SlideShare ist ein Scribd-Unternehmen logo
1 von 91
Downloaden Sie, um offline zu lesen
David J. Rosenthal, VP & GM, Razor Technology
@AzureAD
Microsoft MTC, NYC
February, 14, 2017
Mobile-first, cloud-first reality
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
63% 0.6%
IT Budget growth
Gartner predicts global IT spend
will grow only 0.6% in 2016.
Shadow IT
More than 80 percent of employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
Enterprise Mobility + Security
The Microsoft vision
Identity Driven Security
Managed Mobile Productivity
Comprehensive Solution
AppsDevices DataUsers
Identity and Access Management from Microsoft and Razor Technology
Azure Active Directory as the control plane
Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaSAzure
Public
cloud
CloudMicrosoft Azure Active Directory
Customers
Partners
37 K
Azure AD
Premium/EMS
users
>110k
third-party
applications used
with Azure AD
>1.3
billion
authentications every
dayonAzureAD
More than
750 M
user accounts on
Azure AD
Azure AD
Directories
>10 M
>85%
of Fortune 500
companies use
Microsoft Cloud
(Azure, O365, CRM
Online, and PowerBI)
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Microsoft’s “Identity Management as a Service (IDaaS)”
for organizations.
Millions of independent identity systems controlled by
enterprise and government “tenants.”
Information is owned and used by the controlling
organization—not by Microsoft.
Born-as-a-cloud directory for Office 365. Extended to
manage across many clouds.
Evolved to manage an organization’s relationships with
its customers/citizens and partners (B2C and B2B).
Identity is the new control plane
Azure Active Directory at the core of your business
1000s of apps,
1 identity
Manage access
at scale
Cloud-powered
protection
Enable business
without borders
"Azure AD Premium makes life simpler
for the business and for employees.
It gives them access to enterprise
applications from any device with a
single sign-on that is secure and reliable.
That is fundamental in increasing the
adoption of cloud technology.”
- Kapil Mehta, Productivity &
Directory Services Manager
1000s of apps,
1 identity
Single sign-on
for SaaS apps
Single
sign-on
for mobile
apps
Support for
lift-and-shift
of traditional
apps to the
cloud
Secure remote
access to
on-premises
app
Connect your
on-premises
identities
to the cloud
"With Azure Active Directory
integrated into Smartsheet,
our employees don’t need to
remember another sign-in.
They can use one credential
to get to all their
applications.”
- Mike Kirkpatrick
Director of Marketing, Ontario
Division, Canadian Cancer Society
“The company uses Microsoft
Azure Active Directory
Premium, another part of
Microsoft EMS, to manage
the authentication of all 1,600
employees to all company
applications. It used Azure AD
Premium to provide SSO
access to a wide number of
applications, including
Concur, Oracle, ADP, and
Meraki, with more to come.”
“We were surprised to see that
90 percent of the SaaS apps
in use at Mattamy were
already endorsed for single
sign-on within Azure Active
Directory Premium”
- Aaron Pais
Vice President of ITl, Mattamy
Homes
Azure Active Directory Connect
and Connect Health
*
MIM
*
Microsoft Azure
Active Directory
HR apps
OTHER DIRECTORIES
PowerShell
SQL (ODBC)
LDAP v3
Web Services
( SOAP, JAVA, REST)
Connect and sync on-premises
directories with Azure Active Directory
1000s OF APPS, 1 IDENTITY
1000s OF APPS, 1 IDENTITY
Web apps
(Azure Active Directory
Application Proxy)
Integrated
custom apps
SaaS apps
OTHER DIRECTORIES
2700+ pre-integrated popular
SaaS apps and self-service integration via
templates
Connect and sync on-premises directories
with Azure
Easily publish on-premises web apps via
Application Proxy + custom apps
Microsoft Azure
DMZ
https://appX-contoso.msappproxy.net/
1000s OF APPS, 1 IDENTITY
Single Sign-on to on-premises applications
Application
Proxy
User
Azure or 3rd Party IaaS
connector
connectorconnector
Microsoft Azure
Active Directory
connector
app app app app
DMZ
https://appX-contoso.msappproxy.net/
1000s OF APPS, 1 IDENTITY
Access even more on-premises web applications
Application
Proxy
User
Azure or 3rd Party IaaS
connector
connectorconnector
Microsoft Azure
Active Directory
connector
app app app app
Other LoB
apps
A mobile authenticator application for all platforms
1000s OF APPS, 1 IDENTITY
Converges the existing Azure Authenticator and all
consumer Authenticator applications.
MFA for any account, enterprise or consumer and
3rd party : Push Notifications/OTP
Device Registration (workplace join)
SSO to native mobile apps - Certificate-based SSO
Future: Sign in to a device (Windows Hello), app, or
website without a password
Azure
Active Directory
Lift-and-shift on-premises
apps to Azure IaaS
On-premises
Azure AD Connect
Windows Server
Active Directory
Your Azure IaaS
workloads/apps
Azure AD
Domain Services
Your virtual network
Azure
1000s OF APPS, 1 IDENTITY
Your domain controller as a service for lift-and-shift scenarios
Kerberos
NTLM
LDAP
Group Policy
Enable business
without borders
“We give them a username and
password, and they’re able to reset
their own passwords through Azure
Active Directory. This is important,
because we have such a small IT staff.”
- Scott Bentzel
Director of IT
Better connect with
your consumers and
partners
Ease of use
for end users
Anytime,
anywhere
productivity
“The company also chose
Azure Active Directory to
simplify identity management
for vendors and employees.
With Azure Active Directory,
the company provides fast,
highly secure access to
external vendors, cutting
onboarding time from
months to less than a week..”
- Johan Krebbers
IT Chief Technology Officer, Royal
Dutch Shell
“…because we’re now able to
give employees their own
accounts, we can safely and
securely send human
resources documents in
digitized form even if they are
highly confidential, which
eliminates traditional mailing.
- Ryuji Katayama
Department Manager of the IT
Planning Department, Corporate
Strategy Division, Village Vanguard
“We needed to quickly and cost
effectively stand up new IT
infrastructure, including
extranet applications for
thousands of business partners.
Azure Active Directory B2B
collaboration provides a simple
and secure way for partners,
large and small, to use their
own credentials to access
Kodak Alaris systems.”
Manage your account, apps, and groups
Company-branded, personalized
application Access Panel:
http://myapps.microsoft.com
+ iOS and Android Mobile Apps
Integrated end user experiences
Self-service password reset
Application access requests
Integrated Office 365 app launching
ENABLE BUSINESS WITHOUT BORDERS
ENABLE BUSINESS WITHOUT BORDERS
Microsoft Azure
Active Directory
Collaborate with partners:
B2B collaboration
Share without complex
configuration or duplicate users
Partners
of all sizes
You manage
access
“We needed to quickly & cost effectively stand up new IT infrastructure, including extranet applications
for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and
secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.”3,000+ partners
Intune/MDM
auto-enrollment
Azure Active Directory Join makes it possible
to connect work-owned Windows 10 devices
to your company’s Azure Active Directory
Enterprise-compliant services
SSO from the desktop to cloud and
on-premises applications with no VPN
Support for hybrid environments
MDM auto-enrollment
Windows 10 Azure AD
joined devices
ENABLE BUSINESS WITHOUT BORDERS
Enterprise
State Roaming
Superior economics
Identity experience engine
Consumer identity and access
management in the cloud
Cross-platform
Identity management for consumers
“By using Azure Active Directory B2C we were able to build a fully
customized login page without having to build custom code.
Additionally, with a Microsoft solution in place, we alleviated all
our concerns about security, data breaches, and scalability."
- Rafael de los Santos, Head of Digital, Real Madrid
ENABLE BUSINESS WITHOUT BORDERS
Without Azure Active Directory
integrated with our 2,100 customers’
AD databases, we simply could not
manage all the passwords and logon
activities of the many hundreds of
thousands of teachers and students
who make up our customer base.”
- Evan Clark
Founder & CEO
Manage access
at scale
Advanced
user
lifecycle
management
Monitor your
identity bridge
Low IT
overhead
“Without Azure Active
Directory integrated with our
2,100 customers’ AD
databases, we simply could
not manage all the passwords
and logon activities of the
many hundreds of thousands
of teachers and students who
