Azure AD User Authentication Mechanisum from Sophos XG?

Question

Hello Everyone, 
 I want to know which mechanisum is use to authenticate the Azure Ad user from sophos firewall? 
 In the case of Onpremise AD we have to installed STAT Agent into AD server for Communication between Firewall and AD server. Now in Cloude Base cenario who will take place of STAT. 
 please help me to understand the Backhand mechanisum of Azure AD user Authentication from Sophos firewall. How we can check user logs?

LuCar Toni · Accepted Answer

Essentially there are two things: 
 Azure AD does not offer a "Login service" anymore. So you cannot configure it to be your STAS Server. This means, STAS is not useable anymore. If you do not have a hybrid, you cannot use STAS anymore. If you have a AD Server with Azure AD Connect, you can use STAS there. 
 If you want to use Heartbeat with Sync-sec, you can enable a service in Azure AD to get a LDAP Service, This costs money. Its called Azure AD Domain Services

Vivek Jagad · Answer

Hello Sahil InfraAssist , Thank you for reaching out to the community, please refer the useful KBA below: 1.)How to establish a Site-to-Site IPsec VPN to Microsoft Azure: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/118402/sophos-xg-firewall-v17-x-how-to-establish-a-site-to-site-ipsec-vpn-to-microsoft-azure 2.) Implement clientless SSO with multiple Active Directory Domain Controllers: https://support.sophos.com/support/s/article/KB-000035730?language=en_US 3.) Allow clientless SSO (STAS) authentication over a VPN: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationAllowSTASOverVPN/index.html 4.) sync Azure AD users to our On-Premise AD: https://superuser.com/questions/1050567/can-we-sync-azure-ad-users-to-our-on-premise-ad

Azure AD User Authentication Mechanisum from Sophos XG?

Top Replies