You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

02: PolicyPak Cloud + Azure AD: Marry them up for enhanced Item Level Targeting!

If you are using Azure AD, and you want to quickly specify which policies will affect SOME of your Azure AD users, then ... marry up PPC and Azure AD. In this video you'll see how.

Hi, this is Jeremy Moskowitz. In this video, I'm going to show you how you can marry your PolicyPak Cloud account to your Azure Active Directory account. Why would you want to do this? You might have a scenario where you want to deliver or not deliver settings based upon which Azure AD user it is. For instance, in this item, I've got my Working from Home users, and I'll killing the control panel for all of them. If they're in Azure AD, you might want to decide which users get this prohibited access to the control panel and which ones don't. Well, if you were to click on the item here and click on Item Level Targeting, you could always right now go ahead and click on, say, user, but then there's really no way for you to know what the SID of the Azure account is.

Now we have a new magic feature which is this little Cloud button here. This Cloud button's going to show up under the user item level targeting item. Now when you click it, it's not configured by default, so it doesn't work and it doesn't do anything. You can see that. How do you get it to work and how do you get it to do something?

What you do is you go over to – we'll leave that for now. Once you're in Company Details, you go ahead and click on Configure Azure AD Access. You're going to add a configuration. You can have one or more Azure connectors, so if you have seven Azure domains you want to make a connection to, that's fine. We can support that. We'll just call this one Connection 1 to Fabrikam 1000. My tenet name is fabrikam1000. Then that's just saying that it's new and we're ready to go ahead and click Save here.

Once we're here, it's not active until you click on Activate, so let's go ahead and do that. When we do this, you see that you get prompted for your Azure AD credentials. Now I've already done this so it knows that Frank is my Azure global admin. Now it doesn't have to be your Azure global admin. It can be anybody that has read access to all of the users and the user profiles and stuff like that.

Once we have that information, let's go ahead and put that in here. You're going to get this. This means that you need to agree to it for your entire organization. Once you do that, you're good to go here. Then once you've got this all settled, you go ahead and click Accept. Then you're going to give it Frank's credentials. Now I have already done that before. Because he's already been logged on and done this before, it flew by pretty fast. In your world, if you have multi-factor authentication, you're going to be prompted for that. It's all using the proper OAuth protocol and your cellphone will light up and you'll have to authenticate all the same stuff you would normally have to do. I've already done it, which is why it completed successfully fast here.

Now that I've done that, let's go ahead and click Okay and it's active. It's activated, and we're good to go. Everything's good. You can't use it until it's activated. Now that we've done that and we're off to the races, we'll go back to Computer Groups and we'll find that same policy setting or another one, doesn't really matter. We'll just find that Work from Home guy, kill the control panel. We'll go ahead and edit that policy here and here's that same item. We'll double-click it and now click Item Level Targeting. If we want this item to only take effect when it's a particular user in our Cloud Azure account, we'll go ahead and click that and we'll go ahead and look for specific users. If I want East Sales, I'll go ahead and click on Search and here are all of my East Sales users from Azure. Those are my East Sales admins and there's my East Sales users down there.

If I wanted to click on, say, East Sales User 4 and click Okay or 5, whatever, there we go. The user must be Azure AD East Sales User 5. If I want to say also pick another guy like Azure East Sales User 6 – actually, that would be an or here, so Options, Operator is or, there we go. Let's go ahead and click on the cloud guy again. Let's say East Sales User 7. Let's pick that guy. Now only these two guys, 5 and 7, because they're in my Azure AD, are going to get this particular policy.

We go ahead and click Okay here, and we go ahead and Show Policy Settings. We can see that we've put in the SIDs here, and that's all there is to it. The rest of the magic happens on the client machine so when you're joined to PolicyPak Cloud and that machine is an Azure AD joined machine, we're going to be filtering based on the SIDs, and we're able to get those SIDs because now we've made a marriage between PolicyPak Cloud and your Azure AD.

Hope this video helps you out and you're ready to get started using PolicyPak Cloud and your Azure tenet Thanks so much. Talk to you soon.

  • 801
  • 12-May-2021
  • 1596 Views