Presentation is loading. Please wait.

Presentation is loading. Please wait.

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Published byMervin Morgan Modified over 5 years ago

Similar presentations

Presentation on theme: "11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN."— Presentation transcript:

1 11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 11/15/2018 3:42 AM Secure access to Office 365/Azure Active Directory with new features in AD FS in Windows Server 2019 and Azure AD password protection BRK3226 Anand Yadav © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Choosing the right sign-in

4 Choosing the right sign-in
Password hash synchronization (PHS) Pass- through Authentication (PTA) Active Directory Federation Service (AD FS) Authentication in cloud Password hash is synced to Azure Username + Password WIA with Seamless SSO Authentication in cloud + on-premises agent Username + Password WIA with Seamless SSO On-premises authentication Username + Password, WIA, samAccountName, Certificate, Smart-Card

5 Users actively use AD FS to sign-in to Azure
71+million Users actively use AD FS to sign-in to Azure

6 High availability hybrid auth in Azure

7 On-premises only AD FS On-premises AD FS + WAP User On-premises
AD FS Infrastructure

8 On-premises only AD FS On-premises AD FS + WAP User On-premises
AD FS Infrastructure

9 AD FS in Azure On-premises Azure https://aka.ms/AdfsInAzure
11/15/2018 3:42 AM AD FS in Azure VPN / Express Route On-premises Azure AD FS + WAP AD FS + WAP AD FS + WAP On-premises AD FS Infrastructure Azure Traffic Manager AD FS Infrastructure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Securing organizational resources

11 Securing organizational resources
Operations Admin access Users MFA Privileged Access Workstations Privileged Identity Management Extranet lockout / Extranet Smart lockout MFA for external access Stronger passwords Connect Health Audit logs Lock-down network

12 Demo: Extranet Smart Lockout – More secure more productive

13 Stay ahead with Connect Health for AD FS

14 360º view of your sign-ins on-premises
Continuous infrastructure health monitoring Critical alerts notifications Application usage analytics Performance trend analysis Bad password attempts report Risky-IP report

15 Risky IP Report

16 Strong passwords with Azure AD password protection

17 The threats are real, global, and target all of us
1.29 Billion Authentications blocked in August 2018

18 81% of data breaches involved weak, default, or stolen passwords
11/15/2018 3:42 AM 81% of data breaches involved weak, default, or stolen passwords © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Common Passwords Attempted in Password Spray Attacks
Spring 2018 Summer September 1234 Winter Football Your Company Name

20 Azure AD Password Protection
Power of Azure – in cloud and on-premises Powered by Azure Intelligence from monitoring billions of authentication attempts every day Custom list Define custom list of weak strings for your organization Protect users on-premises Simple deployment on-premises to leverage the Azure logic and ensure stronger passwords

21 52% As high as weak passwords were found and blocked by
Azure AD Password Protection

22 Under the hood Password change Normalization Strength check
Allowed / Blocked All password change or reset events are processed by Azure AD Password Protection Normalize the passwords for general transformations, like ‘0’ for ‘O’ and ‘!’ for an ‘i’ Password strings are checked to ensure they have enough score to be considered as a strong password Based on the normalization and strength check, password is allowed / blocked

23 Locked down network access
Audit Mode No internet Internet connectivity DC + DC Agent Server + Proxy Agent Azure DC + DC Agent

24 Locked down network access
Enforced No internet Internet connectivity DC + DC Agent Server + Proxy Agent Azure DC + DC Agent

25 Demo Stronger passwords with Azure AD password protection

26 Azure AD Password Protection
Cloud intelligence to ensure strong passwords Dynamic banning of passwords based on known bad patterns and those you define. Built for hybrid environments. Built for secure no-internet zone domain controllers Unified admin experience for on-premises and cloud. Support for multi-forest environment High availability architecture

27 Please evaluate this session Your feedback is important to us!
11/15/2018 3:42 AM Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: Go to the website: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN."

Similar presentations

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows Infra @MaccaMSOz.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Access resources in a federation partner organization.

Access resources in a federation partner organization.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD

Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity; What you need to know to be in the Microsoft Cloud

Identity; What you need to know to be in the Microsoft Cloud
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Implementing and Managing Azure Multi-factor Authentication

Implementing and Managing Azure Multi-factor Authentication
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
Enterprise Security in Practice

Enterprise Security in Practice
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Four common problems to avoid with your AD FS environment

Four common problems to avoid with your AD FS environment
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud

Similar presentations

Ads by Google