Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Azure Active Directory for Secure Application Development
Azure Active Directory for Secure Application Development

Azure Active Directory for Secure Application Development: Use modern authentication techniques to secure applications in Azure

eBook
$22.99 $33.99
Paperback
$41.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Azure Active Directory for Secure Application Development

Chapter 1: Microsoft Identity Platform Overview

This chapter introduces the first objective in this book, the Microsoft identity platform. In this chapter, we will start by introducing the Microsoft identity platform and giving a high-level overview of the features and capabilities it has to offer. As well as the overview, we are also going to cover the evolution of this platform. Then, we are going to dive a bit into the more technical aspects by covering how users are authenticated using the Microsoft identity platform and what the permissions and consent framework is about.

At the end of this chapter, you will have a high-level understanding of the different components that are part of the platform.

The following topics will be covered in this chapter:

  • Learning about the Microsoft identity platform
  • Understanding the evolution of the Microsoft identity platform
  • Introducing Azure Active Directory
  • Introducing Azure AD B2B
  • Introducing Azure AD B2C
  • Setting up an Azure AD tenant
  • Adding a user to Azure AD
  • Cleaning up the resources

Learning about the Microsoft identity platform

The Microsoft identity platform is a comprehensive set of components that help developers to build applications that sign users in with various types of accounts, such as Microsoft identities or social media accounts. The types of applications that can make use of the platform and its components include web applications, web APIs, and mobile apps.

The Microsoft identity platform components consist of authentication services, a set of open source libraries, and various application management tools. These different sorts of tools are specified in more detail as follows:

  • Industry standards: The base platform is completely based on industry standards, such as OAuth 2.0, OpenID Connect, and SAML v2.0.
  • Identities: The platform offers developers the ability to use the OpenID Connect standard-compliant authentication service to authenticate using a variety of identity types:
    • Work or school accounts: These are stored in Azure Active Directory (Azure AD).
    • Personal Microsoft accounts: For example, Xbox, Outlook, Skype, and Hotmail accounts.
    • Social or local accounts: With Azure AD B2C, you can use both social accounts (such as Facebook, Google, and Twitter) or local (external database or partner email) accounts. Azure App Services authentication supports authenticating using Azure AD and a few social accounts, such as Facebook and Google.
  • Open source libraries: The Microsoft identity platform offers the Microsoft Authentication Library (MSAL) and support for other standard-compliant libraries.
  • Application management portal: Applications can be registered and configured in Azure AD by using the Azure portal. From here, applications can also be configured.
  • Application configuration API and PowerShell: The Microsoft identity platform has support for registering and configuring your applications using the Graph API and PowerShell. Using this programmatic approach, these tasks can be automated using your CI/CD pipelines.

The following diagram illustrates the different components of what the Microsoft identity platform is made of:

Figure 1.1 – Microsoft identity platform overview

Figure 1.1 – Microsoft identity platform overview

In the next section, we are going to investigate the evolution of the Microsoft identity platform.

Understanding the evolution of the Microsoft identity platform

The Microsoft identity platform is the evolution of the Azure AD developer platform. Many developers have worked with the Azure AD platform previously to authenticate against Azure AD. For this, they have used the Azure AD v1.0 endpoint to authenticate using only work or school accounts. Work and school accounts are accounts that are all provisioned in Azure AD.

By using the Azure portal, the Microsoft Graph API, and the Azure AD Authentication Library (ADAL), developers can request access tokens from the Azure AD v1.0 endpoint. This can be done for both single-tenant apps as well as for multi-tenant apps.

By using the unified Microsoft identity platform (v2.0), you can authenticate using multiple types of accounts. It supports both organizational and consumer accounts to authenticate users. Unlike the v1.0 endpoint, the v2.0 endpoint is capable of authenticating using work or school accounts (that are provisioned in Azure AD), personal accounts, (Outlook, Xbox, Skype, or Live accounts), and social media accounts (for Azure AD B2C). Now you only have to write code once and you can authenticate with any Microsoft identity in your application.