make up our customer base.”
- Evan Clark
Founder & CEO, ClickView
“We want to ensure that we’re
keeping our operating costs as
low as possible to focus our
budget on more productive
areas of the business. With the
help of Azure Active Directory
Premium, I’m managing ten
times the number of SaaS
applications with the same size
team. “
Daniel Birmingham: Identity
Solutions Architect
Whole Foods Market
“We will be able to walk in
with the computers, connect
them to the Internet, and be
done. User identity, SaaS
access management, mobile
device management—all
accessible with a few clicks on
a web-based console.”
- Arvid Johansson
CIO, SATS ELIXIA
Centralized access administration for pre-integrated
SaaS apps and other cloud-based apps
Dynamic groups, device registration, secure business
processes with advanced access management capabilities
Comprehensive identity and access management console
MANAGE ACCESS AT SCALE
IT professional
Provisioning and deprovisioning with customization
options
MANAGE ACCESS AT SCALE
Monitor and gain insights into the identity infrastructure used
to extend on-premises identities to Azure Active Directory and
Office 365.
Monitor:
• The Azure AD Connect sync engine health
• ADFS infrastructure health
• On-premises AD Domain Services health
Cloud-powered
protection
Protect against
advanced threats
Conditional access
to resources
Compliance Reporting
Mitigate
administrative
risks
Identity is the new firewall of the future. We can’t
continue to use our old way of controlling
application access, because business isn’t
happening exclusively in our network anymore.
With Azure Active Directory Premium, we can
stay in control, no matter where our users roam.
Will Lamb: Infrastructure Coordinator
Whole Foods Market
“By deploying Azure MFA the
bank secured access to corporate
data. Also there is no need for the
end user to receive any trainings
or carry additional components
with them, such as tokens. “It was
important for us to increase
security without sacrificing end
user experience. We could
achieve this thanks to Azure
MFA.”
Fikri Bülent Çelik
Technology and Infrastructure
Department Manager, TKFB
With Azure AD Premium, Bristow Group
now has the capabilities for multifactor
authentication; access control
(dependent upon device health and user
location); holistic security reports; audits;
and alerts. Azure Active Directory makes
the work of a busy and mobile workforce
easier, secures data and protects access
to the company’s assets both in the cloud
and on-premises.
- Kapil Mehta
Productivity & Directory Services Manager, Bristow
Group Inc.
“Vetco uses Microsoft Azure
Active Directory Premium (part
of the Microsoft Enterprise
Mobility Suite) to help
safeguard access to data
through multifactor
authentication.”
Conditions
Allow access or
Block access
Actions
Enforce MFA per
user/per app
User, App sensitivity
Device state
LocationUser
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIES
CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY
PROTECTION
Risk
CLOUD-POWERED PROTECTION
CLOUD-POWERED PROTECTION
Text
messages
Phone
calls
Mobile
apps
CLOUD-POWERED PROTECTION
Identity Protection at its best
Risk severity calculation
Remediation recommendations
Risk-based conditional access automatically
protects against suspicious logins and
compromised credentials
Gain insights from a consolidated view of
machine learning based threat detection
Leaked
credentials
Infected
devices Configuration
vulnerabilities
Risk-based
policies
MFA Challenge
Risky Logins
Block attacks
Change bad
credentials
Machine-Learning Engine
Brute force
attacks
Suspicious sign-
in activities
CLOUD-POWERED PROTECTION
Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Security/Monitoring/Reporting
SolutionsNotifications
Data Extracts/Downloads
Reporting APIs
Apply Microsoft learnings to your
existing security tools
Microsoft machine - learning engine
Leaked
credentials
Infected
devices Configuration
vulnerabilities
Brute force
attacks
Suspicious sign-
in activities
CLOUD-POWERED PROTECTION
Discover, restrict, and monitor privileged identities
Enforce on-demand,just-in-timeadministrativeaccess when needed
Provides more visibilitythrough alerts, auditreports and access reviews
Global
Administrator
Billing
Administrator
Exchange
Administrator
User
Administrator
Password
Administrator
CLOUD-POWERED PROTECTION
How time-limited activation of privileged roles works
MFA is enforced during the activation process
Alerts inform administrators about out-of-band changes
Users need to activate their privileges to perform a task
Users will retain their privileges for a pre-
configured amount of time
Security admins can discover all privileged
identities, view audit reports and review everyone
who has is eligible to activate via access reviews
Audit
SECURITY
ADMIN
Configure Privileged
Identity Management
USER
PRIVILEGED IDENTITY MANAGEMENT
Identity
verification
Monitor
Access reports
MFA
ALERT
Read only
ADMIN PROFILES
Billing Admin
Global Admin
Service Admin
CLOUD-POWERED PROTECTION
Removes unneeded permanent
admin role assignments
Limits the time a user has admin
privileges
Ensures MFA validation prior to
admin role activation
Reduces exposure
to attacks
targeting admins
Separates role administration
from other tasks
Adds roles for read-only views
of reports and history
Asks users to review and justify
continued need for admin role
Simplifies
delegation
Enables least privilege role
assignments
Alerts on users who haven’t
used their role assignments
Simplifies reporting on admin
activity
Increases visibility
and finer-grained
control
Microsoft Advanced Threat Analytics
brings the behavioral analytics concept
to IT and the organization’s users.
An on-premises platform to identify advanced security attacks and insider
threats before they cause damage
DETECT ATTACKS BEFORE THEY CAUSE DAMAGE
Behavioral
Analytics
Detection of advanced
attacks and security risks
Advanced Threat
Detection
Discovery
Gain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data control
Shape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protection
Identify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
Integrate with existing security, mobility, and encryption solutions
Azure Information
Protection
Protect your data,
everywhere
Microsoft Cloud App Security
Azure Active Directory
Detect threats early
with visibility and
threat analytics
Advanced
Threat Analytics
Extend enterprise-grade
security to your cloud
and SaaS apps
Intune
Protect your users,
devices, and apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Enterprise Mobility +Security
The Microsoft solution
Transportation, Logistics, Oil-Gas Retail, Hospitality and Travel
HealthConstruction, Professional Services
Government, Banking, Insurance
Education, Nonprofit
• Advanced user lifecycle
management
• Low IT overhead
• Monitor your identity bridge
• Cloud-connected seamless
authentication experience
• Single sign-on to 1000s pre-
integrated apps/ Your own apps
• Secure remote access to on-premises
apps
• SSO to mobile apps
• Support for lift-and-shift to the
cloud
• Control access to resources
• Safeguard user authentication
• Respond to advanced threats with
risk-based policies and monitoring
• Mitigate administrative risks
• Governance of on-premises and
cloud identities
• Ease of use for end users
/Integration with Office
• Cross-organization collaboration
• Any time, any place productivity
with Windows 10
• Support for consumer facing
applications
1000s of apps,
1 identity
Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Cloud-powered
protection
Ensure user and admin
accountability with better
security and governance
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability
Azure Active Directory as the control plane
Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaSAzure
Public
cloud
CloudMicrosoft Azure Active Directory
Customers
Partners
Razor will:
Retain control of sensitive documents locally and
over email
Automatically protect mail containing privileged
information
Ensure files stored in SharePoint are rights
protected
Razor’s Fast Deployment for Enterprise Mobility Suite provides remote deployment assistance for Azure
Active Directory Premium, Intune, and Azure Rights Management Premium.
Azure Rights Management
Premium
Razor will:
Set up users and groups
Enable management of test devices
Optionally connect on-premises Microsoft
System Center Configuration Manager to Intune
for a single pane management experience
Razor will:
