AD FS to Microsoft Entra | How to migrate your cloud apps

Подписаться 341 тыс.

Просмотров 13 тыс.

50% 1

Migrate from Active Directory Federation Services to Microsoft Entra ID (Azure Active Directory). Many key blockers have been removed with Microsoft Entra ID, including capabilities like certificate-based auth, group filtering, group transformation, and token augmentation. Additional capabilities include conditional access and phish-resistant passwordless authentication.
Jeremy Chapman, Director at Microsoft 365, shares the steps to migrate from AD FS to Microsoft Entra, as well as an inside look at the management and IT experience.
► QUICK LINKS:
00:00 - Introduction
01:27 - Why migrate from AD FS?
02:32 - Compare the management experience
03:58 - IT perspective
04:48 - How to migrate from AD FS to Microsoft Entra
05:31 - Walk through the setup
06:35 - Salesforce process
07:22 - Wrap up
► Link References:
Tutorials and resources for the most common apps at aka.ms/migrateapps
Hands-on guidance and detailed documentation for migration at aka.ms/adfs2entra
► Unfamiliar with Microsoft Mechanics?
As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
• Subscribe to our RU-vid: / microsoftmechanicsseries
• Talk with other IT Pros, join us on the Microsoft Tech Community: techcommunity.microsoft.com/t...
• Watch or listen from anywhere, subscribe to our podcast: microsoftmechanics.libsyn.com...
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: / msftmechanics
• Share knowledge on LinkedIn: / microsoft-mechanics
• Enjoy us on Instagram: / msftmechanics
• Loosen up with us on TikTok: / msftmechanics
#CloudMigration #MicrosoftEntra #AzureAD #AzureCloud

Наука

Опубликовано:

12 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 11

@julianwaite9709 Месяц назад

This is great, definitely the way to go with the right planning. Thanks for the clear explanation as always!

@cdanvergara Год назад

This is great, there are customers still running ADFS farms on WS2012, that's a compelling reason to move to entra as well!

@DaveCober Год назад

I know it sounds like a small thing, but requiring users to enter UPN/Email instead of SamAccountName has tripped up a ton of our workforce.

@caseyg1495 11 месяцев назад

We had that complaint as well. We are in the process of this migration right now. We changed ADFS to support both username and email last year and then put in the comment for the username field to enter their email address to help transition people. When we make the final cut over, it will be difficult I think for some users. I really wish that it would prompt users to say are you sure you want to sign into a Microsoft Live account before jumping over to the live portal. Ultimately, it is training users to not enter a password in on a page that doesn't look like your SSO page.

@NamNguyen-ck7yb 11 месяцев назад

Can we do the first login with hybrid Join device already had Ms Enfa sync? We still stuck on the first login on hybrid join devices. Only can be setup with a line of sign to onprimese AD

@igormatic7896 11 месяцев назад

We are using Always-ON VPN Device tunnel to make the first login possible outside of the company network. The Always-On Tunnel is deployed during Autopilot installation.

@NamNguyen-ck7yb 11 месяцев назад

@@igormatic7896 we heard about that about Cisco fast connect but we currently using ivanty Vpn with very limited. We been try with Azure VPN and using devices trusted scep certificate but still really complicated. Hopefully with Entra users on premise identity already in cloud could be easier. Because migrate all GPO to intune and do cloud join is nightmare

@jonkilner8816 Год назад

Still no cloud alternative to user logon expiry dates. Seems to me a security risk that you can have onpremise user accounts that have expired, but which are still active/enabled in Azure

@jackneely9404 Год назад

What do you mean? Can you provide an example?

@jonkilner8816 Год назад

@@jackneely9404 a user's on premise account is configured in AD to expire on the 31 July 2023. This account is sync'd to AzureAD. On the 1st August, when the user tries to sign in to their on prem AD joined device they can't as their account has expired (the account is expired, not disabled). However, that same user can still use their Azure AD account to sign in to M365 as the account is still active (AAD Connect doesn't sync the onprem account.expiry date)