Direct Inward Dialing: +1 408 916 9892
On the Azure portal, navigate to Create a resource >Networking >Virtual Network > Create Virtual Network Create a new virtual network and divide it into two sub-networks. This will divide the network into an interior sub-network and a Demilitarized Zone (DMZ), which will be used to deploy Web Application Proxy (WAP) servers. The WAP servers help users sign in using AD FS even while being off the company network.
Each of these sub-networks need a Network Security Group (NSG) associated with them. Navigate to Create a resource > Networking > Network Security Group.In the Create Network Security Group window, specify the subscription, Resource group, name and region. Select the Create tab.If you see a notification that says Validation Passed, then click onCreate.
After this is done, search for Network Interfaces in the Search tab at the top of the Azure portal. And then, click on the Sub-network that you want to assign the Newly created NSG to.Navigate to Settings >Network Security Group > Edit and then select relevant NSG. The NSG will contain Access Control Lists that will regulate and filter the traffic flow in the network.
Azure offers three kinds of connections to the on-premises network:
You can choose the type of connectivity you need based on the needs of your organization.
On Azure, create two storage accounts by clicking All Services on the top-left of the portal and look for Storage Accounts or type Storage Accounts to find it.You would need to Link the storage account to the resource group that is created in the next step.
A resource group acts as a container for all the resources connected to a service. In this case, create a resource group to house all the resources connected to AD FS. Use the following cmdlet on Azure PowerShell to create a resource group:
Create availability sets which will group two VMs each. The two machines will cater to the high availability requirement of the enterprises. To create availability sets, use the following cmdlet on Azure PowerShell:
Then, create and deploy four VMs - two for DC/ADFS role and two for the WAP role. Use the New-AzVm cmdlet on Azure PowerShell to create new VMs in the availability set.
Make replicas of the on-premises domain controller on the two VMs assigned to DC roles.
Configure AD FS on both of them.
On the left upper side of Azure portal, click on Create a resource and navigate to Networking >Load Balancer, and click on the plus sign. Assign the Load Balancer to the virtual sub-network associated with AD FS because it will be used to manage the requests between the AD FS servers and the client machine.
Configure the ILB backend pools. Select the Load Balancer and navigate to Settings >Backend Pools > Add. The Load Balancer uses a backend pool of IP addresses of the virtual networks interfaces associated with it. This is used to distribute the requests across the two VMs.
Update the ILB in the DNS server
Install WAP on the virtual machines set up for WAP.
On the left upper side of Azure portal, click on Create a resource and navigate to Networking > Load Balancer and click on the plus sign. Select the Scheme as Public, so that this Load Balancer has a public IP.
Update the DNS server with this Public IP.
Configure the backend pool as detailed in Step 6.
ADAudit Plus, a real-time Active Directory auditing and reporting tool, can help you perform Azure AD auditing. It contains numerous reports on logons, user management and so on, which can help audit and troubleshoot Azure AD and the services connected to it. It can generate comprehensive and user-friendly reports in no time at all.