Get organizational identities to the cloud
Set up single sign-on for test apps (including
Azure Active Directory Application Proxy apps)
Configure self-service options like password
reset and Azure Multi-Factor Authentication in
the MyApps site
Razor Technology for EMS: Deploy it Right
Now included with all EMS services
Azure Active Directory
Premium
Microsoft Intune
David.Rosenthal@razor-tech.com
Appendix
L300 – more detailed slides
Identity as the control plane
On-premises
Windows Server
Active Directory
Identity as the control plane
On-premises
Windows Server
Active Directory
VPN
BYO
SaaS
Azure
Cloud
Public
cloud
Customers
Partners
Identity as the control plane
On-premises
Windows Server
Active Directory
VPN
BYO
Microsoft Azure Active Directory
Azure
Cloud
Public
cloud
Customers
Partners
Customers
Azure AD as the control plane
On-premises
Partners
Azure
Cloud
Public
cloud
Microsoft Azure Active Directory
BYO
Windows Server
Active Directory
Directory as a service 500,000 object limit No object limit No object limit
No object limit for Office
365 user accounts
User/group management (add/update/delete)/user-based provisioning, device
registration, User-based access management/provisioning, Basic Security/usage reports
Yes Yes Yes Yes
Singe Sign On
10 apps per user (pre-
integrated SaaS and
developer-integrated
apps)
10 apps per user(free
tier + Application proxy
apps)
No limit (free, Basic
tiers +Self-Service
App Integration
templates 1)
10 apps per user (pre-
integrated SaaS and
developer-integrated apps)
Self-service password change for cloud users Yes Yes Yes
Connect (sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes
Premium
+ basic
features
Group-based access management/provisioning – Provisioning customization Yes Yes
Self-service password reset for cloud users Yes Yes Yes
Company branding (logon pages/access panel customization) Yes Yes Yes
Application Proxy Yes Yes
SLA Yes Yes Yes
Premium
features
Self-Service Group and app Management/Self-Service application additions/ Dynamic
Groups
P1,P2
Self-service password reset/change/account unlock with on-premises write-back P1,P2
Advanced usage reporting P1,P2
Multi-factor authentication (cloud and on-premises (MFA server)) P1,P2
Limited cloud only for Office
365 apps
MIM CAL + MIM server P1,P2
Cloud app discovery P1,P2
Automated password rollover P1,P2
Connect Health P1,P2
Conditional Access (User, Application, Location, Device rules) P1,P2
Identity Protection P2
Privileged Identity Management P2
Yes Yes Yes Yes
MDM auto-enrolment, Self-Service Bitlocker recovery, Additional local administrators
to Windows 10 devices via Azure AD Join, Enterprise State Roaming
Yes
Cloud-powered
protection
Manage access
at scale
1000s of apps,
1 identity
Enable business
without borders
• Advanced user lifecycle
management
• Low IT overhead
• Monitor your identity bridge
• Cloud-connected seamless
authentication experience
• Single sign-on
• Bring your own apps
• Secure remote access to on-
premises apps
• Support for lift-and-shift to
the cloud
• Control access to resources
• Safeguard user authentication
• Respond to advanced threats with
risk-based policies and monitoring
• Mitigate administrative risks
• Governance of on-premises and
cloud identities
• Ease of use for end users
• Cross-organization collaboration
• Any time, any place productivity
with Windows 10
• Support for consumer facing
applications
A comprehensive identity and
access management cloud
solution for your employees,
partners, and customers.
It combines directory services,
advanced identity governance,
application access management,
and a rich standards-based
platform for developers. B2E B2B B2C
Azure Active
Directory Connect
ADFS
Sync engine
1000s OF APPS, 1 IDENTITY
Azure Active Directory Connect
Consolidated deployment assistant
for your identity bridge
components.
All currently available sync engines
will be replaced by the sync engine
included in the Connect tool.
Assisted deployment of ADFS will
be available through Azure Active
Directory Connect.
ADFS is an optional component for
authentication in hybrid
implementation. Password sync can
replace ADFS for more scenarios.
DirSync
Azure Active
Directory Sync
FIM+Azure Active
Directory Connector
ADFS
1000s OF APPS, 1 IDENTITY
1st option: Identity + Password (Hash) synchronization
Identity +
Password Hash
synchronization
Azure Active Directory
authenticates user
User
Microsoft Azure
Active Directory
1000s OF APPS, 1 IDENTITY
2nd option: Identity synchronization + ADFS
Identity
synchronization
ADFSAuthentication passed to
Windows Server Active Directory
via ADFS
User
Microsoft Azure
Active Directory
1000s OF APPS, 1 IDENTITY
New option: Identity synchronization + Pass-through authentication with Seamless SSO
Identity
synchronization
Authentication passed to
Windows Server Active Directory
via Pass-through authentication
User
Pass-through
authentication
Microsoft Azure
Active Directory
Seamless
SSO
Pass-through
authentication agent
1000s OF APPS, 1 IDENTITY
Seamless SSO is now enabled for the 1st option, too: Identity + Password (Hash) synchronization
Identity +
Password Hash
synchronization
Azure Active Directory
authenticates user
User
Microsoft Azure
Active Directory
Seamless
SSO
Identity
Synchronization
+ ADFS
1000s OF APPS, 1 IDENTITY
More options than ever!
User
Identity
synchronization
Identity Synchronization +
Pass-through Authentication
+ Seamless SSO
ADFS
Microsoft Azure
Active Directory
Identity
synchronizationSeamless
SSO
Identity +
Password Hash
synchronization
Identity Synchronization +
Password Hash Synchronization+
Seamless SSO
Seamless
SSO
Pass-through
Authentication
User
Contoso Corpnet
Connector
1000s OF APPS, 1 IDENTITY
How it works
User Name
and password
Connector notified
of request
Connector
validates the
credentials
against AD
Token returned to the
user or further proofs
(MFA) are initiated
1 2
34
5
DC returns
result
Connector returns
result
6
Security
Token
Service
Microsoft Azure
Active Directory
Contoso Corpnet
5 User sends ticket to Azure AD STS
1000s OF APPS, 1 IDENTITY
How seamless SSO works with Pass-through authentication and Password hash synchronization
User enters their username1 401 response to get a Kerberos ticket2
User requests a Kerberos ticket3
6 Token returned to the user or further proofs (MFA) are initiated
4 AD returns Kerberos ticket
Security Token
Service
Microsoft Azure
Active Directory
User
Corporate
network
Microsoft Azure
Active Directory
Connectors are deployed usually on
corpnet next to resources
Multiple connectors can be deployed
for redundancy, scale, multiple sites,
and different resources
Users connect to the cloud service
that routes their traffic to
resources via the connectors
A connector that auto-connects
to the cloud service
1000s OF APPS, 1 IDENTITY
DMZ
https://app1-
contoso.msappproxy.net/
Application Proxy
http://app1
1000s OF APPS, 1 IDENTITY
“We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications
for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and
secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.”
3000+ partners
ENABLE BUSINESS WITHOUT BORDERS
Share without complex
configuration or duplicate users
Partners use their own credentials to access
your org
Users lose access when leaving the
partner org
No external directories
No per partner federation
You manage
access
You control partner access in your
directory:
• app assignment
• group membership
• custom attributes
Partners of
all sizes
Bulk invite 1000s at a time
Partners with Azure Active Directory sign
in to accept invite
Other partners simply sign up to
accept invite
ENABLE BUSINESS WITHOUT BORDERS
“I need to let my partners access my company’s apps using their own credentials”
ENABLE BUSINESS WITHOUT BORDERS
Partner
ENABLE BUSINESS WITHOUT BORDERS
Partners use their own
credentials to access your
org
Users lose access when
they leave the partner org
No external directories
No per-partner federation
Partners manage
their own
credentials
You control partner access
in your directory:
• app assignment
• group membership
• custom attributes
Organizations
manage
access
Thousands of bulk invites at
a time
Partners with Azure Active
Directory sign in to accept
invite
Other partners simply sign
up to accept invite
Partners of
all sizes
CLOUD-POWERED PROTECTION
Built-in security
features
Security reporting that
tracks inconsistent
access patterns,
analytics, and alerts
Reporting API
Microsoft Azure Active Directory
Cloud app discovery
Source: Help Net Security 2014
as many Cloud apps are in use
than IT estimates
