More Azure AD fun with Part 2 and a few extra goodies!

John Savill's Frequently Asked Questions

Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions. Read through the FAQ archives, or send him your questions via email.

Q. What federation services work with Azure AD?

Q. I want to deploy a container orchestrator in Azure however Azure Container Service does not expose the capabilities I want for the generated solution.

Q. Does the 500,000 object limit apply for Azure AD Free if I use Office 365?

Q. What federation services work with Azure AD?
Dept - Azure

A. One authentication option for Azure AD is to use federation. Typically ADFS is utilized however other federation services can be used. Oxford maintain a list of federation services they have tested against which is listed at https://docs.microsoft.com/en- us/azure/active-directory/ connect/active-directory- aadconnect-federation- compatibility. If you wish to use a federation solution not on the list it does not mean it will not work, only that it has not been tested. Realize that federation is fairly complex as it is not just Oauth2, SAML 2.0 etc but also the format of the response, processes for metadata exchange, certificate exchange etc. Often web-flows (i.e. interactions from a browser) can be enabled but more complex scenarios such as from rich client applications/ActiveSync are problematic. The only way to know would be to perform a test.

Q. I want to deploy a container orchestrator in Azure however Azure Container Service does not expose the capabilities I want for the generated solution.
Dept - Azure

A. Azure Container Service is an Azure solution that enables the automatic provisioning of a container orchestrator solution, specifically Docker Swarm, Kubernetes or DC/OS in a best practice deployment to Azure IaaS VMs. You may find that the deployment does not meet your configuration requirements, for example right now it does not support managed disk. An alternate option is to use ACS Engine (which itself could be run in a container) which after entering the desired configuration will output a JSON file that can then be used to actually create the resources in Azure. The solution can downloaded from https://github.com/Azure/acs- engine.

Q. Does the 500,000 object limit apply for Azure AD Free if I use Office 365?
Dept - Azure

A. No. Normally an Azure AD instance with only free users is limited to 500,000 objects (not just users, but number of objects). To remove the limitation you need Azure AD Basic or above. If, however, you use the Azure AD tenant with Office 365 then the 500,000 object limit is also removed as Office 365 creates a lot of objects in Azure AD. This is documented at https://www.microsoft.com/en- us/cloud-platform/azure- active-directory-features.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish