Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Advertisements

Dynamic Access Control Deep Dive Siddharth Bhai Program Manager, Active Directory Microsoft Corporation Matthias Wollnik Program Manager, File Server Microsoft.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Understanding Active Directory
What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.
Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Upgrading the Platform - How to Get There!
Active Directory and Dynamic Access Control Pete Calvert
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.
Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Overview of Access and Information Protection
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Implementing Secure Shared File Access
Account Service Contacts Service Contacts Service Client.
Dan Parish Program Manager Microsoft Session Code: OFC 304.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Module 9 Configuring Messaging Policy and Compliance.
John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Module 9 Configuring Messaging Policy and Compliance.
Future of the Server Room Tour. Ottawa Montreal Calgary Vancouver Toronto Future of Your Server Room Three Pillars of Windows Server 2008 Virtualization.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
User and computer attributes can be used in ACEs ACEs with conditions, including logical and relational operators User and Device Claims Expression-Based.
Kick starting your migration to Windows Server 2012 Alex Pubanz, Jesse Suna Senior PFEs, Microsoft WSV331.
Module 7 Planning and Deploying Messaging Compliance.
FDN03. Source: IDC, Media Tablet Multi-Client Study, February Note: IDC only surveyed iPad owners for this study.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Coding Compliance Components Writing Custom Policies for Auditing, Expiration and More Jason Morrill Program Manager Windows SharePoint Services.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
Deployment Planning Services
Power BI Security Best Practices
9/6/2018 1:41 AM SAC-422T Using claims-based access control for compliance and information governance Samuel Devasahayam Nir Ben Zvi Lead Program Manager.
Rights Management Services (RMS)
Dynamic Access Control
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
11/19/2018 6:21 AM SAC-425T Building security auditing solutions for compliance and forensic analysis Jay Dave Dave McPherson Program Manager Security.
11/22/2018 2:11 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
Microsoft Virtual Academy
Access and Information Protection Product Overview October 2013
TechEd /28/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Identity Infrastructure Fundamentals and Key Capabilities
Using classification for access control and compliance
TechEd /2/2018 5:42 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /8/2018 7:24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /9/2018 1:09 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /15/2019 8:08 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
System Center Marketing
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /26/2019 1:02 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /18/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Presentation transcript:

Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation

demo Location based classification Automatic content based classification Data Classification demo

x 50 Country 50 Groups Department x Groups Sensitive 2000 Groups!

demo Country based central access rule Expression based ACL demo

User claims User.Department = Finance User.Clearance = High ACCESS POLICY Applies = High Allow | Read, Write | if AND == True) Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High AD DS 10 File Server

demo Country based central access rule Central Access Policy with user claims

Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims

No conditional expressions Using groups with conditional expressions Using user claims

demo Automatic Rights Management Protection

DCT Database 4. Report 1. Import 2. Export 3. Deploy OOB Knowledge Scale (#File Servers) Hybrid Environment Staging File Server Production File Servers Windows 2008 R2 Windows 2012 Collect Domain Controller (Active Directory) Management Client

An attempt was made to access an object. Subject: Security ID:CONTOSODOM\alice Account Name:alice Account Domain: CONTOSODOM Logon ID:0x3e7 Object: Object Server:Security Object Type:File Handle ID:0x8e4 Resource Attributes: S:AI(RA;;;;;WD;( “Personally Identifiable Information",TS,0x0,"High"))(RA;;;;;WD;(“Department_23AFE",TS,0x0,“Finance")) Object Name:C:\Finance Document Share\FinancialStatements\MarchEmployeeStmt.xls

demo Expression Based Auditing

Event collected to central repository for analysis and reporting Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims

DAC Partners

Department x 50 x 20 Country Sensitive ACCESS POLICY Applies = High Allow | Read, Write | if AND == True) StealthAUDIT® for Windows Server 2012 Dynamic Access Control

Identify where groups are being used and who owns them Clean Up, Consolidate & Secure Conditional Permissions Central Access Policies & Claims Impact Analysis & Group Reduction Apply, Lock Down & Maintain Discover your environment Design new security model Implement ®

Data Loss Prevention data-security-overview.aspx CA DataMinder dg classification

Data Loss Prevention Dynamic Access Control Dynamic Content Classification and Control 1: Create2: Analyze3: Classify4: Tag5: Enforce

CA Technologies Content-Aware Identity & Access Management Control identity, control access and control information CA DataMinder discovers, classifies and controls information Controls Collaboration & File Sharing Environments SharePoint 2010 – March 2012 Windows Server 2012 Dynamic Access Control – July 2012 Delivers precise & fine-grained access control Copyright © 2012 CA. All rights reserved. No unauthorized copying or distribution permitted.

Supercharge DAC with automated file classification Enables accurate automated file classification enterprise-wide with both attribute-based and content-based classification Deeply integrated with Windows Server dg classification can also be used to fuel powerful Governance, Compliance and Archiving solutions For more information visit us at Booth 230 (Orlando) / PP17 (Amsterdam) or at A leader in automatic file classification

Dynamic Policy Enforcer

FCI  CLASSIFY  PROTECT D YNAMIC P OLICY P ROTECTOR Windows 8 Server D YNAMIC P OLICY M ODULE Desktop AD Admin Center Access Policies Claims Properties Dynamic Access Control USE LICENSE 3 3 Legend: User Claims Resource Properties Access Policy GigaTrust Product Component GigaTrust Contact: AD RMS Windows 8 Server static

sddl-xacml-windows-server-2012 Titus Metadata Security for SharePoint Control Center for Windows Server 2012 Dynamic Access Control Axiomatics Policy Server

Windows Server 2012 Active Directory Windows Server 2012 File Server End User Microsoft SharePoint 2010 Access Policy ? ?

Policy AuthorFile Server Active Directory User 1. Author policy & export to AD 2. Convert XACML to SDDL & import 3. Push out imported rules based on group policy 4. Access files 5. Check access based on rules previously defined in APS Axiomatics Policy Server (APS)

RSA NetWitness

Enterprise-wide visibility into server and application health

In Summary…..

Reduce group complexity

Simplify access control

Implement effective access control

SIA 207 – Windows Server 2012 Dynamic Access Control Overview SIA 341 – Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA 316 – Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA21-HOL – Using Dynamic Access Conrol to Automatically and Centrally Secure Data in Windows Server 2012 SIA02-TLC – Windows Server 2012 Active Directory and Dynamic Access Control Find Me Later At the Windows Server booth

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Evaluations Submit your evals online

Resource 1 Resource 2 Resource 3 Resource 4 Required Slide *delete this box when your slide is finalized Track PMs will supply the content for this slide, which will be inserted during the final scrub.