You can add the open source MSAL, which is supported for several platforms, such as .NET, JavaScript, Java, and Python. Microsoft highly recommends using MSAL to connect to the identity platform endpoints. MSAL is highly reliable and has great performance, is easy to use, has support for single sign-on (SSO), and is developed using the Microsoft Secure Development Lifecycle (SDL). SDL is a topic of its own and way beyond the scope of this book, but in short, it is a software development process proposed and used by Microsoft internally that helps to reduce maintenance costs and increases the reliability of software related to software security.

The v2.0 endpoint also provides support for dynamic and incremental consent. This means that instead of specifying all the permissions upfront when you register your app in Azure AD, you can request the permissions incrementally. You only request consent for a basic set of permissions upfront that an ordinary user can consent to themselves. For instance, the ability to read their own profile data. Then, when a user tries to access different data in the application, such as a list of groups in the user's organization, the application will ask for the user or administrator's consent, depending on the permissions and how the tenant is configured. This will be covered in more detail later in this chapter.

MSAL also supports Azure AD Business to Consumer (Azure AD B2C). Customers that are using your applications and APIs can also use their social accounts to log in to the application.

In the next diagram, you will see an overview of the Microsoft identity experience at a high level, compared to the Azure AD developer platform:

Figure 1.2 – Microsoft identity platform experience

Figure 1.2 – Microsoft identity platform experience

Important Note

MSAL.NET can now directly connect to an ADFS authority. It does not need to go through Azure AD. This is only supported from AD FS 2019 and above. For more information, you can refer to https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/ADFS-support.

Now that we have some background information about the Microsoft identity platform and its predecessor, the Azure AD for Developers platform, we can now dive into Azure AD, which is the backbone for all applications and permissions in Azure.

Introducing Azure AD

Azure AD provides a cloud-based enterprise directory and identity management service. It offers features to give users seamless access to all types of resources, internal and external. For instance, it enables the traditional method of user authentication through a username and password, along with the management of roles and permissions to give users access to a variety of resources and products, such as the Azure portal, applications inside of the corporate network, and also Software as a Service (SaaS) applications and Office 365.

It offers traditional username and password management as well as roles and permissions management. On top of that, it offers more enterprise-grade features, such as multi-factor authentication (MFA), and SSO for your applications. It also offers different monitoring and alerting capabilities out of the box.

Azure AD offers different pricing plans, all coming with different types of features and capabilities:

  • Free: You can gain access to the most basic features by choosing this plan. This consists of support for approximately 500,000 identity objects, seamless SSO, device registration, Azure AD Join, user and group management, external identities with Azure AD B2B, Pass-Through Authentication (PTA), self-service password change, groups, and standard security reports.
  • Office 365 apps: This offers no object limit, has an Service-level Agreement (SLA) for 99.9% uptime, self-service password reset for cloud users, company branding features, and device write-back (a two-way sync for device objects between on-premises directories and Azure).
  • Premium P1: This offers advanced reporting, MFA and Conditional Access, Advanced Group Access Management, support for the application proxy, which can be used to provides secure remote access to on-premises web applications, Azure Information Protection (AIP) integration, Microsoft Cloud App Discovery, Azure AD Join, MDM auto-enrollment, and local admin policy customization.
  • Premium P2: This offers identity protection, Privileged Identity Management (PIM), access reviews, and entitlement management.

    Important Note

    For a detailed overview of all the different features for each pricing plan, you can refer to the following site: https://azure.microsoft.com/en-us/pricing/details/active-directory/.

Azure AD is also used to manage user identities in Microsoft 365. Microsoft 365 is a collection of different services, such as Windows 10, Office 365, and Enterprise Mobility. By default, your Microsoft 365 subscription comes with the free plan of Azure AD, but you can also purchase different plans to get more features.

For developers, Azure AD is primarily used for issuing tokens that enable users to sign in to applications. Before these tokens can be issued, applications need to be registered inside Azure AD, permissions need to be set, and users need to be added that can access the applications or have access to Microsoft 365 data. This is mainly done by IT administrators, but it is also important for developers to know how to put this in place. Developers can also make use of the enterprise-grade security features in Azure AD, such as Conditional Access policies and SSO, for example.

