RBAC model for Azure AD

A lot of companies are struggling with the setup of a RBAC model which fits their organisation. Especially when adopting more Cloud services, it becomes even more challenging. Azure subscriptions, resource groups, databases, key vaults are just some examples. Also, we connect SaaS and other applications to the directory which are accessible via the Access Panel (myapps.microsoft.com). What is the best approach using Azure AD groups? … Read more…

An AWS CICD Release pipeline on VSTS.

Infrastructure as Code is one of the many practices teams have to fulfill the needs of modern systems. The provisioning of resources for systems in an automated versioned way supports also the need of consistent environments across different stages of system development, making it much more comfortable to develop, validate and test systems.

Keep development, staging, and production as similar as possible.
See also the Dev/prod parity practice of the 12 factor methodology.

The principles of a pipeline also fit on pipelines which provision infrastructures. The artifacts should be versioned, validated, automated and more, see pipelines principles.

Visual Studio Team Services and Amazon AWS

VSTS covers many needs for teams and pipelines out of the box. VSTS is optimized for releasing systems and provisioning environments on Azure, many out of the box capabilities which speed up teams. … Read more…

B2B or B2C?

Microsoft released the Azure AD B2B and B2C services last year. The main goal of both services is to provide an Enterprises the ability to grant “external” accounts access to their services. Although there is major difference in the use of these services. Business to Business (B2B) is mainly focussed on collaboration between two different companies so people can interact and work together with for example the same application or within the same project. Business to Consumer (B2C) is meant for the Enterprise’s end-customer granting the ability to login using a single IdP (or your Social ID) to access the company’s services. Buying something online in a web shop or the downloading an invoice on the personal page of your magazine subscription are some examples of a typical B2C scenario.

The table shown below provides some guidance on how to identify the correct scenario:

31-1-2017 07-26-04

According to my experiences there is also some grey area for which the characteristics does not exactly match one of the scenarios shown above. Think about scenarios in which an Enterprise is the end-customer of a certain service the other Enterprise delivers. For example, an energy company which delivers online service to other companies to provide insights into their electricity usage of the buildings the company owns. This brings challenges like how can we assign a customer administrator role with privileges to invite other people within their company? This is more like a B2B feature in a B2C scenario. Let’s see with the future will bring for these types of scenarios. For now, it requires some creative solutioning using the B2C service….

Hybrid identity update: Pass-Through Authentication and Seamless Single Sign On

It is one of the main announcements from Ignite 2016, but now the functionalities are finally here: Pass-Through Authentication and Single Sign On. These features are added to latest Azure AD Connect release and are considered a huge game changer in the Hybrid Identity scenarios. In this post, I will elaborate on these two new features and I will also answer the question: Is ADFS a deprecated type of scenario for a hybrid identity setup? … Read more…

Access Control using Azure Active Directory

By adopting more and more different cloud applications in your organization the need for management and controls becomes crucial. Azure Active Directory in this case offers a wide set of features to support these scenarios. Some of the primary functionalities like account management, Multi-Factor Authentication and Federation support covers most of the needs on the authentication level and these are common practice nowadays. When it comes to controlling and granting access to applications or managing authorization in a cloud scenario and integrating with your environment, it suddenly starts to be a little bit blurry. This post will give a brief overview of the Azure Active Directory key Access Control features and it will provide a practice to combine these features which will help IT organizations to manage and service their organization in an efficient and compliant way. … Read more…