Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update documents to reflect change to Microsoft Entra ID #1665

Merged
merged 49 commits into from
Feb 27, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
45e00f8
Some initial changes to Entra ID
craddm Oct 16, 2023
41b6cdb
Change AAD to Entra ID
craddm Nov 8, 2023
d0ac8f2
Update many references to AAD
craddm Nov 8, 2023
ac64013
Update deploy sre references to AAD
craddm Nov 8, 2023
a7076a9
Update reference config doc
craddm Nov 9, 2023
5fd0d42
Update data access controls
craddm Nov 9, 2023
4caa786
update user guide
craddm Nov 9, 2023
088dec6
Update explanation of symbols
craddm Nov 9, 2023
870a4a0
Update prereq
craddm Nov 9, 2023
e64acdf
Update shm deployment docs
craddm Nov 9, 2023
44f7ea0
Update design arch index
craddm Nov 9, 2023
17b9648
update user management and shm migration docs
craddm Nov 9, 2023
792756c
update manage deployments docs
craddm Nov 9, 2023
9864407
update user account creation snippet
craddm Nov 9, 2023
50b49f7
revert to aad tags
craddm Nov 9, 2023
9013499
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Nov 10, 2023
b5f4d32
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Nov 15, 2023
2304e03
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Nov 20, 2023
34594d3
Merge branch 'develop' into entra-id
craddm Jan 16, 2024
d163674
revert change of field name in configs
craddm Jan 17, 2024
07398a7
update section on migrating shm with Entra references
craddm Jan 17, 2024
e174517
minor typo
craddm Jan 17, 2024
4cecf4b
fix error
craddm Jan 17, 2024
74f08fe
remove trailing whitespace
craddm Jan 17, 2024
4134371
remove extra blank line
craddm Jan 17, 2024
498e772
remove extra backtick
craddm Jan 17, 2024
3944ccf
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Jan 18, 2024
2c5b05f
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Feb 19, 2024
4dca4cd
Merge branch 'entra-id' of https://github.com/craddm/data-safe-haven …
craddm Feb 19, 2024
e33a534
add warning about change of name from AAD to Entra
craddm Feb 19, 2024
53a083b
update image
craddm Feb 19, 2024
1e2f8bf
add note about AAD connect name
craddm Feb 19, 2024
76a3672
clarify default vm size
craddm Feb 19, 2024
cfeecbc
add empty line
craddm Feb 19, 2024
d24bec4
Update docs/source/deployment/deploy_shm.md
craddm Feb 22, 2024
a417e32
Update docs/source/deployment/deploy_shm.md
craddm Feb 22, 2024
e72e529
Update docs/source/deployment/deploy_shm.md
craddm Feb 22, 2024
2c32671
Update docs/source/deployment/deploy_shm.md
craddm Feb 22, 2024
c6f3fcd
Update docs/source/roles/system_manager/migrate_an_shm.md
craddm Feb 22, 2024
3392dea
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Feb 22, 2024
42f95db
Update docs/source/deployment/deploy_sre.md
craddm Feb 23, 2024
0f74184
Update docs/source/deployment/deploy_sre.md
craddm Feb 23, 2024
77c988e
Update docs/source/deployment/deploy_shm.md
craddm Feb 23, 2024
bffb105
Update docs/source/deployment/deploy_shm.md
craddm Feb 23, 2024
10baba4
Update docs/source/deployment/deploy_shm.md
craddm Feb 23, 2024
4bf24df
add AADConnect snippet
craddm Feb 26, 2024
bb0a192
Use snippet in place of distinct notes
craddm Feb 26, 2024
cc92c3c
Merge branch 'alan-turing-institute:develop' into entra-id
craddm Feb 26, 2024
60cdd28
Update docs/source/deployment/deploy_shm.md
craddm Feb 27, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/source/roles/system_manager/manage_users.md
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,14 @@ In some situations, such as at the end of a project after an SRE has been torn d
- Select the users you have recently created and click `Select`
- Click `Assign` to complete the process

```note
```{note}
`Azure Active Directory Premium P1`` is being renamed to `Microsoft Entra ID P1` and may appear as such when performing the assignment process in future.
```


### {{car}} Automatically assign licences to users

To automatically assign licences to all local `Active Directory` users that do not currently have a licence in `Microsoft Entra ID`.
To automatically assign licences to all local `Active Directory` users that do not currently have a licence in `Microsoft Entra ID`:

- Ensure you have the same version of the Data Safe Haven repository as was used by your deployment team
- Open a `Powershell` terminal and navigate to the `deployment/administration` directory within the Data Safe Haven repository
Expand Down
21 changes: 13 additions & 8 deletions docs/source/roles/system_manager/migrate_an_shm.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,14 +151,18 @@ foreach ($user in $users) {
All research users in this SHM will have to go to `https://aka.ms/sspr` to reset their passwords although their MFA configuration will stay the same.
```

