OPS106 How to be an AD Hybrid Health Hero

Once you’ve connected your identity to Azure AD, how do you ensure it continues to function as expected? In this session, you’ll learn how to keep your hybrid identity environment healthy, across different Active Directory and Azure Active Directory scenarios.

✔ Resources:
IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks​
IT Ops Talks Community Chat: https://aka.ms/OPS104-chat​
https://aka.ms/deploymentplans​
https://aka.ms/ResilientAAD​
https://aka.ms/AADConnectHealthFAQ​
https://aka.ms/AADConnectHealthAgentI…​
https://techcommunity.microsoft.com/t…​
https://aka.ms/ADFSHardeningGuide​
https://aka.ms/AADStagedMigration​
https://aka.ms/SeamlessSSOUnderTheHood​
https://aka.ms/SeamlessSSOKeyRolling​
https://akam.ms/AADPTAUnderTheHood​
https://aka.ms/AADPTASecurityDeepDive​
https://aka.ms/AADSmartLockout​
https://aka.ms/AADConnectFAQ​
https://aka.ms/SPA​
https://aka.ms/AADPTATroubleshooting​
https://myignite.microsoft.com/archiv…​
https://aka.ms/AADPHS​
https://aka.ms/AADCDocs​
https://aka.ms/Zero-Trust​
https://aka.ms/AADCDocs/DR​
https://aka.ms/AADCDocs/Config​
https://aka.ms/SANS2018SummitAADLogs ​​
https://aka.ms/aad2splunk​
https://aka.ms/aad2sumo​
https://aka.ms/aad2QRadar​
https://aka.ms/aad2Archsight​
https://aka.ms/aad2/Syslog​
https://aka.ms/AADTokenLifetimes​
https://aka.ms/AADPrt​
https://aka.ms/AADManagedIdentities​
https://aka.ms/AzureADAppGallery​
https://aka.ms/AzureADAppRequest​
https://aka.ms/AADOpsGuide​

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out our playlist: https://www.youtube.com/playlist?list…​

Chapters:
00:00​ Introduction
00:00:56​ Turn on MFA for your Admins – MFA, Conditional Access or Azure AD Privileged Identity Management
00:01:43​ Resiliency – 1 cloud-only admin account.
00:02:14​ Authentication Stack Health
00:02:33​ Azure AD Connect Health
00:04:23​ ADFS Connect Health Setup
00:06:12​ ADFS Extranet/Smart Lockout Enablement
00:11:51​ Operations matter to Enterprise Security!
00:15:49​ Bad password attempt report
00:16:53​ Risky IP report
00:18:02​ Defender for Identity supports ADFS
00:18:42​ ADFS parting thoughts – Treat ADFS like a Tier 0 resource, updated and harden long-term ADFS deployments or move to Password Hash Sync or Passthru Authentication
00:21:02​ Seamless SSO – details and operational health
00:24:21​ Rolling Seamless SSO Keys
00:25:14​ Pass Through Authentication – details and operational health
00:29:31​ Password Hash Sync
00:31:37​ AAD Connect Sync Health – sync process and security
00:40:23​ Monitor your AAD Connect Health
00:44:15​ Failover & Backup
00:48:58​ Logs
00:50:13​ Azure AD and Azure Monitor
00:52:00​ SIEM Integration
00:53:34​ Non-interactive User Sign-In Logs
00:56:14​ Service Principal Sign-In Logs
00:57:19​ Managed Identities Logs
00:58:04​ Provisioning Logs
01:00:00​ lastSignInDateTime
01:03:36​ Go Dos!

https://techcommunity.microsoft.com/t5/video-hub/ops106-how-to-be-an-ad-hybrid-health-hero/m-p/2177431#M1036 https://techcommunity.microsoft.com/t5/video-hub/ops106-how-to-be-an-ad-hybrid-health-hero/m-p/2177431#M1036 2021-03-02 14:09:30Z

Filed Under: MS TechCommunity