
• Enabling strong authentication scenarios
• How does advanced identity and authentication reporting work?
• Summary

8. Planning Authorization and Information Protection Options

• Designing and applying risk-based Access Control
• Delivering authentication and authorization improvements with Windows Server 2016
• Enabling advanced application Access Control
• Getting in touch with information protection
• How does authorization and information protection reporting work?
• Summary

9. Building Cloud from Common Identities

• Creating the basic lab environment
• Installing and configuring the synchronization and federation environment
• Creating dynamic groups
• Configuring self-service group management
• Implementing secure remote access and SSO for on premise web applications
• Enabling and configuring Multi-Factor Authentication
• Summary

10. Implementing Access Control Mechanisms

• Extending the basic lab environment
• Configuring conditional access control
• Enabling and configuring information protection
• Configuring advanced security scenarios with Windows Server 2016
• Summary

11. Managing Transition Scenarios with Special Scenarios

• Identifying special Active Directory and ADFS considerations
• Planning the correct connectivity to your Azure infrastructure
• Integrating Azure MFA in your MIM 2016 deployment
• Knowing the migrate from AD RMS to Azure RMS shortcut
• Summary

12. Advanced Considerations for Complex Scenarios

• Additional business needs in a complex hybrid environment
• Advanced information for often-used additional features
• Summary

13. Delivering Multi-Forest Hybrid Architectures

• Enabling identity synchronization in multi-forest environments
• Guidance through federation in multi-forest environments
• Using alternate login ID and ADAL
• Comparing AD FS against Azure B2B/B2C
• Designing ADFS 4.0 identity and attribute stores
• Summary

14. Installing and Configuring the Enhanced Identity Infrastructure

• Important note for readers
• Creating the extended lab environment
• Installing and configuring the multi-forest synchronization environment
• Installing and configuring the multi-forest and high availability Federation environments
• Configuring application access with ADFS, WAP, and AAD AP
• Configuring Multi-Factor authentication scenarios for Conditional Access
• Summary

15. Installing and Configuring Information Protection Features

• Preparing your admin workstation to manage Azure RMS
• Configuring onboarding controls
• Delegating administrative permissions
• Enabling Azure RMS super users
• Configuring Exchange Online to use Rights Management capabilities
• Configuring Exchange to use Rights Management capabilities
• Configuring SharePoint to use Rights Management capabilities
• Creating and publishing custom Rights Policy templates
• Verifying Azure RMS logging
• Preview of Azure Information Protection
• SAP integration as a special scenario
• Configuring a BYOK scenario
• Summary

16. Choosing the Right Technology, Methods, and Future Trends

• MIM 2016 future improvements
• Summary