Follow OCG Learning Twitter Facebook LinkedIn

Slides:



Advertisements
Similar presentations
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Advertisements

 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Service Overview & Offering Features & Requirements Office 365 Administration | Portals & PowerShell Partner Opportunity.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
5 | Microsoft Confidential 6 | Microsoft Confidential.
Single Sign-On with Microsoft Azure
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Deploy Windows Mobile 5 On Exchange 2003 SP2 Mark Mulvany MCT,MCSE,MCSE+I,CNA Microsoft Small Business Specialist SMS&P Breadth Partner Training Specialist.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Offer highly configurable and scalable services Maintain an evergreen service Provide a platform built on security, privacy, and trust.
Module 1Introduction Module 2Office 365 for IT Pros Module 3Getting started with Office 365 Module 4Deploying Office 365 Module 5Office 365 Service.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Are you Ready for Configuration Manager vNext?
Privileged Access Management (PAM) with MIM 2016
Microsoft ® Forefront ™ Identity Manager 2010 Infrastructure Planning and Design Published: June 2010.
Craig Pringle & Derek Moir
Identities and Azure AD Premium
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Microsoft Identity Manager 2016 Handbook
Managing Office 365 Identities and Requirements Question Answer
Preparing Identities for the Cloud Randy Robb 2016 Redmond Summit | Identity Without Boundaries May 24 th 2016 Senior Consultant
Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,
MIM/PAM Case Study Dean Guenther IAM Manager Washington State University May 2016 Copyright 2016, Washington State University.
Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.
James Cowling MIM Privileged Access Management.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Jhong Catane Exchange Hybrid Deployment PRD34 2.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Hybrid SharePoint Search
Max Fritz Senior Systems Consultant, Now Micro
SharePoint Hybrid Capabilities
Module Overview Installing and Configuring a Network Policy Server
Module 1: Identity is the New Perimeter
Microsoft - Managing Office 365 Identities and Requirements
Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.
Microsoft Online Services Partner Deployment Training for Office 365
Leverage your on-premise investments with cloud innovation
Welcome! Microsoft Tech Talks - Charlotte, NC
SharePoint Online Management and Control
System Center Configuration Manager: What’s New?
Cloud Connect Seamlessly
Local AD, Azure AD, & Google Suite User Management
SharePoint 2019 Changes Point of View.
Hybrid Search Planning Implementation.
Hybrid Search Technical Guidance.
PSC Group, LLc Office 365/SharePoint Online Migration traps and tricks
05 | AD to Windows Azure AD IT Professionals
SharePoint Online Hybrid – Configure Outbound Search
SharePoint 2019 Overview and Use SPFx Extensions
MS-202 Exam Questions Answers Dumps 2019
Automated Testing Strategies and Dynamics 365 Performance Management
Latest MS-101 Dumps Questions
MS-200 Planning and Configuring a Messaging Platform Pass Your Exam in One Attempt.
10 | Implementing Directory Synchronization
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Microsoft Virtual Academy
Presentation transcript:

Follow OCG Learning Twitter Facebook LinkedIn Get the latest offers, details of new courses, events, webinars, white papers, news and technical opinion you can trust. Facebook facebook.com/ oxfordcomputergroup linkedin.com/company/ ocg-learning and James Cowling - Identity Management Specialist LinkedIn

MIM 2016 Service Pack 1 Webinar James Cowling CTO 20th October 2016

Agenda Quick summary of MIM 2016 Features in MIM 2016 Service Pack 1 Future Additions to MIM 2016 SP1 Upcoming Events Please note: this session will be recorded

Microsoft Identity and Access Microsoft Identity Manager 2016 Service and Portal (Workflows, Approvals, UI) Synchronization Service (Data flows and transformations, password sync) Certificate Management (Cert Enrolment, Renewal, Expiry workflows, UI) Reporting (Data Warehousing with System Center Service Manager) Roles Engine (bHold, Role Model Management and Role Assignment) Privileged Access Management (Protection for Admin Credentials) Azure Active Directory (AAD) Cloud directory with many IAM functions Sync with on-prem AD using AADSync Hybrid Identity implementations involve both major components

