Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe.

Published byRosamond Taylor Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe."— Presentation transcript:

1 Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe

2 Cloud, Desktop and BYOD “Access from anywhere with anything” By Erik Notermans

3

4 The Cloud Is a very public place Everyone knows where your front door is Everyone knows what your username is Email address, just like Facebook! Just one password away from access! What is your identity worth?

5 It is not Rocket Science I know that Dell use Salesforce CRM (source: Salesforce.com) I know the format of Dell emails is firstname.lastname@dell.com (source: my inbox) I know that Michael Dell is CEO (source: Wikipedia) Just one password away from access ????? Cloud means all access is remote access

6 It is not Rocket Science I know that DuPont use O365 http://www.microsoft.com/en-gb/office365/nowonoffice365.aspx I know the format of DuPont’s emails is firstname.lastname@dupont.com http://www.email-format.com/d/dupont.com/ I know that Ellen Kullman is CEO (source: DuPont.com) Just one password away from access ????? Cloud means all access is remote access The office building is no longer a perimeter defence

7 Virtual Desktop Data stays in network Performance advantages Security Advantages Ipads etc go missing! Browser-based access, multiple device/OS support. However, very high level of access Lots of benefits for the “good citizen” Not quite so good if a bad-guy gets in VDI turns your corporate desktops into a cloud service Available to anyone and anywhere with the right credentials Albeit a private cloud

8 Bring Your Own Device What can it mean More remote access, because people will want to bring and take their own device. Corporate data accessed from personal machines Bring your own malware Bring your own operating system Bring your own device capabilities Bring any device (BAD!) What does that mean for your authentication system?

9 Practical problems with password re-use Twitter; Feb 2013: 250,000 passwords hacked LinkedIn; June 2012: 6.4 million passwords released Facebook; January 2012: 50,000 accounts hacked Facebook; 600,000 fraudulent login attempts everyday Sega; June 2011, 1.29 million account details stolen Sony; April 2011, 100 million accounts suffered data theft Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials. (http://www.bbc.co.uk/news/technology-13829690)

10 Practical problems with password re-use

11 Corporate Data Personal Machines Facebook in one window, OWA in the other. Same password in both? Mixed environment Is your corporate identity your social identity? What other cloud applications are your employees using ?

12 Password Vulnerability Passwords are particularly vulnerable because they are static. The same for every authentication We all have so many… we reuse them 1.123456 2.2345 3.123456789 4.Password 5.Iloveyou 6.Princess 7.Rockyou 8.1234567 9.12345678 10.abc123 Rock You 2009 1.link 2.1234 3.work 4.god 5.job 6.12345 7.angel 8.the 9.ilove 10.sex LinkedIn 2012 1.5!uE2)~8 2._34:7eW 3.$W2Nc 4.Y:l3} 5.GQNu>5$+wj 6.L*uC}n&"2Ic5V1 7.!-5$Bu0^ 8.P1^&5ux( 9.[><c@2I=g 10.dn9f7#x2}/&W.)+VR'&K Strong Passwords

13 Hacking Tools

14 Cloud, Desktop and BYOD Best Practice = Strong Authentication

15 Bring Your Own Operating System Sensible BYOD will have some boundaries An authentication system that works with all operating systems (fixed and mobile) Cannot rely on installed clients, flash etc. Flexible user challenge-response, based on the application or device

16 How to add additional authentication to Office 365 Configure your O365 Domain to use ADFS Federation is your friend. User have to authenticate to YOU not Microsoft You retain control of credentials You can have your own login page

17 Microsoft Endorsement “Microsoft Office 365 is live with customers for 2FA integration and only officially support two vendors. RSA and Swivel” Steve Patrick

18 O365 ADFS ADFS Proxy ADFS Proxy External User External User Internet Active Directory Active Directory ADFS Server ADFS Server Internal User Internal User Office 365

19 Internal User Internal User Applications of Swivel: Cloud ADFS Proxy ADFS Proxy External User External User Internet Swivel filter Swivel filter Active Directory Active Directory ADFS Server ADFS Server Swivel Office 365

20 Browser-based Image authentication: Delivered in browser, every device has a browser.

21 Adding PINsafe

22 PINsafe protocol 5 7 2 4 1 3 6 9 One-Time Code Security String PIN stays the same changes for every authentication attempt Different every time Strong Authentication 5 1 7 3 9 2 0 6 4 8 1 2 3 4 5 6 7 8 9 0

23 Device options: Browser Image and PINsafe: PINpad challenge uses a 10 digit security string, and the grid can be displayed in any design Credential different every time User uses the mouse to click on their PIN number. Transmitted number is an OTC. Defence against brute-force and other automated attacks

24 VPNWebCloudDesktop Mobile AppWebSMSTelephony Core User enters the correct response to authenticate The core platform sends users a challenge The Swivel Approach Anything anywhere with anything (subject to policies of course)

25 Desktop Telephony VPNWebCloud Mobile AppWebSMS Core Adding a Device (factor) If the challenge can only be received on one device or the response only sent from one device, we have 2-factor authentication

26 Using Two-Factor SMS: Every mobile device can send or receive SMS.

27 Using Two Factor Mobile app.: Works on even basic smartphones. Lightweight.

28 Applications of Swivel: VPN SSL VPN IPSec RADIUS XML API AD Integration Swivel Knowledge Base: kb.swivelsecure.com/integrations

29 Applications of Swivel: VPN

30 Applications of Swivel: Web applications Web: Swivel can secure any web site Browser agnostic Pre-built solutions for IIS and ISA OWA, Sharepoint

31 Applications of Swivel: Web applications SharePoint: SharePoint Flexible deployment on SharePoint Applications Creates ‘Claims Token’ SharePoint service protected by.NET http filter

32 Swivel Alternative A single authentication platform to meet all your needs Cloud, On-Premise, VPN, Virtual Desktop Strong and Two-factor authentication as appropriate Tokenless Easy to manage Easy to work with changing userbase*

33 Questions?

Download ppt "Authentication for Office 365 Erik Notermans Country Manager Central and Northern Europe."

Similar presentations

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
McAfee One Time Password

McAfee One Time Password
Implementing and Administering AD FS

Implementing and Administering AD FS
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
S ECURITY M ADE S IMPLE Technology leader in modern two-factor authentication via SMS Morten Skovsgaard Sales Manager 21 19 21 49

S ECURITY M ADE S IMPLE Technology leader in modern two-factor authentication via SMS Morten Skovsgaard Sales Manager
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution

Similar presentations

Ads by Google