Thanks for the kind words, let us know if you want us to cover any specific features related to Azure AD, we will be adding a playlist for SAAS application and would appreciate if you can check those as well. Thanks once again..!!! Enjoy learning conceptually..!!
the AZUREADSSOACC computer object which gets created when SSO is enabled, does this need to be in an OU which has synced enabled to MS Entra? Or can it be in a non-synced OU? My reason to move it to another OU (other than the default OU it gets created in) is to have a object reside in an OU where accidental protection is enabled and also to keep the OU structure clean (No clean environment would want to fill up the default Computer OU or get into a mess with all objects in the default OU getting all GPOs applied, in my opinion) Looking forward to some great insight & learning here :)
Hi again! Ty again for the content. I've not seen any mention about PTA agents needing to be installed to fulfill the requests. From what I read this was one requirement. Also when you setup add connect, whenever you select a non-password hash sync option (federantion or pass through) you have the choice at the end to enable the pass hash as well. (In case you want Information protection capabilities from Azure) can you please provide and explanation of this as well? Thank you again!
Thanks for your kind acknowledge, much appreciated. For now we are covering different security products by Microsoft, but for there will be a revisit to Azure AD.
hi, very interesting video that describes very well the seamless SSO autenaturation. A curiosity...by any chance the decryption key shared between the AZUREADSSOACC computer account and Azure AD is the password hash RC4 of the AZUREADSSOACC service account? While studying active directory I knew that a tgs is encrypted using the hash of the password of the service account to which the SPN is associated. Thanks
The recommended value has to be - AES256_HMAC_SHA1. And I hope you read the notes section of this article - docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-how-it-works#how-does-set-up-work
Great Video. How the authentication works if I am trying to access portal or anything integrated with Azure AD from Internet in Pass through Authentication with Seamless SSO configured Scenario?
Hello Sanesh, If seamless SSO is configured and you are using a machine in internal network, the users should not be prompted for credentials. For external network the machine must be hybrid Azure AD joined. Regards, ConceptsWork.
Hi, we primarily have ADFS Setup for primary authentication, is it feasible to set up Pass through Authentication as a backup to ensure operability i.e., allowing authentication if ADFS mechanism breaks ?
Great Video again. I have 2 questions 1. How does the browser know I have to forward the request to Local Ad to get a Kerberos ticket? 2. When and how is the Pre-Shared key exchanged to AAD?
At 7:23 , when autologon endpoint is sending 401 to the user agent, then the kerb ticket validation is started. The pre-shared key is shared when "AZUREADSSOACC" is created while installation. docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-how-it-works#how-does-set-up-work
PTA Agents are installed with the setup of AAD connect itself, in case of high availability you can download PTA Agents from the portal. docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start#step-3-test-the-feature
it will automatically take the credentials, to get the best experience, make your machine Hybrid Azure AD joined and then SSO will work for all Office 365 applications.
Hi, We'd PTA enabled setup and for testing of PHS i've select the password hash synchronization, for selected items, now my all users from the Cloud have been deleted and only those user/ou which i select for PHS are showing. Can you please guide how can i restore them or do i need to re configure the PTA?
@@ConceptsWork thanks, your videos are really helpful. Please let me know if you provide offline classes as well. Also, please share the hybrid AD concept video, i was not able to find it. Issue : we've setup hybrid AD & our on prem devices are on Windows 10 pro where as only few of them showing/mapped with hybrid AD rest are still showing registered with Azure AD status. Please help/guide if you see such issues. Thanks in advance
One of the best explaination on Pass through authentication workng...Thank you :)
Glad it was helpful!
Best and most thorough explaination I've found! Thank you sir! Much better alternative to "waffle" PDF's from Microsoft
Thanks for the kind words, let us know if you want us to cover any specific features related to Azure AD, we will be adding a playlist for SAAS application and would appreciate if you can check those as well.
Thanks once again..!!!
Enjoy learning conceptually..!!
Excellent Video Sir...🙂
Just now watching but a great video!
Excellent explanation 👍
the AZUREADSSOACC computer object which gets created when SSO is enabled, does this need to be in an OU which has synced enabled to MS Entra? Or can it be in a non-synced OU?
