Presentation is loading. Please wait.

Presentation is loading. Please wait.

BRK3111. Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale.

Published byJustin Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "BRK3111. Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale."— Presentation transcript:

1 BRK3111

2 Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability Azure Active Directory. Identity at the core of your business 1000s of apps, 1 identity Cloud-powered protection

3 MANAGE ACCESS AT SCALE CONTEXT External forces impacting IT How are our customers responding Cloud adoption maturity model HOW How to manage at scale with Azure AD Quick wins Guidance and best practices

4 MANAGE ACCESS AT SCALE Lean operations End user expectations Shadow IT Rapid evolution of technologies Security risks rising

5

6 Preparing Developing Scaling Optimizing Learning Organizational assessment Security evaluation Connect to the cloud Leadership all in Initial user population Targeted resources Self-service Scoped security features Organizational buy- in Governance and operational models Cloud security model IT Organization update Breadth deployment Preparing for change Embracing the change Change is the new normal Time Technical and Organizational Capability MANAGE ACCESS AT SCALE Organizational sophistication Advanced governance Cloud-first new services Reducing on-prem footprint Capability agility

7 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD More than 750 M Azure AD accounts Every Office 365 and Microsoft Azure customer uses Azure Active Directory MANAGE ACCESS AT SCALE >10 M Azure AD Directories 85% of Fortune 500 have an Azure AD tenant

8 Plan – Define the expectations and goals of the project Automate – Systematize your business process Empower – Enable end-users to be productive Monitor and Report – Visibility for business and security MANAGE ACCESS AT SCALE

9 What is the driver? Increase business agility (should include end-user experience) Reduce IT costs Addressing perceived risks associated with cloud adoption Scope the project Link the scope to the driver Get your leadership aligned MANAGE ACCESS AT SCALE Read the CIO’s guide to Azure Active Directory https://aka.ms/AzureADCIOGuide

10 “Without Azure Active Directory integrated with our 2,100 customers’ AD databases, we simply could not manage all the passwords and logon activities of the many hundreds of thousands of teachers and students who make up our customer base.” - Evan Clark Founder & CEO

11

12 Azure AD User Lifecycle Automation Windows Server Active Directory HR apps Azure Active Directory MANAGE ACCESS AT SCALE Public cloud Azure AD Connect synchronizes users and groups between Windows Server Active Directory and Azure Active Directory For organizations with on-premises HR, Microsoft Identity Manager establishes user identities in Windows Server Active Directory On-premises and hosted For organizations with SaaS-delivered HR, Azure Active Directory integrates with Workday, and more HR apps in the future Provides group-based automated licensing for O365 and other Microsoft online services (Coming Soon) Azure AD User Provisioning

13

14 Productivity – Cloud and on-prem apps Windows Server Active Directory MANAGE ACCESS AT SCALE Public Cloud Immediate de-provisioning means users who don’t need access don’t keep it Real-time SSO and provisioning to the world’s most popular SaaS apps, from any device, integrated right into O365 experiences Easy-to use management UX means you can set up app access rules in minutes, rather than days. Delegate exceptions with self-service Azure AD Application Integration SSO + provisioning SaaS Public cloud MIM One click access Conditional and risk-based access means access to your world of SaaS is secured with industry-leading machine- learning technology HR Apps On-premises and hosted Azure AD app proxy works with PingAccess to integrate many more types of on-prem applications. Domain-based web apps Azure Active Directory

15 “We have a lot of turnover in our store workforce so we have to be able to train people quickly and keep information secure,” Bentzel says. “We give them a username and password, and they’re able to reset their own passwords through Azure Active Directory. This is important, because we have such a small IT staff.” -Scott Bentzel Vetco Clinics Director of IT

16

17 Manage user passwords from anywhere Windows Server Active Directory Azure AD Connect Writeback Agent HTTPS + Encryption MANAGE ACCESS AT SCALE Multi-tiered security model: All traffic is over HTTPS Encryption with tenant-specific key Tenant-specific Service Bus namespace for pending requests Integrated anti-hammering, throttling, and message expiry Real-time notifications sent to users and admins Works with federation, password sync, or cloud-only user accounts. Enforces all your rich on-prem password policies Users can update their AD passwords or unlock their AD accounts in real- time – no waiting for sync No poking holes in your corporate firewall requires – all connections occur against port 443 outbound only Azure AD Password Management HTTPS + Encryption Tenant-specific Service Bus Namespace PCNS to Connected Apps Message expiry policies Password Reset / Change Portal Throttling / Anti- hammering Real-time notifications of resets Public cloud On-premises and hosted

18

19 MANAGE ACCESS AT SCALE IT professional Users Owners Email notifications for pending, accepted, and rejected approvals – take action right from your inbox Single click request and approval workflows from anywhere, on any device Let users browse and request access to apps that you curate, or to any app that has been pre-integrated - you decide You control who should approve or reject requests on an application-by-application basis Self Service access panel Delegate exceptions to business policy to those who know it best, your org’s BDMs

