61% of workers mix personal and work tasks in their devices* * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** *** Verizon 2013 data breach investigation report >70% percent of network intrusions exploited weak or stolen credentials * ** >80% of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs** Mobile & Cloud- challenging security paradigms

IT EmployeesCustomersBusiness Partners What's driving change? Devices DataUsers Apps

Access from many devices Manage and secure productivity Preserve existing investments Support iOS, Android, Windows Why Microsoft’s Enterprise Mobility Solution? It’s integrated on common identity It protects Office better It just worksIt’s comprehensive

The current reality…

Self-service Single sign on Username Identity as the control plane Simple connection Cloud SaaS Azure Office 365 Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory

What is Azure Active Directory? A comprehensive identity and access management cloud solution for your employees, partners and customers. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers.

Azure Active Directory Connect and Connect Health * Microsoft Azure Active Directory Other Directories PowerShell LDAP v3 SQL (ODBC) Web Services ( SOAP, JAVA, REST) MIM *

DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector Sync Engine

Microsoft Azure

SaaS apps Microsoft Azure Active Directory Other Directories

Microsoft Azure 1000s of Applications, 1 Password Web Apps (Azure Active Directory Application Proxy) SaaS appsIntegrated custom apps Other Directories

Microsoft Azure Active Directory Corporate Network DMZ contoso.msappproxy.net/

IT professional

B2B collaboration “I need to let my partners access my company’s apps using their own credentials.”

B2B collaboration – verified provisioning Partner

Partners use their own creds to access your org. Users lose access when they leave the partner org. No external directories. No per partner federation. Partners manage their own credentials You control partner access in your directory: app assignment group membership custom attributes Organizations manage access Thousands of bulk invites at a time. Partners with Azure AD sign in to accept invite. Other partners simply sign up to accept invite. Partners of all sizes

Azure AD Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory. Users can sign into Windows with their cloud-hosted work credentials and enjoy modern Windows experiences.  Enterprise-compliant services  SSO from the desktop to cloud and on- premises applications with no VPN  MDM auto enrollment  Support for hybrid environments Azure AD Join for Windows 10 Windows 10 Azure AD Joined Devices MDM Auto-enrolment

A stand-alone Azure Identity and Access management service also included in Azure Active Directory Premium Prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication Trusted by thousands of enterprises to authenticate employee, customer, and partner access. What is Azure Multi-Factor Authentication?

How it works

Users sign in from any device using their existing username/password. 1 On-Premises Apps Windows Server Active Directory or Other LDAP Users must also authenticate using their phone or mobile device before access is granted. 2 Microsoft Azure Active Directory Multi-Factor Authentication Server Multi-Factor Authentication Server User

Azure MFA vs MFA for Office 365 MFA for Office 365/Azure Administrators Azure Multi-Factor Authentication Administrators can Enable/Enforce MFA to end-usersYes Use Mobile app (online and OTP) as second authentication factorYes Use Phone call as second authentication factorYes Use SMS as second authentication factorYes Application passwords for non-browser clients (e.g. Outlook, Lync)Yes Default Microsoft greetings during authentication phone callsYes Suspend MFA from known devicesYes Custom greetings during authentication phone callsYes Fraud alertYes MFA SDKYes Security ReportsYes MFA for on-premises applications/ MFA Server.Yes One-Time BypassYes Block/Unblock UsersYes Customizable caller ID for authentication phone callsYes Event ConfirmationYes Trusted IPsYes

Allow Access Block Access Cloud Apps On-premises Application Access policies Enforce MFA per user/per app Location (IP Range) Device State User Group

Microsoft Azure Active Directory Cloud App Discovery 10 x Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates SaaS app category Number of users Utilization volume Comprehensive reporting Reveal shadow IT : Discover all SaaS apps in use within your organization

Rich standards-based platform for developers

No Object Limit No Limit Advanced Security Reports Yes Premium+ Basic Features Group-based access management/provisioningYes Self-Service Password Reset for cloud usersYes Company Branding (Logon Pages/Access Panel customization)Yes Application ProxyYes SLAYes

Consumer identity and access management in the cloud Azure Active Directory B2C A highly available, global, cost-effective identity management service for consumer-facing applications Improve connection with your consumers Pay only for what you use Scale to hundreds of millions of consumers Help protect your consumers’ identities Let consumers use their social media accounts Customizable workflows for consumer interactions

Self-service Single sign on Username Identity as the control plane Simple connection Cloud SaaS Azure Office 365 Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory