Azure AD allows collaboration seamless for any user with any account (towards the dream)

In a world where collaboration rocks we always question the security boundary. By now I do hope all agree answer relies on identity. Our application access and controls should follow identity to allow people to truly provide the required flexibility to work from anywhere whilst maintaining the required security.

In Microsoft Azure Active Directory now they are towards to that dream. Today goes the public preview of allowing to share resources (Applications and data) with people from any organization, whether or not they have Azure AD or an IT department. Earlier Microsoft work closely with Google social IDs for this task.

Under this preview mode end user can use any of their e-mail ID type to access resources on another organization for true B2B collaboration. This is happening via email one-time passcodes (OTP).By using this new capability, you allow guest users to use their work email account for authentication while making sure your corporate resources are protected by the same security standards that are mandated by your partner organization. Once end user get the code and verified that session is valid for 24 hours. OTP codes are valid for 30 minutes. These settings carefully applied with security in mind.

In addition, we can apply additional security through conditional access and Multi-Factor Authentication (MFA) which available under AAP (Azure Active Directory Premium)

Guest user will get one-time passcode if below scenarios are true,

  • They do not have an Azure AD account
  • They do not have a Microsoft account
  • The inviting tenant did not set up Google federation for @gmail.com and @googlemail.com users

OTP 1
(Picture credits goes to Microsoft Techcommunity)

Ok let’s get into action to enable this feature now.

Log into Azure portal and go to Azure Active Directory –> Organizational relationships –> Users from other organizations –> Settings

select “Enable Email One-Time Passcode for Guests (Preview) after that save the changes.

image

Well that’s all you have to do. Head back to “Users from other organizations” and add the users. Once above task completed it might take little time to apply.

After that when you share the resources with the outside party.

image

When the first time user get the email he/she has to go through the redemption procedure and accept the company policies. Once completed when they try to access the company resources they will be request to sign in prompt and request for a code. Below is such example situation,

OTP 2OTP 3
(Picture credits goes to Microsoft Techcommunity)

What is exciting is the new doors this is opening for companies to allow securely access to their resources to external parties knowing the control they have.

Goodbye MVA and welcome “LEARN”

If you’re a technical person who loves Microsoft technology then you must have spend time on MVA. Microsoft Virtual Academy is one of my favorite place which I spend to learn about Microsoft technology. Starting from basic all the way to level 300 content is there plus do your own knowledge validation and exams. That bean said Microsoft has decided to close the learning site and come with new learning platform. Before I jump into that if you’re a MVA fan then you still have time to complete your pending learning and exams until end of January 2019. Best is visit the MVA site and complete your pending tasks Smile 

image

To view your progress visit Dashboard and complete any pending training courses,

image

So now you’re aware the future awaits for the MVA what that means to you with Microsoft Learn? What is Microsoft Learn?

Microsoft Learn is interactive learning environment that includes short step-by-step tutorials (I can see more in Azure Smile), interactive coding/scripting environments, and task-based achievements that help you advance your technical cloud skills. I like new idea but again change is not welcome by everyone at first glance. Best is you give a try and see how it matters to you.

image

I like the idea of role based training. Along with rapid changes in cloud technology it would be pretty difficult task to keep up with all the technology updates. Ideal would be to have small chunks and learn them. Even Microsoft Azure classroom training has to go through in that path in order to teach for students Smile

In case if you’re missing advance concepts training then Microsoft has provided external training partners web links for you to refer. Such learning partners are LinkedIn & Pluralsight.

image

I do hope Microsoft will not forget IT users who are interested in Windows Server, System Center technology. Fingers crossed for that.

Until that time arrives best is to start with “Azure Fundamentals” training Smile

https://docs.microsoft.com/en-us/learn/paths/azure-fundamentals/