• SaaS app category
• Number of users
• Utilization volume
Comprehensive
reporting
Discover all SaaS apps in use
within your organization
CLOUD-POWERED PROTECTION
Security reporting that tracks inconsistent
access patterns, analytics, and alerts
Reporting API
Built-in security features
CLOUD-POWERED PROTECTION
Step up to Multi-Factor Authentication
X X X X X
X X X X X
X X X X X
CLOUD-POWERED PROTECTION
A standalone Azure identity and access
management service, also included in
Azure Active Directory Premium
Prevents unauthorized access to both
on-premises and cloud applications by
providing an additional level of
authentication
Trusted by thousands of enterprises
to authenticate employee, customer,
and partner access
CLOUD-POWERED PROTECTION
Text
messages
Phone
calls
Mobile
apps
Users sign in from any device using
their existing username/password.
1
On-premises apps
RADIUS
LDAP
IIS
RDS/VDI
Windows Server
Active Directory or other LDAP
Users must also authenticate
using their phone or mobile
device before access is
granted
2
Microsoft Azure
Active Directory
Multi-factor
authentication
server
Multi-factor
authentication
server
MONITOR AND PROTECT
User
Cloud apps
CLOUD-POWERED PROTECTION
MFA for Office 365/Azure
Administrators
Azure Multi-Factor
Authentication
Administrators can enable/enforce MFA to end users Yes Yes
Use mobile app (online and OTP) as second authentication factor Yes Yes
Use phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (e.g., Outlook, Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Suspend MFA from known devices Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security reports Yes
MFA for on-premises applications/ MFA server Yes
One-time bypass Yes
Block/Unblock users Yes
Customizable caller ID for authentication phone calls Yes
Event confirmation Yes
Trusted IPs Yes
Analyze1
DETECT ATTACKS BEFORE THEY CAUSE DAMAGE
ATA Analyzes all Active
Directory-related traffic and
collects relevant events from
SIEM
ATA Builds the organizational security
graph, detects abnormal behavior,
protocol attacks and weaknesses and
constructs an attack timeline
ATA automatically learns all entities’
behaviors
Learn2 Detect3
CLOUD-POWERED PROTECTION
Reduce risks of excessive access to your organization’s data
Dashboards with insights
Policy driven review workflows for governance decisions
Richer auditing to address compliance reporting needs
Decisions at the business level (self-service)
Apps in
Azure
Third-
party apps
& clouds
Apps on-
premises
World of devices
EMPOWER USERS
HR system
LDAP
Oracle DB
Finance
Web apps
Windows Server
Active Directory
Hybrid
identity
User identities from
multiple repositories
LDAP v3
Windows
PowerShell
Web services
(SOAP, Java,
REST)
Generic SQL
via ODBC
Windows Server
Active Directory
Microsoft Azure
Active Directory
VS.
Microsoft’s IAM solution
Apps in
Azure
Third-party
apps &
cloudsMicrosoft Cloud
Microsoft Identity
Manager
Apps on-
premises
AAD App
Proxy
Spans cloud and on-premises
Provides full spectrum of services
• Federation
• Identity management
• Device registration
• User provisioning
• Application access control
• Data protection
Modern identity management system
The combination of Windows Server Active
Directory, Microsoft Identity Manager, and
Microsoft Azure Active Directory enables
better security for today’s hybrid enterprise.
Microsoft Azure
Active Directory
MANAGE EVERYTHING
Cloud-ready
identities
Powerful user
self-service
Enhanced
security
Automatic preparation of
Active Directory identities for
synchronization with Azure
Active Directory
Password reset with Azure Multi-
Factor Authentication
Dynamic groups with approvals and
redesigned certificate management
Hybrid reporting and privileged
access management to protect
administrator accounts
Support for new security protocols
MANAGE EVERYTHING
Cloud-ready
identities
Powerful user
self-service
Enhanced
security
• Standardized Active Directory attributes
and values
• Partitioned identities for synchronization
to the cloud
• Easier-to-deploy reporting connected to
Azure Active Directory
• Preparation of user profiles for Microsoft
Office 365
• Self-service password reset with Multi-
Factor Authentication
• New REST-based APIs for AuthN/AuthZ
• Self-service account unlock
• Certificate management support for multi-
forest and modern apps
• Privileged user and account discovery
• New Windows PowerShell support and
REST-based API
• Workflow management: elevated just-in-
time administrator access
• Reporting and auditing specific to
privileged access management
MANAGE EVERYTHING
ON-PREMISES HYBRID CLOUD
Managed: Microsoft System
Center Configuration
Manager
On-premises LOB
applications, traditional
productivity
iOS, Android, Windows
Phone, BYOD
Mobile apps, shadow IT SaaS
solutions
Managed: Microsoft Intune
connected to System Center
Configuration Manager
On-premises LOB applications,
managed SaaS, Office 365
hybrid deployment, Azure
Active Directory
implementation
Deployment of cloud-enabled
rich clients
Managed cloud identities with
Multi-Factor Authentication
Managed by EMS:
Combination of mobile clients
(iOS, Android) and cloud-
enabled clients (Windows 10)
Managed SaaS and Office 365
Enterprise, full Azure IAM
Event - Mobility Event-Win 8.x/10
Microsoft Identity Manager 2016
MANAGE EVERYTHING
MIM
Microsoft Identity
Manager 2016
Azure AD App
Proxy
Azure AD Connect
IAM
On-premises
applications
Microsoft Azure
Active Directory
Microsoft Azure
Username
?
Forgot your password?
User
Cloud
On-premises
applications
•••••••••••••
IT
User’s identity
Self-service
experiences
Microsoft Identity Manager 2016
Collapse directories
Map multiple identities
Transform usernames and
other attributes
UserExisting apps
Existing FIM
Existing AD
forests
WS 2003 or later
User: PRIVJenAdmin
Groups: CORPResource Admins
Refresh after: 60 minutes
Group “Resource Admins”
Privileged access management
AD DS
Microsoft Identity Manager
Configured for PAM
Group: Resource
Admins
Domain: CORP
Candidate: Jen
Time-based
memberships
User “JenAdmin”
Access
requests
Existing trust
Trust for admin access
Access
requests
Deep dive: DirSync, Azure AD, and MIM Sync
DirSync
Azure Active Directory Sync
FIM Sync
(+ Azure Active Directory
Connector)
Azure Active Directory
Connect
MIM Sync
(+ Azure Active Directory
Connector)
Azure Active Directory
Connect
Connect and sync on-
premises directories with
Azure
Azure Active
Directory Connect
Microsoft Azure
Active Directory
Other directories
PowerShell
LDAP v3
SQL (ODBC)
Web services
(SOAP, Java, REST)
Azure Active Directory Microsoft Identity Manager
Password reset/management YES YES
Group management YES, not dynamic YES
Provisioning, deprovisioning NO YES
Certificate management NO YES
Role-based access control NO YES
Deep dive: IAM in MIM vs. Azure Active Directory
Microsoft Identity Manager 2016 is also included with Azure Active Directory Premium, which is
part of the Enterprise Mobility Suite.
Microsoft Enterprise Mobility Suite is the most cost-effective way to acquire all included cloud
services: Azure Active Directory Premium, Azure Rights Management, and Intune.
Purchasing
Microsoft Identity
Manager 2016
Licensed on a per-user basis
Client Access License (CAL) Required for each user whose identity is managed
Windows Server license with active
Software Assurance
Required to use the Microsoft Identity Manager 2016 server software as a
Windows Server add-on
Demo
Cloud-ready
identities
Powerful user
self-service
Enhanced
security
Automatic preparation of
Active Directory identities for
synchronization with Azure
Active Directory
Password reset with Azure Multi-
Factor Authentication
Dynamic groups with approvals and
redesigned certificate management
Hybrid reporting and privileged
access management to protect
administrator accounts
Support for new security protocols
Cloud-ready
identities
Powerful user
self-service
Enhanced
security
• Standardized Active Directory attributes
and values
• Partitioned identities for synchronization
to the cloud
• Easier-to-deploy reporting connected to
Azure Active Directory
• Preparation of user profiles for Microsoft
Office 365
• Self-service password reset with Multi-
Factor Authentication
• New REST-based APIs for AuthN/AuthZ
• Self-service account unlock
• Certificate management support for multi-
forest and modern apps
• Privileged user and account discovery
• New Windows PowerShell support and
REST-based API
• Workflow management: elevated just-in-
time administrator access
• Reporting and auditing specific to
privileged access management

