Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Slides:

Advertisements

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Advertisements

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.

Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Microsoft Ignite /16/2017 3:28 PM

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Understanding Active Directory

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Microsoft Identity and Access Solutions Market Trends and Futures

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Single Sign-On with Microsoft Azure

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Alessandro Cardoso Microsoft MVP | Readify National Manager |

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

Access resources in a federation partner organization.

Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.

User and Device Management

Craig Pringle & Derek Moir

Identities and Azure AD Premium

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.

Productivity Architect Meet Chris Bortlik Author, Blogger, Speaker.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

61% of workers mix personal and work tasks in their devices* * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise.

Today’s challenges Data Users Apps Devices

The time to address enterprise mobility is now

SaaS Application Deep Dive

Azure AD for the client management guy (or gal!)

Power BI Security Best Practices

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Cloud Connect Seamlessly

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Access and Information Protection Product Overview October 2013

PCIT-B313 Hybrid Identity

Microsoft Virtual Academy

TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

TechEd /9/2018 1:09 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Microsoft Virtual Academy

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

System Center Marketing

TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

PCIT-B314 BYOD and WS2012R2 Adam Hall

Microsoft 365 Business Technical Fundamentals Series

Azure AD Simon May Technical Evangelist.

Microsoft Virtual Academy

Presentation transcript:

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity

Apps Users Data Devices

Hybrid Identity Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting √

A centralized and consistent corporate identity HR System LDAP Exchange Database title Coordinator givenName surname employeeID Samantha Dearing 007 telephone givenName surname title employeeID telephone Samantha Dearing 007 Coordinator Identity attributes are often located in multiple repositories Identity Manager creates a compilation of these attributes with validation and keeps this in sync with all identity realms LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

Common Identity with Sync and Federation User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory Synchronization Federation AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication Write back of attributes to support cloud first and co-existence

Direct to cloud identity sync Azure Active Directory Sync provides the ability to sync disparate on-premises identity repositories directly to Azure Active Directory LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

Identity Federation Conditional access with multi-factor authentication is provided on a per- application basis, leveraging user identity, device registration & network location Organizations can federate with partners and other organizations for seamless access to shared resources Organizations can connect to SaaS applications running in Azure, Office 365 and 3 rd party providers Enhancements to AD FS include simplified deployment and management Published applications

Office 365 & Windows Intune Identity Models Cloud Identity Single identity in the cloud suitable for small organizations with no integration to on- premises directories Single identity suitable for medium and large organizations with passwords stored both on-premises and in the cloud without federation Directory Sync Single federated identity and credentials suitable for medium and large organizations, passwords stored only on-premises Federated Identity

Provide users with self-service experiences Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the user’s attributes. Users can reset their passwords significantly reducing help desk burden and costs. Users can edit their profile details to update and add missing information All changes and updates are workflow and policy driven with approval routing as appropriate Users can onboard new users and contractors into their teams and provide access to required resources

Cloud based self-service experiences Self Service Password change and reset for cloud users Users can easily access the SaaS apps they need, using their existing Active Directory credentials. Leverage existing investments in Active Directory for a single set of user credentials Users can edit their profile details to update and add missing information Users can manage access requests through self-service group management

Provide users with single sign-on experiences Sync or federate users to Azure Active Directory for single sign-on to cloud apps Users can access all their company resources with a single set of credentials Leverage existing investments in Active Directory for a single set of user credentials Users can sign onto 3 rd party SaaS apps with their company credentials Users gain seamless access to Office 365, Windows Intune and other Microsoft cloud apps LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

Single sign-on to Office 365 and Windows Intune Cloud Identity A user with a cloud only identity can sign in to Office 365 and Windows Intune using their Azure Active Directory credentials When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Directory Sync When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory Federated Identity

Active Directory for the cloud Run Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning. Developers can integrate applications for single sign-on across on- premises and cloud- based applications. Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises. Manage Active Directory using Windows PowerShell, use the improved deployment experience and leverage the Active Directory Administrative Center for centralized management Activate clients running Office on at least Windows 8 or Windows Server 2012 automatically using existing Active Directory infrastructure.

Choose among hundreds of popular SaaS apps from a pre-populated application gallery. Easily add custom cloud-based apps. Facilitate developers with identity management. Comprehensive cloud based identity and access management combining directory services, identity governance, application access management and a developer’s identity management platform Sync identity or provide federated identity for single sign-on Add multi-factor authentication for additional user identity verification Azure Active Directory Administrators have access to security reporting that tracks inconsistent access patterns and view users who signed in from unknown sources LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

1. Users attempts to login or perform an action that is subject to MFA 2. When the user authenticates, the application or service performs a MFA call 3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a mobile app 4. The response is returned to the app which then allows the user to proceed User Devices Apps & Data

Protect Data with Rights Management Hybrid options across Windows Server and Azure Rights Management Easy to use with integration with Office 2010/13, Windows Shell Extensions and cross platform clients Integration with SharePoint and Exchange Automatically identify and classify data based on content with automatic encryption Securely share documents with colleagues and business partners

Maintain governance and compliance Demonstrate that access rights comply with organizational policies and industry regulations Easily define and manage access based on user roles Perform attestation by regularly ensuring access rights are maintained and allow managers to review and approve existing access rights of users Enable users with self-service access request and approval Enforce segregation of duties by defining incompatible permissions and roles

Workload: SharePoint with conditional access & MFA Users can connect to a published on-premises SharePoint server that has been integrated with AD FS. Through conditional access policies we can enforce additional authentication and authorization requirements, such as device registration. With integrated MFA, AD FS facilitates the device registration process and allows the user to continue and gain access to the SharePoint site.

Hybrid Identity Review Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting √