Skip to content

Knowledge Junction

Junction where Knowledge is the sovereign, where problem meet solution, technology get explored.. Office 365, Azure, SharePoint, SharePoint Online, PowerShell, Microsoft Graph, M365

  • Home
  • About Knowledge-Junction
  • Technologies
    • Office 365
    • Microsoft Graph
    • Python
    • Azure
    • C#
    • SQL Server
    • SharePoint
    • SharePoint 2019
    • .Net
    • PowerShell cmdlets
    • IIS
    • Tools
      • Eclipse
      • JavaScript Regions
    • Visual Studio Extensions
    • Java Script
    • Type Script
    • Azure
      • Azure Governance
      • Azure Blueprints
      • Management Group
      • Azure Identity And Access Management
      • Azure Networking
      • Azure Active Directory
      • SharePoint Online
      • Microsoft Azure
  • Certification
    • Office 365 : 70-347 : Enabling Office 365 Services
    • 70-532: Developing Microsoft Azure Solutions
    • AZ-103: Microsoft Azure Administrator
    • AZ-900 MICROSOFT AZURE FUNDAMENTALS
    • M365 Certifications
      • Office 365 : 70-347 : Enabling Office 365 Services
      • M365 : MS-900 : Microsoft 365 Fundamentals
    • PL-900: Microsoft Certified Power Platform Fundamentals

Azure Identity And Access Management Part 32 – Azure Active Directory – Application Management 1 – Overview

August 3, 2020August 12, 2020 ~ Manas Ranjan Moharana

Hello Friends,

Hope you all are doing good !!!

In our previous articles we have discussed in details about Azure Active Directory Domain Service ( Azure AD DS). Today in this article, we will start with a new Azure Active Directory feature Application Management.

If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.

Part 1 – Azure Active Directory – Overview

Part 2 – Azure Active Directory – Enterprise Users

Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell

  • *
  • *
  • *

Part 25 – Azure Active Directory – Identity Governance

Part 26 – Azure Active Directory – Domain Service ( Azure AD-DS) 1 – Overview

Part 27 – Azure Active Directory – Domain Service ( Azure AD DS) 2 – Configure An Azure AD DS Managed Domain

Part 28 – Azure Active Directory – Domain Service ( Azure AD-DS) 3 – Join Windows Server VM To An Azure AD DS Managed Domain

Part 29 – Azure Active Directory – Domain Service ( Azure AD-DS) 4 – Install Management Tools In A Domain Joined VM

Part 30 – Azure Active Directory – Domain Service ( Azure AD-DS) 5 – Create An Organizational Unit (OU)

Part 31 – Azure Active Directory – Domain Service ( Azure AD-DS) 6 – Manage Group Policy Object (GPO)

Next Article : Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Applications

Manage Applications With Traditional Solution :

Organizations using many applications to manage and complete their assignments or day-today business critical activities. With traditional method, organizations are facing following difficulties.

  • Every application in an organization manages the user’s identity and access privileges separately.
  • User maintaining username and password for different applications separately.
  • User needs to keep track of all user name and password like, password expiration, password complexity, password changes etc.
  • Difficult for admin to maintaining N numbers of applications for thousands of identities using traditional method.
  • No Central location to update or manage Identity information for different application.

To address the above difficulties, organisations adopting cloud solutions provided by different directive service provider like, Microsoft, AWS, Google, Oracle etc. Identity And Access Management (IAM) solves all problems in the traditional approach and provides more features to increase security. 

Identity And Access Management (IAM) System Of Azure AD:

Azure AD simplifies the way we are managing our applications by providing a single identity system for our cloud and on-premises applications. Every application asked each user to sign-in by providing their identity information and those information will be verified by the identity system. As we know, an Identity and Access Management (IAM) system provides a single place to keep track of user identities.

Azure AD is the IAM system for the Microsoft cloud which provide following advantages over traditional method.

  • Centralized Access Management System - The concept is handling user authentication and account management at a central system.
  • Quick User Provisioning - Creating and managing user accounts/identity information within the system quickly and easily.
  • Support Single Sign-On (SSO) - It allow to authenticating users once and allowing access to all other associated applications.
  • Multi-Factor Authentication (MFA) - It allow to authenticating users by challenging with multiple authentication factors.
  • Adaptive Authentication Methods - Authenticating users by challenging with multiple authentication steps based on the users’ risk profile
  • Identity Federation - Authenticating users existing in an external identity provider

Application Management In Azure :

We can manage our cloud and on-premises applications using Application Proxy, Single Sign-On, the My Apps portal (also known as the Access panel), and Software as a Service (SaaS) apps features of Azure.

Integrate Applications With Azure AD :

We can integrate different types of application with Azure AD. Following are the types of applications that we can add to our Enterprise applications of Azure AD.

