Hidden Gems: The Azure Active Directory Whitepapers
It’s pretty well accepted now that the world is moving away from painstakingly planned, piloted, deployed, and maintained on-premises applications in local data centers. It’s moving to web services, hosted in the cloud (best definition: your stuff on someone else’s computer) whose new capabilities are rapidly deployed and refined via a DevOps mentality.
Another artifact of the on-premises world is shrinking: documentation in the form of large Word or Acrobat files. Instead, web-based documentation is both more easily published and updated as capabilities grow and change. For those of you mourning the lack of Azure Active Directory documentation heavy enough to squash a fly on your desk, fear not: Microsoft France is producing copy for you.
“Active Directory from on-premises to the cloud – Azure AD whitepapers” is a download comprising 13 white papers, authored by Phillippe Beraud of Microsoft France, covering many different areas associated with Azure AD. If you were environmentally callous enough to print the whole set, the impact would terminate a good-sized mammal, let alone a fly! Even though they were published several years ago, I (and at least one other enterprise mobility MVP I queried) only became aware of them a few weeks ago.
The document “An Overview of Azure Active Directory” is the only single document I’ve seen that attempts to be a somewhat comprehensive description of all of Azure AD’s services. This is a tall order, as Azure AD’s capabilities expand on a monthly or even weekly basis. However, the major components of Azure AD are well established, this document covers them, and it was updated in January of this year. But if you’re going to dig more deeply into a particular capability, you’ll want to want to refer to the freshest words in the Azure Active Directory section of the Azure website.
Everything you ever wanted to know about AD FS
There’s also a comprehensive set of docs on AD FS and its part in providing SSO to Azure AD. But these docs are more than just a how-to guide on hooking up your AD DS to Azure AD via AD FS. The Part 1 document is a 110-page tutorial on all things AD FS, including a review of the claims pipeline, authentication flows, and using client access policies. Phillippe even quotes former Microsoft IT identity architect (and former fellow directory services MVP) Laura Hunter on the root of most federation problems: PKI. Unlike Azure AD, AD FS is indeed in the old school of on-premises enterprise software and thus its documentation doesn’t need to be updated nearly as often.
Part 2 and Part 2bis AD FS documents provide an end-to-end walkthrough on setting up your own Azure-based hybrid lab, with AD Connect and AD FS providing SSO to Azure AD. He’s even provided a 700+ line PowerShell script to set up the lab environment for you. There’s a document on how to set up SSO to Azure AD with Shibboleth, the open-source federation service used by many higher education entities.
The kit also has documents about Azure B2B (business to business) and B2C (business to consumer) in some detail. They’re a great jump start to using these relatively new features of Azure AD. There’s a doc about how Windows 10 works with Azure AD, and a developer-focused document on using Azure AD to develop modern business applications.
I’ve only scanned these docs – they total over 900 pages! – but Beraud has clearly invested an enormous amount of effort into producing this set and keeping them reasonably current. If you’re new (or even not new) to Azure AD and AD FS, and can invest the time to give these documents the attention they deserve, they’ll reward you with a pretty comprehensive understanding of how to work with Microsoft’s cloud identity platform.