Think You Can “Trust” Microsoft Entra, Watch This First!
Вставка
- Опубліковано 11 лип 2024
- Can you REALLY Trust Entra ID? Setup the new 2 Way Trust feature in Microsoft Entra Domain Services and Literally Trust Entra ID 🔥AFTER THIS 👉 • Lets Get One Thing Str... 👈
▬▬▬▬▬▬ C H A P T E R S 📲 ▬▬▬▬▬▬
00:00 Trust Me Bro!
02:03 Building Trust
07:01 Test Your Level Of Trust
08:09 Wrap Up:
▬▬▬▬▬▬ R E S O U R C E S 📡 ▬▬▬▬▬▬
► Entra Domain Docs: learn.microsoft.com/en-us/ent...
▬▬▬▬▬▬ S U P P O R T 💰 ▬▬▬▬▬▬
► Become a Learner TODAY: tinyurl.com/AzureAcademy-Subs...
► Twitter: / msazureacademy
► LinkedIn: / dean-cefola-2902934b
#TheAzureAcademy #EntraID #EntraDomainServices - Наука та технологія
🔥AFTER THIS You should understand 1 more thing about Entra Domains 👉 ua-cam.com/video/OWGVoJMdIRc/v-deo.html 👈
Great Video!
Glad you enjoyed it
Cloud Kerberos trust for entra ID AD DS would enable SSO from Entra joined PCs to resources in the Entra ADDS domain. For now you'll get password prompts.
I don’t remember seeing in the docs that Entra ID Kerberos is supported with Entra Domain Services, because you need elevated rights to set up the trust. Can you share the doc where this is says it was supported?
I think it's not supported yet. This hinders user experience accessing resources in Entra DS domain from Entra joined devices.
Yes…but the purpose of using an Entra Domain is because you want a managed domain…that managed domain comes with restrictions. If you don’t like the restrictions, don’t use the service…go all cloud or use a traditional domain controller
ACCESS
Thanks…stay tuned!
Hi Dean, apologies for going offtopic of this video (i still cant wait for the Citrix PVS-esque thing coming up ;) ), is there anything in the works for FSLogix profiles for Entra-Joined AVDs without any sort of domain services? No "on prem" DCs, no Entra DS DCs? Plenty of workarounds out there at the moment, but a microsoft answer would be great :)
Great question, it is coming, but there are ways to do it today…but a better way is coming soon
Here’s todays cloud only way
ua-cam.com/video/yJqTJh2Tgxo/v-deo.htmlsi=oZY3RMoBUHjBUAIx 11:00 minutes
@@AzureAcademy Thank you so much. I really appreciate just how quickly you respond to comments, and always with the right stuff hehe :)
👍☺️👍
Hello @dean it was an great informative session ,i am facing an issue on avd is like i have a pool in that multiple vm is there but those who are deallocated is not getting start says failed to start the vm an internal error occurred do you know any of this
Deallocated VMs will NOT start on their own. You need a Scaling Plan for that watch this
ua-cam.com/video/JolOG7abfa4/v-deo.htmlsi=F4sBuitvM8_yYvrE
If you have a scaling plan, check if there are any errors in the plan activities. If you have a few VMs that never start, I would delete them and build new ones
Access yea🙂👍
On its way...stay tuned!
What are the advantages to this rather than just building a DC in Azure on a VM and have it sync to an onprem DC through VPN?
A DC in Azure is a single VM...which does NOT make Active Directory highly available. The Entra Domain IS HA.
There are multiple hosts and you can also replicate them to other regions for DR, as part of the service.
If you use a DC over a VPN and do syncing, then your VPN is a single point of failure...you lose that connection and you can't work in the cloud.
There are some advantages to a traditional VM running a DC role for sure...like Entra Connect Sync lets you support devices or do hybrid join...in Entra Domain, you can't do those.
Also...you should watch the video I linked to at the of this one...there are several more things you NEED TO KNOW before you use Entra Domain Services
ua-cam.com/video/OWGVoJMdIRc/v-deo.html
Do i have a chance of writing and altering attributes in a User context with Entra ID DS without any additional Trust? As far as is knock i cannot Write via LDAP into the Domain Services
Entra Domain Services DOES support LDAP
Here is a guide
learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-ldaps?darkschemeovr=1
What are you trying to add?
We would like to use some Software wich writes telephone Attribute back to User details
those are ALREADY attributes of the cloud user account...so fill them out in your user accounts, and they will sync to the Entra Domain
So, would this be how I sync my Cloud Only Groups in Entra back to my on prem AD?
Nope, that works be using Entra Connect Sync Group writeback
@@AzureAcademy do you have a video you have done that I can use to review our Entra Connect sync set up?
my connect settings usually are
Password hash sync
Password write back
Single Sign-on
Sometimes pass through auth
Here is my connect video with almost 100k views
ua-cam.com/video/NlQs38uLCmA/v-deo.htmlsi=ppSNOQ76JRKpJAwI
#access 😁🤩
Thanks, Stay tuned! ☺️
Access
Thanks!
/ACCESS
Thanks, Stay tuned!
ACCESS
you got it...stay tuned!
ACCESS
Great! Stay Tuned 😎