SPEngage Raleigh 2017 Azure Active Directory For Office 365 Developers
1 like•230 views
The document presents an overview of Azure Active Directory (Azure AD) aimed at Office 365 developers, highlighting its features, benefits, and integration. It also outlines how to get started with Azure AD, its role in authentication and authorization, and discusses its pricing tiers and capabilities within the enterprise ecosystem. Key takeaways include the importance of Azure AD in the Microsoft landscape and resources for further exploration.
SPEngage Raleigh 2017 Azure Active Directory For Office 365 Developers
- 1. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 1 SM #SPEngage @pgbhoyar Prashant G Bhoyar MVP SharePoint Engage, Raleigh, NC http://sharepointinstitute.com/engage/sharepoint-engage-raleigh/ 25 October 2017 Azure Active Directory (Azure AD) for Office 365 Developers
- 2. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 2 SM #SPEngage @pgbhoyar Who AM I ? • Born and raised in India • Came to United States of America in 2007 for studies • University of Maryland College Park Alumni • Co-Author of the book “PowerShell for Office 365” • Technical Reviewer of the book “Pro : SharePoint 2013 Administration” • Organizer of SharePoint Saturday Baltimore (SPSBMORE) ➢ http://www.spsevents.org/city/baltimore/baltimoretecc • Organizer of SharePoint Saturday DC ( SPSDC ) ➢ http://www.spsevents.org/city/DC/summer2017 • Founder and Organizer of DC-Metro Office 365 User Group ➢ Monthly in person & online event ➢ http://www.meetup.com/DC-Metro-Office-365-User-Group/ • Recipient of Antarctic Service Medal • Microsoft MVP ( Most Valuable Professional) • Senior Consultant at Withum Smith and Brown PC ➢ http://www.portalsolutions.net/ ➢ Former Portal Solutions ➢ Focus on Microsoft Solutions and Services Prashant G Bhoyar (PGB)
- 3. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 3 SM #SPEngage @pgbhoyar Withum Microsoft Solutions and Services 3 • Modern workplace • Office 365 Implementations/ Migrations • Turnkey Intranet Solution • Managed Services • Data Analytics • Enterprise Mobility + Security • Business Process Automation • Dynamics 365 • Azure
- 4. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 4 SM #SPEngage @pgbhoyar • 100 Level Session • What is Azure Active Directory? • Why we need to use/learn Azure AD? • Azure AD in the Enterprise • Azure AD in the Office 365 • How to get started? • Demos • Key Takeaways • Q&A Agenda
- 5. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 5 SM #SPEngage @pgbhoyar
- 6. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 6 SM #SPEngage @pgbhoyar Audience Poll ▪ How many of you are Power Users? ▪ How many of you are Business Users? ▪ How many of you are IT pros? ▪ How many of you are Developers? ▪ How many of you are already using Azure Active Directory? ▪ How many of you have built custom membership/role provider? 6
- 7. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 7 SM #SPEngage @pgbhoyar
- 8. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 8 SM #SPEngage @pgbhoyar 8 How to get Personal Office 365 Development Tenant? ▪ Sign up for Office 365 Developer Program at http://dev.office.com/ ▪ Get 1 year of Office 365 subscription for free ▪ Excellent for personal development use ▪ 1 Month Trial ▪ https://products.office.com/en- us/business/compare-office-365-for- business-plans
- 9. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 9 SM #SPEngage @pgbhoyar
- 10. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 10 SM #SPEngage @pgbhoyar 10 How to get personal Azure Subscription? ▪ If you have MSDN Enterprise subscription ▪ You can get $150/month Azure credits for free ▪ Sign Up for Free trial : https://azure.microsoft.com/ ▪ Credit Card is required ▪ Microsoft Imagine ▪ Former Dreamspark ▪ https://imagine.microsoft.com/en-us ▪ No credit card required ▪ Valid .edu account from participating school/institution ▪ Limited feature sets
- 11. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 11 SM #SPEngage @pgbhoyar
- 12. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 12 SM #SPEngage @pgbhoyar Authentication & Authorization Authentication Authorization • Always the First Step • Confirms the Identity • Example : Security queue at Airport • Comes after Authentication • Confirms the access level based on permissions • Example : Flight Boarding Pass at the Airport gate
- 13. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 13 SM #SPEngage @pgbhoyar
- 14. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 14 SM #SPEngage @pgbhoyar ▪ It is Software as a service offering (SaaS) ▪ It is Microsoft’s multi tenant cloud based directory and identity management service ▪ It provides Single Sign on (SSO) between many applications like Office 365, Salesforce.com, Dropbox etc 14 Source :https://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/ What is Azure Active Directory?
- 15. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 15 SM #SPEngage @pgbhoyar ▪ It is highly reliable and runs out of 28 data centers around the world ▪ Office 365, Dynamic CRM online customers uses Azure AD ▪ You don’t need to subscribe to Office 365 or Dynamics CRM to get the Azure AD 15 Source :https://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/ What is Azure Active Directory?