Next to the fact that an Azure AD tenant is created together with your sign-up for an Azure, Microsoft 365, Office 365, or Intune account, you can also create an Azure AD tenant manually. An Azure AD tenant is basically a representation of an organization. You create a dedicated instance of Azure AD bound to the organization. It is also possible to create multiple Azure AD tenants. Each Azure AD tenant is completely separated from other Azure AD tenants and has its own work or school identities, Azure AD B2C consumer identities, and app registrations. An app registration can be single-tenant, which only allows authentications from accounts within the tenant where it is registered, or multi-tenant, which allows authentications from all tenants.

In the next sections, we will briefly introduce Azure AD Business to Business (B2B) and Azure AD Business to Consumer (B2C).

Introducing Azure AD B2B

This book is focusing on Azure AD from a developer's perspective. This means that, as a developer, you will not work with Azure AD B2B very often, although Microsoft Graph does offer APIs for Azure AD B2B that you can leverage inside your custom applications. You may encounter Azure AD B2B users in the solutions you build.

But, to give a complete overview of the different products and services that Azure AD has to offer, I will give a short introduction to this feature as well.

Azure AD B2B collaboration is a feature on top of Azure AD. You can add external identities to your Azure AD tenant to collaborate with external users inside your organization. Partners or individuals are not required to have an Azure AD or even an IT department. Azure AD B2B uses a simple redemption process to give access to your company resources, Azure environment, or Office 365 environment, using their own credentials. Partners use their own Azure identity management solution with Azure AD B2B. This reduces the administrative overhead that comes with managing accounts with external users. External users can log in to Azure AD-connected apps and services using their own work, school, personal, or social media identities.

Azure AD B2B APIs (using Microsoft Graph) can be used by developers to customize the invitation process or write applications such as self-service sign-up portals. Azure AD External Identities uses a billing model based on monthly active users (MAU), which is basically the same for Azure AD B2C. The first 50,000 users are free, then there is a monthly charge per monthly active user.

Azure AD B2B offers the following features:

  • Management portal: Azure AD B2B is part of Azure AD, which means that all external users can be managed from the Azure portal. This is fully integrated with Azure AD, and the user experience is completely the same as for internal users.
  • Groups: You can create groups for external users or add them to dynamic groups. With dynamic groups, administrators can set up rules to populate groups based on user attributes.
  • Conditional Access: With Conditional Access, you can set conditions for your users. You can enforce external users to use MFA or give them access to certain applications or access from limited locations or devices.
  • Auditing and reporting: Azure AD B2B is an add-on to Azure AD, which means you can use the auditing ad reporting capabilities that are part of Azure AD. For instance, you can look into the invitation history and acceptance details.

In the next section, we will introduce Azure AD B2C.

Introducing Azure AD B2C

Azure AD B2C is a business-to-customer identity as a service aimed at public-facing mobile and web applications. Customers can use their preferred social, enterprise, or local account identities to get SSO access to your applications and APIs. These applications can be hosted everywhere, in Azure or other cloud providers, but also on-premises.

It offers a set of out-of-the-box authentication providers. These authentication providers can be used in your apps and custom APIs. For this, it uses industry-standard protocols and libraries, such as OAuth 2.0, OpenID Connect, and MSAL.

This means that developers don't have to add additional SDKs for making use of these authentication providers manually to their code; that is all handled by Microsoft and embedded in the SDKs that are used for authenticating against Azure. As well as the authentication providers that are offered by Azure AD B2C, you can also add your own authentication providers.

Azure AD B2C offers the following account types:

  • Social accounts: Such as Facebook, Google, LinkedIn, and Twitter.
  • Enterprise accounts: Azure AD accounts, or other accounts that use open standards protocols.
  • Local accounts: These are accounts using email address/username and password and are registered inside the Azure AD B2C portal.

Your application needs to be registered inside the Azure B2C tenant. After registration, built-in flows and policies can be configured for the app inside the Azure AD B2C portal, where you can enable different authentication providers, set claims, and enable MFA that be used inside your applications. By configuring these user flows inside of the Azure AD B2C portal, they can easily be reused in different types of applications.

