Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Slides:

Advertisements

Similar presentations

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Advertisements

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Microsoft Ignite /16/2017 3:28 PM

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Microsoft Identity and Access Solutions Market Trends and Futures

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

TFS WI PriorityPackaging/Test SLADeployment SLA PRI13 business days to UAT4 business hours PRI28 business days to UAT8 business hours PRI314 business.

Microsoft ® Official Course Module 9 Configuring Applications.

Overview of Access and Information Protection

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Tim Vander Kooi Systems

Managing Active Directory Domain Services Objects

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Securing AD DS Module A 3: Securing AD DS

Module 3: Configuring Active Directory Objects and Trusts.

Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.

System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.

Privileged Access Management (PAM) with MIM 2016

Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.

Module 10: Implementing Administrative Templates and Audit Policy.

Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.

Russell Rice Senior Director, Product Management Skyport Systems

Identities and Azure AD Premium

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,

MIM/PAM Case Study Dean Guenther IAM Manager Washington State University May 2016 Copyright 2016, Washington State University.

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.

MCSA Windows Server 2012 Pass Upgrading Your Skills to MCSA Windows Server 2012 Exam By The Help Of Exams4Sure Get Complete File From

Gregor Šuster, Microsoft Azure Active Directory. Kaj je in kaj ni Azure Active Directory (AAD)? Različice storitve Azure Active Directory Predstavitev.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Follow OCG Learning Twitter Facebook LinkedIn

TechReady 16 5/10/2018 Day 2, Session 4 Reaching the Summit: ITIL-integrated Self-Service in the Hybrid Cloud © 2013 Microsoft Corporation. All rights.

Managing User and Service Accounts

Tactic 1: Adopt Least Privilege

Preparing for the Windows 8.1 MCSA

Azure Active Directory voor Developers

Module 1: Identity is the New Perimeter

SaaS Application Deep Dive

Wait, Microsoft is in the Security Game?

Cloud Security.

Windows 10 & Intune: A Modern Desktop Management Story Joe Crandall.

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Identity Driven Security

Download dumps - Microsoft Real Exam Questions Dumps4download

Configuring and Deploying Just Enough and Just-In-Time Administration

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Managing Exchange Online using PowerShell

Dave light – systems administrator – Lancaster-Lebanon IU13

Brian Arkills Microsoft Solutions Architect

Melbourne Windows Azure

Protecting your data with Azure AD

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Azure AD Simon May Technical Evangelist.

Presentation transcript:

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management

Active Directory: the vision

Research & Preparation First Workstation Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker Undetected) months Attack Discovered

Prepare Which users have privileged access rights? Protect Lifecycle and AuthN protection Operate Users can request elevation Monitor Additional auditing, alerts & reports

14 "This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate [to] the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers..."

15

16 "Microsoft acquires Aorato to give enterprise customers better defense against digital intruders in a hybrid cloud world"

Enter-PSSession –ComputerName Server1 –ConfigurationName JustBackup

Existing AD Forest(s) Existing Apps existing trust Group “Resource Admins” User

Existing AD Forest(s) Privileged Access Management trust for admin access Microsoft Identity Manager Configured for PAM AD DS Existing Apps access requests User existing trust User: PRIV\JenAdmin Group memberships: CORP\Resource Admins Refresh after: 60 minutes

Admin Jen is assigned to a role The role is pending an elevation process for Jen Jen asks for elevation into the role Elevation process is preparing Role is active Admin Jen gets permissions for the asset Automatic approval Pending MFA Pending Role Owner approval... Lee / Admin Jen / Admin Elevation period ends Role is not active for Jen anymore Automation

MIM Service AD DS AuthZ WF Action WF MPR New-PAMRequest MIM Service DB User Group PAM Role Event Log PAM Request Microsoft Identity Manager 2016 PowerShell SOAP and REST APIs

In March CTP: "PRIV" forest AD can be either Windows Server Technical Preview or 2012 R2 PowerShell cmdlets, events and elevation via the sample web portal In April CTP: PAM workflow on elevation performs manual approval or Azure MFA Users can cancel their elevation requests Users can elevate to a role with a group in the "PRIV" forest More PowerShell cmdlet options, and more monitoring