What pre-requisite services/subscriptions do I need to get to that point?
Right now, we have Azure AD Connect. Can that be used to authenticate users' access to the network shares of Azure Files?
I had to setup an Azure subscription first to access storage services. The azure subscription did not show pricing because it was a trial subscription. I did not know whether it would be per user subscription or not.
Azure Files supports identity-based authentication for Windows file shares over Server Message Block (SMB) using the Kerberos authentication protocol through the following three methods:
On-premises Active Directory Domain Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)
Azure Active Directory (Azure AD) Kerberos for hybrid user identities
For your use case where you want to use Azure AD Connect, you need to go with Azure AD Kerberos for Hybrid User Identities. You can find more information here- https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal
Here are details regarding a subscription in Microsoft Cloud- https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide#subscriptions
Hope this helps. Please do let me know if you have further questions and I will be glad to assist you further. Thank you!
Related
I have an Azure VM and I want to configure MS Office applications like MS Outlook & MS Excel on it and also, chevron applications like Well Plan. To be able to do that I need a service account with MS Office license but I don't know how can I get a service account for an Azure VM. If anyone has any idea on how can I do this then please respond.
Thanks & Regards
You don’t require any service account to configure any application on azure VM.
Would suggest you to follow the below step to achieve your requirement in correct way.
Step 1 : You need to first enable AAD Login into your VM.
You can refer this MS Document to enable AAD login into your VM
ONCE configured, login with your AAD account in the VM
Step 2: Make Sure to give RBAC role (Virtual Machine Administrator Login or Virtual Machine User Login) as per your requirement for that user.
Then install office on your VM as the license is already assigned to your AAD account.
If not, you can refer this Document to assigned licences to User/Group.
I'm doing some tests with Azure APIM and have already published an API on the developer portal. I have the docs, have it secured using OAuth2 with Azure AD with client_credentials flow. I can invoke this API from Postman and from the developer portal.
Unfortunatelly, the client_id and secret are set on the configuration and the developer cannot self service them. Is there a way to do so instead of having to add it manually to each developer?
I was looking for something like this: https://tyk.io/docs/tyk-stack/tyk-developer-portal/portal-oauth-clients/
Azure APIM itself doesn't act as an identity provider like tyk but instead uses Azure AD (or rather any OAuth 2.0 provider).
The configuration in the docs is primarily to get the Developer Portal Console (the one used to test APIs) to work. For the actual API calls, there is no configuration required.
The validate-jwt policy is what takes care of preauthorization of requests.
Since you are looking for the client credentials flow alone, you could simply expose a portal that can create the required app registrations on your Azure AD using the Microsoft Graph API and expose the client id/secret to your users.
The current developer portal doesn't support this as of today but is something you could contribute to if you wish.
I was thinking of a possible power bi report server infrastructure deployed internally and shared with clients.
To put it simple : they access our report server, and thanks to their data they can see the dashboards we created internally.
That is to say using PBIRS as a software as a service model.
But different challenges are present :
authentication?
Possible to authenticate customers if we use a combination of VPN + new records in our internal AD.
access to customer's data ? Main challenge ...
The primary reason for everyone of using PBIRS is that we don't want cloud usage.
Is there a way in such an infrastructure to connect our PBIRS internal server directly to an other customer's network on premises data sources ?
Use case is as follow :
e.g : Client -> connect to provider with VPN -> authenticate in AD with provided credentials -> connect to PBIRS
with : PBIRS on Network 1 -> connecting directly with Customer's data on Network 2
Does anyone have any experience using the REST API reference for Windows Store for Business (https://msdn.microsoft.com/en-us/library/windows/hardware/mt608306(v=vs.85).aspx)?
I'm trying to use it to but having authorization issues. Does anyone know what needs to be passed over for authorization when using the api?
Then Store for Business service reply on Azure Directory for authentication. The management toll must be registered as an Azure AD application within an organization tenant to authenticate against the Store for business. About configuring your Azure AD application you could refer to this document.
To learn more about Azure Ad and how to register your application within Azure Ad, here are some topics to get your started:
• Adding an application to Azure Active Directory - Azure Active Directory integration with MDM
• Accessing other Web applications and configuring your application to access other APIs - Integrating Applications with Azure Active Directory
• Authenticating to the Store for Business services via Azure AD - Authentication Scenarios for Azure Active Directory
I have an MS Access front end app (accdb) with an Azure SQL back end. I'm currently using SQL Server Authentication, but I'd like to use some sort of Active Directory. I don't have an on-premise AD, so I initially considered setting up Azure AD. However, our small team is already using Office 365, and to the best of my knowledge O365 is powered by Azure AD.
So my question is whether it's possible to use an O365 account (what Microsoft typically calls a "Work Account") to authenticate against an Azure SQL back end? If so, what type of Connection String do I use?
Ideally, when my users open up the Access app, I'd like them to get a pop-up dialog to "Single Sign-On" to their Office 365 account and use those credentials to authenticate against the Azure SQL DB in the back end.
Unfortunately MS Access is not supported at this stage. As far as I know it requires an ODBC driver that supports Azure AD authentication. This driver will be delivered in May 2016. But then MA Assess team has to integrate Access with Azure AD auth. Currently I have no ETA for this task.
Thanks,
Mirek
Microsoft accounts ( like outlook.com, hotmail.com, live.com) are not supported in the current version of Azure AD authentication for Azure SQL DB. Only native or integrated Azure AD users are supported.
For more details see
https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
Thanks,
Mirek