1. Azure AD
Simon May
Technical Evangelist

2. Identity considerations: Cloud, Sync or Federated?
7/15/2019
Identity considerations: Cloud, Sync or Federated?
SaaS Apps
Resources in other businesses or identity realms
Cloud identity provides a solution where all identity resides in the cloud  
Active Directory
Identity sync enables customers to bridge their existing identity into the cloud
Federated identity allows customers to retain all authentication on-premises
B2B federated identity allows customers to securely share and collaborate with each other
Active Directory  
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Common Identity with Sync and Federation
7/15/2019
Common Identity with Sync and Federation
Active Directory
Synchronization
Active Directory
Identity Sync with password hash sync
User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory
*Write back of attributes to support cloud first and co-existence
Federation
Active Directory
Active Directory
Identity Sync
AD FS
User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory
AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication
*Coming Soon
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. Azure AD Sync Service Demo

5. Monitor and protect access to enterprise apps
Windows Server Management Marketing
7/15/2019
Monitor and protect access to enterprise apps
Built-in security features, like “you cant be in two places at once”.
XXXXX
XXXXX
Security reporting that tracks inconsistent access patterns, analytics and alerts.
Ensure secure access by enabling MFA
XXXXX .
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Azure MFA Demo

7. Self-service experiences in the cloud
7/15/2019
Self-service experiences in the cloud
Users can manage access requests through self-service group management
Users can edit their profile details to update and add missing information
SaaS Apps
Active Directory
Users can easily access the SaaS apps they need, using their existing Active Directory credentials.
Self Service Password change and reset for cloud users
Leverage existing investments in Active Directory for a single set of user credentials
Active Directory
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Selection of pre-integrated SaaS apps
Build 2012
7/15/2019
Selection of pre-integrated SaaS apps
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Example Workload: Single sign-on to 1500+ SaaS Apps
When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory
Directory Sync
Sync with password hash sync
Active Directory
Active Directory
SaaS App
Sync without password hash sync
Active Directory Federation Services
Cloud Identity
A user with a cloud only identity can sign in to the SaaS app using their Azure Active Directory credentials
When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory
Federated Identity

10. SaaS Apps Demo

11. What makes it different?
Simple
Azure AD (AD FS) Pre-Auth
Single Sign-on from myapps.Microsoft.com
No Certificate Requirements **

12. Azure App Proxy Architecture
443
SSL

13. Azure App Proxy Demo

14. Connectors
443
SSL
443
SSL
443
SSL
443
SSL

15. More Info

16. More Events