Impressive growth of Azure Active Directory users since

Impressive growth of Azure Active Directory users since 2011 • Over 3 million companies, 469 K active tenants last week • Approaching 146 million directory users, 16 million active users last week • For the past 3 months, 25, 000 new users have logged into Azure Active Directory for the first time Today, global enterprises run on Windows Server Active Directory • 90% of US enterprises and 70% of international corporations use Active Directory • Over 400 million Active Directory users • Active Directory users will move to Azure Active Directory.

Administration Admin Portal Scripting, Power. Shell On Premises Active Directory Power. Shell Directory Synch LDAP Kerberos Applications Graph API REST OAuth Applications Windows Azure Active Directory REST Interface Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports 7

Tenant of interest – Graph URL can be tenant’s verified domain or (static) object. Id. Specific entity type, such as users, groups, contacts, tenant. Details, roles, applications, etc. https: //graph. windows. net/contoso. com/users? apiversion=2013 -04 -05&$filter=state eq ‘WA’ API version – “ 2013 -04 -05” is the 1. 0 version the Supported GA version Optional Odata query arguments: $filter, $top

http: //graph. Explorer. cloudapp. net/

1. Request JWT token (pass input claims) 2. Return token 3. HTTP Request with JWT Token Application 4. Return Response and Data Azure AD Authentication Endpoint (OAuth) Directory REST Service Validates token, processes request, returns data Authorization Check

Authentication - Acquiring a token OAuth 2. 0 grant type=client credentials POST https: //login. windows. net/contoso. com/oauth 2/token? api-version=1. 0 HEADERS Content-Type: application/x-www-form-urlencoded BODY grant_type=client_credentials&resource=https%3 a%2 f%2 fgraph. windows. net&client_id=52752 c 8 ed 73 c-4 f 9 a-a 0 f 92 d 75607 ecb 8 e&client_secret=q. KDj. II 5%2 FK 8 Wy. Kj 6 s. Ro 5 a 5 v. D 6%2 Bm 74 uk 1 A%2 Bp. Il. M%3 D RESPONSE: 200 OK Token will be returned back to the calling application if all values are valid Notes: OAuth 2. 0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

GET https: //graph. windows. net/contoso. com/users? api-version=2013 -04 -05 HEADERS Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. Content-type: Application/JSON; odata=minimalmetadata RESPONSE: 200 OK RETURN User Objects in JSON GET https: //graph. windows. net/contoso. com/users/adam@contso. com/thumbnail. Photo? apiversion=2013 -04 -05 HEADERS Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. Content-type: Application/JSON; odata=minimalmetadata RESPONSE: 200 OK RETURN: data representing User’s thumb nail photo

Request https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/tenant. Details? api-version=2013 -04 -05 Description Returns tenant level Information including company name, tech contact, subscriptions https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/groups/7373 b 0 af-d 462 -406 e-ad 26 returns a group’s members f 2 bc 96 d 823 d 9/members? api-version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? $filter=display. Name eq 'Adam Barr'&apiusing odata filter to get a specific user version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? $filter=display. Name ge 'A' and display. Name le filters for a range of users 'F'&api-version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? api-version=2013 -04 an example odata filter using starts. With 05&$filter=startswith(display. Name, 'James') an example odata filter using the any https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? api-version=2013 -04 operator, search for users who have a proxy 05&$filter=proxy. Addresses/any(c: startswith(c, 'SMTP: Ad')) address starting with 'SMTP: ad' https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users/adam@graphdir 1. onmicrosoft. com/member. Of Get a users’ group membership ? api-version=2013 -04 -05 https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/users/Adam@graph. Dir 1. On. Microsoft. com/manager? Get an individual User's manager api-version=2013 -04 -05 https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/users/Adam@graph. Dir 1. on. Microsoft. com/direct. Repo Get an individuals ‘ Direct Reports rts? api-version=2013 -04 -05 resolve an directory object via GUID (you https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/directory. Objects/2 bb 8892 b-b 7 bf-4 ae 9 -b 2 f 2 may not know what type of entity object this 02 d 9103 cb 82 b? api-version=2013 -04 -05 is - returned data will provide details). https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/roles? api-version=2013 -04 -05 Return Roles https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/subscribed. Skus? api-version=2013 -04 -05 Return all subscriptions that the tenant owns

POST https: //login. windows. net/contoso. com/oauth 2 /token? api-version=1. 0 HEADERS Content-Type: application/x-www-formurlencoded BODY grant_type=client_credentials&resource=https %3 a%2 f%2 fgraph. windows. net&client_id=5275 2 c 8 e-d 73 c-4 f 9 a-a 0 f 92 d 75607 ecb 8 e&client_secret=q. KDj. II 5%2 FK 8 Wy Kj 6 s. Ro 5 a 5 v. D 6%2 Bm 44 uk 1 A%2 Bp. Il. M%3 D RESPONSE: 200 OK Notes: Oauth 2. 0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

Create a New User POST https: //graph. windows. net/contoso. com/users? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY { } "account. Enabled": true, "user. Principal. Name": "New. User@contoso. com", "display. Name": "New User", "password. Profile": { "password": "VStrong. P@ssword 1", "force. Change. Password. Next. Login": true}, "mail. Nickname": "New. User" RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements. (2 )the minimum set of properties to create a user is shown in the example above. (3) setting the user’s usage location is not shown above.

Add a User to a Group Update Group or Role membership POST https: //Graph. windows. net/contoso. com/groups/02 a 8 a 087 -a 371 -43 f 9 -94 dfcf 0 f 654 de 307/$links/members? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY: { "url": "https: //graph. windows. net/contoso. com/directory. Objects/93 d 8 feee-6365 -4 b 3 b-98 c 014 da 134 a 2 b 1 e" } RESPONSE: 204 Notes: replace /groups with /roles to support Role membership updates

Reset a User’s password PATCH https: //graph. windows. net/contoso. com/users/adam@contoso. com? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY: { "password. Profile": { "password": "new. Password 1!", "force. Change. Password. Next. Login": false } } RESPONSE: 204 Notes: password must meet the tenant’s accepted password policy (matching password complexity, length and password re-use policy)

Demo Read and Write Operations in C# Visual Studio Project using WCF Data Services 5. 3 + Graph Helper Class

Graph URL (static) Tenant of interest – can be tenant’s verified domain or object. Id. Resource set of interest – To indicate specific entity type, specify “users” / “groups” / “contacts”. Use “directory. Objects” to include all 3 entities types. https: //graph. windows. net/contoso. com/directory. Obje cts? api-version=2013 -04 -05&delta. Link= Empty, to indicate this is an initial query. API version – “ 2013 -04 -05” Subsequent queries contains delta. Link/next. Link is the 1. 0 version value obtained from previous response.

Differential Query Demo Graph Explorer https: //graph. windows. net/graph. Dir 1. On. Microsoft. co m/users? api-version=2013 -04 -05&delta. Link=

The Enterprise Cloud for HR and Finance Samir Rathod – Sr. Enterprise Architect

Starting from Scratch

The Enterprise Cloud for HR and Finance HUMAN RESOURCES FINANCIALS TALENT REVENUE PAYROLL MOBILE CONSUMER UI TIME TRACKING PROCUREMENT ACTIONABLE ANALYTICS GLOBAL AT THE CORE COLLABORATION EXPENSES ADAPTIVE FOUNDATION TECHNOLOGY WORKDAY CONFIDENTIAL EMBEDDED SERVICES MULTI-TENANT IN-MEMORY OBJECT ORIENTED SECURITY INTEGRATION CLOUD CONFIGURABLE PROCESSES SETTLEMENT ENGINE REPORTING & WORKTAGS GOVERNANCE & COMPLIANCE

Workday Customers by Industry WORKDAY CONFIDENTIAL Services Technology Retail & Hospitality Manufacturing Financial Services Education & Government Healthcare & Life Sciences Other

Thank you! WORKDAY CONFIDENTIAL

edwu@Microsoft. com https: //microsoft. qualtrics. com/SE/? SID=SV_3 OFY 7 h. FRayuox. I 9

Develop and Test in VMs, Build Websites, Extend on-premises applications http: //www. windowsazure. com MSDN Subscribers: you’ve got it, now use it Activate your MSDN Benefit & try it by 9/30 You could win* an Aston Martin V 8 Vantage! Go to: http: //aka. ms/Azure. Contest Drop by the Windows Azure booth to participate in the Windows Azure Challenge for even more prizes!

Windows Enterprise: windows. com/enterprise windows. com/ITpro microsoft. com/mdop microsoft. com/dv microsoft. com/windows/wtg tryoutlook. com

http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //microsoft. com/msdn