My reason to move it to another OU (other than the default OU it gets created in) is to have a object reside in an OU where accidental protection is enabled and also to keep the OU structure clean (No clean environment would want to fill up the default Computer OU or get into a mess with all objects in the default OU getting all GPOs applied, in my opinion)
Looking forward to some great insight & learning here :)
Awesome... very much clear.
Does it work in incognito mode .. I mean Seamless SSO happens in private browser or not..?
Hey Hi, Its indeed a nice explanation but I think this video only explains Seamless SSO but not Passthrough Authentication.
Simple and nice explanation!!
Thanks Siddhesh for kind words... :-)
Outstanding!
Excellent Video... Thank you.
Hi again! Ty again for the content. I've not seen any mention about PTA agents needing to be installed to fulfill the requests. From what I read this was one requirement. Also when you setup add connect, whenever you select a non-password hash sync option (federantion or pass through) you have the choice at the end to enable the pass hash as well. (In case you want Information protection capabilities from Azure) can you please provide and explanation of this as well? Thank you again!
@concepts work
where are you now man?? we need you more and more.
Please make more such useful videos.
Thanks for your kind acknowledge, much appreciated.
For now we are covering different security products by Microsoft, but for there will be a revisit to Azure AD.
hi, very interesting video that describes very well the seamless SSO autenaturation. A curiosity...by any chance the decryption key shared between the AZUREADSSOACC computer account and Azure AD is the password hash RC4 of the AZUREADSSOACC service account? While studying active directory I knew that a tgs is encrypted using the hash of the password of the service account to which the SPN is associated.
Thanks
The recommended value has to be - AES256_HMAC_SHA1.
And I hope you read the notes section of this article - docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-how-it-works#how-does-set-up-work
Great Video. How the authentication works if I am trying to access portal or anything integrated with Azure AD from Internet in Pass through Authentication with Seamless SSO configured Scenario?
Hello Sanesh,
If seamless SSO is configured and you are using a machine in internal network, the users should not be prompted for credentials.
For external network the machine must be hybrid Azure AD joined.
Regards,
ConceptsWork.
Hi, we primarily have ADFS Setup for primary authentication, is it feasible to set up Pass through Authentication as a backup to ensure operability i.e., allowing authentication if ADFS mechanism breaks ?
Mode of authentication is completely dependent upon domain state, have you deployed ADFS through AAD connect.
Could you please explain AAD Connect password hash synchronization as well
Great Video again. I have 2 questions 1. How does the browser know I have to forward the request to Local Ad to get a Kerberos ticket? 2. When and how is the Pre-Shared key exchanged to AAD?
At 7:23 , when autologon endpoint is sending 401 to the user agent, then the kerb ticket validation is started.
The pre-shared key is shared when "AZUREADSSOACC" is created while installation.
docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-how-it-works#how-does-set-up-work
@@ConceptsWork Where are the PTA connectors in picture in this flow? I dont see any PTA connector being queried, it all browser. Why is this PTA then?
PTA Agents are installed with the setup of AAD connect itself, in case of high availability you can download PTA Agents from the portal.
docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start#step-3-test-the-feature
Could you show the installation of authenticator agent on on premise machine.
How can I download the ppt and videos.
When SSO enabled, is Outlook going to ask for a password when it's launched for the first time? Or it takes the identity from the Windows login?
it will automatically take the credentials, to get the best experience, make your machine Hybrid Azure AD joined and then SSO will work for all Office 365 applications.
@@ConceptsWork Thank you!
Hi,
We'd PTA enabled setup and for testing of PHS i've select the password hash synchronization, for selected items, now my all users from the Cloud have been deleted and only those user/ou which i select for PHS are showing. Can you please guide how can i restore them or do i need to re configure the PTA?
This is an unsupported configuration, please restore the setup to initial configuration.
@@ConceptsWork thanks, your videos are really helpful. Please let me know if you provide offline classes as well.
Also, please share the hybrid AD concept video, i was not able to find it.
Issue : we've setup hybrid AD & our on prem devices are on Windows 10 pro where as only few of them showing/mapped with hybrid AD rest are still showing registered with Azure AD status. Please help/guide if you see such issues. Thanks in advance
Nice1 sir
Great stuff