Azure AD App Registration in Plain English (Exam Prep FAQs)

Подписаться 83 тыс.

Просмотров 75 тыс.

50% 1

App registration in Azure Active Directory is a frequent source of questions from Azure admins and those preparing for Microsoft certification exams. In this video, we'll walk through configuration of an app registration in Azure AD, explaining key concepts clearly and concisely along the way.
Music by ‪@musicforvideolibrary‬

Опубликовано:

3 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 49

@richardwaldron1684 2 года назад

Finally, someone who can explain this clearly so it makes sense to me. Many thanks for posting

@InsideCloudAndSecurity 2 года назад

Glad it helped. 👍

@Southpaw07 2 года назад

i was struggling to understand app registration and concepts and found this tremendously helpful. Amazing LinkedIn AZ500 class too. Thank you Pete keep up the great work!

@InsideCloudAndSecurity 2 года назад

Thank you! Glad this was helpful. 👍

@ksks941 Год назад

Thanks Pete for clarifying this topic in simple words. Really helpful for me.

@InsideCloudAndSecurity Год назад

You're very welcome! ☺

@TenMinuteKQL Год назад

Great Azure content in easy to understand terms, keep it coming!

@gamezpedia 11 месяцев назад

Amazing | Simple and more practical.

@InsideCloudAndSecurity 10 месяцев назад

Glad you liked 👍

@pluralcloud1756 2 года назад

Great content- would like more on just the selection of "Web - redirect url" in Register an Application. Could you continue with the series and also add some diagrams relating to the various choices and scenarios? Like SasS, where would you obtain the guid and use it in an application to have permissions to the user's resources, which the identity management allows permission to access. Thank you.

@InsideCloudAndSecurity 2 года назад

Yes. Planning to produce an updated version in the next few weeks to address recent changes. Can add some guidance in areas you are suggesting.

@javier220577 3 года назад

Thank you for your video. IT was very helpful and informative

@InsideCloudAndSecurity 3 года назад

You are welcome!

@inknochen_ 2 года назад

awesome. crystal clear to me. thanks!

@InsideCloudAndSecurity 2 года назад

Excellent. Glad to hear that. Good luck! 🤞👍

@rahulch9674 3 года назад

amazing explanation.. loved it, thank you.

@InsideCloudAndSecurity 3 года назад

Glad you liked it!

@smusunuri 3 года назад

Liked consent explanation. Thanks

@InsideCloudAndSecurity 3 года назад

Thanks. Hope it helps! 👍

@gregborodin2768 3 года назад

thanks. this was short and helpfull

@InsideCloudAndSecurity 3 года назад

Glad it helped!

@richardlanglois5183 3 года назад

Great presentation!

@InsideCloudAndSecurity 3 года назад

Thank you kindly!

@AravindKumar-dc6ct 2 года назад

Very well explained. Thank you

@InsideCloudAndSecurity 2 года назад

Thanks! 👍

@bhushan161988 2 года назад

awesome video!!! thanks for that. Quick question - is service principal similar to the service account in other cloud services? i believe service account is the account with which our production jobs run instead of running with our own accounts.

@InsideCloudAndSecurity 2 года назад

It would be more accurate to say service principals avoid use of service accounts as they exist in on-premises Active Directory. You'll find a good read on service principals and managed identities at devblogs.microsoft.com/devops/demystifying-service-principals-managed-identities/

@abhishekinvisible Год назад

Thanks for explaining.

@ilannknochen Год назад

Awesome work Peter!

@XboxGamerkings 2 года назад

tyvm! earned yourself a sub

@InsideCloudAndSecurity 2 года назад

Glad it helped. 👍

@terencengwork890 2 года назад

Excellent video. If I have several users that want to programatically interact with files stored in (different) sharepoint sites via Graph API (with Python). Do I create multiple Apps and use application permissions and limit the scope to Sites.Selected for each? Or do I create one App Registration for all users/sites and use delegated permissions? One App w/delegated permissions is more manageable from an admin perspective, but on the user end, they have to get and enter an access token which means there's some interaction and more steps involved.

