Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ensure users have the right access with Azure Active Directory

Published byEmma Schmid Modified over 6 years ago

Similar presentations

Presentation on theme: "Ensure users have the right access with Azure Active Directory"— Presentation transcript:

1 Ensure users have the right access with Azure Active Directory
11/22/2018 2:33 AM BRK3013 Ensure users have the right access with Azure Active Directory Joseph Dadzie and Mark Wahl Azure AD Program Management © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Microsoft Azure Active Directory
How much control do you have over access? Resources in Azure Microsoft Azure Active Directory On-premises applications On- premises

3 What’s needed for Governance, Risk Management & Compliance
11/22/2018 2:33 AM What’s needed for Governance, Risk Management & Compliance Who has/should have access to what resources? 01 What are they doing with that access? 02 Are there effective organizational controls for managing access? 03 Can auditors verify that the controls are working? 04 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Critical access questions IT cares about
11/22/2018 2:33 AM Critical access questions IT cares about How do I ensure appropriate access to my cloud and on- premises apps? ACCESS CONTROL How do I know what apps are used in my environment? SHADOW IT VISIBILITY/REPORTING How do I know who is using which cloud apps? How do I efficiently comply with regulatory constraints to data access? COMPLIANCE AWARENESS Are my users aware of policies related to app and data access? How do I prevent data leakage? DATA PROTECTION THREAT PROTECTION How do I know if my users or their access have been breached? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Ensuring compliance with business policies
11/22/2018 2:33 AM Ensuring compliance with business policies Who should be allowed access and under which conditions? Use Cloud App Security for visibility Use Conditional Access policies to further restrict access For users who are allowed access, how do you ensure they are aware of their obligations? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Azure AD feature - Terms of use (preview)
11/22/2018 2:33 AM Azure AD feature - Terms of use (preview) NEW Configure, enforce, audit compliance ​Configure a terms of use by uploading a PDF document Target to users, groups or applications using conditional access​ Enforce acceptance of terms for users in scope Optionally configure multiple policies, for different business needs Audit events show who accepted / which terms / when Create a Terms of Use Enforce at Sign-In Users consent Review audit reports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Demo

8 Terms of use in conditional access policies
Risk CONFIDENTIAL SALES APP High Medium Low USER Health: Fully patched Config: Managed Last seen: London, UK HBI Role: VP Marketing Group: Executive Users Client: Mobile Config: Corp Proxy Location: London, UK Last Sign-in: 5 hrs ago Require sign on with MFA Require user agreed to Terms of use CONDITIONAL ACCESS POLICY h User is a member of a sensitive group. Application is classified High Business Impact. Allow access

9 Ensuring appropriate access to resources
11/22/2018 2:33 AM Ensuring appropriate access to resources How do you determine who should still have access? What about guests or contractors that were given ad-hoc access? How should the decision-makers be involved in the process? What aspects of the processes should be automated? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Azure AD feature - Access reviews (preview)
11/22/2018 2:33 AM Azure AD feature - Access reviews (preview) NEW Recertify: attest and audit continued access ​Review Office group members, security group members, and users assigned to applications Optionally, scope the reviews to just guests Select reviewers from the resource Group owners Members review their own access Select other specific individuals Create an access review Reviewers give feedback Results applied Review audit reports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Demo

12 How you can use Azure AD access reviews
11/22/2018 2:33 AM How you can use Azure AD access reviews Users asked to justify their need for application access Office group owners review their groups’ memberships Use alongside Office group expiration (also in preview) Clean up unneeded guest access to applications Ensure on-premises groups have only authorized members © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Managing privileged access
11/22/2018 2:33 AM Managing privileged access What about access for IT personnel who manage applications? What happens when guests or contractors need to manage? How do you make sure they only have access when needed? What are the best practices for Azure? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Azure AD Privileged Identity Management
Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time access Optionally leverage per-role approval workflows Attest admin role membership with access reviews Visibility through alerts and audit reports Ordinary user Global administrator Role privileges expire after a specified interval Ordinary user

15 Demo

16 Azure AD feature - PIM for Azure (preview)
NEW Discover, restrict, and monitor roles in Azure Enforce on-demand, just-in-time access in Azure RBAC Schedule time-limited access with automatic expiration Attest subscription role memberships with access reviews Converged audit view of Azure management activity Ordinary user Resource group Contributor Role privileges expire after a specified interval Ordinary user

17 Demo

18 Partners and ISVs expand breadth of control
11/22/2018 2:33 AM Partners and ISVs expand breadth of control Advanced identity governance partners Password reset extension Fine-grained lifecycle for provisioning Access requests and recertification Policy-based workflow and approval Compliance and audit reporting © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Summary Azure AD helps you effectively manage access to resources
11/22/2018 2:33 AM Who has/should have access to what resources? 01 What are they doing with that access? 02 Are there effective organizational controls for managing access? 03 Can auditors verify that the controls are working? 04 Summary Azure AD helps you effectively manage access to resources New Azure AD features in preview Terms of use Access reviews Privileged Identity Management for Azure RBAC Partners complement Azure AD to ensure you have all the tools to securely manage access across your organization’s apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Relevant sessions @ Ignite
11/22/2018 2:33 AM Relevant Ignite BRK2019 Productivity and protection for your employees, partners, and customers with Azure Active Directory Alex Simons Nasos Kladakis BRK3016 Shut the door to cybercrime with Azure Active Directory risk-based identity protection Alex Weinert Nitika Gupta BRK2018 Share corporate resources with your partners using Azure Active Directory B2B collaboration Mary Lynch Sarat Subramaniam Laith Al Shamri BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security Caleb Baker Chris Green BRK3013 Ensure users have the right access with Azure Active Directory Joseph Dadzie Mark Wahl BRK2047 Embrace Office 365 groups Christophe Fiessinger Shilpa Ranganathan BRK2405 Azure security and management for hybrid environments Jeremy Winter © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Please evaluate this session
Tech Ready 15 11/22/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 11/22/2018 2:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Ensure users have the right access with Azure Active Directory"

Similar presentations

Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
From IT Pros to IT Heroes - with Azure DevTest Labs

From IT Pros to IT Heroes - with Azure DevTest Labs
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
THR Using Outlook in Office 365 for Education

THR Using Outlook in Office 365 for Education
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
The power of common identity across any cloud

The power of common identity across any cloud
Virtual Machine Diagnostics in Microsoft Azure

Virtual Machine Diagnostics in Microsoft Azure
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM
8/6/2018 10:17 AM THR2214 Hybrid Cloud Activated A customer case study optimizing on-premises & Azure performance and cost Mor Cohen-Tal Senior Product.

8/6/ :17 AM THR2214 Hybrid Cloud Activated A customer case study optimizing on-premises & Azure performance and cost Mor Cohen-Tal Senior Product.
Microsoft Planner: How to manage your team’s work in Office 365

Microsoft Planner: How to manage your team’s work in Office 365

Similar presentations

Ads by Google