- 16. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 16 SM #SPEngage @pgbhoyar
- 17. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 17 SM #SPEngage @pgbhoyar Why We Should Care About Azure AD? ▪ This is golden age for technical innovation ▪ The “New” Microsoft is launching lot of new services/products rapidly ▪ But the life span of new productions/services is decreasing • Access Services : https://techcommunity.microsoft.com/t5/Office- Retirement-Blog/Updating-the-Access-Services-in-SharePoint-Roadmap/ba- p/57148 ▪ We need to spend some time doing research before investing time to learn/explore new product/services 17
- 18. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 18 SM #SPEngage @pgbhoyar Why We Should Care About Azure AD? ▪ Azure AD is the defacto authentication choice in the Microsoft World ▪ It is backbone of Office 365 and Azure and we should learn it or at least get familiar with it ▪ The name is misleading • Lot of developers think AD means IT Pro Stuff…☺ ▪ It is basically an authentication and authorization service provided as a subscription ▪ It enables Application developers to focus on building the applications 18
- 19. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 19 SM #SPEngage @pgbhoyar ▪ Only Azure Active Directory ▪ Less common ▪ Local Active Directory Synced with Azure AD ▪ Common ▪ Azure Active Directory Domain Services ▪ Domain Join Win 10 and Win 2016 machines 19 Source : https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect Scenarios
- 20. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 20 SM #SPEngage @pgbhoyar Azure AD in the Enterprise ▪ Synced with on-premises users ▪ Enable SSO between many applications ▪ Can be used with any development platform ▪ Can be used instead of ASP.NET Identity Source :https://docs.com/OfficeDevPnP/4436/pnp-web-cast-what-should-every-sharepoint?fromAR=1
- 21. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 21 SM #SPEngage @pgbhoyar
- 22. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 22 SM #SPEngage @pgbhoyar Azure AD Pricing ▪ Comes in 4 editions • Free • Basic • Premium P1 • Premium P2 22 Source :https://azure.microsoft.com/en-us/pricing/details/active-directory/
- 23. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 23 SM #SPEngage @pgbhoyar Azure AD Pricing Features Free Basic Premium P1 Premium P2 Directory Objects 500,000 object limit No object limit No Object Limit No Object Limit Single Sign-On (SSO) 10 apps per user 10 apps per user No Limit No Limit Join a device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery Yes Yes Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes Yes Multi-Factor Authentication Yes Yes Pricing 1$ User/Month $6 User/Month $9 User/Month Source :https://azure.microsoft.com/en-us/pricing/details/active-directory/
- 24. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 24 SM #SPEngage @pgbhoyar Azure AD and Office 365 ▪ Every Office 365 tenant has Azure AD ▪ SharePoint Online Add-ins (AppRegNew.aspx) are enrolled in Azure AD ▪ In Azure AD we can authorize web applications to access other tenant data ▪ Azure AD has much more user data ▪ The Microsoft Graph API • We need to get the access token from Azure AD first to make the call Source :
- 25. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 25 SM #SPEngage @pgbhoyar Azure AD and Office 365 Applications ▪ Azure AD stores custom application registration • Web or REST API • Native Application ▪ OpenID for Authentication and OAuth 2.0 for authorization ▪ Enforces authorization rules • Between applications and API • Out of the box registered API for Office 365 • Or Custom Implemented REST API Services
- 26. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 26 SM #SPEngage @pgbhoyar Azure AD auth endpoints Work and school Personal with ADAL
- 27. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 27 SM #SPEngage @pgbhoyar App Registration v1.0 ▪ Any Application that uses Azure AD for authentication must be registered in Azure AD ▪ To register an App we need • Application ID URI Identifier for application • Reply URL Azure AD will do a redirect to this url after successful authentication • ClientID Unique ID ( GUID) for application generated by Azure AD • Permissions What access right does this App will have? Source :https://docs.microsoft.com/en-us/azure/active-directory/active-directory-integrating- applications
- 28. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 28 SM #SPEngage @pgbhoyar App registration v2.0 Create a new application https://apps.dev.microsoft.com A unique Id is created for your app Add app platform • Web App, SPA, Daemon • Native App • Web API (Office Add-in) Add permissions for admin consent flows • For delegated access for all users in the organization • For application access
- 29. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 29 SM #SPEngage @pgbhoyar App types and permissions Users can consent for their data or admin can consent for all users Only admin can consent Delegated permissions User privileges App permissions Permission type: applicationPermission type: delegated https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference Get access on behalf of users Get access as a service Effective permissionEffective permission
- 30. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 30 SM #SPEngage @pgbhoyar Auth access_token MSAL or ADAL YOUR APP Your Application id_token access_token refresh_toke n Microsoft Identity
- 31. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 31 SM #SPEngage @pgbhoyar
- 32. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 32 SM #SPEngage @pgbhoyar Q&A
- 33. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 33 SM #SPEngage @pgbhoyar Key Takeaways ▪ Hopefully the contents we covered today made you to explore Azure AD and you will go home and play with it ☺ ▪ Sign up for Developer Program using https://dev.office.com/ ▪ Check out Microsoft Graph APIs • https://developer.microsoft.com/en-us/graph/ ▪ Spend some time doing research before investing time to learn/explore new product/services
- 34. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 34 SM #SPEngage @pgbhoyar References Appendix/Resources Getting Started https://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/ https://azure.microsoft.com/en-us/documentation/articles/active-directory-developers-guide/ Pricing https://azure.microsoft.com/en-us/pricing/details/active-directory/
- 35. WithumSmith+Brown, PC | BE IN A POSITION OF STRENGTH 35 SM #SPEngage @pgbhoyar Questions? Feedback? Contact me: ▪ Email: [email protected] ▪ Twitter: @PGBhoyar ▪ Blog: http://pgbhoyar.com ▪ LinkedIn: https://www.linkedin.com/in/prashant-g-bhoyar-3008587/ ▪ Slides: https://www.slideshare.net/pgbhoyar ▪ Feedback : Please provide feedback ▪ Email or ▪ Anonymous Suggestions: https://www.suggestionox.com/r/pgb Thank You Organizers, Sponsors and You for Making this Possible.