@InsideCloudAndSecurity 2 года назад

Per-site access is possible. Look at good blog posts here devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/ and here mmsharepoint.wordpress.com/2021/08/18/accessing-sharepoint-sites-with-resource-specific-consent-rsc-and-microsoft-graph/

@DelMadman 3 года назад

Amazing explanation! Is not clear for me what the difference between the service principal and managed service identity? It seems like they solve the same problems, allow a user or an app securely access other resources in azure, but what the difference? what is the key difference that make me choose one or another? please explain

@InsideCloudAndSecurity 3 года назад

Sorry for delayed reply, your comment was incorrectly flagged by RU-vid as spam. managed identity came along after service principal, and are the preferred approach. Use system identities on services that support them, as it is auto-created and auto-removed along with the service it is tied to. User-assigned managed identities are created independent of a resource, but you have to delete them manually (less convenient). You could say the difference between a managed identity and a service principal is that a managed identity "manages" the creation and automatic renewal of a service principal on your behalf.

@ainigma100 2 года назад

Thank you for your video. Assume that we have an application (BE and FE) which is deployed via azure DevOps. What will happens if the app registration secret expires? Do we have to do something or we just renew the secret of app registration? After we renew the secret do we have to update something else? Thank you in advance

@nickromanek9444 2 года назад

Best explanation I found so far, I'm looking into converting a LOB app hosted in Azure to use SSO with AAD. Ideally, we'd allow external users to continue using the authentication in place for the website (has it's own database and send code for MFA), but if it detects that an internal employee is logging in, we want it to detect that using the domain and then trigger the SSO process using AAD. Hopefully my explanation is clear enough, but do you know if that's possible? Any other resources you could point me to for this?

@InsideCloudAndSecurity 2 года назад

Sounds a bit more complicated as you have a custom authentication strategy. Some high-level guidance from Microsoft starts here - docs.microsoft.com/en-us/azure/active-directory/fundamentals/five-steps-to-full-application-integration-with-azure-ad

@emiliakullutwe9569 2 года назад

Hi, I'm an intern and I was asked to integrate one of the company apps that is on Oracle APEX new version with active directory, how can I register an app from oracle apex in azure AD? Please help!

@InsideCloudAndSecurity 2 года назад

Hmm, your comment just popped up here. For non-Microsoft apps, the vendor (Oracle, in this case) will generally provide instructions for app registration in Azure AD in their documentation.

@rock_0075 3 года назад

Thanks for the video, I am looking bring the Azure AD to my app (react+ springBoot) , but not sure what will be best suited for me (Azure Ad B2C, Azure ad B2B etc), as my app has the functionality to register new user (name, email address(any domain email address) and password) and login. advise or pointer on this please?

@InsideCloudAndSecurity 3 года назад

It depends. Are you expecting users to authenticate with a work identity (Azure AD or federated) or social identity (Facebook, Google, etc). If the first, look at Azure AD B2B. If the latter, Azure AD B2C.

@rock_0075 3 года назад

@@InsideCloudAndSecurity Thanks for the answer, I am still a bit not sure? as for my scenario, I like the user to Signup with any email id (abc@xyz.com), and that email I am looking to save in the backend(Spring + mysql DB) as well and then map that email as Primary key for that customer in the DB

@shawnpederson 3 года назад

Thank you!

@InsideCloudAndSecurity 3 года назад

You bet!

@dsfarag 3 года назад

I feel so stupid for not knowing that an enterprise app object is created when configuring an app reg. Doh!

@InsideCloudAndSecurity 3 года назад

Don't. App registration is tough for EVERYONE! 😉

@princemathew8853 2 года назад

which subscription we need, office 365 subscription or Azure Subscription for App Registeration?

@InsideCloudAndSecurity 2 года назад

Sorry, your comment got automatically pushed into a moderation bucket. This is a feature of Azure AD, so you don't need an Azure sub or Office 365 to use this feature.