Azure Active Directory deployment plans
Looking for end-to-end guidance about how to deploy some of Azure Active Directory (Azure AD) capabilities? The following deployment plans walk through the business value, planning considerations, design, and operational procedures needed to successfully roll a few of the more common Azure AD capabilities.
Within the documents you will find e-mail templates, system architecture diagrams, common test cases, and more.
We'd love your feedback on the documents. Take this short survey about how the documents worked for you.
|Single sign-on||Single sign-on helps you access all the apps and resources you need to do business, while signing in only once, using a single user account. After you've signed in, you can go from Microsoft Office to SalesForce, to Box without being required to authenticate (for example, type a password) a second time.|
|Access Panel||Offer your users a simple hub to discover and access all their applications. Enable them to be more productive with self-service capabilities, such as the ability to request access to new apps and groups, or manage access to these resources on behalf of others.|
|User provisioning||Azure AD helps you automate the creation, maintenance, and removal of user identities in cloud (SaaS) applications, such as Dropbox, Salesforce, ServiceNow, and more.|
|Multi-Factor Authentication||Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using admin-approved authentication methods, Azure MFA helps safeguard your access to data and applications, while meeting the demand for a simple sign-in process.|
|Conditional access||With conditional access, you can implement automated access control decisions for who can access your cloud apps, based on conditions.|
|ADFS to Pass Through Authentication||Azure AD Pass-through Authentication helps your users sign in to both on-premises and cloud-based applications, using the same passwords. This feature provides your users a better experience - one less password to remember, and reduces IT helpdesk costs because your users are less likely to forget how to sign in. When people sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.|
|ADFS to Password Hash Sync||With Password Hash Synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, letting Azure AD to authenticate users with no interaction with the on-premises Active Directory|
|Seamless SSO||Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. After you turn on this feature, users won't need to type in their passwords to sign in to Azure AD, and usually, won't even need to type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.|
|Self-service password reset||Self-service password reset helps your users reset their password, without administrator intervention, when and where they need to.|
|Azure AD Application Proxy||Employees today want to be productive at any place, at any time, and from any device. They want to work on their own devices, whether they are tablets, phones, or laptops. And employees expect to be able to access all their applications, both SaaS apps in the cloud and corporate apps on-premises. Providing access to on-premises applications has traditionally involved virtual private networks (VPNs) or demilitarized zones (DMZs). Not only are these solutions complex and hard to make secure, but they are costly to set up and manage. There is a better way! - Azure AD Application Proxy|