Weitere ähnliche Inhalte

Was ist angesagt?

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Azure conditional access
Azure conditional accessAzure conditional access
Azure conditional accessTad Yoke
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
Azure Active Directory - An Introduction
Azure Active Directory  - An IntroductionAzure Active Directory  - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 

Was ist angesagt? (20)

Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
 
Azure conditional access
Azure conditional accessAzure conditional access
Azure conditional access
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
Azure Active Directory - An Introduction
Azure Active Directory  - An IntroductionAzure Active Directory  - An Introduction
Azure Active Directory - An Introduction
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Azure 101
Azure 101Azure 101
Azure 101
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 

Ähnlich wie Identity and Access Management from Microsoft and Razor Technology

JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner EventVuzion
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
05-Empowering-Enterprise-Mobility-FR.pptx
05-Empowering-Enterprise-Mobility-FR.pptx05-Empowering-Enterprise-Mobility-FR.pptx
05-Empowering-Enterprise-Mobility-FR.pptxAshvin Dixit
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
 
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...Abhishek Sood
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...Amazon Web Services
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SBerry Schreuder
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?Vignesh Ganesan I Microsoft MVP
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access ManagementJarek Sokolnicki
 
Symplified datasheet
Symplified datasheetSymplified datasheet
Symplified datasheetSymplified
 
Microsoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanMicrosoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
 
Module 3 - QuickSight Overview
Module 3 - QuickSight OverviewModule 3 - QuickSight Overview
Module 3 - QuickSight OverviewLam Le
 
Modern productivity solutions for a modern government
Modern productivity solutions for a modern governmentModern productivity solutions for a modern government
Modern productivity solutions for a modern governmentDeneys Minne
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arcrajramab
 
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow UpHybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow UpNicole Bray
 

Ähnlich wie Identity and Access Management from Microsoft and Razor Technology (20)

JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
 
05-Empowering-Enterprise-Mobility-FR.pptx
05-Empowering-Enterprise-Mobility-FR.pptx05-Empowering-Enterprise-Mobility-FR.pptx
05-Empowering-Enterprise-Mobility-FR.pptx
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+S
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access Management
 
Symplified datasheet
Symplified datasheetSymplified datasheet
Symplified datasheet
 
Microsoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanMicrosoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by Atidan
 
Module 3 - QuickSight Overview
Module 3 - QuickSight OverviewModule 3 - QuickSight Overview
Module 3 - QuickSight Overview
 
Modern productivity solutions for a modern government
Modern productivity solutions for a modern governmentModern productivity solutions for a modern government
Modern productivity solutions for a modern government
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arc
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow UpHybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
 

Mehr von David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone  - Calling Made SimpleMicrosoft Teams Phone  - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsDavid J Rosenthal
 

Mehr von David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone  - Calling Made SimpleMicrosoft Teams Phone  - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft Teams
 
What is Microsoft Teams
What is Microsoft TeamsWhat is Microsoft Teams
What is Microsoft Teams
 

