You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking for end-to-end guidance on deploying Azure Active Directory (Azure AD) capabilities? Azure AD deployment plans walk you through the business value, planning considerations, and operational procedures needed to successfully deploy common Azure AD capabilities.
19
+
Looking for complete guidance on deploying Azure Active Directory (Azure AD) capabilities? Azure AD deployment plans walk you through the business value, planning considerations, and operational procedures needed to successfully deploy common Azure AD capabilities.
20
20
21
21
From any of the plan pages, use your browser's Print to PDF capability to create an up-to-date offline version of the documentation.
22
22
@@ -25,16 +25,16 @@ From any of the plan pages, use your browser's Print to PDF capability to create
25
25
26
26
| Capability | Description|
27
27
| -| -|
28
-
|[Multi-Factor Authentication](../authentication/howto-mfa-getstarted.md)| Azure AD Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using admin-approved authentication methods, Azure AD MFA helps safeguard access to your data and applications while meeting the demand for a simple sign-in process. Watch this video on [How to configure and enforce multi-factor authentication in your tenant](https://www.youtube.com/watch?v=qNndxl7gqVM)|
28
+
|[Azure AD multifactor authentication](../authentication/howto-mfa-getstarted.md)| Azure AD Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using admin-approved authentication methods, Azure AD MFA helps safeguard access to your data and applications while meeting the demand for a simple signin process. Watch this video on [How to configure and enforce multi-factor authentication in your tenant](https://www.youtube.com/watch?v=qNndxl7gqVM)|
29
29
|[Conditional Access](../conditional-access/plan-conditional-access.md)| With Conditional Access, you can implement automated access control decisions for who can access your cloud apps, based on conditions. |
30
30
|[Self-service password reset](../authentication/howto-sspr-deployment.md)| Self-service password reset helps your users reset their passwords without administrator intervention, when and where they need to. |
31
-
|[Passwordless](../authentication/howto-authentication-passwordless-deployment.md)| Implement passwordless authentication using the the Microsoft Authenticator app or FIDO2 Security keys in your organization |
31
+
|[Passwordless](../authentication/howto-authentication-passwordless-deployment.md)| Implement passwordless authentication using the Microsoft Authenticator app or FIDO2 Security keys in your organization |
32
32
33
33
## Deploy application and device management
34
34
35
35
| Capability | Description|
36
36
| -| - |
37
-
|[Single sign-on](../manage-apps/plan-sso-deployment.md)| Single sign-on helps your users access the apps and resources they need to do business while signing in only once. After they've signed in, they can go from Microsoft Office to SalesForce to Box to internal applications without being required to enter credentials a second time. |
37
+
|[Single sign-on](../manage-apps/plan-sso-deployment.md)| Single sign-on helps your users' access the apps and resources they need to do business while signing in only once. After they've signed in, they can go from Microsoft Office to SalesForce to Box to internal applications without being required to enter credentials a second time. |
38
38
|[My Apps](../manage-apps/my-apps-deployment-plan.md)| Offer your users a simple hub to discover and access all their applications. Enable them to be more productive with self-service capabilities, like requesting access to apps and groups, or managing access to resources on behalf of others. |
39
39
|[Devices](../devices/plan-device-deployment.md)| This article helps you evaluate the methods to integrate your device with Azure AD, choose the implementation plan, and provides key links to supported device management tools. |
40
40
@@ -43,10 +43,9 @@ From any of the plan pages, use your browser's Print to PDF capability to create
43
43
44
44
| Capability | Description|
45
45
| -| -|
46
-
|[ADFS to Password Hash Sync](../hybrid/plan-migrate-adfs-password-hash-sync.md)| With Password Hash Synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, letting Azure AD authenticate users with no interaction with the on-premises Active Directory |
47
-
|[ADFS to Pass Through Authentication](../hybrid/plan-migrate-adfs-pass-through-authentication.md)| Azure AD Pass-through Authentication helps your users sign in to both on-premises and cloud-based applications using the same passwords. This feature provides users with a better experience - one less password to remember - and reduces IT helpdesk costs because users are less likely to forget how to sign in. When people sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory. |
46
+
| [AD FS to cloud user authentication](/hybrid/migrate-from-federation-to-cloud-authentication.md)| Learn to migrate your user authentication from federation to cloud authentication with either pass through authentication or password hash sync.
48
47
|[Azure AD Application Proxy](../app-proxy/application-proxy-deployment-plan.md)|Employees today want to be productive at any place, at any time, and from any device. They need to access SaaS apps in the cloud and corporate apps on-premises. Azure AD Application proxy enables this robust access without costly and complex virtual private networks (VPNs) or demilitarized zones (DMZs). |
49
-
|[Seamless SSO](../hybrid/how-to-connect-sso-quick-start.md)| Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. With this feature, users won't need to type in their passwords to sign in to Azure AD and usually won't need to enter their usernames. This feature provides authorized users with easy access to your cloud-based applications without needing any additional on-premises components. |
48
+
|[Seamless SSO](../hybrid/how-to-connect-sso-quick-start.md)| Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. With this feature, users won't need to type in their passwords to sign in to Azure AD and usually won't need to enter their usernames. This feature provides authorized users with easy access to your cloud-based applications without needing any extra on-premises components. |
50
49
51
50
## Deploy user provisioning
52
51
@@ -74,8 +73,8 @@ Roles might include the following
74
73
|End-user|A representative group of users for which the capability will be implemented. Often previews the changes in a pilot program.
75
74
|IT Support Manager|IT support organization representative who can provide input on the supportability of this change from a helpdesk perspective.
76
75
|Identity Architect or Azure Global Administrator|Identity management team representative in charge of defining how this change is aligned with the core identity management infrastructure in your organization.|
77
-
|Application Business Owner |The overall business owner of the affected application(s), which may include managing access. May also provide input on the user experience and usefulness of this change from an end-user's perspective.
78
-
|Security Owner|A representative from the security team that can sign off that the plan will meet the security requirements of your organization.|
76
+
|Application Business Owner |The overall business owner of the affected application(s), which may include managing access. May also provide input on the user experience and usefulness of this change from an enduser's perspective.
77
+
|Security Owner|A representative from the security team that can sign out that the plan will meet the security requirements of your organization.|
79
78
|Compliance Manager|The person within your organization responsible for ensuring compliance with corporate, industry, or governmental requirements.|
80
79
81
80
**Levels of involvement might include:**
@@ -88,10 +87,9 @@ Roles might include the following
88
87
89
88
-**I**nformed of project plan and outcome
90
89
91
-
92
90
## Best practices for a pilot
93
-
A pilot allows you to test with a small group before turning a capability on for everyone. Ensure that as part of your testing, each use case within your organization is thoroughly tested. It's best to target a specific group of pilot users before rolling this out to your organization as a whole.
91
+
A pilot allows you to test with a small group before turning on a capability for everyone. Ensure that as part of your testing, each use case within your organization is thoroughly tested. It's best to target a specific group of pilot users before rolling this deployment out to your organization as a whole.
94
92
95
-
In your first wave, target IT, usability, and other appropriate users who can test and provide feedback. This feedback should be used to further develop the communications and instructions you send to your users, and to give insights into the types of issues your support staff may see.
93
+
In your first wave, target IT, usability, and other appropriate users who can test and provide feedback. Use this feedback to further develop the communications and instructions you send to your users, and to give insights into the types of issues your support staff may see.
96
94
97
95
Widening the rollout to larger groups of users should be carried out by increasing the scope of the group(s) targeted. This can be done through [dynamic group membership](../enterprise-users/groups-dynamic-membership.md), or by manually adding users to the targeted group(s).
0 commit comments