Windows devices in Azure AD: why should I care?

Slides:



Advertisements
Similar presentations
Make your app a native part of Office with Add-ins
Advertisements

5/18/2018 6:06 AM BRK3020 AD FS: What’s new & upcoming to securely sign-in to O365 & other Azure AD apps ‘Sam’uel Devasahayam Principal Group Program Manager.
Microsoft Ignite /17/ :48 AM BRK3330
5/17/2018 Productivity and protection for your employees, partners, and customers with Azure Active Directory Alex Simons Partner Director Program Mgmt.
5/19/2018 6:29 PM BRK1051 Locking down access to the Azure Cloud: SSO, Roles Based Access Control, and Conditional Access Stuart Kwan Principal Program.
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
5/29/ :04 PM BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security Caleb Principal.
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Active Directory best practices from around the world
A quick guide to modern authentication protocols
Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Modernizing your Remote Access
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
What’s new in Azure Active Directory Domain Services
Microsoft Virtual Academy
The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack
Secure Remote Access to on-premises Web Apps using Azure AD
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
Microsoft Ignite /31/ :08 AM
8/1/ :13 PM BRK2276 Azure Active Directory B2C: Modernize your customer identity management Saeed Akhter Senior Program Manager © Microsoft Corporation.
Microsoft 365 Business: Under the Hood
Understanding Windows Analytics Update Compliance
Say goodbye to passwords
Why WCD is WiCkeD for modern deployment
Workflow Orchestration with Adobe I/O
Microsoft’s guide for going password-less
Windows 10 Subscription Activation
The utility belt for managing security and compliance in Office 365
Find, try and get line-of-business apps on Microsoft AppSource
Azure Security in four steps
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Automate all things! Microsoft Azure continuous deployment
Microsoft Teams Mobile Collaboration on the go
9/14/2018 4:36 AM The keys to the cloud Use Microsoft identities to sign in and access API from your mobile+web apps Vittorio Bertocci Principal Program.
Using AAD B2C for WordPress & Secure Deployment Scenario
What’s new in Office 365 administration
Plan your UC refresh correctly: Skype for Business Server 2019
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Azure Active Directory
Ensure users have the right access with Azure Active Directory
Azure Advisor: Optimization in the best way
Migrate your apps from legacy APIs to Microsoft Graph
12/2/2018 1:08 PM BRK2008 Connect with customers who have recently switched to Office 365 ProPlus With Panelists from Chevron and Intermountain Healthcare.
Microsoft Virtual Academy
Microsoft products for non-profits
Introduction to ASP.NET Core 1.0
Five mistakes to avoid when deploying Enterprise Mobility + Security
Office 365 Identity Management
Five cool things you can do with Windows PowerShell on Office 365
Microsoft To-Do Preview
12/29/2018 8:46 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
MDM Migration Analysis Tool (MMAT)
Overview: Dynamics 365 for Project Service Automation
Understand your Azure cloud assets dependencies with BMC Discovery
Surviving identity management in a hybrid world
4/3/2019 3:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Breaking Down the Value of A Yammer Post: 20 Things to Do
Getting the most out of Azure resources with Azure Advisor
“Hey Mom, I’ll Fix Your Computer”
Designing Bots that Fit Your Organization
Ask the Experts: Windows 10 deployment and servicing
Passwordless Service Accounts
Digital Transformation: Putting the Jigsaw Together
Diagnostics and troubleshooting in Azure App Service Support Center
Optimizing your content for search and discovery
Azure AD Simon May Technical Evangelist.
Presentation transcript:

Windows devices in Azure AD: why should I care? 7/23/2018 10:41 PM BRK3352 Windows devices in Azure AD: why should I care? Jairo Cadena Program Manager Identity Division, Microsoft JairoC_AzureAD jairocadena.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/23/2018 10:41 PM Azure Active Directory in the Marketplace Every Office 365 and Microsoft Azure customer uses Azure Active Directory organizations 12.8M users 950M 3rd party apps in Azure AD 272K paid Azure AD / EMS customers 56K of Fortune 500 companies use Azure AD 90% +30% YoY +45% YoY +200% YoY +74% YoY © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Ease of deployment and management Better secure experiences for your users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The challenge On-premises Managed devices Active Directory 7/23/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure AD conditional access TechReady 23 7/23/2018 10:41 PM Azure AD conditional access Users User identity Group memberships Devices Hybrid Azure AD joined? Marked compliant? Platform type Lost/stolen? Application Per-service Managed client app Allow Block MFA Enroll Terms of Use Other Location (network) Time of day Risk profile On-premises applications © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows 10 personal and other devices 7/23/2018 10:41 PM a.k.a. Domain joined registered w/ Azure AD Azure AD Azure AD Azure AD Windows 10 work devices AD domain joined Hybrid Azure AD joined Azure AD joined AD Azure Windows 10 personal and other devices Workplace joined Azure AD registered © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure AD device-based conditional access 7/23/2018 10:41 PM Azure AD device-based conditional access Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Google Chrome support for SSO & device-based CA 7/23/2018 10:41 PM Google Chrome support for SSO & device-based CA Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows 7 hybrid Azure AD join with Seamless SSO 1 User signs in to Windows and task runs S-SSO=true AAD-Svc 2 A hidden IE browser navigates to Azure AD to authN to Azure DRS with SCP value as domain_hint 3 6 Azure DRS 2 5 3 Azure AD returns 401 with www-auth header as Negotiate 3 6 4 Client gets from DC a Kerb ticket to “Azure AD” SPN 7 5 IE browser resends request with ticket in AuthZ header Windows 7 device 6 Azure AD via Seamless SSO authorizes Kerb ticket and returns access token to Azure DRS 1 AD 4 7 Client completes registration against Azure DRS AAD-SPN

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Ease of deployment and management Better secure experiences for your users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Auto VPN connectivity and Azure AD conditional access VPN server 1 PRT obtained & cached upon user sign-in to Windows 4 2 VPN client calls WAM “getToken()” for “VPN server” app 1 3 VPN server 5 3 WAM sends request to Azure AD passing PRT 4 Azure AD authN PRT and authZ against CA policy 5 Azure AD returns “access token” in form of certificate 7 6 WAM installs certificate in user store and returns call to VPN client Cloud AP WAM 2 VPN client 1 6 7 VPN client uses certificate to authN to VPN server and establishes connectivity PRT Cert 1 6

Azure AD conditional access and VPN 7/23/2018 10:41 PM Azure AD conditional access and VPN Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Reduced risk for identity protection Ease of deployment and management Better secure experiences for your users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity protection: devices and unfamiliar location 7/23/2018 10:41 PM Identity protection: devices and unfamiliar location © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Reduced risk for identity protection Ease of deployment and management Devices blade in Azure portal Better secure experiences for your users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Devices blade in the Azure Portal 7/23/2018 10:41 PM Devices blade in the Azure Portal Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Reduced risk for identity protection Ease of deployment and management Devices blade in Azure portal AutoPilot and Windows activation Co-management Better secure experiences for your users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Assignment of enterprise licenses for Windows activation 7/23/2018 10:41 PM Assignment of enterprise licenses for Windows activation Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Windows devices in Azure AD? 7/23/2018 10:41 PM Why Windows devices in Azure AD? Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Reduced risk for identity protection Ease of deployment and management Devices blade in Azure portal AutoPilot and Windows activation Co-management Better secure experiences for your users SSO to cloud and on-prem apps/resources Consistent settings across devices Bio-gesture sign-in to Windows and org. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Hello for Business and the route to “password-less”

Provisioning of Windows Hello for Business Azure AD 1 User auths with password + MFA, provides bio-gesture Azure DRS 4 2 Windows generates WHfB key in the Trusted Platform Module (TPM) protected with bio-gesture + attestation blob 3 5 3 Windows sends WHfB key pub + attestation blob + AIK cert 4 Azure AD verifies WHfB key pub with attestation blob, register key with user Windows 10 device 1 5 Azure AD returns key ID 2

Sign-in to Windows 10 with Windows Hello for Business Azure AD 1 User sign-in with bio-gesture unlocks WHfB key 2 Windows sends “hello” 2 3 3 Azure AD sends back nonce 4 5 4 Windows sends signed nonce with WHfB key (key ID) 5 Azure AD returns PRT + ID token + encrypted session key protected in TPM Windows 10 device 6 User enjoys SSO to cloud and on-premises apps 1 6

