Presentation is loading. Please wait.

Presentation is loading. Please wait.

Manage and secure identities in a cloud and mobile world

Published byNickolas Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "Manage and secure identities in a cloud and mobile world"— Presentation transcript:

1 Manage and secure identities in a cloud and mobile world
4/26/2017 8:51 PM Manage and secure identities in a cloud and mobile world © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 What we will discuss Secure single sign-on to apps
Unify identity across on-premises, hybrid, and cloud for better SSO Protect identity and take action to stop threats

3 Mobile and Cloud: challenging security paradigms
61% of workers mix personal and work tasks in their devices* >80% of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs** >70% percent of network intrusions exploited weak or stolen credentials *** * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** *** Verizon 2013 data breach investigation report

4 Identity everywhere IT Users Devices Apps Data Employees Customers
Business Partners

5 Identity as the control plane
Build 2012 4/26/2017 Identity as the control plane Simple connection Self-service Single sign-on Other Directories Windows Server Active Directory On-premises ••••••••••• Username SaaS Azure Microsoft Azure Active Directory Office 365 Public cloud Cloud

6 Azure Active Directory momentum
Microsoft’s “Identity Management as a Service (IDaas)” for organizations Azure Active Directory supports identity across Azure, Office 365 and 3rd party clouds Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B) 86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI) Azure AD manages identity data for >7 M organizations More than 500 M user accounts on Azure Active Directory 1 Trillion Azure AD authentications since the release of the service >35k Third party applications used with Azure AD each month >1 Billion authentications every day on Azure AD 6 Copyright (c) 2015 Microsoft Corporation

7 Scenario #1 Secure single sign-on to apps

8 Customer story: Whole Foods
4/26/2017 8:51 PM Customer story: Whole Foods Challenge Only certified organic grocer in the world Inventory maintenance includes perishables Many local suppliers with different systems Solution One site at MyApps for all applications Empower users with secure self-service Offer catalog, custom and API app authentication Approach Publish applications for single sign-on with MFA © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Your applications across cloud and on-premises
Windows Server Management Marketing 4/26/2017 Your applications across cloud and on-premises 2500+ pre-integrated popular SaaS apps Bring Your Own SaaS app Access internal apps via Azure AD SaaS apps Microsoft Azure Active Directory Other directories © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Azure Active Directory Application Proxy
4/26/2017 8:51 PM Azure Active Directory Application Proxy Microsoft Azure Active Directory A connector that auto connects to the cloud service. Multiple connectors can be deployed for redundancy, scale, multiple sites and different resources. Connectors are deployed usually on corpnet next to resources. Users connect to the cloud service that routes their traffic to the resources via the connectors. Application Proxy DMZ Corporate Network Connector Connector Resource Resource Resource © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Azure Multi-Factor Authentication
MFA is A trusted additional method of authentication that offers more security with a phone call, app, or SMS MFA does Prevents unauthorized access to on-premises and cloud apps with additional authentication required MFA offers Very flexible enforcement with user, device, or per app to reduce compliance risks

12 Demo Task Steps Result Publish apps for SSO in MyApps
4/26/2017 8:51 PM Demo Task Publish apps for SSO in MyApps Steps Under “Applications” in Azure AD add an app Choose a catalog application Choose a custom application Choose an on-premises application Enable MFA under conditional access Result Securely publish any app in MyApps, one place © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Making the scenario successful
4/26/2017 8:51 PM Making the scenario successful Tip #1 Using Azure AD Application Proxy optionally enables TLS/SSL and MFA for your on-premises apps Tip #2 You can publish multiple versions of the same app (i.e. Twitter–Personal, Twitter–Business) Tip #3 Azure AD provides both authentication and user provisioning to key SaaS applications © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Scenario #2 Unify identity across on-premises, hybrid, and cloud for better SSO

15 Customer story: Sainsbury’s
4/26/2017 8:51 PM Customer story: Sainsbury’s Challenge 7K corporate and 100K mobile employees Identity today complex and highly-customized High help desk costs for IAM self-service Solution Intelligently provision users based on role Enable Office 365 for mobile employees Use MFA to protect self-service Approach Hybrid identity, on-premises connected to cloud © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Microsoft’s IAM solution
Third-party apps and clouds Modern identity management system Spans cloud and on-premises Provides full spectrum of services Federation Identity management Device registration User provisioning Application access control Data protection The combination of Windows Server Active Directory, Microsoft Identity Manager, and Microsoft Azure Active Directory enables better security for today’s hybrid enterprise. Microsoft Cloud Apps in Azure AAD App Proxy Azure AD Connect Microsoft Identity Manager Apps on premises

