Azure AD App Registration in Plain English (Exam Prep FAQs)

Рет қаралды 78,880

Күн бұрын

Пікірлер

@CoreHope-hg4xg Ай бұрын

It's like searching and searching, and then finally landing on something that explains everything in a simple way that everyone can understand. Thanks a ton

@InsideCloudAndSecurity 15 күн бұрын

I'm glad it made sense! 😊

@richardwaldron1684 2 жыл бұрын

Finally, someone who can explain this clearly so it makes sense to me. Many thanks for posting

@InsideCloudAndSecurity 2 жыл бұрын

Glad it helped. 👍

@Southpaw07 2 жыл бұрын

i was struggling to understand app registration and concepts and found this tremendously helpful. Amazing LinkedIn AZ500 class too. Thank you Pete keep up the great work!

@InsideCloudAndSecurity 2 жыл бұрын

Thank you! Glad this was helpful. 👍

@TenMinuteKQL Жыл бұрын

Great Azure content in easy to understand terms, keep it coming!

@ksks941 2 жыл бұрын

Thanks Pete for clarifying this topic in simple words. Really helpful for me.

@InsideCloudAndSecurity 2 жыл бұрын

You're very welcome! ☺

@gamezpedia Жыл бұрын

Amazing | Simple and more practical.

@InsideCloudAndSecurity Жыл бұрын

Glad you liked 👍

@ilannknochen Жыл бұрын

Awesome work Peter!

@pluralcloud1756 3 жыл бұрын

Great content- would like more on just the selection of "Web - redirect url" in Register an Application. Could you continue with the series and also add some diagrams relating to the various choices and scenarios? Like SasS, where would you obtain the guid and use it in an application to have permissions to the user's resources, which the identity management allows permission to access. Thank you.

@InsideCloudAndSecurity 2 жыл бұрын

Yes. Planning to produce an updated version in the next few weeks to address recent changes. Can add some guidance in areas you are suggesting.

@inknochen_ 3 жыл бұрын

awesome. crystal clear to me. thanks!

@InsideCloudAndSecurity 3 жыл бұрын

Excellent. Glad to hear that. Good luck! 🤞👍

@richardlanglois5183 3 жыл бұрын

Great presentation!

@InsideCloudAndSecurity 3 жыл бұрын

Thank you kindly!

@emiliakullutwe9569 3 жыл бұрын

Hi, I'm an intern and I was asked to integrate one of the company apps that is on Oracle APEX new version with active directory, how can I register an app from oracle apex in azure AD? Please help!

@InsideCloudAndSecurity 2 жыл бұрын

Hmm, your comment just popped up here. For non-Microsoft apps, the vendor (Oracle, in this case) will generally provide instructions for app registration in Azure AD in their documentation.

@smusunuri 3 жыл бұрын

Liked consent explanation. Thanks

@InsideCloudAndSecurity 3 жыл бұрын

Thanks. Hope it helps! 👍

@terencengwork890 2 жыл бұрын

Excellent video. If I have several users that want to programatically interact with files stored in (different) sharepoint sites via Graph API (with Python). Do I create multiple Apps and use application permissions and limit the scope to Sites.Selected for each? Or do I create one App Registration for all users/sites and use delegated permissions? One App w/delegated permissions is more manageable from an admin perspective, but on the user end, they have to get and enter an access token which means there's some interaction and more steps involved.

@InsideCloudAndSecurity 2 жыл бұрын

Per-site access is possible. Look at good blog posts here devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/ and here mmsharepoint.wordpress.com/2021/08/18/accessing-sharepoint-sites-with-resource-specific-consent-rsc-and-microsoft-graph/

@abhishekinvisible Жыл бұрын

Thanks for explaining.

@bhushan161988 2 жыл бұрын

awesome video!!! thanks for that. Quick question - is service principal similar to the service account in other cloud services? i believe service account is the account with which our production jobs run instead of running with our own accounts.