Kürzlich hochgeladen

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 

Kürzlich hochgeladen (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 

Identity and Access Management from Microsoft and Razor Technology

  • 1. David J. Rosenthal, VP & GM, Razor Technology @AzureAD Microsoft MTC, NYC February, 14, 2017
  • 2. Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT Budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
  • 3. Enterprise Mobility + Security The Microsoft vision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
  • 5. Azure Active Directory as the control plane Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory Customers Partners
  • 6. 37 K Azure AD Premium/EMS users >110k third-party applications used with Azure AD >1.3 billion authentications every dayonAzureAD More than 750 M user accounts on Azure AD Azure AD Directories >10 M >85% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory Microsoft’s “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
  • 7. Identity is the new control plane Azure Active Directory at the core of your business 1000s of apps, 1 identity Manage access at scale Cloud-powered protection Enable business without borders
  • 8. "Azure AD Premium makes life simpler for the business and for employees. It gives them access to enterprise applications from any device with a single sign-on that is secure and reliable. That is fundamental in increasing the adoption of cloud technology.” - Kapil Mehta, Productivity & Directory Services Manager 1000s of apps, 1 identity Single sign-on for SaaS apps Single sign-on for mobile apps Support for lift-and-shift of traditional apps to the cloud Secure remote access to on-premises app Connect your on-premises identities to the cloud
  • 9. "With Azure Active Directory integrated into Smartsheet, our employees don’t need to remember another sign-in. They can use one credential to get to all their applications.” - Mike Kirkpatrick Director of Marketing, Ontario Division, Canadian Cancer Society “The company uses Microsoft Azure Active Directory Premium, another part of Microsoft EMS, to manage the authentication of all 1,600 employees to all company applications. It used Azure AD Premium to provide SSO access to a wide number of applications, including Concur, Oracle, ADP, and Meraki, with more to come.” “We were surprised to see that 90 percent of the SaaS apps in use at Mattamy were already endorsed for single sign-on within Azure Active Directory Premium” - Aaron Pais Vice President of ITl, Mattamy Homes
  • 10. Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Connect and sync on-premises directories with Azure Active Directory 1000s OF APPS, 1 IDENTITY
  • 11. 1000s OF APPS, 1 IDENTITY Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2700+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure
  • 12. DMZ https://appX-contoso.msappproxy.net/ 1000s OF APPS, 1 IDENTITY Single Sign-on to on-premises applications Application Proxy User Azure or 3rd Party IaaS connector connectorconnector Microsoft Azure Active Directory connector app app app app
  • 13. DMZ https://appX-contoso.msappproxy.net/ 1000s OF APPS, 1 IDENTITY Access even more on-premises web applications Application Proxy User Azure or 3rd Party IaaS connector connectorconnector Microsoft Azure Active Directory connector app app app app Other LoB apps
  • 14. A mobile authenticator application for all platforms 1000s OF APPS, 1 IDENTITY Converges the existing Azure Authenticator and all consumer Authenticator applications. MFA for any account, enterprise or consumer and 3rd party : Push Notifications/OTP Device Registration (workplace join) SSO to native mobile apps - Certificate-based SSO Future: Sign in to a device (Windows Hello), app, or website without a password
  • 15. Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure 1000s OF APPS, 1 IDENTITY Your domain controller as a service for lift-and-shift scenarios Kerberos NTLM LDAP Group Policy
  • 16. Enable business without borders “We give them a username and password, and they’re able to reset their own passwords through Azure Active Directory. This is important, because we have such a small IT staff.” - Scott Bentzel Director of IT Better connect with your consumers and partners Ease of use for end users Anytime, anywhere productivity
  • 17. “The company also chose Azure Active Directory to simplify identity management for vendors and employees. With Azure Active Directory, the company provides fast, highly secure access to external vendors, cutting onboarding time from months to less than a week..” - Johan Krebbers IT Chief Technology Officer, Royal Dutch Shell “…because we’re now able to give employees their own accounts, we can safely and securely send human resources documents in digitized form even if they are highly confidential, which eliminates traditional mailing. - Ryuji Katayama Department Manager of the IT Planning Department, Corporate Strategy Division, Village Vanguard “We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.”
  • 18. Manage your account, apps, and groups Company-branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps Integrated end user experiences Self-service password reset Application access requests Integrated Office 365 app launching ENABLE BUSINESS WITHOUT BORDERS
  • 19. ENABLE BUSINESS WITHOUT BORDERS Microsoft Azure Active Directory Collaborate with partners: B2B collaboration Share without complex configuration or duplicate users Partners of all sizes You manage access “We needed to quickly & cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.”3,000+ partners
  • 20. Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices ENABLE BUSINESS WITHOUT BORDERS Enterprise State Roaming
  • 21. Superior economics Identity experience engine Consumer identity and access management in the cloud Cross-platform Identity management for consumers “By using Azure Active Directory B2C we were able to build a fully customized login page without having to build custom code. Additionally, with a Microsoft solution in place, we alleviated all our concerns about security, data breaches, and scalability." - Rafael de los Santos, Head of Digital, Real Madrid ENABLE BUSINESS WITHOUT BORDERS
  • 22. Without Azure Active Directory integrated with our 2,100 customers’ AD databases, we simply could not manage all the passwords and logon activities of the many hundreds of thousands of teachers and students who make up our customer base.” - Evan Clark Founder & CEO Manage access at scale Advanced user lifecycle management Monitor your identity bridge Low IT overhead
  • 23. “Without Azure Active Directory integrated with our 2,100 customers’ AD databases, we simply could not manage all the passwords and logon activities of the many hundreds of thousands of teachers and students who make up our customer base.” - Evan Clark Founder & CEO, ClickView “We want to ensure that we’re keeping our operating costs as low as possible to focus our budget on more productive areas of the business. With the help of Azure Active Directory Premium, I’m managing ten times the number of SaaS applications with the same size team. “ Daniel Birmingham: Identity Solutions Architect Whole Foods Market “We will be able to walk in with the computers, connect them to the Internet, and be done. User identity, SaaS access management, mobile device management—all accessible with a few clicks on a web-based console.” - Arvid Johansson CIO, SATS ELIXIA
  • 24. Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console MANAGE ACCESS AT SCALE IT professional Provisioning and deprovisioning with customization options
  • 25. MANAGE ACCESS AT SCALE Monitor and gain insights into the identity infrastructure used to extend on-premises identities to Azure Active Directory and Office 365. Monitor: • The Azure AD Connect sync engine health • ADFS infrastructure health • On-premises AD Domain Services health
  • 26. Cloud-powered protection Protect against advanced threats Conditional access to resources Compliance Reporting Mitigate administrative risks Identity is the new firewall of the future. We can’t continue to use our old way of controlling application access, because business isn’t happening exclusively in our network anymore. With Azure Active Directory Premium, we can stay in control, no matter where our users roam. Will Lamb: Infrastructure Coordinator Whole Foods Market
  • 27. “By deploying Azure MFA the bank secured access to corporate data. Also there is no need for the end user to receive any trainings or carry additional components with them, such as tokens. “It was important for us to increase security without sacrificing end user experience. We could achieve this thanks to Azure MFA.” Fikri Bülent Çelik Technology and Infrastructure Department Manager, TKFB With Azure AD Premium, Bristow Group now has the capabilities for multifactor authentication; access control (dependent upon device health and user location); holistic security reports; audits; and alerts. Azure Active Directory makes the work of a busy and mobile workforce easier, secures data and protects access to the company’s assets both in the cloud and on-premises. - Kapil Mehta Productivity & Directory Services Manager, Bristow Group Inc. “Vetco uses Microsoft Azure Active Directory Premium (part of the Microsoft Enterprise Mobility Suite) to help safeguard access to data through multifactor authentication.”
  • 28. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk CLOUD-POWERED PROTECTION
  • 30. CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
  • 31. CLOUD-POWERED PROTECTION Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Security/Monitoring/Reporting SolutionsNotifications Data Extracts/Downloads Reporting APIs Apply Microsoft learnings to your existing security tools Microsoft machine - learning engine Leaked credentials Infected devices Configuration vulnerabilities Brute force attacks Suspicious sign- in activities
  • 32. CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand,just-in-timeadministrativeaccess when needed Provides more visibilitythrough alerts, auditreports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
  • 33. CLOUD-POWERED PROTECTION How time-limited activation of privileged roles works MFA is enforced during the activation process Alerts inform administrators about out-of-band changes Users need to activate their privileges to perform a task Users will retain their privileges for a pre- configured amount of time Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews Audit SECURITY ADMIN Configure Privileged Identity Management USER PRIVILEGED IDENTITY MANAGEMENT Identity verification Monitor Access reports MFA ALERT Read only ADMIN PROFILES Billing Admin Global Admin Service Admin
  • 34. CLOUD-POWERED PROTECTION Removes unneeded permanent admin role assignments Limits the time a user has admin privileges Ensures MFA validation prior to admin role activation Reduces exposure to attacks targeting admins Separates role administration from other tasks Adds roles for read-only views of reports and history Asks users to review and justify continued need for admin role Simplifies delegation Enables least privilege role assignments Alerts on users who haven’t used their role assignments Simplifies reporting on admin activity Increases visibility and finer-grained control
  • 35. Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users. An on-premises platform to identify advanced security attacks and insider threats before they cause damage DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection
  • 36. Discovery Gain complete visibility and context for cloud usage and shadow IT—no agents required Data control Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP Threat protection Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats Integrate with existing security, mobility, and encryption solutions
  • 37. Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility +Security The Microsoft solution
  • 38. Transportation, Logistics, Oil-Gas Retail, Hospitality and Travel HealthConstruction, Professional Services Government, Banking, Insurance Education, Nonprofit
  • 39. • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
  • 40. Azure Active Directory as the control plane Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory Customers Partners
  • 41. Razor will: Retain control of sensitive documents locally and over email Automatically protect mail containing privileged information Ensure files stored in SharePoint are rights protected Razor’s Fast Deployment for Enterprise Mobility Suite provides remote deployment assistance for Azure Active Directory Premium, Intune, and Azure Rights Management Premium. Azure Rights Management Premium Razor will: Set up users and groups Enable management of test devices Optionally connect on-premises Microsoft System Center Configuration Manager to Intune for a single pane management experience Razor will: Get organizational identities to the cloud Set up single sign-on for test apps (including Azure Active Directory Application Proxy apps) Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site Razor Technology for EMS: Deploy it Right Now included with all EMS services Azure Active Directory Premium Microsoft Intune
  • 43. Appendix L300 – more detailed slides
  • 44. Identity as the control plane On-premises Windows Server Active Directory
  • 45. Identity as the control plane On-premises Windows Server Active Directory VPN BYO SaaS Azure Cloud Public cloud Customers Partners
  • 46. Identity as the control plane On-premises Windows Server Active Directory VPN BYO Microsoft Azure Active Directory Azure Cloud Public cloud Customers Partners
  • 47. Customers Azure AD as the control plane On-premises Partners Azure Cloud Public cloud Microsoft Azure Active Directory BYO Windows Server Active Directory
  • 48. Directory as a service 500,000 object limit No object limit No object limit No object limit for Office 365 user accounts User/group management (add/update/delete)/user-based provisioning, device registration, User-based access management/provisioning, Basic Security/usage reports Yes Yes Yes Yes Singe Sign On 10 apps per user (pre- integrated SaaS and developer-integrated apps) 10 apps per user(free tier + Application proxy apps) No limit (free, Basic tiers +Self-Service App Integration templates 1) 10 apps per user (pre- integrated SaaS and developer-integrated apps) Self-service password change for cloud users Yes Yes Yes Connect (sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes Premium + basic features Group-based access management/provisioning – Provisioning customization Yes Yes Self-service password reset for cloud users Yes Yes Yes Company branding (logon pages/access panel customization) Yes Yes Yes Application Proxy Yes Yes SLA Yes Yes Yes Premium features Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups P1,P2 Self-service password reset/change/account unlock with on-premises write-back P1,P2 Advanced usage reporting P1,P2 Multi-factor authentication (cloud and on-premises (MFA server)) P1,P2 Limited cloud only for Office 365 apps MIM CAL + MIM server P1,P2 Cloud app discovery P1,P2 Automated password rollover P1,P2 Connect Health P1,P2 Conditional Access (User, Application, Location, Device rules) P1,P2 Identity Protection P2 Privileged Identity Management P2 Yes Yes Yes Yes MDM auto-enrolment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming Yes
  • 49. Cloud-powered protection Manage access at scale 1000s of apps, 1 identity Enable business without borders • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on • Bring your own apps • Secure remote access to on- premises apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications
  • 50. A comprehensive identity and access management cloud solution for your employees, partners, and customers. It combines directory services, advanced identity governance, application access management, and a rich standards-based platform for developers. B2E B2B B2C
  • 51. Azure Active Directory Connect ADFS Sync engine 1000s OF APPS, 1 IDENTITY Azure Active Directory Connect Consolidated deployment assistant for your identity bridge components. All currently available sync engines will be replaced by the sync engine included in the Connect tool. Assisted deployment of ADFS will be available through Azure Active Directory Connect. ADFS is an optional component for authentication in hybrid implementation. Password sync can replace ADFS for more scenarios. DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector ADFS
  • 52. 1000s OF APPS, 1 IDENTITY 1st option: Identity + Password (Hash) synchronization Identity + Password Hash synchronization Azure Active Directory authenticates user User Microsoft Azure Active Directory
  • 53. 1000s OF APPS, 1 IDENTITY 2nd option: Identity synchronization + ADFS Identity synchronization ADFSAuthentication passed to Windows Server Active Directory via ADFS User Microsoft Azure Active Directory
  • 54. 1000s OF APPS, 1 IDENTITY New option: Identity synchronization + Pass-through authentication with Seamless SSO Identity synchronization Authentication passed to Windows Server Active Directory via Pass-through authentication User Pass-through authentication Microsoft Azure Active Directory Seamless SSO Pass-through authentication agent
  • 55. 1000s OF APPS, 1 IDENTITY Seamless SSO is now enabled for the 1st option, too: Identity + Password (Hash) synchronization Identity + Password Hash synchronization Azure Active Directory authenticates user User Microsoft Azure Active Directory Seamless SSO
  • 56. Identity Synchronization + ADFS 1000s OF APPS, 1 IDENTITY More options than ever! User Identity synchronization Identity Synchronization + Pass-through Authentication + Seamless SSO ADFS Microsoft Azure Active Directory Identity synchronizationSeamless SSO Identity + Password Hash synchronization Identity Synchronization + Password Hash Synchronization+ Seamless SSO Seamless SSO Pass-through Authentication