Service Pack 1 Features JIT groups for Priv domain PAM PowerShell Deployment Customer Reported Bug Fixes PAM Single forest deployment Cross Browser Support Email requests and approvals with Exchange Online Hardened Security Updated Platform Support

Bug Fixes Rollup of all fixes since RTM SP1 is version 4.4.1237.0 4.3.2064.0 (KB3092179) – incl. Localization and ECMA fixes 4.3.2195.0 (KB3134725) – incl. PAM Fixes 4.3.2266.0 (KB3171342) – incl. CM updates, Perf Counters fix SP1 is version 4.4.1237.0 Fixes a couple of additional PAM issues Adds Image Format validation for images uploaded to the portal

Updated Platform Support MIM Portals now run under “all major” browsers Internet Explorer Edge Chrome Safari Firefox (according to Blog, not specifically in documentation) Platform components now support modern versions Windows Server 2016 (not CM or bHold) SQL Server 2016 (not CM or bHold) SharePoint 2016 Windows 10 client See https://docs.microsoft.com/en-us/microsoft-identity-manager/plan- design/microsoft-identity-manager-2016-supported-platforms

PAM Overview Production Domain (“CORP”) assumed compromised Bastion PRIV Production Domain (“CORP”) assumed compromised Separate Admin Domain (“PRIV”) Just-In-Time Admin Candidates and Escalation PRIV Credentials not present in CORP Harder to steal if not present Admin performed using SIDHistory, One-Way Trust into CORP User PRIV.User X Member of Security Group PRIV.Security Group MIM PAM PAM Person Candidate of PAM Role Privilege of PAM Privilege

PAM PowerShell Deployment Scripts Available from MS Download Center Good documentation – a required read! Manual pre-configuration required Some manual intervention required https://www.microsoft.com/en- us/download/details.aspx?id=5394 1

PAM Single-Domain Deployment AKA “PRIVOnly” deployment PAM Users and Groups are not required to have a corresponding CORP object Allows PAM Users and Groups to reference objects which are only in the PRIV domain Supports the protection of PRIV administrator objects Just in time admin Implemented using the -PRIVOnly=true switch on all relevant PowerShell cmdLets Although possible, CORP-only deployment is not regarded as secure, therefore not best practice

Hardened Security Kerberos TGT lifetimes for PAM users now align with TTL of privilege escalation and group membership Requires Forest Functional Level 2016 If multiple time-bound memberships, ticket uses lowest TTL PAM uses Expiring Links functionality of ADDS 2016 Requires PAM Windows Optional Feature PAM Implementation uses Authentication Policy Silos Allows limitations on Kerberos Ticket Lifetimes without having to make domain-wide changes PAM can manage PRIV admins (as described already)

Exchange Online for Service Mailbox The MIM Service can now use an Exchange Online mailbox for approvals and notifications On-prem Exchange still available with same functionality Generic SMTP still available for notifications Access is via Office365 web services

Future Additions There will be a hotfix/in-place upgrade from MIM 2016 to SP1 Currently only full install is available, requires uninstall/reinstall An issue in Password Change Notification Service has been reported Rarely, in some environments, PCNS fails to start with root certificate validation error A fix will be forthcoming when the issue is nailed down Until then, test! If in doubt, stay with MIM 2016 RTM PCNS

OCG Learning - courses Learn MIM PAM training ocglearning.com/courses Foundation – Advanced – Expert Live classroom courses or online, self-paced PAM training Next one-day course: 7 November – join the live class via the internet from anywhere in the world ocglearning.com/courses We can train your team and offer ongoing support

Thank you! James Cowling CTO 20th October 2016

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.