Impressive growth of Azure Active Directory users since
- Slides: 40
Impressive growth of Azure Active Directory users since 2011 • Over 3 million companies, 469 K active tenants last week • Approaching 146 million directory users, 16 million active users last week • For the past 3 months, 25, 000 new users have logged into Azure Active Directory for the first time Today, global enterprises run on Windows Server Active Directory • 90% of US enterprises and 70% of international corporations use Active Directory • Over 400 million Active Directory users • Active Directory users will move to Azure Active Directory.
Administration Admin Portal Scripting, Power. Shell On Premises Active Directory Power. Shell Directory Synch LDAP Kerberos Applications Graph API REST OAuth Applications Windows Azure Active Directory REST Interface Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports 7
Tenant of interest – Graph URL can be tenant’s verified domain or (static) object. Id. Specific entity type, such as users, groups, contacts, tenant. Details, roles, applications, etc. https: //graph. windows. net/contoso. com/users? apiversion=2013 -04 -05&$filter=state eq ‘WA’ API version – “ 2013 -04 -05” is the 1. 0 version the Supported GA version Optional Odata query arguments: $filter, $top
http: //graph. Explorer. cloudapp. net/
1. Request JWT token (pass input claims) 2. Return token 3. HTTP Request with JWT Token Application 4. Return Response and Data Azure AD Authentication Endpoint (OAuth) Directory REST Service Validates token, processes request, returns data Authorization Check
Authentication - Acquiring a token OAuth 2. 0 grant type=client credentials POST https: //login. windows. net/contoso. com/oauth 2/token? api-version=1. 0 HEADERS Content-Type: application/x-www-form-urlencoded BODY grant_type=client_credentials&resource=https%3 a%2 f%2 fgraph. windows. net&client_id=52752 c 8 ed 73 c-4 f 9 a-a 0 f 92 d 75607 ecb 8 e&client_secret=q. KDj. II 5%2 FK 8 Wy. Kj 6 s. Ro 5 a 5 v. D 6%2 Bm 74 uk 1 A%2 Bp. Il. M%3 D RESPONSE: 200 OK Token will be returned back to the calling application if all values are valid Notes: OAuth 2. 0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications
GET https: //graph. windows. net/contoso. com/users? api-version=2013 -04 -05 HEADERS Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. Content-type: Application/JSON; odata=minimalmetadata RESPONSE: 200 OK RETURN User Objects in JSON GET https: //graph. windows. net/contoso. com/users/adam@contso. com/thumbnail. Photo? apiversion=2013 -04 -05 HEADERS Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. Content-type: Application/JSON; odata=minimalmetadata RESPONSE: 200 OK RETURN: data representing User’s thumb nail photo
Request https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/tenant. Details? api-version=2013 -04 -05 Description Returns tenant level Information including company name, tech contact, subscriptions https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/groups/7373 b 0 af-d 462 -406 e-ad 26 returns a group’s members f 2 bc 96 d 823 d 9/members? api-version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? $filter=display. Name eq 'Adam Barr'&apiusing odata filter to get a specific user version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? $filter=display. Name ge 'A' and display. Name le filters for a range of users 'F'&api-version=2013 -04 -05 https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? api-version=2013 -04 an example odata filter using starts. With 05&$filter=startswith(display. Name, 'James') an example odata filter using the any https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users? api-version=2013 -04 operator, search for users who have a proxy 05&$filter=proxy. Addresses/any(c: startswith(c, 'SMTP: Ad')) address starting with 'SMTP: ad' https: //graph. windows. net/Graph. Dir 1. On. Microsoft. com/users/adam@graphdir 1. onmicrosoft. com/member. Of Get a users’ group membership ? api-version=2013 -04 -05 https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/users/Adam@graph. Dir 1. On. Microsoft. com/manager? Get an individual User's manager api-version=2013 -04 -05 https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/users/Adam@graph. Dir 1. on. Microsoft. com/direct. Repo Get an individuals ‘ Direct Reports rts? api-version=2013 -04 -05 resolve an directory object via GUID (you https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/directory. Objects/2 bb 8892 b-b 7 bf-4 ae 9 -b 2 f 2 may not know what type of entity object this 02 d 9103 cb 82 b? api-version=2013 -04 -05 is - returned data will provide details). https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/roles? api-version=2013 -04 -05 Return Roles https: //graph. windows. net/graph. Dir 1. On. Microsoft. com/subscribed. Skus? api-version=2013 -04 -05 Return all subscriptions that the tenant owns
POST https: //login. windows. net/contoso. com/oauth 2 /token? api-version=1. 0 HEADERS Content-Type: application/x-www-formurlencoded BODY grant_type=client_credentials&resource=https %3 a%2 f%2 fgraph. windows. net&client_id=5275 2 c 8 e-d 73 c-4 f 9 a-a 0 f 92 d 75607 ecb 8 e&client_secret=q. KDj. II 5%2 FK 8 Wy Kj 6 s. Ro 5 a 5 v. D 6%2 Bm 44 uk 1 A%2 Bp. Il. M%3 D RESPONSE: 200 OK Notes: Oauth 2. 0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications
Create a New User POST https: //graph. windows. net/contoso. com/users? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY { } "account. Enabled": true, "user. Principal. Name": "New. User@contoso. com", "display. Name": "New User", "password. Profile": { "password": "VStrong. P@ssword 1", "force. Change. Password. Next. Login": true}, "mail. Nickname": "New. User" RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements. (2 )the minimum set of properties to create a user is shown in the example above. (3) setting the user’s usage location is not shown above.