Important Note

Azure AD B2C is covered in more detail in Part 3 of this book: Azure AD Business to Consumer.

In the next section, we are going to set up the Azure AD tenant that we are going to use for all the demos in this book.

Setting up an Azure AD tenant

In this section, we are going to set up a new Azure AD tenant inside an Azure subscription.

Important Note

If you are new to Azure and don't have a subscription already, you can sign up for a free account here: https://azure.microsoft.com/en-us/free/.

Microsoft also offers the Microsoft 365 Developer Program. Here you can sign up for an E5 licensed tenant with no need to sign up for a subscription, no credit card needed, and you get access to sample data packs. The tenant is live by default for 90 days and it will automatically renew if it is actively used. If you want to use an environment that includes a fully functional E5 license including all the features and sample data, this is the way to go. You can sign up for this program here: https://developer.microsoft.com/en-us/microsoft-365/dev-program.

To create a new Azure AD tenant, you have to take the following steps:

  1. Open a web browser and navigate to https://portal.azure.com.
  2. In the overview page of Azure AD, in the top menu, select + Create a resource:
Figure 1.3 – Azure portal overview

Figure 1.3 – Azure portal overview

  1. Search for Azure Active Directory in the search box and select it.
  2. Click the Create button to start creating a new Azure AD tenant.
  3. Next, in the Basic tab, you need to select the type of tenant that you want to create, an Azure Active Directory or Azure Active Directory (B2C) tenant. Azure Active Directory will be selected by default. Make sure that it is selected and click Next: Configuration:
Figure 1.4 – Selecting the type of tenant to create

Figure 1.4 – Selecting the type of tenant to create

  1. In the next screen, you need to specify the values for the Azure AD tenant. I've used the following values, but you have to fill in a unique name here:
    • Organization name: PacktPubDev.
    • Initial domain name: PacktPubDev. This will result in the following domain name: PacktPubDev.onmicrosoft.com.
    • Country/Region: Here, select your current country or region.

Your settings will look like the following screenshot:

Figure 1.5 – Specifying Azure AD tenant details

Figure 1.5 – Specifying Azure AD tenant details

  1. Click Review + create and Create. If needed, prove that you are not a robot and then click Submit to create the Azure AD tenant.

It will take a couple of minutes before the Azure AD tenant is created. After it is created, we can start adding our first user to it. Let's cover this in the next section.

Adding a user to Azure AD

Now that we have our Azure AD tenant in place, we can add our first user to it. For this, you have to take the following steps:

  1. We first need to ensure that the new directory that was created in the previous step is active. For this, we need to select the directory icon in the top-right menu, and then select the Azure AD tenant that we have just created:
Figure 1.6 – Selecting the new Azure AD tenant

Figure 1.6 – Selecting the new Azure AD tenant

Tip

If the directory is not yet available in the list, you need to log out and log in again. Then, open the directory menu again and select the directory.

  1. Now that we have selected the right directory, we can navigate to the Azure AD tenant.
  2. On the Overview page of the Azure portal, type Azure Active Directory in the top search box and select it. The Azure AD Overview page will be displayed.
  3. In the left menu, under Manage, select Users:
Figure 1.7 – Selecting Users in the menu

Figure 1.7 – Selecting Users in the menu

  1. In the top menu, select + New user:
Figure 1.8 – Creating a new user

Figure 1.8 – Creating a new user

  1. Specify the required values as follows:
    • Username: packdemouser1.
    • Name: Packt DemoUser1.
    • First name: Packt.
    • Last name: DemoUser1.
    • Password: You can choose between letting Azure auto-generate a password or creating your own password. In this case, leave the default value.

This will look like the following screenshot:

Figure 1.9 – Specifying the user values

Figure 1.9 – Specifying the user values

  1. Click Create.

We have now created a new user in our Azure AD tenant. In the next section, we are going to cover how you can delete the Azure AD tenant when it is not needed anymore.

Cleaning up the resources

If you don't intend to continue using the Azure AD tenant, you can easily delete it. If you are planning on using this tenant for the rest of the book, you can skip this part and come back to it when you are ready to delete the tenant.

