Download presentation
Presentation is loading. Please wait.
Published byGerard Clark Modified over 8 years ago
1
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join
2
Account types in the Cloud Era Anatomy of a Microsoft Account Azure AD and Azure AD Accounts Authentication Evolution in Cloud World Workplace Join – This is how it began Connect Windows 10 to the Cloud! Anatomy of an Azure AD Logon Agenda
3
Account types in the Cloud Era Local account Personal use NTLM-based authentication Available since Windows 1.0 Microsoft account Former Windows Live Id Claims-based authentication Personal use Domain account Active Directory on-prem Kerberos-based authentication Business Use AzureAD account Claims-based authentication Business Use Online-only, synced or federated
4
Anatomy of a Microsoft Account Introduced with Windows 8 Connected account Option 1: connected to a local account Option 2: connected to a domain account Logon Interactive logon Added 1-11-96 SID for the Microsoft account Single Sign-on for personal web resources
5
Azure Active Directory (Azure AD) Account object in the cloud Azure Active Directory Tenant-based Identity and Access Management Single Sign on (SSO) Multiple forms of Authentication Who has access where Identity Providers Cloud identity Synced identity - authenticated on-prem Azure Active Directory (online-only) Azure Active Directory Connect Active Directory Federation Services Single Sign-on Office 365, Windows Store, Azure, Intune …
6
Azure AD (Free) Features Directory as a Service User and Group Management Device registration Directory Objects End User Access Panel SSO for SaaS Apps Directory Synchronization User-based Access Management and Provisioning Basic Security Reports
7
Cloud Authentication 1 2 3 4 5 6 7 Claims in SAML/OAuth Authentication Redirect
8
AD FS and the Future of AuthN SAML and OAuth2 are “web ready” Transport over TLS channel Tokens are optionally encrypted Relying Party trusts are very flexible Token contents defined per Relying Party (RP) Trust Relying Party Trusts are scalable Multi-factor Authentication AD FS authentication is “extensible” for third parties
9
Advanced Authentication On Premises 1 2 3 4 5 6 7 8 Claims Authentication Redirect
10
Introducing Workplace Join Device Registration Employee verifies personal device(s) Endpoint provided by Active Directory Federation Services Service Discovery DNS Record (enterpriseregistration) for AutoDiscover DNS Record required per user domain Under the Hood Verified devices enroll a certificate from AD FS Per device an object in the Registered Devices container
11
Workplace Join Components AD FS Device registration service DNS CRL distribution point AD DS domain controller Workplace Join Enterpriseregistration.adatum.com
12
Workplace Join Internals Certificate In local User Store from MS-Organization-Access Workplace Join requires working CRL for AD FS Certificate Cookies Permanent Cookie enables Single Sign-on Active Directory msDS-Device object in Active Directory Tied to the user/device combination
13
Claims aware app before Workplace Join Workplace Join requirements Workplace Join PC Claims aware app after Workplace Join Demo
14
Anatomy of an Azure AD Logon Introduced with Windows 10 Organization Account Cloud-joined by an Azure tenant user Joined for everyone in the tenant Logon Interactive logon towards \\AzureAD 1-12-1 SID for the AzureAD Account Single Sign-on for business web resources
15
Cloud Join – Connect Windows to Cloud Device Registration Device(s) are verified for tenant use Claims provided by Azure AD in legacy mode Azure AD Enablement Enabled Device Registration for the tenant DNS Records (enterpriseregistration and -.region) for AutoDiscover Under the hood Verified devices enroll a certificate from Azure AD Per device an object in the tenant, Per user reporting on device usage
16
Azure Management Portal Azure AD configuration Join Windows 10 to the Cloud Demo
17
Azure AD is Auth and Access provider If enabled, any user can add to the Cloud User becomes member of Administrators SSO to the claims based apps If they have relying trust in Azure AD Azure AD does not have Group Policy! Use MDM solutions instead Windows 10 in the Cloud
18
Windows 10 works with different accounts Workplace Join was first step to the Cloud Cloud = Azure Active Directory AD FS federates on-premises with Cloud Brings also many additional values Windows 10 can be connected to Cloud Learn about claims aware applications! Review
19
Join to Workplace from Any Device for SSO https://technet.microsoft.com/en-us/library/dn280945.aspx What is Azure Active Directory http://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/ Azure Active Directory Device Registration Overview https://msdn.microsoft.com/en-us/library/azure/dn903763.aspx Setting up On-premises Conditional Access using Azure Active Directory Device Registration https://msdn.microsoft.com/en-us/dn788908 Additional Information
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.