Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation.

Published bySabina Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation."— Presentation transcript:

1 Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation

2

3

4

5

6

7 demo Location based classification Automatic content based classification Data Classification demo

8 x 50 Country 50 Groups Department x 20 1000 Groups Sensitive 2000 Groups!

9 demo Country based central access rule Expression based ACL demo

10 User claims User.Department = Finance User.Clearance = High ACCESS POLICY Applies to: @File.Impact = High Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True) Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High AD DS 10 File Server

11 demo Country based central access rule Central Access Policy with user claims

12 Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims

13 No conditional expressions Using groups with conditional expressions Using user claims

14

15

16

17 demo Automatic Rights Management Protection

18

19 DCT Database 4. Report 1. Import 2. Export 3. Deploy OOB Knowledge Scale (#File Servers) Hybrid Environment Staging File Server Production File Servers Windows 2008 R2 Windows 2012 Collect Domain Controller (Active Directory) Management Client

20

21

22

23 An attempt was made to access an object. Subject: Security ID:CONTOSODOM\alice Account Name:alice Account Domain: CONTOSODOM Logon ID:0x3e7 Object: Object Server:Security Object Type:File Handle ID:0x8e4 Resource Attributes: S:AI(RA;;;;;WD;( “Personally Identifiable Information",TS,0x0,"High"))(RA;;;;;WD;(“Department_23AFE",TS,0x0,“Finance")) Object Name:C:\Finance Document Share\FinancialStatements\MarchEmployeeStmt.xls

24 demo Expression Based Auditing

25 Event collected to central repository for analysis and reporting Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims

26

27 DAC Partners

28

29 Department x 50 x 20 Country Sensitive ACCESS POLICY Applies to: @File.Impact = High Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True) StealthAUDIT® for Windows Server 2012 Dynamic Access Control http://www.stealthbits.com/

30 Identify where groups are being used and who owns them Clean Up, Consolidate & Secure Conditional Permissions Central Access Policies & Claims Impact Analysis & Group Reduction Apply, Lock Down & Maintain Discover your environment Design new security model Implement ®

31 http://www.jijitechnologies.com/dynamic-access-control-effective-permission-report.aspx

32

33 Data Loss Prevention http://www.ca.com/us/data-security-solutions.aspx http://www.dynamicaccesscontrol.com http://www.websense.com/content/ data-security-overview.aspx CA DataMinder dg classification

34 Data Loss Prevention Dynamic Access Control Dynamic Content Classification and Control 1: Create2: Analyze3: Classify4: Tag5: Enforce

35 CA Technologies Content-Aware Identity & Access Management Control identity, control access and control information CA DataMinder discovers, classifies and controls information Controls Collaboration & File Sharing Environments SharePoint 2010 – March 2012 Windows Server 2012 Dynamic Access Control – July 2012 Delivers precise & fine-grained access control Copyright © 2012 CA. All rights reserved. No unauthorized copying or distribution permitted.

36 Supercharge DAC with automated file classification Enables accurate automated file classification enterprise-wide with both attribute-based and content-based classification Deeply integrated with Windows Server 2012. dg classification can also be used to fuel powerful Governance, Compliance and Archiving solutions For more information visit us at Booth 230 (Orlando) / PP17 (Amsterdam) or at www.dynamic-access-control.com A leader in automatic file classification

37 http://www.gigatrust.com Dynamic Policy Enforcer

38 FCI  CLASSIFY  PROTECT D YNAMIC P OLICY P ROTECTOR Windows 8 Server D YNAMIC P OLICY M ODULE Desktop 4 4 1 1 2 2 2 2 3 3 4 4 1 1 AD Admin Center Access Policies Claims Properties Dynamic Access Control USE LICENSE 3 3 Legend: User Claims Resource Properties Access Policy GigaTrust Product Component GigaTrust Contact: ppainter@gigatrust.com AD RMS Windows 8 Server static

39 http://www.nextlabs.com/html/?q=microsoft_solutions http://www.titus.com/ http://www.axiomatics.com/dynamic-access- sddl-xacml-windows-server-2012 Titus Metadata Security for SharePoint Control Center for Windows Server 2012 Dynamic Access Control Axiomatics Policy Server

40

41 Windows Server 2012 Active Directory Windows Server 2012 File Server End User Microsoft SharePoint 2010 Access Policy ? ?

42 Policy AuthorFile Server Active Directory User 1. Author policy & export to AD 2. Convert XACML to SDDL & import 3. Push out imported rules based on group policy 4. Access files 5. Check access based on rules previously defined in APS Axiomatics Policy Server (APS)

43 http://www.emc.com/security/rsa-netwitness.htm RSA NetWitness

44

45 Enterprise-wide visibility into server and application health

46

47

48

49 In Summary…..

50 Reduce group complexity

51 Simplify access control

52 Implement effective access control

53 SIA 207 – Windows Server 2012 Dynamic Access Control Overview SIA 341 – Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA 316 – Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA21-HOL – Using Dynamic Access Conrol to Automatically and Centrally Secure Data in Windows Server 2012 SIA02-TLC – Windows Server 2012 Active Directory and Dynamic Access Control Find Me Later At the Windows Server booth

54 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

55 Evaluations http://europe.msteched.com/sessions Submit your evals online

56

57 Resource 1 Resource 2 Resource 3 Resource 4 Required Slide *delete this box when your slide is finalized Track PMs will supply the content for this slide, which will be inserted during the final scrub.

Download ppt "Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation."

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Dynamic Access Control Deep Dive Siddharth Bhai Program Manager, Active Directory Microsoft Corporation Matthias Wollnik Program Manager, File Server Microsoft.

Dynamic Access Control Deep Dive Siddharth Bhai Program Manager, Active Directory Microsoft Corporation Matthias Wollnik Program Manager, File Server Microsoft.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;

? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.

Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.

Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Understanding Active Directory

Understanding Active Directory
What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.

What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.

Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.

Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Upgrading the Platform - How to Get There!

Upgrading the Platform - How to Get There!
Active Directory and Dynamic Access Control Pete Calvert

Active Directory and Dynamic Access Control Pete Calvert
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Similar presentations

Ads by Google