### {{train}} Install Azure Active Directory Connect
### {{train}} Install Microsoft Entra Connect

![Remote: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=microsoft-onedrive&label=remote&color=blue&message=ten%20minutes)

See the {ref}`Safe Haven Management documentation <roles_deployer_shm_aad_connect>` for more details.

````{note}
Microsoft Entra Connect is the new name for Azure AD Connect. However, while all Microsoft documentation and entries in the Azure portal now refer to Microsoft Entra Connect, as of the release of `v4.2.0` of the Data Safe Haven, the software itself is still named `Azure Active Directory Connect`, and will appear as such on your Domain Controller.
craddm marked this conversation as resolved.
Show resolved Hide resolved
````

````{error}
Since you are trying to connect the new SHM to an `Azure` Active Directory that was already synchronised, you may find the `AzureADConnect` installation fails due to a `Directory synchronisation failure`.
Since you are trying to connect the new SHM to an Microsoft Entra ID that was already synchronised, you may find the `AzureADConnect` installation fails due to a `Directory synchronisation failure`.

```{image} migrate_shm/aad_connection_failure.png
:alt: AAD connection failure
Expand All @@ -168,22 +172,23 @@ Since you are trying to connect the new SHM to an `Azure` Active Directory that
If this happens then you will need to wait for the previous disconnection to complete, which may take up to 72 hours.
````

### {{recycle}} Update Azure Active Directory Connect rules
### {{recycle}} Update Microsoft Entra Connect rules

![Remote: one minute](https://img.shields.io/static/v1?style=for-the-badge&logo=microsoft-onedrive&label=remote&color=blue&message=one%20minute)

See the {ref}`Safe Haven Management documentation <roles_system_deployer_shm_aad_connect_rules>` for more details.

### {{put_litter_in_its_place}} Unregister the old domain controller in `Azure` Active Directory
### {{put_litter_in_its_place}} Unregister the old domain controller in Microsoft Entra
craddm marked this conversation as resolved.
Show resolved Hide resolved

![Microsoft Entra ID: one minute](https://img.shields.io/static/v1?style=for-the-badge&logo=microsoft-academic&label=Microsoft%20Entra%20ID&color=blue&message=one%20minute)

- From the `Azure` portal, navigate to the Microsoft Entra you have created.
- Select `Azure AD Connect` from the left hand menu
- Under `Health And Analytics` click `Azure AD Connect Health`
- From the `Azure` portal, navigate to the Microsoft Entra ID you have created.
- Select `Microsoft Entra Connect` from the left hand menu
- Select `Connect Sync` from the left hand menu
- Under `Health And Analytics` click `Microsoft Entra Connect Health`
- Select `Sync services` from the left hand menu
- Click on `<Safe Haven identifier>.onmicrosoft.com`
- Click on the `Azure Active Directory Connect Server` that corresponds to the **old** DC (marked as `Unhealthy`)
- Click on the `Microsoft Entra Connect Server` that corresponds to the **old** DC (marked as `Unhealthy`)
- Click `Delete` in the top bar, type the server name when prompted then click `Delete`

### {{ballot_box_with_check}} Validate Active Directory synchronisation
Expand Down
Loading