Add a User to a Group Update Group or Role membership POST https: //Graph. windows. net/contoso. com/groups/02 a 8 a 087 -a 371 -43 f 9 -94 dfcf 0 f 654 de 307/$links/members? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY: { "url": "https: //graph. windows. net/contoso. com/directory. Objects/93 d 8 feee-6365 -4 b 3 b-98 c 014 da 134 a 2 b 1 e" } RESPONSE: 204 Notes: replace /groups with /roles to support Role membership updates
Reset a User’s password PATCH https: //graph. windows. net/contoso. com/users/adam@contoso. com? api-version=2013 -04 -05 HEADERS Content-Type: application/json Authorization: Bearer ey. J 0 e. XAi. Oi. JKV 1 Qi. LCJhb. Gci. Oi. JSUz. I 1 Ni. Is. Ing 1 d. CI 6 Ik 5 HVEZ 2 ZEst. Znl 0 a. EV 1 T…. BODY: { "password. Profile": { "password": "new. Password 1!", "force. Change. Password. Next. Login": false } } RESPONSE: 204 Notes: password must meet the tenant’s accepted password policy (matching password complexity, length and password re-use policy)
Demo Read and Write Operations in C# Visual Studio Project using WCF Data Services 5. 3 + Graph Helper Class
Graph URL (static) Tenant of interest – can be tenant’s verified domain or object. Id. Resource set of interest – To indicate specific entity type, specify “users” / “groups” / “contacts”. Use “directory. Objects” to include all 3 entities types. https: //graph. windows. net/contoso. com/directory. Obje cts? api-version=2013 -04 -05&delta. Link= Empty, to indicate this is an initial query. API version – “ 2013 -04 -05” Subsequent queries contains delta. Link/next. Link is the 1. 0 version value obtained from previous response.
Differential Query Demo Graph Explorer https: //graph. windows. net/graph. Dir 1. On. Microsoft. co m/users? api-version=2013 -04 -05&delta. Link=
The Enterprise Cloud for HR and Finance Samir Rathod – Sr. Enterprise Architect
Starting from Scratch
The Enterprise Cloud for HR and Finance HUMAN RESOURCES FINANCIALS TALENT REVENUE PAYROLL MOBILE CONSUMER UI TIME TRACKING PROCUREMENT ACTIONABLE ANALYTICS GLOBAL AT THE CORE COLLABORATION EXPENSES ADAPTIVE FOUNDATION TECHNOLOGY WORKDAY CONFIDENTIAL EMBEDDED SERVICES MULTI-TENANT IN-MEMORY OBJECT ORIENTED SECURITY INTEGRATION CLOUD CONFIGURABLE PROCESSES SETTLEMENT ENGINE REPORTING & WORKTAGS GOVERNANCE & COMPLIANCE
Workday Customers by Industry WORKDAY CONFIDENTIAL Services Technology Retail & Hospitality Manufacturing Financial Services Education & Government Healthcare & Life Sciences Other
Thank you! WORKDAY CONFIDENTIAL
edwu@Microsoft. com https: //microsoft. qualtrics. com/SE/? SID=SV_3 OFY 7 h. FRayuox. I 9
Develop and Test in VMs, Build Websites, Extend on-premises applications http: //www. windowsazure. com MSDN Subscribers: you’ve got it, now use it Activate your MSDN Benefit & try it by 9/30 You could win* an Aston Martin V 8 Vantage! Go to: http: //aka. ms/Azure. Contest Drop by the Windows Azure booth to participate in the Windows Azure Challenge for even more prizes!
Windows Enterprise: windows. com/enterprise windows. com/ITpro microsoft. com/mdop microsoft. com/dv microsoft. com/windows/wtg tryoutlook. com
http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //microsoft. com/msdn
- Csp azure plan
- Active directory
- Active directory two way trust
- Ad u
- Introduction to active directory
- Samba domain controller
- Active directory logo
- Administering active directory
- Active directory infrastructure design
- Soisk
- Controladores de domínio do active directory
- Active directory grundlagen
- Active directory disaster recovery best practices
- Active directory consolidation best practices
- Event 4672
- Advantages and disadvantages of active directory
- Gestione utenti active directory
- Sql best practices analyzer
- Site topology
- Active directory replication troubleshooting
- Active directory alapok
- Unc active directory
- How to setup a privileged access workstation
- Grouper active directory
- Active directory dynamic access control
- Active directory fundamentals
- Active directory cleanup tools
- Active directory alapok
- Microsoft virtual academy active directory
- Lab 5: manage active directory accounts (module 4)
- Active directory fundamentals
- Active directory design document
- Ado.net active directory
- Nagios active directory monitoring
- Unit 2 writing an impressive cv
- La fonction referentielle du langage
- Impressive hypp
- Kinds of degree
- Primary growth and secondary growth in plants
- Relative growth rates
- Difference between organic and inorganic growth