OPS106: How to be an AD hybrid health hero

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

Once you've connected your identity to Azure AD, how do you ensure it continues to function as expected? In this session, you'll learn how to keep your hybrid identity environment healthy, across different Active Directory and Azure Active Directory scenarios. 

 

Speakers:

Mark Moroczynski - Principal Program Manager, Identity

Grace Picking - Program Manager, Azure Active Directory

 

 

 

This session includes:

00:00:00 Introduction

00:00:56 Turn on MFA for your Admins - MFA, Conditional Access or Azure AD Privileged Identity Management
00:01:43 Resiliency - 1 cloud-only admin account.
00:02:14 Authentication Stack Health
00:02:33 Azure AD Connect Health
00:04:23 ADFS Connect Health Setup
00:06:12 ADFS Extranet/Smart Lockout Enablement
00:11:51 Operations matter to Enterprise Security!
00:15:49 Bad password attempt report
00:16:53 Risky IP report
00:18:02 Defender for Identity supports ADFS
00:18:42 ADFS parting thoughts - Treat ADFS like a Tier 0 resource, updated and harden long-term ADFS deployments or move to Password Hash Sync or Passthru Authentication
00:21:02 Seamless SSO - details and operational health
00:24:21 Rolling Seamless SSO Keys
00:25:14 Pass Through Authentication - details and operational health
00:29:31 Password Hash Sync
00:31:37 AAD Connect Sync Health - sync process and security
00:40:23 Monitor your AAD Connect Health
00:44:15 Failover & Backup
00:48:58 Logs
00:50:13 Azure AD and Azure Monitor
00:52:00 SIEM Integration
00:53:34 Non-interactive User Sign-In Logs
00:56:14 Service Principal Sign-In Logs
00:57:19 Managed Identities Logs
00:58:04 Provisioning Logs
01:00:00 lastSignInDateTime
01:03:36 Go Dos!

 

Community chat

Want to chat about this session? Come join us on Discord! https://aka.ms/ops106-chat

 

Learn more

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks

IT Ops Talks Community Chat: https://aka.ms/OPS106-chat

https://aka.ms/deploymentplans

https://aka.ms/ResilientAAD

https://aka.ms/AADConnectHealthFAQ

https://aka.ms/AADConnectHealthAgentInstall

https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-defender-for-identity-expands-support-to-ad-fs-servers/ba-p/2058511/?WT.mc_modinfra-12536-socuff

https://aka.ms/ADFSHardeningGuide

https://aka.ms/AADStagedMigration

https://aka.ms/SeamlessSSOUnderTheHood

https://aka.ms/SeamlessSSOKeyRolling

https://akam.ms/AADPTAUnderTheHood

https://aka.ms/AADPTASecurityDeepDive

https://aka.ms/AADSmartLockout

https://aka.ms/AADConnectFAQ

https://aka.ms/SPA

https://aka.ms/AADPTATroubleshooting

https://myignite.microsoft.com/archives/IG19-SECI20

https://aka.ms/AADPHS

https://aka.ms/AADCDocs

https://aka.ms/Zero-Trust

https://aka.ms/AADCDocs/DR

https://aka.ms/AADCDocs/Config

https://aka.ms/SANS2018SummitAADLogs ​

https://aka.ms/aad2splunk

https://aka.ms/aad2sumo

https://aka.ms/aad2QRadar

https://aka.ms/aad2Archsight

https://aka.ms/aad2/Syslog

https://aka.ms/AADTokenLifetimes

https://aka.ms/AADPrt

https://aka.ms/AADManagedIdentities

https://aka.ms/AzureADAppGallery

https://aka.ms/AzureADAppRequest

https://aka.ms/AADOpsGuide

 

What did you think? Please take a moment to submit your feedback at https://aka.ms/ops106-feedback 

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

 

 

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.