  • 57. User Contoso Corpnet Connector 1000s OF APPS, 1 IDENTITY How it works User Name and password Connector notified of request Connector validates the credentials against AD Token returned to the user or further proofs (MFA) are initiated 1 2 34 5 DC returns result Connector returns result 6 Security Token Service Microsoft Azure Active Directory
  • 58. Contoso Corpnet 5 User sends ticket to Azure AD STS 1000s OF APPS, 1 IDENTITY How seamless SSO works with Pass-through authentication and Password hash synchronization User enters their username1 401 response to get a Kerberos ticket2 User requests a Kerberos ticket3 6 Token returned to the user or further proofs (MFA) are initiated 4 AD returns Kerberos ticket Security Token Service Microsoft Azure Active Directory User
  • 59. Corporate network Microsoft Azure Active Directory Connectors are deployed usually on corpnet next to resources Multiple connectors can be deployed for redundancy, scale, multiple sites, and different resources Users connect to the cloud service that routes their traffic to resources via the connectors A connector that auto-connects to the cloud service 1000s OF APPS, 1 IDENTITY DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1
  • 60. 1000s OF APPS, 1 IDENTITY
  • 61. “We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.” 3000+ partners ENABLE BUSINESS WITHOUT BORDERS Share without complex configuration or duplicate users Partners use their own credentials to access your org Users lose access when leaving the partner org No external directories No per partner federation You manage access You control partner access in your directory: • app assignment • group membership • custom attributes Partners of all sizes Bulk invite 1000s at a time Partners with Azure Active Directory sign in to accept invite Other partners simply sign up to accept invite
  • 62. ENABLE BUSINESS WITHOUT BORDERS “I need to let my partners access my company’s apps using their own credentials”
  • 63. ENABLE BUSINESS WITHOUT BORDERS Partner
  • 64. ENABLE BUSINESS WITHOUT BORDERS Partners use their own credentials to access your org Users lose access when they leave the partner org No external directories No per-partner federation Partners manage their own credentials You control partner access in your directory: • app assignment • group membership • custom attributes Organizations manage access Thousands of bulk invites at a time Partners with Azure Active Directory sign in to accept invite Other partners simply sign up to accept invite Partners of all sizes
  • 65. CLOUD-POWERED PROTECTION Built-in security features Security reporting that tracks inconsistent access patterns, analytics, and alerts Reporting API
  • 66. Microsoft Azure Active Directory Cloud app discovery Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates • SaaS app category • Number of users • Utilization volume Comprehensive reporting Discover all SaaS apps in use within your organization CLOUD-POWERED PROTECTION
  • 67. Security reporting that tracks inconsistent access patterns, analytics, and alerts Reporting API Built-in security features CLOUD-POWERED PROTECTION Step up to Multi-Factor Authentication X X X X X X X X X X X X X X X
  • 68. CLOUD-POWERED PROTECTION A standalone Azure identity and access management service, also included in Azure Active Directory Premium Prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication Trusted by thousands of enterprises to authenticate employee, customer, and partner access
  • 70. Users sign in from any device using their existing username/password. 1 On-premises apps RADIUS LDAP IIS RDS/VDI Windows Server Active Directory or other LDAP Users must also authenticate using their phone or mobile device before access is granted 2 Microsoft Azure Active Directory Multi-factor authentication server Multi-factor authentication server MONITOR AND PROTECT User Cloud apps
  • 71. CLOUD-POWERED PROTECTION MFA for Office 365/Azure Administrators Azure Multi-Factor Authentication Administrators can enable/enforce MFA to end users Yes Yes Use mobile app (online and OTP) as second authentication factor Yes Yes Use phone call as second authentication factor Yes Yes Use SMS as second authentication factor Yes Yes Application passwords for non-browser clients (e.g., Outlook, Lync) Yes Yes Default Microsoft greetings during authentication phone calls Yes Yes Suspend MFA from known devices Yes Yes Custom greetings during authentication phone calls Yes Fraud alert Yes MFA SDK Yes Security reports Yes MFA for on-premises applications/ MFA server Yes One-time bypass Yes Block/Unblock users Yes Customizable caller ID for authentication phone calls Yes Event confirmation Yes Trusted IPs Yes
  • 72. Analyze1 DETECT ATTACKS BEFORE THEY CAUSE DAMAGE ATA Analyzes all Active Directory-related traffic and collects relevant events from SIEM ATA Builds the organizational security graph, detects abnormal behavior, protocol attacks and weaknesses and constructs an attack timeline ATA automatically learns all entities’ behaviors Learn2 Detect3
  • 73. CLOUD-POWERED PROTECTION Reduce risks of excessive access to your organization’s data Dashboards with insights Policy driven review workflows for governance decisions Richer auditing to address compliance reporting needs Decisions at the business level (self-service) Apps in Azure Third- party apps & clouds Apps on- premises
  • 76. HR system LDAP Oracle DB Finance Web apps Windows Server Active Directory Hybrid identity User identities from multiple repositories LDAP v3 Windows PowerShell Web services (SOAP, Java, REST) Generic SQL via ODBC Windows Server Active Directory Microsoft Azure Active Directory VS.
  • 77. Microsoft’s IAM solution Apps in Azure Third-party apps & cloudsMicrosoft Cloud Microsoft Identity Manager Apps on- premises AAD App Proxy Spans cloud and on-premises Provides full spectrum of services • Federation • Identity management • Device registration • User provisioning • Application access control • Data protection Modern identity management system The combination of Windows Server Active Directory, Microsoft Identity Manager, and Microsoft Azure Active Directory enables better security for today’s hybrid enterprise. Microsoft Azure Active Directory
  • 78. MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
  • 79. MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management
  • 80. MANAGE EVERYTHING ON-PREMISES HYBRID CLOUD Managed: Microsoft System Center Configuration Manager On-premises LOB applications, traditional productivity iOS, Android, Windows Phone, BYOD Mobile apps, shadow IT SaaS solutions Managed: Microsoft Intune connected to System Center Configuration Manager On-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation Deployment of cloud-enabled rich clients Managed cloud identities with Multi-Factor Authentication Managed by EMS: Combination of mobile clients (iOS, Android) and cloud- enabled clients (Windows 10) Managed SaaS and Office 365 Enterprise, full Azure IAM Event - Mobility Event-Win 8.x/10 Microsoft Identity Manager 2016
  • 81. MANAGE EVERYTHING MIM Microsoft Identity Manager 2016 Azure AD App Proxy Azure AD Connect IAM On-premises applications Microsoft Azure Active Directory Microsoft Azure
  • 83. Microsoft Identity Manager 2016 Collapse directories Map multiple identities Transform usernames and other attributes
  • 84. UserExisting apps Existing FIM Existing AD forests WS 2003 or later User: PRIVJenAdmin Groups: CORPResource Admins Refresh after: 60 minutes Group “Resource Admins” Privileged access management AD DS Microsoft Identity Manager Configured for PAM Group: Resource Admins Domain: CORP Candidate: Jen Time-based memberships User “JenAdmin” Access requests Existing trust Trust for admin access Access requests
  • 85. Deep dive: DirSync, Azure AD, and MIM Sync DirSync Azure Active Directory Sync FIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect MIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect
  • 86. Connect and sync on- premises directories with Azure Azure Active Directory Connect Microsoft Azure Active Directory Other directories PowerShell LDAP v3 SQL (ODBC) Web services (SOAP, Java, REST)
  • 87. Azure Active Directory Microsoft Identity Manager Password reset/management YES YES Group management YES, not dynamic YES Provisioning, deprovisioning NO YES Certificate management NO YES Role-based access control NO YES Deep dive: IAM in MIM vs. Azure Active Directory
  • 88. Microsoft Identity Manager 2016 is also included with Azure Active Directory Premium, which is part of the Enterprise Mobility Suite. Microsoft Enterprise Mobility Suite is the most cost-effective way to acquire all included cloud services: Azure Active Directory Premium, Azure Rights Management, and Intune. Purchasing Microsoft Identity Manager 2016 Licensed on a per-user basis Client Access License (CAL) Required for each user whose identity is managed Windows Server license with active Software Assurance Required to use the Microsoft Identity Manager 2016 server software as a Windows Server add-on
  • 89. Demo
  • 90. Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
  • 91. Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management