![]() Azure AD Security Token Service (Azure AD STS): A stateless STS that processes sign-in requests and issues security tokens to user browsers, clients, or services as required.The following components are involved when you use pass-through authentication for user sign-in: Pass-through authentication protects your user accounts by working seamlessly with Azure AD Conditional Access policies, including multifactor authentication (MFA), blocking legacy authentication, and by filtering out brute force password attacks.Ĭomponents involved in pass-through authenticationįor general details about operational, service, and data security for Azure AD, see the Trust Center.The HTTPS channel between Azure AD and the on-premises authentication agent is secured by using mutual authentication.Passwords that users provide during sign-in are encrypted in the cloud before the on-premises authentication agents accept them for validation against Windows Server Active Directory (Windows Server AD). ![]() For the complete list of the network requirements, see the Azure Active Directory pass-through authentication quickstart.Port 80 is used only for downloading certificate revocation lists (CRLs) to ensure that none of the certificates this feature uses have been revoked.Port 443 is used for all authenticated outbound communication.You don't need to open inbound ports on your firewall. Only standard ports (port 80 and port 443) are used for outbound communication from the authentication agents to Azure AD.As a best practice, treat all servers that are running authentication agents as Tier 0 systems (see reference). There's no requirement to install these authentication agents in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet). On-premises authentication agents that listen for and respond to password validation requests make only outbound connections from within your network.On-premises passwords are never stored in the cloud in any form.It's built on a secure multi-tenanted architecture that provides isolation of sign-in requests between tenants.Pass-through authentication has these key security capabilities: Pass-through authentication key security capabilities Detailed technical information about how to keep the authentication agents operationally secure.The security of the channels between on-premises authentication agents and Azure AD.Detailed technical information about password encryption during user sign-in. ![]()
0 Comments
Leave a Reply. |