Brian Arkills Microsoft Solutions Architect

Slides:

Advertisements

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Advertisements

Nebula Managed Workstation Service March 2015 Brian Arkills Microsoft Solutions Architect Windows Infrastructure Svc Mgr Managed Workstation Svc Mgr UW-IT,

Office 365 Identity aka Azure Active Directory

Eric Raff. Usergroup up

UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Understanding Active Directory

Single Sign-On with Microsoft Azure

Identities and Azure AD Premium

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Microsoft Ignite /20/2017 9:04 PM

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Microsoft Azure Active Directory Identity Solutions

Implementing and Managing Azure Multi-factor Authentication

Secure Connected Infrastructure

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Azure Active Directory - Business 2 Consumer

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

6/1/2018 2:18 AM OSP302 Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette

O365 & AZURE ADDS Mladen Baranek, Miadria

SaaS Application Deep Dive

Ask the Microsoft Infrastructure Team October 2017

Optimizing Microsoft OneDrive for the enterprise

7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.

Information Protection

Power BI Security Best Practices

Wait, Microsoft is in the Security Game?

Windows 10 Subscription Activation

Using AAD B2C for WordPress & Secure Deployment Scenario

RMS Architecture EMS Partner Bootcamp TechReady 18 9/17/2018

Microsoft 365 Business Customer Targeting 2/6/18

Azure Active Directory at UW February 2017

Microsoft Ignite /21/2018 5:56 PM

SharePoint Online Management and Control

Managed Workstations: The Hachet Man’s Story October 2016

Azure AD Governance: In the middle of organizational friction May 2018

Azure AD Line Of Business Application Integration

Ask the Microsoft Infrastructure Team October 2017

Deck at: Brian Arkills Microsoft Solutions Architect

Brian Arkills Microsoft Solutions Architect

Azure Active Directory

Protect your OneDrive and SharePoint files on mobile devices

Azure Active Directory at UW February 2017

11/19/2018 4:38 AM Microsoft 365 Business Customer Targeting Janine Brittain - EXEED 2/6/18 © Microsoft Corporation. All rights reserved. MICROSOFT.

05 | AD to Windows Azure AD IT Professionals

Microsoft Ignite /20/2018 2:21 PM

Access and Information Protection Product Overview October 2013

Turning Off NTLMv1 or How to Approach Turning Off Legacy Technology

Michael Stephenson DevOps empowered by Microsoft Flow

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

Identity Infrastructure Fundamentals and Key Capabilities

M7: New Features for Office 365 Identity Management

Five mistakes to avoid when deploying Enterprise Mobility + Security

Office 365 Identity Management

Leadership and Me Brian Arkills

Office 365 Identity Management

1/3/2019 1:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Surviving identity management in a hybrid world

2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

07 | Introduction to Authentication

Elevate Access Global Admin Role

Bob Duffy 27 years in database sector, 250+ projects

Azure AD Simon May Technical Evangelist.

Presentation transcript:

Azure Active Directory: In the middle of organizational friction October 2016 Brian Arkills Microsoft Solutions Architect Microsoft Infrastructure Svc Mgr Managed Workstation Svc Owner UW-IT, Identity and Access Management Microsoft Directory Services Enterprise Mobility MVP 2012-2016 ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

Goals Update on http://staff.washington.edu/barkills/aadInMiddleOfOrgFriction.pptx Slides limited to key changes + a couple key slides ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

UW’s AAD Architecture Guide https://itconnect.uw.edu/wares/msinf/design/arch/aad-arch/ Jump ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

How could we possibly trust users? OAuth2 & AAD Apps!!! How could we possibly trust users?

AAD Apps: A happy ending? New O365 service owner prefers ‘monitor and mitigate’ approach, so we should soon next week move back to the tenant defaults. Yay!! This still means AAD apps which require “elevated” app permissions need a tenant admin, and will go through our more extended risk analysis approval process. But that’s a 80/20 thing – or more likely a 99/1 thing.

AAD Apps: Monitoring

AAD Groups Old Office group namespace controls fail New Office group namespace controls enabled Office groups enabled via gating process Office group membership privacy fixed Thinking about course groups as office groups Thinking about shifting our group architecture so some groups do not follow Grouper -> AD -> AAD path; instead Grouper -> AAD or AAD -> Grouper ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.

IdP/STS Wars: ADFS vs Shib -> AAD vs Shib? Still suspect cloud-based IdPs will rule Shibboleth continues to be best option for most Azure AD is great option if need provisioning, but only if your tenant isn’t too big

What’s Next Complete & share AAD App approach AAD DirSync -> AAD Connect Watch & agitate re: AAD groups Call out broken AADp cost approach for Ed sector; + pressure by sharing workaround solutions Develop AAD audit API based solutions User login reporting & Last logon for inactive user initiative AAD App, Role, Policy change event alerting AAD user consent reporting (e.g. HIPAA regulated employee granted access to what apps?) License automation + integration

What’s Next - 1 year later Refresh ADFS 2 -> ADFS 2016 Reevaluate AAD authN: PTA or hash sync? PIM Inactive user proposal: 900K users -> ~200K users

The End Brian Arkills barkills@uw.edu @barkills @brian-arkills http://blogs.uw.edu/barkills https://itconnect.uw.edu/wares/msinf/ Author of LDAP Directories Explained ©2006 University of Washington. All rights reserved. This presentation is for informational purposes only. The University of Washington makes no warranties, express or implied, in this summary.