To delete an Azure AD tenant in the Azure portal, you have to take the following steps:

  1. On the Overview page of Azure AD, in the top menu, select Manage tenants:
Figure 1.10 – Managing tenants

Figure 1.10 – Managing tenants

  1. Then, select the Azure AD tenant that you want to delete from the list, and click on Delete in the top menu:
Figure 1.11 – Deleting a tenant

Figure 1.11 – Deleting a tenant

  1. Before you can delete the tenant, the users need to be deleted; therefore, under Required action, click Delete all users:
Figure 1.12 – Deleting tenant settings

Figure 1.12 – Deleting tenant settings

  1. You will be redirected to the Users tab where you can delete all the users. Select the users and then in the top menu, click Delete user:
Figure 1.13 – Deleting users

Figure 1.13 – Deleting users

  1. Click OK when you are asked if you want to delete the selected users.
  2. You will notice that the Azure AD administrator cannot be deleted. Navigate back to the Azure AD Overview page and click on Delete tenant again. Now, you will see that there are no required actions, and you can delete the tenant by clicking the Delete button:
Figure 1.14 – Deleting an Azure AD tenant

Figure 1.14 – Deleting an Azure AD tenant

We have now cleaned up our resources by deleting the Azure AD tenant. This concludes this chapter.

Summary

In this chapter, we introduced the Microsoft identity platform. We covered all the different features and capabilities that it has to offer from a high level. Next, we covered Azure AD and the different products that it has to offer. We looked at Azure AD B2B and Azure AD B2C, where the latter is mostly used by developers. Then, we created a new Azure AD tenant in the Azure portal, added our first user to it, and finally, cleaned up our resources and removed the Azure AD tenant.

After this introduction of all the different products and features that are offered by Azure, we are going to focus on registering applications inside our Azure AD tenant in the next chapter.

Further reading

You can check out the following links for more information about the topics that were covered in this chapter:

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Confidently secure your Azure applications using the tools offered by Azure AD
  • Get to grips with the most modern and effective authorization and authentication protocols
  • Unlock the potential of Azure AD’s most advanced features including Microsoft Graph and Azure AD B2C

Description

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.

Who is this book for?

If you are a developer or architect who has basic knowledge of Azure Active Directory and are looking to gain expertise in the application security domain, this is the book for you. Basic Azure knowledge and experience in building web applications and web APIs in C# will help you get the most out of this book.

What you will learn

  • Get an overview of Azure AD and set up your Azure AD instance
  • Master application configuration and the use of service principals
  • Understand new authentication protocols
  • Explore the Microsoft Identity libraries
  • Use OpenID Connect, OAuth 2.0, and MSAL to make sign-in fully secure
  • Build a custom app that leverages the Microsoft Graph API
  • Deploy Azure AD B2C to meet your security requirements
  • Create user flows and policies in Azure AD B2C

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 26, 2022
Length: 268 pages
Edition : 1st
Language : English
ISBN-13 : 9781838643126

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : May 26, 2022
Length: 268 pages
Edition : 1st
Language : English
ISBN-13 : 9781838643126

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 145.97
Azure Active Directory for Secure Application Development
$41.99
Azure for Developers
$51.99
Active Directory Administration Cookbook, Second Edition
$51.99
Total $ 145.97 Stars icon
Banner background image

Table of Contents

13 Chapters
Part 1: Getting Started with the Microsoft Identity Platform Chevron down icon Chevron up icon
Chapter 1: Microsoft Identity Platform Overview Chevron down icon Chevron up icon
Chapter 2: Azure AD Application Model Chevron down icon Chevron up icon
Chapter 3: Application Types and User Consent Chevron down icon Chevron up icon
Part 2: Authentication and Protocols Chevron down icon Chevron up icon
Chapter 4: The Basics and Evolution of Authentication Chevron down icon Chevron up icon
Chapter 5: Securing Applications with OAuth 2.0, OpenID Connect, and MSAL Chevron down icon Chevron up icon
Chapter 6:Building Secure Services Using the Microsoft Graph API Chevron down icon Chevron up icon
Part 3: Azure AD B2C Chevron down icon Chevron up icon
Chapter 7: Introducing Azure Active Directory B2C Chevron down icon Chevron up icon
Chapter 8: Advanced Features of Azure AD B2C Chevron down icon Chevron up icon
Chapter 9: Azure AD B2C Custom Policies Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8
(6 Ratings)
5 star 66.7%
4 star 0%
3 star 0%
2 star 16.7%
1 star 16.7%
Filter icon Filter
Top Reviews

