鄧麗君 《但願人長久》
《水调歌头》苏轼
明月几时有,把酒问青天。
不知天上宫阙,今夕是何年?
我欲乘风归去,又恐琼楼玉宇,
高处不胜寒。
起舞弄清影,何似在人间!
转朱阁,低绮户,照无眠。
不应有恨,何事长向别时圆?
人有悲欢离合,月有阴晴圆缺,
此事古难全。
但愿人长久,千里共婵娟。
幾多愁 【虞美人】
虞美人
春花秋月何时了,往事知多少。小楼昨夜又东风,故国不堪回首月明中。
雕阑玉砌应犹在,只是朱颜改。问君能有几多愁,恰是一江春水向东流。
Friday, June 11, 2021
Saturday, May 1, 2021
Sunday, January 31, 2021
Authentication for Azure AD
1. #password hash synchronization (most simple)
*** Azure AD Connect synchronizes a hash, of the hash, of a user's password from an on-premises Active Directory instance to a cloud-based Azure AD instance.
*** You can use this feature to sign in to Azure AD services like Microsoft 365. You sign in to the service by using the same password you use to sign in to your on-premises Active Directory instance.
To use password hash synchronization in your environment, you need to:
-Install Azure AD Connect.
-Configure directory synchronization between your on-premises Active Directory instance and your Azure Active Directory instance.
-Enable password hash synchronization.
*** You can use this feature to sign in to Azure AD services like Microsoft 365. You sign in to the service by using the same password you use to sign in to your on-premises Active Directory instance.
To use password hash synchronization in your environment, you need to:
-Install Azure AD Connect.
-Configure directory synchronization between your on-premises Active Directory instance and your Azure Active Directory instance.
-Enable password hash synchronization.
## Password Hashing
**Hashing performs a one-way transformation on a password, turning the password into another String, called the hashed password. “One-way” means that it is practically impossible to go the other way - to turn the hashed password back into the original password.
2. ## Azure Active Directory Pass-through Authentication
**Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords.
-When users sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.
**-certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead.
-Simply needs just a lightweight agent (makes only outbound connections) to be installed on-premises.
***-On-premises passwords are never stored in the cloud in any form.
-The communication between an agent and Azure AD is secured using certificate-based authentication. These certificates are automatically renewed every few months by Azure AD.
**Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords.
-When users sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.
**-certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead.
-Simply needs just a lightweight agent (makes only outbound connections) to be installed on-premises.
***-On-premises passwords are never stored in the cloud in any form.
-The communication between an agent and Azure AD is secured using certificate-based authentication. These certificates are automatically renewed every few months by Azure AD.
**-Password Remains in On-Premise (Sync user ID only, not password).
3. ADFS
-Password Remains in On-Premise.
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
Azure Active Directory (AAD)
Azure Active Directory Domain Services (AADDS)
Active Directory (AD)
Subscribe to:
Posts (Atom)