Module 1: Identity is the New Perimeter

Slides:



Advertisements
Similar presentations
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Advertisements

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory Integration with Microsoft Office 365
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter 7: WORKING WITH GROUPS
Single Sign-On with Microsoft Azure
What is new in security in Windows 2012 or Dynamic Access Control Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Privileged Access Management (PAM) with MIM 2016
Web Services Security Patterns Alex Mackman CM Group Ltd
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Manage and secure identities in a cloud and mobile world
Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.
Restricted Admin & Credential Exposure MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security #MMSMinnesota #MMSConfigMgr #MMSLove.
Identities and Azure AD Premium
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD
One Foot in the Cloud, Another On-Premises Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
James Cowling MIM Privileged Access Management.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Microsoft Ignite /20/2017 9:04 PM
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Follow OCG Learning Twitter Facebook LinkedIn
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Microsoft Azure Active Directory Identity Solutions
Deployment Planning Services
Reduce Risk Across Hybrid IT
Deployment Planning Services
Azure Active Directory voor Developers
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Journey to Microsoft Secure Cloud
Securing Privileged Access from Active Attacks
SaaS Application Deep Dive
Azure AD for the client management guy (or gal!)
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Wait, Microsoft is in the Security Game?
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Reduce Risk Across Hybrid IT
Secure & Unified Identity
9/19/2018 2:49 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Company Overview & Strategy
Office 365 Identity Management
Microsoft Ignite /20/2018 2:21 PM
SharePoint Online Hybrid – Configure Outbound Search
Five mistakes to avoid when deploying Enterprise Mobility + Security
M3: Guidance for choosing the right integration option
AD FS Integration Active Directory Federation Services (AD FS) 7.4
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Device Registration and Multi-Factor Authentication
Azure AD Simon May Technical Evangelist.
Presentation transcript:

Module 1: Identity is the New Perimeter Evolution of Identity Module 1: Identity is the New Perimeter Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Marcus Murray Cyber Security Team Manager- TrueSec @marcusswede

Agenda – Module 1 Identity is the “NEW“ Security Boundary Identity in Windows 10 and Windows Server 2016

Identity is the “NEW“ Security Boundary Entry Lateral Movement Threat Actor Goal

Identity in Windows 10 & Windows Server 2016 Credential Guard & Remote Credential Guard Privileged Access Management Windows Hello for Business PowerShell Just Enough Administration

Module 2: Securing the On Prem Identity Evolution of Identity Module 2: Securing the On Prem Identity Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

Agenda – Module 2 Hybrid Identities Azure Active Directory integrations Privilege Access Management – JIT Shadow Forests for High Privileged Users Securing Privileged Access & Privileged Access Workstation

Hybrid Identities

Azure Active Directory integrations

Privilege Access Management JIT An expiring Links Feature A user can be added to the group for just enough time required to perform an administrative task. The time-bound membership is expressed by a time-to-live (TTL) value that is propagated to a Kerberos ticket lifetime. KDC enhancements Restrict Kerberos ticket lifetime to the lowest possible time-to-live (TTL) value in cases where a user has multiple time-bound memberships in administrative groups. New Monitoring Capabilities Help you easily identify who requested access, what access was granted, and what activities were performed. Bastion Active Directory forest The bastion forest has a special PAM trust with an existing forest. It provides a new Active Directory environment that is known to be free of any malicious activity, and isolation from an existing forest for the use of privileged accounts. Shadow Security Principals (groups) The shadow security principals have an attribute that references the SID of an administrative group in an existing forest. This allows the shadow group to access resources in an existing forest without changing any access control lists (ACLs).

Shadow Forests for High Privileged Users

Securing Privileged Access & Privileged Access Workstation LAPS Unique Local Admin Passwords for Workstations Unique Local Admin Passwords for Servers PAM Time-bound privileges (no permanent administrators) Multi-factor for time-bound elevation Just Enough Admin (JEA) for Maintenance Lower attack surface of important services Privileged Access Workstations

Module 3: Enabling Secure Cloud Access Evolution of Identity Module 3: Enabling Secure Cloud Access Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

Agenda – Module 3 Single Sign On Identity Federation Public Identity Providers Multi Factor Authentication External Users & Application Scenarios

Single Sign On

Identity Federation

Public Identity Providers

Multi Factor Authentication

External Users & Application

Module 4: Enabling Secure Mobile Access Evolution of Identity Module 4: Enabling Secure Mobile Access Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

Agenda – Module 4 Intune, AAD & ADFS Web Application Proxy 2.0 Device Registration Access Control Policies

Intune, AAD & ADFS

Web Application Proxy 2.0

Device Registration

Access Control Policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.