20 Manage your account, apps, and groups Company-branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps Integrated end user experiences across devices Self-service password reset Application access requests Integrated Office 365 app launching MANAGE ACCESS AT SCALE

21 Identify permissions users need across applications Delegate permissions to users to become administrators Set organizational policy for how users are assigned roles Users can take on additional roles “Just in time” MANAGE ACCESS AT SCALE Monitor their role use to “trust and verify’

22 With Azure AD Premium, Bristow Group now has the capabilities for multifactor authentication; access control (dependent upon device health and user location); holistic security reports; audits; and alerts. Azure Active Directory makes the work of a busy and mobile workforce easier, secures data and protects access to the company’s assets both in the cloud and on- premises. - Kapil Mehta Productivity & Directory Services Manager, Bristow Group Inc.

23

24 MANAGE ACCESS AT SCALE Monitor and gain insights into the identity infrastructure used to extend on-premises identities to Azure Active Directory and Office 365. Azure AD Connect Health Active Directory Federation Server (ADFS) infrastructure health On-premises Active Directory Domain Services health The Azure AD Connect sync engine health

25 MANAGE ACCESS AT SCALE Forensics and investigation - help admins answer: “who did what, where, and when” Activity reports: Audit, sign ins, SSPR, group activity, app activity, app provisioning, etc… One-click audit & compliance through portal.azure.com Security Reports: Provides rich mitigation and resolution for security anomalies through Identity protection Azure AD audit and reporting

26

27 Combine the power of Azure AD with your PowerBI, SIEM and other monitoring tools Notifications Data Extracts/ Downloads Reporting APIs MANAGE ACCESS AT SCALE

28

29

30 Transportation, Logistics, Oil-Gas Retail, Hospitality and TravelGovernment, Banking, Insurance Construction, Professional ServicesEducation – NonprofitHealth

31 Try Enterprise Mobility + Security for free, today: https://aka.ms/EMSTrial Read the CIO’s guide to Azure Active Directory https://aka.ms/AzureADCIOGuide Explore Identity + Access Management www.microsoft.com/identity Learn more from the Azure AD documentation library https://aka.ms/AzureADDoc Discover Password best practices https://aka.ms/PasswordBestPractices Check out the new Azure AD webinars https://aka.ms/AADWebinars Microsoft is a leader in Gartner's IDaaS MQ 2016 https://aka.ms/GartnerIDaaSMQ2016 Review design considerations for your hybrid Azure AD https://aka.ms/HybridAzureADConsiderations

32 Monday 02:15: BRK2139 Protect your business and empower your users with cloud Identity and Access Management Tuesday 12:30: BRK3107 Connect your on-premises directories to Azure AD and use one identity for all your apps 02:15: BRK3225 Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune 04:30: BRK3109 Deliver management and security at scale to Office 365 with Azure Active Directory Wednesday 09:00: BRK3111 Manage productivity at scale with Azure Active Directory 11:30: BRK2210 Learn how Unilever modernized IT with Azure Active Directory at the core 02:15: BRK3139 Throw away your DMZ – Azure Active Directory Application Proxy deep-dive 04:00: BRK3181 Secure your web applications with Microsoft identity Thursday 09:00: BRK3252 Use managed domain services on Microsoft Azure 12:30: BRK3182 Secure your native and mobile applications with Microsoft identity and application management 02:15: BRK3110 Respond to advanced threats before they start - identity protection at its best! 04:00: BRK3179 Modernize your app’s consumer identity management with Azure AD B2C 04:30: BRK2067 Manage access to SaaS Applications With Azure Active Directory Friday 09:00: BRK3074 Discover what’s new in Active Directory Federation and Domain Services in Windows Server 2016 10:45: BRK3108 Share corporate resources with your partners using Azure AD B2B collaboration 12:30: BRK3330 Join your Windows 10 devices to Azure AD for anywhere, anytime productivity

33 MANAGE ACCESS AT SCALE @kbrintkeith Keith Brintzenhofe @_nitika_gupta Nitika Gupta

34

35

36

37

Download ppt "BRK3111. Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale."

Similar presentations

Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Harris Schneiderman Account Manager Kloud Solutions.

Harris Schneiderman Account Manager Kloud Solutions.
Windows Azure Conference 2014 Windows Azure AD – All about WAAD & integration with on- premises AD.

Windows Azure Conference 2014 Windows Azure AD – All about WAAD & integration with on- premises AD.
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Alessandro Cardoso Microsoft MVP | Readify National Manager |

Alessandro Cardoso Microsoft MVP | Readify National Manager |
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows Infra @MaccaMSOz.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Access resources in a federation partner organization.

Access resources in a federation partner organization.
James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.

James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.
User and Device Management

User and Device Management

Similar presentations

Ads by Google