17 1 2 Inside Outside Microsoft Azure Active Directory User
4/26/2017 1 Users sign in from any device using their existing username/password. User 2 Users must also authenticate using their phone or mobile device before access is granted. Cloud Apps Multi-Factor Authentication service On-premises apps .NET, Java, PHP… RADIUS LDAP IIS RDS/VDI SAML Microsoft Azure Active Directory Multi-Factor Authentication Server + ADFS Windows Server Active Directory or other LDAP Inside Outside © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Protect your sensitive applications and resources
User attributes User identity Group memberships Auth strength (MFA) Devices Authenticated MDM Managed (Intune) Compliant with policies Not lost/stolen Application Per-service Managed client app Conditional access control Other Inside corp. network Outside corp. network On-Premises applications

19 4/26/2017 8:51 PM Demo Task Password and group management on premises and in the cloud Steps On premises: discuss password reset with MIM 2016 On premises: discuss group management with MIM 2016 Cloud: password reset with Azure AD Cloud: group management with Azure AD Cloud: enroll in Q&A for password reset Result IAM works on premises and in the cloud easily and securely © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Making the scenario successful
4/26/2017 8:51 PM Making the scenario successful Tip #1 Microsoft Identity Manager 2016 is optional and is included with Azure Active Directory Premium Tip #2 MFA can be used to secure login to MyApps for an extra layer of protection Tip #3 Use Conditional Access to say yes to access and stay compliant as your organization adopts enterprise mobility and cloud © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Scenario #3 Protect identity and take action to stop threats

22 Customer story: Real Madrid C.F.
4/26/2017 8:51 PM Customer story: Real Madrid C.F. Challenge 450 million fans interact worldwide Fans expect an interactive, branded experience Moderate adoption of Microsoft technology Solution Scale identity in an intelligent cloud Connect fans through social with a Windows app Leverage machine-learning, etc. for security Approach Use Azure AD security reporting and take action © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Securing identities Cloud App Discovery Privileged Identity Management
Conditional access Advanced security reporting Identity protection SSO + MFA

24 Microsoft Advanced Threat Analytics
Detect threats fast with behavioral analytics No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning. Adapt as fast as your enemies ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. Focus on what is important fast using the simple attack timeline The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and-how” of your enterprise. It also provides recommendations for next steps. Reduce the fatigue of false positives Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.

25 How Microsoft Advanced Threat Analytics works
Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce Abnormal behavior Anomalous logins Remote execution Suspicious activity Unknown threats Password sharing Lateral movement

26 4/26/2017 8:51 PM Demo Task Use Azure AD reporting and ATA to take action against security incidents Steps Review (3) Azure AD security reports Block suspicious activity at the user and auth levels Determine the origin of a security incident in ATA Analyze user activity in ATA Analyze host activity in ATA Result Reduce the time-to-action for security incidents © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Making the scenario successful
4/26/2017 8:51 PM Making the scenario successful Tip #1 Azure AD offers a reporting API to export security incident information Tip #2 Advanced Threat Analytics is included with the Enterprise Mobility Suite Tip #3 Once you have identified key SaaS apps in use, quickly turn them into managed, secured apps with a couple of clicks © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 What we discussed Secure single sign-on to apps
Unify identity across on-premises, hybrid, and cloud for better SSO Protect identity and take action to stop threats

29 Next steps To explore To do Q&A Try Enterprise Mobility now
4/26/2017 8:51 PM Next steps To explore Try Enterprise Mobility now To do Rate the session Q&A Manage and secure identities in a cloud and mobile world © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 4/26/2017 8:51 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Manage and secure identities in a cloud and mobile world"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.

Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Empowering Your Users-Security & Mobility Bil Martin 1.

Empowering Your Users-Security & Mobility Bil Martin 1.
$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows Infra @MaccaMSOz.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Marin Frankovic Datacenter TSP

Marin Frankovic Datacenter TSP

Similar presentations

Ads by Google