Azure AD Simon May Technical Evangelist
Identity considerations: Cloud, Sync or Federated? 7/15/2019 Identity considerations: Cloud, Sync or Federated? SaaS Apps Resources in other businesses or identity realms Cloud identity provides a solution where all identity resides in the cloud Active Directory Identity sync enables customers to bridge their existing identity into the cloud Federated identity allows customers to retain all authentication on-premises B2B federated identity allows customers to securely share and collaborate with each other Active Directory © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Common Identity with Sync and Federation 7/15/2019 Common Identity with Sync and Federation Active Directory Synchronization Active Directory Identity Sync with password hash sync User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory *Write back of attributes to support cloud first and co-existence Federation Active Directory Active Directory Identity Sync AD FS User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication *Coming Soon © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure AD Sync Service Demo
Monitor and protect access to enterprise apps Windows Server Management Marketing 7/15/2019 Monitor and protect access to enterprise apps Built-in security features, like “you cant be in two places at once”. XXXXX XXXXX Security reporting that tracks inconsistent access patterns, analytics and alerts. Ensure secure access by enabling MFA XXXXX . © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure MFA Demo
Self-service experiences in the cloud 7/15/2019 Self-service experiences in the cloud Users can manage access requests through self-service group management Users can edit their profile details to update and add missing information SaaS Apps Active Directory Users can easily access the SaaS apps they need, using their existing Active Directory credentials. Self Service Password change and reset for cloud users Leverage existing investments in Active Directory for a single set of user credentials Active Directory © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Selection of pre-integrated SaaS apps Build 2012 7/15/2019 Selection of pre-integrated SaaS apps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Example Workload: Single sign-on to 1500+ SaaS Apps When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Directory Sync Sync with password hash sync Active Directory Active Directory SaaS App Sync without password hash sync Active Directory Federation Services Cloud Identity A user with a cloud only identity can sign in to the SaaS app using their Azure Active Directory credentials When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory Federated Identity
SaaS Apps Demo
What makes it different? Simple Azure AD (AD FS) Pre-Auth Single Sign-on from myapps.Microsoft.com No Certificate Requirements **
Azure App Proxy Architecture 443 SSL
Azure App Proxy Demo
Connectors 443 SSL 443 SSL 443 SSL 443 SSL
More Info http://smay.co/connect-with-me
More Events http://aka.ms/EMMwebcasts