  • Azure AD Gallery applications -  Applications that have been pre-integrated for single sign-on with Azure AD. 
  • Non-Gallery applications– We can integrate Azure AD with any of the following categories.
    • Any web link, or application, that renders a username and password field.
    • Any application that supports SAML or OpenID Connect protocols.
    • Any application that supports the System for Cross-domain Identity Management (SCIM) standard.
  • On-premises applications with Application Proxy – Applications of on-premises can integrate with Azure AD to support single sign-on using Azure AD Application Proxy.
  • Custom-developed applications – Our custom line-of-business applications, can integrate with Azure AD to support single sign-on. 

A centralized identity system helps by providing a single place to store user information that can then be used by all integrated applications. Azure AD will also get to know for which application, it is being used as an identity system. User need to sign in once then seamlessly access all those integrated these applications, along with Office 365 and other business applications from Microsoft.

Centralize Application Management With Azure AD :

  • Increase Productivity with Single Sign -On (SSO).
  • Secure access to your apps with automatic provisioning/deprovisioning
  • Sign into all your application from one portal
  • Manage risk with conditional access
  • Audit sign-ins
  • Govern access
  • Manage from the cloud.No more on-premise server
  • Remote Access to on-premises applications

Improve Productivity Of Applications :

Organizations noticed a huge productivity gain by adopting the cloud solution to manage hundreds of different applications. Followings are the major area of improvement.

  • Help to reduce involvement of IT professional so less responding time from IT professional because less dependency on them.
  • Enabling single sign-on (Federated SSO, Password SSO, Linked SSO) across applications.
  • Office 365 provides a superior sign-in experience by reducing sign-in prompts.
  • Reduce efforts to manage multiple passwords.
  • Reduce management effort by providing self-service and dynamic membership. 
  •  Improves the security of the identity system by allowing the right people in the business to manage access.

Manage Risk For Applications :

This cloud solution provides a robust security mechanism. Following capabilities allow for granular control policies based on applications.

  • Single Sign-On (Federated SSO, Password SSO, Linked SSO)
  • Cloud-Scale Identity Protection
  • Risk-Based Access Control
  • Native Multi-Factor Authentication
  • Conditional Access Policies

Application Management Best Practices :

There are recommendations and best practices for managing applications in Azure Active Directory (Azure AD). Following are the points needs to take care before we proceed to integrate applications. All recommendations has categorized in three different section as described below.

  • Cloud app and single sign-on recommendations :
    • Check the Azure AD application gallery for apps before developing custom application.
    • If application support then, use Federated, SAML-based SSO with Azure AD over password-based SSO and ADFS.
    • Use SHA-256 signing algorithms for certificate signing instead SHA-1 if possible.
    • Deploy the My Apps access panel to support users as it is a single point of entry for their assigned cloud-based applications.
    • User assignment is required to see applications on user’s Access Panel.
    • Use group assignment for better user management of the application.
    • Establish a process for managing certificates.
  • Provisioning recommendations :
    • Use tutorials to set up provisioning with cloud apps.
    • Use provisioning logs (preview) to monitor status.
    • Assign a distribution group to the provisioning notification email.
  • Application Proxy recommendations :
    • Use Application Proxy for remote access to internal resources
    • Use custom domains.
    • Synchronize users before deploying Application Proxy.
    • Use multiple application Proxy connectors for greater resiliency, availability, and scale.
    • Locate connector servers close to application servers, and make sure they’re in the same domain.
    • Enable auto-updates for connectors.
    • Bypass your on-premises proxy.
    • Use Azure AD Application Proxy over Web Application Proxy.

Azure AD Supports To Integrated Application :

Azure AD provides following access management supports to configured/integrated applications.

  • Easily achieve the right access policies.
  • Attribute-based assignment (ABAC or RBAC scenarios)
  • Support and allow to make complex policies.
  • Combining multiple management models for a single application.
  • Reuse management rules across applications with the same audiences.
  • Allow administrators to easily reports on assignment state, assignment errors, and usage.

Application Deployment Methods :

Azure AD provides following different ways to deploy applications to end users in our organization:

  • Azure AD access panel
  • Office 365 application launcher
  • Direct sign-on to federated apps
  • Deep links to federated, password-based, or existing apps

Azure AD Save Costs :

Organization can reduce/save cost by adopting Azure AD in the following ways

  • Reduce administrative costs to maintain and keep track of different identity information for different applications.
  • Reduce administrative costs by automating user provisioning and deprovisioning .
  • There is a robust technical support from Microsoft to address issues.
  • Save cost by improving productivity.

References :

We can find different references provided by Microsoft in the following figure.

With the above information, we are concluding the first article of Application Management series. I hope this is informative to you.

Next Article : Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Applications

As I am exploring the Azure Identity and Access Management (IAM) in a detail level specially with Azure Active Directory . Please let me know if I missed anything important or if my understanding is not up to the mark.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

Thanks for reading 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • WhatsApp
  • Email
  • Print

Like this:

Like Loading...