Bio-gesture sign-in, SSO and conditional access Demo

Good reasons for Windows devices in Azure AD 7/23/2018 10:41 PM Good reasons for Windows devices in Azure AD Access control and identity protection Conditional access based on device policies Auto VPN connectivity protection Reduced risk for identity protection Ease of deployment and management Devices blade in Azure portal AutoPilot and Windows activation Co-management Better secure experiences for your users SSO to cloud and on-prem apps/resources Consistent settings across devices Bio-gesture sign-in to Windows and org. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Roadmap FIDO support “Last logon time stamp” on device objects 7/23/2018 10:41 PM Roadmap FIDO support “Last logon time stamp” on device objects Easier deployment of hybrid Azure AD joined devices Self-service PIN and password reset from lock screen Alternate login ID support AutoPilot “plug and forget” Application-based conditional access Device-based conditional access based on device groups … © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity @ Ignite | Monday 7/23/2018 10:41 PM Identity @ Ignite | Monday BRK3020 What's new and upcoming in AD FS to securely sign-in your users to Office 365 and other applications OCCC Valencia W415 CD Monday 4:00–5:15 Sam Devasahayam Identity @ Ignite | Tuesday BRK2019 Productivity and protection for your employees, partners, and customers with Azure Active Directory OCCC West Hall F2 Tue 9:00–10:15 Alex Simons Nasos Kladakis THR2072 Migrate your apps from legacy APIs to Microsoft Graph OCCC South – Expo Theater #6 Tue 11:35-11:55 Jeff Sakowicz, Dan Kershaw BRK2017 Saying goodbye to passwords OCCC West Hall F3-4 Tue 12:45-1:30 Manini Roy THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory OCCC West Building Theater - Level 2 Tue 2:10–2:30 Jeff Sakowicz BRK1051 Locking down access to the Azure Cloud using SSO, Roles Based Access Control, and Conditional Access OCCC W308 Tue 2:15–3:30 Stuart Kwan © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity @ Ignite | Wednesday 7/23/2018 10:41 PM Identity @ Ignite | Wednesday BRK3388 Build applications to secure and manage your enterprise using Microsoft Graph OCCC S210 Wed 09:00-09:45 Jeff Sakowicz, Dan Kershaw BRK3225 Office development: Authentication demystified OCCC W315 Wed 10:45–12:00 Vittorio Bertocci BRK3146 The power of common identity across any cloud OCCC W240 Wed 12:45-1:30 Sam Devasahayam THR2126 Azure Active Directory: Your options explained from AD sync to pass through authentication & more OCCC West – Microsoft Ignite Studio Wed 1:35-1:55 Alex Simons Simon May   BRK3352 Windows devices in Azure Active Directory: Why should I care? OCCC Valencia W415 AB Wed 2:15–3:30 Jairo Cadena THR2007 How to get Office 365 to the next level with Azure Active Directory Premium OCCC South – Expo Theater Wed 3:15-4:00 Brjann Brekkan BRK3295 What’s new in Azure Active Directory Domain Services Hyatt Regency Windermere Z Wed 4:00–5:15 Mahesh Unnikrishnan BRK3016 Shut the door to cybercrime with Azure Active Directory risk-based identity protection OCCC Valencia W415 CD Alex Weinert Nitika Gupta © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity @ Ignite | Thursday 7/23/2018 10:41 PM Identity @ Ignite | Thursday BRK2018 Share corporate resources with your partners using Azure Active Directory B2B collaboration OCCC W230 Thu 9:00–10:15 Mary Lynch Sarat Subramaniam Laith Al Shamri BRK3207 The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile+web apps OCCC S310 Thu 10:45-12:00 Vittorio Bertocci BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security OCCC W311 Caleb Baker Chris Green BRK3013 Ensure users have the right access with Azure Active Directory OCCC Valencia W415 AB Thu 12:30–1:45 Joseph Dadzie Mark Wahl BRK3015 Deep-dive: Azure Active Directory Authentication and Single-Sign-On OCCC West Hall E1 Thu 2:15-3:30 John Craddock BRK3014 Azure Active Directory best practices from around the world Thu 4:00–5:15 Tarek Dawoud Mark Morowczynski Identity @ Ignite | Friday BRK2276 Modernize your customer identity management with Azure Active Directory B2C OCCC W314 Friday 9:00-9:45 Saeed Akhter © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 7/23/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/23/2018 10:41 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.