@InsideCloudAndSecurity 2 жыл бұрын

It would be more accurate to say service principals avoid use of service accounts as they exist in on-premises Active Directory. You'll find a good read on service principals and managed identities at devblogs.microsoft.com/devops/demystifying-service-principals-managed-identities/

@rock_0075 3 жыл бұрын

Thanks for the video, I am looking bring the Azure AD to my app (react+ springBoot) , but not sure what will be best suited for me (Azure Ad B2C, Azure ad B2B etc), as my app has the functionality to register new user (name, email address(any domain email address) and password) and login. advise or pointer on this please?

@InsideCloudAndSecurity 3 жыл бұрын

It depends. Are you expecting users to authenticate with a work identity (Azure AD or federated) or social identity (Facebook, Google, etc). If the first, look at Azure AD B2B. If the latter, Azure AD B2C.

@rock_0075 3 жыл бұрын

@@InsideCloudAndSecurity Thanks for the answer, I am still a bit not sure? as for my scenario, I like the user to Signup with any email id (abc@xyz.com), and that email I am looking to save in the backend(Spring + mysql DB) as well and then map that email as Primary key for that customer in the DB

@AravindKumar-dc6ct 3 жыл бұрын

Very well explained. Thank you

@InsideCloudAndSecurity 3 жыл бұрын

Thanks! 👍

@rahulch9674 3 жыл бұрын

amazing explanation.. loved it, thank you.

@InsideCloudAndSecurity 3 жыл бұрын

Glad you liked it!

@javier220577 3 жыл бұрын

Thank you for your video. IT was very helpful and informative

@InsideCloudAndSecurity 3 жыл бұрын

You are welcome!

@ainigma100 2 жыл бұрын

Thank you for your video. Assume that we have an application (BE and FE) which is deployed via azure DevOps. What will happens if the app registration secret expires? Do we have to do something or we just renew the secret of app registration? After we renew the secret do we have to update something else? Thank you in advance

@DelMadman 3 жыл бұрын

Amazing explanation! Is not clear for me what the difference between the service principal and managed service identity? It seems like they solve the same problems, allow a user or an app securely access other resources in azure, but what the difference? what is the key difference that make me choose one or another? please explain

@InsideCloudAndSecurity 3 жыл бұрын

Sorry for delayed reply, your comment was incorrectly flagged by KZbin as spam. managed identity came along after service principal, and are the preferred approach. Use system identities on services that support them, as it is auto-created and auto-removed along with the service it is tied to. User-assigned managed identities are created independent of a resource, but you have to delete them manually (less convenient). You could say the difference between a managed identity and a service principal is that a managed identity "manages" the creation and automatic renewal of a service principal on your behalf.

@XboxGamerkings 2 жыл бұрын

tyvm! earned yourself a sub

@InsideCloudAndSecurity 2 жыл бұрын

Glad it helped. 👍

@gregborodin2768 3 жыл бұрын

thanks. this was short and helpfull

@InsideCloudAndSecurity 3 жыл бұрын

Glad it helped!

@princemathew8853 3 жыл бұрын

which subscription we need, office 365 subscription or Azure Subscription for App Registeration?

@InsideCloudAndSecurity 3 жыл бұрын

Sorry, your comment got automatically pushed into a moderation bucket. This is a feature of Azure AD, so you don't need an Azure sub or Office 365 to use this feature.

@nickromanek9444 2 жыл бұрын

Best explanation I found so far, I'm looking into converting a LOB app hosted in Azure to use SSO with AAD. Ideally, we'd allow external users to continue using the authentication in place for the website (has it's own database and send code for MFA), but if it detects that an internal employee is logging in, we want it to detect that using the domain and then trigger the SSO process using AAD. Hopefully my explanation is clear enough, but do you know if that's possible? Any other resources you could point me to for this?

@InsideCloudAndSecurity 2 жыл бұрын

Sounds a bit more complicated as you have a custom authentication strategy. Some high-level guidance from Microsoft starts here - docs.microsoft.com/en-us/azure/active-directory/fundamentals/five-steps-to-full-application-integration-with-azure-ad