Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

Published byOphelia Sullivan Modified over 8 years ago

Similar presentations

Presentation on theme: "The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation."— Presentation transcript:

1 The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation AAP302

2

3

4 IT CONSTRAINTS BUDGET REDUCTIONS PROLIFERATION OF DEVICES EXPLOSIVE DATA GROWTH 20% 66% run grow 14% transform Companies are under pressure to do more with less

5 ALLOW CUSTOMERS & PARTNERS ROLE & DEVICE DRIVEN PRIVILEGES AVAILABILITY ENABLING DEVICES Companies must facilitate productivity without impacting security

6 PROLIFERATION OF GROUPS & USERS MERGERS & ACQUISITIONS RAPID ON-BOARDING OF SERVICES ADAPTING TO CLOUD Management must adapt rapidly to changing business needs

7 REPORT & AUDIT CENTRALIZE & STANDARDIZE PROTECT WHILE EXTENDING RAPID RESPONSE Companies need an integrated security strategy 

8 Incorporating Identity into your environment can transform your business PLAN FOR THE FUTURE TAKE CONTROL EMPOWER USERS

9

10 Identity Spans Environment USERS & DEVICESINFRASTRUCTUREAPPS & SERVICES IDENTITY

11 USERS & DEVICESINFRASTRUCTUREAPPS & SERVICES IDENTITY PUBLICPRIVATE TRADITIONAL IT HYBRID CLOUD

12 AUDITINGAUTHORIZATIONAUTHENTICATIONADMINISTRATION o Track who does what, when, where and how o Focused Alerting o In-Depth Collated Reporting o Governance o Single View Mgmt. o Application of Business Rules o Automated Requests, Approvals, and Access Assignment o User Sign-on Experience o Trusted Source o Standard and Secure Protocols o Level of Assurance o How and where are authorizations handled o Can a user access the resource and what can they do when they access it?

13 ADMINISTRATION AUDIT AUTHORIZATION AUTHENTICATION Provision & De-provision Identity Updates Change Control Synchronization Identity Proliferation Interface Selection Administration Provides Group Management

14 Flexible Sign-on Methods Assurance Methods Security Protocols Supported Sources AUTHENTICATION AUDIT AUTHORIZATION ADMINISTRATION Authentication Provides

15 Enforcement Strategy Access Policies Entitlement Type AUTHORIZATION ADMINISTRATIONAUTHENTICATION AUDIT Authorization Provides

16 Collection of data Governance methods Alerting Reporting AUDIT ADMINISTRATIONAUTHENTICATION AUTHORIZATION Audit Provides

17

18

19

20 BasicStandardizedRationalizedDynamic Administration Provisioning Manual Creation Automated Creation in one or more ID stores Automated Creation in all ID Stores DeprovisioningNo Deprovisioning, Adhoc Manual Deprovisioning in All ID Stores Automated Deprovisioning in one or more ID Stores Email Notifications to Others Automated deprovisioning in all ID Stores Group Management Manual by Help DeskOwner Managed w/o Approvals Dynamic/Attribute Based Owner Managed with Approvals Identity Updates Manual by Help DeskSelf-Service w/o verificationSelf-Service with Approvals Password Reset Performed by Help Desk Self-Service Password Reset Synchronization None Synchronization among some ID Stores Synchronization amongst all ID Stores Identity ProliferationNo Enterprise ID Store Enterprise ID Store + Application Specific Stores Single Enterprise ID Store User Interface Help DeskInternal User PortalInternal/External User Portal Change ControlNone Call Help Desk / Manual Workflow Call Help Desk / Some Electronic Workflow Self-Service Request with Electronic Workflow Authentication Sign-On Method Multiple Passwords, Multiple Logons One Password, Multiple Logons One Password, One Logon to Company Resources One Password, One Logon to all Resources SourceNo central sourceCentral + Application CentricCentral, Multiple External ID'sCentral + Federation ProtocolsMultiple Week Protocols Multiple Strong Protocols, No Transition Multiple Protocols with TransitionSingle Protocol AssuranceNo Assurance, Shared ID'sPassword-BasedSoft CertificatesMultifactor Authorization Entitlement TypeApplication Centric AD Integrated (Group based) + Some Application Centric Role or Attribute BasedCentralized Policy Based Access Policies NoneWrittenCentrally Enforced Enforcement Strategy Manual Agent, API, Proxy based Audit ReportingNone Manual Collation and Report Generation of Log Data Automated Report Generation on Some Systems Automated Attestation Report Creation AlertingNo Alerting Reactive/Event Driven Alerting Proactive Alerting + Event Based Alerting Governance No Governance No DLP, Manual Enforcement of Governance Centralized DLP in Use Collection of Data Disjoint, Manual Collection of Log Data Disjoint, Automated Collection of Logs Automated Collection of Log Data

21 Assess Build a Plan Innovate

22

23 TECHNOLOGIES Workshops are designed to introduce Identity and help customers understand how an identity solution could help their enterprise. Customer Benefits Include: Introduction to core tenants of Identity Discussion around recommended practices Detailed explanation of Microsoft identity solutions Business Value modeling One Day Workshop Education Hybrid DESIRED END STATES Identity Solutions Deployment Planning Assess Business Assess InfrastructureDefine Roadmap 2 Week Assessment and Roadmap Public PrivateTraditional IT Partners

24 Assessment designed to help the you understand your current state within identity and to provide a roadmap towards maturity based upon business needs and goals. Customer Benefits Include: Detailed assessment report and recommended path forward Logical roadmap based on assessment, experience and recommended practices 1-3 Day Workshops Education Identity Solutions Deployment Planning Assess Business Assess InfrastructureDefine Roadmap 2 Week Assessment and Roadmap One Day Workshop TECHNOLOGIES Hybrid DESIRED END STATES Public PrivateTraditional IT Partners

25 TECHNOLOGIES Identity Solutions Deployment Planning 1-3 Day Workshops Education One Day Workshop Microsoft Services Identity Offerings Include: Enterprise Identity Management using Forefront Identity Manager 2010 Enterprise Identity Federation using Active Directory Federation Services Access Enablement Gateway and Identity Service Solution Application Identity Assessment for Windows Azure Hybrid DESIRED END STATES Public PrivateTraditional IT Partners Assess Business Assess InfrastructureDefine Roadmap 2 Week Assessment and Roadmap

26 Application Owners Application Users AEGIS Solution

27

28 AAP201 Hybrid Computing is the New Net Norm SIA202 Microsoft Trustworthy Computing Cloud Security, Privacy and Reliability in a Nutshell SIA204 Cloudy Weather: How Secure is the Cloud? SIA207 Windows Server 2012 Dynamic Access Control Overview SIA312 What's New in Active Directory in Windows Server 2012 SIA313 Self-Service Password Reset for Active Directory with Microsoft Forefront Identity Manager 2010 R2 SIA316 Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA318 Managing and Extending Active Directory Federation Services SIA321 What's New in Windows Identity Foundation in Microsoft.NET Framework 4.5 SIA341 Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA21-HOL Using Dynamic Access Control to Automatically and Centrally Secure Data in Windows Server 2012 SIA01-TLC Microsoft Identity and Access SIA02-TLC Windows Server 2012 Active Directory Dynamic Access Control

29 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

30 Evaluations http://europe.msteched.com/sessions Submit your evals online

31

32

Download ppt "The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Hybrid Computing is the New Net Norm Heath Aubin Solution Architect Microsoft Corporation AAP201.

Hybrid Computing is the New Net Norm Heath Aubin Solution Architect Microsoft Corporation AAP201.
Microsoft Identity Solutions

Microsoft Identity Solutions
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Identity and Access Management

Identity and Access Management
Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.

Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Empowering Small Businesses: Microsoft Office 365 P-Suite Danny Burlage MVP Office 365 Wortell.

Empowering Small Businesses: Microsoft Office 365 P-Suite Danny Burlage MVP Office 365 Wortell.
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.

Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
Understanding Active Directory

Understanding Active Directory
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.

Similar presentations

Ads by Google