11/11/2018 Azure Active Directory Privileged Identity Management Deployment Training - Module 5   November 2016 Ed Wu, Senior Program Manager Mark Wahl, Principal Program Manager © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Module 1 Product Overview & Feature Information 11/11/2018 Azure Active Directory Premium Agenda Module 1 Product Overview & Feature Information Module 2 Pre-requisites and Requirements Module 3 Technical Deep Dive & Demo to Deploy Feature Module 4 Support & Troubleshooting Module 5 Drive Usage

Module 5 Drive Usage 11/11/2018 3

Usage & Customer Success Key Performance Indicators Customer Conversations Customer Best Practices

PIM Key Performance Indicators (KPIs) Total # of customers # of customers onboarding to PIM # of users in roles, how many users activate, percentage of total admins Users who are eligible for roles How many admins were reviewed? Is the customer acting on the outcome? How many tenants are creating at least 1 access review?

Customer Conversation Customers value & PIM stickiness Security – more visibility through reader role Administrators of other online services – JIT into high privilege roles like Global Admin “Directory” administrators – reduce # of Global Admins, convert users to narrower roles

Customer Best Practices Make it more “real” for the customer – rich demo tenants Customers getting started with first service in the cloud might not have an admin problem, they should plan to revisit in 3-6 months Sign up for PIM and watch for alerts regularly Watch insights from MSIT and Unilever in Ignite sessions

What about on-premises? Customers who have AD DS likely have similar issues with on-prem admins Make sure customers are aware of best practice guidance for securing AD and “assume breach” Lot of technology options from MS: ATA, MIM PAM, LAPS, PAWs, … Point to aka.ms/privsec for recommended deployment sequence Suggest enterprise customers engage with MCS or partner to do assessment

Privileged Identity Management Read More Azure AD Privileged Identity Management Review TechNet Azure AD Privileged Identity Management Watch Channel 9 Azure AD Privileged Identity Management Videos/ Demos