Filter reviews by




Naresh Kumar Aug 24, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is an Amazing resource for Azure AD, Identity and access management, and different deployment models (b2b,b2c).Would recommend this resource - Azure Active Directory for Secure Application Development
Amazon Verified review Amazon
Ahmed Jun 04, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent book on Azure AD, it will provide you with a solid foundation on Azure AD with hands-on experience on the basic scenarios of authentication and authorization. It also dedicates an entire section for Azure AD B2C. Highly recommended!
Amazon Verified review Amazon
Shawn Deggans Jun 25, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I’m an Azure Architect, and I’m always looking to learn more about security and authorization options in Azure. It’s one of the reasons I was interested in reading this recent publication from Packt.This is the second book I’ve had the opportunity to read by Sjoukje Zaal. The first book was Azure DevOps Explained, and Zaal approaches Azure Active Directory for Secure Application Development with the same care and detail that they put into the DevOps book.The book begins with a thorough overview of the Microsoft’s Identity Platform. You’ll learn the basics of setting up an Azure AD Tenant, adding users, and the differences among Azure AD, Azure AD B2B, and Azure AD B2C.To understand how Azure and your custom application integrate to allow for security, you’ll need to understand the Azure AD Application Model. Basically, the goal here is to either sign in users to your application or direct them to another sign-in service or identity provider. And this isn’t just theory, there are solid examples that walk you through registering an application, setting scope, and configuring permissions through the portal. There’s also instructions for using the Azure Command Line Interface and PowerShell to register an application - perfect if you need to script out the process.Part one of the book wraps up with an overview of the different application types and how user consent works. Authorization code flow is a tricky thing to learn when you’re just starting out with authentication and authorization concepts. This concept is illustrated with a step-by-step diagram. And an introduction is made to authorization methods like OAuth 2.0, JWTs, and OAuth concepts like Code Flow with Proof Key for Code Exchange (PKCE). User consent and the user consent experience and covered, as well.Part 2 of the book really dives deep into Authentication and Protocols. This is where you’ll learn to apply concepts for second generation protocols like OAuth 2, OpenID Connect, and MSAL. Flows are also covered in detail here. By the time you finish Chapters 4 and 5 you’ll understand classic authentication processes and the latest approaches to securely authenticating.Chapter 6 is interesting because it gives a technical overview of the Microsoft Graph API, the Graph Explorer, and how to use Graph SDKs. There’s a detailed explanation of how to build out a .Net web application that connects to the API and retrieves a profile. It’s a great, practical way to learn the basics of working with the Graph.The final portions of the book cover how to use Azure B2C. B2C is important to learn if you plan to develop a SaaS application that will use emails from somewhere other than your tenant. Everything you need to know about B2C is covered here, from setting up the sign-up pages for your users, to creating custom policies, and creating an encryption key.Key features of the book that I think make it ideal for the application developer looking to understand more about Azure AD and application integration are the many diagrams that help explain some rather complicated concepts. There are also code samples and screenshots of where to go in the Azure portal to set up the various resources and configurations. Almost every chapter includes links to further reading resources.
Amazon Verified review Amazon
Tomica Kaniski Jun 06, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I really enjoyed reading this book as it is well-written and goes from the basics and slowly builds up your Azure AD knowledge. Also contains a bunch of practical, step by step, examples of how to do things in Azure AD, Azure CLI, Microsoft Graph, Azure AD B2C, etc. while providing all the necessary background information as well (with optional next steps). This is why I would recommend this book, not only to developers, but also to anyone that works with Azure AD.
Amazon Verified review Amazon
Amazon Customer Aug 12, 2024
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
used low quality paper and cover used for this book..content also not rich when i go through it
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.