User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

Slides:

Advertisements

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Advertisements

Office 365 Identity Federation Technology Deep-Dive

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-

Office 365 Identity aka Azure Active Directory

Identity management integration options for Office 365

Peter Ginnegar Technical Solution Professional Microsoft Corporation

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Microsoft Ignite /16/2017 4:55 PM

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Active Directory Integration with Microsoft Office 365

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

OFC-B317 Overview Identity Management in Office 365 Synchronization Topics Federation Topics Integration of SAML/OAUTH with Office Works with Office.

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

5 | Microsoft Confidential 6 | Microsoft Confidential.

Single Sign-On with Microsoft Azure

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Microsoft Azure Active Directory.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.

Identity Decision Tree Framework Quick Reference Guides.

The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

Office 365 Directory Synchronization Update: Deploying Password Sync.

Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Configuration Manager and InTune Gemeinsam oder einsam?

With ADFS and Azure Active Directory

DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.

Craig Pringle & Derek Moir

Identities and Azure AD Premium

Microsoft Office 365: Identity and Access Solutions

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.

 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

61% of workers mix personal and work tasks in their devices* * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Identity; What you need to know to be in the Microsoft Cloud

Active Directory Modernization Technical competitive comparison

Implementing and Managing Azure Multi-factor Authentication

Microsoft Virtual Academy

Microsoft Office 365: Identity and Access Solutions

Office 365 Identity Management

05 | AD to Windows Azure AD IT Professionals

Microsoft Ignite /20/2018 2:21 PM

TechEd /24/2018 4:00 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

SharePoint Online Hybrid – Configure Outbound Search

M7: New Features for Office 365 Identity Management

Office 365 Identity Management

Office 365 Identity Management

M3: Guidance for choosing the right integration option

Microsoft Ignite /24/2019 6:23 PM

Presentation transcript:

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory

Directory store Authentication platform Windows Azure Active Directory Your App

Cloud Identities Synchronized Passwords Single identity suitable for medium and large organizations without federation Federated Identities Single federated identity and credentials suitable for medium and large organizations Single identity in the cloud suitable for small organizations with no integration to on- premises directories

Cloud IDsPassword SyncFederated IDs Same password to access resources on-premises and in cloud Can control password policies on-premises Single Sign-on for no password re-entry if on premises Client access filtering by IP, client type, or by time schedule Authentication occurs and is audited on-premises Can immediately block disabled accounts on-premises Change password available from web Works with Forefront Identity Manager 2010 R2 Can customize the User Sign-in Page Use with cloud based Multi-Factor Authentication Use with on-premises based Multi-Factor Authentication Source:

*For representative purposes only. WS-Trust & WS-Federation WS-Federation (passive auth) SAML (passive auth) Active Directory with ADFS Flexibility to reuse existing identity provider investments Confidence that the solution is qualified by Microsoft Coordinated support between the partner and Microsoft Customer Benefits

Account Directory Exchange OrgsAzure ADSupported?Sync Solution 1 AD Forest1, in AD forest.1 TenantYesDirSync 1 AD Forestn resource forest(s), will retire all Exchange Forests. 1 TenantYesDirSync n AD Forestsn in resource forest(s), will not retire. 1 TenantYesFIM + AAD Connector 1 LDAP DirectoryN/A1 TenantYesLDAP DirSync 1 AD Forestn TenantsYesFIM + AAD Connector OR n DirSyncs Non-AD directoryN/An TenantsYesFIM + AAD Connector n AD Forests + m non-AD N/An TenantsYesFIM + AAD Connector

Azure AD Tenant DirSync Login Forest Resource Forest (migrate data) AD FS (“sync, UPN, ImmutableID”)

Azure AD Tenant DirSync AD Forest Azure AD Tenant DirSync AD FS

Number Active Directory forests Use FIM 2010 R2 Connectors Number Exchange Orgs See consolidation whitepaper Use Single Forest DirSync Want to consolidate single forest? Single (1) Multiple (>1) Yes None (0) Start After consolidation No Single (1)

DirSync Front-Ends GRAPH/PS Front-Ends (workflows) Exchange Online OneDrive Windows InTune Admin portals

Web Clients Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application Remember last user Mail Clients Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage Can save credentials Rich Applications (SIA) Lync Online Office Subscriptions CRM Rich Client Office 2013 Can save credentials SSO IDs (from domain joined machines) Cloud IDs No Prompt Username and Password Online ID AD credentials Password Sync (SSO from non-domain Joined machines) Username and Password AD credentials Username Username and Password Online ID AD credentials Username and Password AD credentials Username and Password Online ID AD credentials Username and Password AD credentials

Customer Microsoft Online Services Logon (SAML 1.1) Token Source User ID: ABC123 Auth Token Unique ID:

Customer Microsoft Online Services Logon (SAML 1.1) Token Source User ID: ABC123 Auth Token Unique ID:

Customer Windows Azure Active Directory Logon (SAML 1.1) Token Source User ID: ABC123 Auth Token Unique ID: Basic Auth Credentilas Username/Password

 *Out of band refers to being able to use a second factor with no modification to the existing app UX. Excludes Office 365 dedicated SKU and SMB SKUs. Upgradeable to Azure Multi-Factor Authentication

Multi-Factor Authentication for Office 365 Windows Azure Multi- Factor Authentication Administrators can Enable/Enforce MFA to end-usersYes Use Mobile app (online and OTP) as second authentication factorYes Use Phone call as second authentication factorYes Use SMS as second authentication factorYes App passwords for non-browser clients (e.g. Outlook, Lync)Yes Default Microsoft greetings during authentication phone callsYes Custom greetings during authentication phone callsYes Fraud alertYes Event ConfirmationYes Security ReportsYes Block/Unblock UsersYes One-Time BypassYes Customizable caller ID for authentication phone callsYes MFA Server - MFA for on-premises applicationsYes MFA SDK – MFA for custom appsYes