Related Articles

Posted in AZ-103: Microsoft Azure Administrator, AZ-104: Microsoft Azure Administrator, Azure, Azure Active Directory, Azure Governance, Azure Identity And Access Management, Cloud, Cloud Identities, Exchange Online, M365, Microsoft Azure, Office 365, SharePoint, SharePoint Online, Technologies ADDSApplication ManagementAZ-103: Microsoft Azure AdministratorAZ-300: Microsoft Azure Architect TechnologiesAZ-301: Microsoft Azure Architect DesignAZ-303: Azure Solutions ArchitectAZ-500: Microsoft Azure Security TechnologiesAzur Custom RoleAzureAzure Active DirectoryAzure Active Directory Custom RoleAzure Active Directory featuresAzure Active Directory pricingAzure AD Access ReviewAzure AD AuthenticationAzure AD DeviceAzure AD Device IdentityAzure AD Device Identity Management. Azure AD JoinedAzure AD Domain ServiceAzure AD DSAzure AD Entitlement ManagementAzure AD Google Federation for B2B userAzure AD Identity GovernanceAzure AD Identity ProtectionAzure AD PIMAzure AD Privileged Identity Management (PIM)Azure AD registeredAzure AD Schema extensionAzure Identity And Access ManagementAzure MFAAzure RBACAzure Role AssignmentAzure Role-Based Access Control (RBAC)Bulk Update Azure AD user profilesBusiness-to-Business (B2B)Custom Role AssignmentDevice ManagementDirectory schema extensionsDomain JoinDomain servicesEmail one-time passcodeEntitlement Management Access PackageExam AZ-104: Microsoft Azure AdministratorExtension AttributeGuest UserHybrid Azure AD joinedMulti-Factor Authentication (MFA) For Guest UserPrivileged identity management (PIM)Register Azure AD UserRisk Detection ReportRisk Sign-in ReportRisk User ReportSelf-Service Password Reset (SSPR)Sign-in risk PolicySync Password HashesTerms Of UseUser risk policy

Published by Manas Ranjan Moharana

Around 11+ years of total IT experience and since last 10 years working on almost on all version of SharePoint .Interested in learning and sharing something new to be helthy. View all posts by Manas Ranjan Moharana

Post navigation

‹ PreviousMotivation – Success – Determination : One of the key Ingredient of success formula
Next ›Microsoft Azure DevOps – Introduction to Microsoft Azure DevOps – for Beginners.

4 thoughts on “Azure Identity And Access Management Part 32 – Azure Active Directory – Application Management 1 – Overview”

  1. Pingback: Azure Identity And Access Management Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application | Knowledge Junction
  2. Pingback: Azure Identity And Access Management Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Application | Knowledge Junction
  3. Pingback: Azure Identity And Access Management Part 35 – Azure Active Directory – Application Management 4 – User Provisioning For SaaS Application | Knowledge Junction
  4. Pingback: Azure Identity And Access Management Part 1 – Azure Active Directory – Overview | Knowledge Junction

You must log in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 322 other subscribers

Top Posts & Pages

  • Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
    Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
  • M365 - SharePoint Online - CSOM - Getting SharePoint client context using PnP.Framework in .NET Core application
    M365 - SharePoint Online - CSOM - Getting SharePoint client context using PnP.Framework in .NET Core application
  • GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
    GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
  • GIT : Visual Studio 2017 - resolved the issue - Git failed with a fatal error. could not read Username for 'https://.visualstudio.com': terminal prompts disabled?
    GIT : Visual Studio 2017 - resolved the issue - Git failed with a fatal error. could not read Username for 'https://.visualstudio.com': terminal prompts disabled?
  • Automatically download Outlook attachments
    Automatically download Outlook attachments

Recent Posts

  • M365 – SharePoint Online – CSOM – Getting SharePoint client context using PnP.Framework in .NET Core application January 25, 2021
  • Microsoft Teams : Integrating with Service Now – Part 4 – Teams action – For a selected message – Taking user input using Adaptive Card and creating new incident in ServiceNow January 20, 2021
  • E-commerce Series – Part 8 January 17, 2021
  • E-commerce Series – Part 7 January 16, 2021
  • Microsoft Teams : Integrating with Service Now – Part 3 – Posting back ServiceNow incident number to user (to whom ticket is assigned) January 12, 2021

Follow us on Twitter

My Tweets

Hits

  • 327,365 total visitors

Our events

Articles by Author

  • 1 Yogesh Meher
  • 1 Mayur Gaikawad
  • 1 GAURAV KAWADIWALE
  • 1 Prasham Sabadra
  • 1 Kirtiranjan Moharana
  • 1 Kunal Lunkad
  • 1 Manas Ranjan Moharana
  • 1 Sanket Modi
  • 1 yogesh narayan ojha
  • 1 Prasad Pathak
  • 1 Robin (Ajay) Robert
  • 1 RohitSp
  • 1 Snehal Sabadra
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: