Presentation is loading. Please wait.

Presentation is loading. Please wait.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Published byJewel O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD"— Presentation transcript:

1 Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD #OCGUS16 @OCGUSOfficial

2 Customers Azure AD as the control plane On-premises Partners Azure Cloud Public cloud Microsoft Azure Active Directory BYO Windows Server Active Directory A modern identity management system spanning cloud and on-premises, providing federation, identity management, device registration, user provisioning, application access control & data protection.

3 10 M organizations >1.3 B Authentications a day 78 K active 3 rd party apps 700 % YoY growth 696 M users Azure Active Directory

4 Secure the EnterpriseIncrease ProductivityManage at scale 1000s of Apps, 1 identity Protect apps, users and devices On-Premises and the Cloud Empowering users and organizations at scale

5

6 AAD “LOCAL” DATACENTERS AAD GLOBAL DATACENTERS

7 Azure Active Directory Active PrimaryPassive PrimarySecondary Replica’s … Handle Reads Writes Data center boundary

8 Azure Active Directory

9 Manage at scale 9 Strong governance on protecting customer data Protection of directory data at rest Supporting rapid failover, with no loss of data

10

11 Increase Productivity - 2700+ SaaS Apps, 1 Identity

12 Web apps (Azure Active Directory Application Proxy) Integrated LOB apps SaaS apps HR and Other Directories 2500+ popular SaaS apps Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + Custom apps through a rich standards-based platform Microsoft Azure Increase Productivity - 2700+ SaaS Apps, 1 Identity Cloud HR

13 Manage your account and groups Company branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps Increase Productivity - 2700+ SaaS Apps, 1 Identity Self-service password reset Application access requests Integrated O365 app launching

14 Increase Productivity - 2700+ SaaS Apps, 1 Identity 1.Create a security group 2.Configure the rule on the group 3.Assign the group to applications 4.Verify that the right users have access New group All users where... RULE

15 Increase Productivity - 2700+ SaaS Apps, 1 Identity Logical operators: Value operators: (depends on value type) Rule syntax  One or more conditions  conditions contain a claim/value pair Simple rules  single condition  E.g. All users where department = “Sales” Complex rules  A combination of conditions  All sales managers worldwide and all marketing users in Greece

16 Increase Productivity - 2700+ SaaS Apps, 1 Identity ( () ) )(() condition Designing the rule All Sales Managers worldwide and all Marketing users in Greece

17 “We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure AD B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.” 3000+ partners Increase Productivity - 2700+ SaaS Apps, 1 Identity Share without complex configuration or duplicate users Partners use their own credentials to access your org Users lose access when leaving the partner org No external directories No per partner federation You manage access You control partner access in your directory: app assignment group membership custom attributes Partners of all sizes Bulk invite 1000s at a time Partners with Azure AD sign in to accept invite Other partners simply sign up to accept invite

18 Increase Productivity - 2700+ SaaS Apps, 1 Identity Windows Server Active Directory Other Directories Microsoft Azure Active Directory Cloud and Web Applications Graph Applications To Azure AD From multiple sources Inbound provisioning Outbound provisioning, SSO and licensing Write back to on-premises AD

19 Increase Productivity - 2700+ SaaS Apps, 1 Identity 19  Automatically add, update, and disable user accounts in applications  Configure attribute mappings per application  Provisioning and usage reports Microsoft Azure

20 Increase Productivity - 2700+ SaaS Apps, 1 Identity 20 Import Workday users and groups into Azure AD  Automatically import new employees when hired.  Groups can be provisioned and managed from Workday provisioning groups. Ongoing synchronization:  Groups  Users  Group membership Writeback users to AD:  Attribute authority remains with Workday  Password authority in AD

21

22 2016 Redmond Summit Sponsors

23 Thank you!

24

25

26 Subscribe to SaaS applications Switch to using SaaS versions of the app eg. Office 365 Leverage Azure AD for SaaS app management SaaS application gallery Easy provisioning, conditional access control Rewrite existing applications Rewrite apps to leverage Azure PaaS Leverage Azure AD OAuth/OpenID Connect for modern authz. Ubiquitous developer libraries. Graph API – modern directory API Lift-and-shift on-premises applications to IaaS Move existing legacy ISV or LOB applications to Azure IaaS May not have access to source code or vendor support.

27 What about identity in the cloud? My apps depend on AD Domain Services 1 I can’t modify some ISV apps – I don’t have source code. 1 AD Domain Services Domain join Group policy LDAP bind/authentication Kerberos, NTLM LDAP read/write

28 1 - VPN Gateway/ExpressRoute connection2 - Domain Controller VM in Azure

29 Contoso’s Virtual Network Azure AD Domain Services AAD Connect Contoso’s Azure IaaS workloads/apps Contoso premises Managed domain

30

Download ppt "Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD"

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Cross Platform Mobile Backend with Mobile Services James

Cross Platform Mobile Backend with Mobile Services James
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

Similar presentations

Ads by Google