Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Control user access and identities with Azure Active Directory Premium
1. Technology Day 2015
Xylos
Robin Vermeirsch
Sr. IT consultant CCM
rovr@xylos.com
Stay in control of your identity with
Azure Active Directory (Premium)
3. Competence Center Messaging (CCM) Mission
Become the long term partner for Archiving,
Messaging and Identity & Access Management
solutions and services
Identity and
access
management
Application
proxying and
load
balancing
Messaging Archiving
5. Questions
• Do your users use SaaS applications today?
• Are you able to control and audit access to these
applications?
6.
7. Identity and access management challenges
• How to protect and manage
SaaS identities and map them to
existing identities?
• How to extend governance to
these cloud applications?
• How to secure cloud services
shared identities (eg: Facebook,
Twitter)?
• How to publish SaaS and on
premise applications to your
users, partners and customers?
Image: http://pharmastrategies.net/true-data-security/
8. What is Azure AD
A comprehensive identity and access management
cloud solution. (=IdaaS)
It combines directory services, advanced identity governance,
application access management and a rich standards-based platform
for developers
It is available in 3 editions: free, Basic and Premium
9. What does Azure AD provide?
• Cloud based Identities & Authentication
• Self service password reset
• Cloud based access management
• Application portal + SSO
• Self service access management
• Integration with on premise solutions
• Active Directory Sync with sync back/Federation
• MFA for on premise solutions
• Hybrid Governance
• Reverse Proxy: Publishing on premise applications
• Extensive API’s for integrating applications and managing identities
• Graph API
• SAML/OAUTH/WS Federation/OpenID/…
Can be used with CASB (Cloud Access Security Broker) like Adallom, Netskope, Bettercloud
11. Why is that?
• Adoption driven by O365
• They are huge as a service
• +1 billion auth’s /day
• 5 million tenants
• 500 million users
• 86% of F500 use MS Cloud (Azure,
O365, CRM, PowerBI, EOP)
• Good understanding of MS AD
• It includes MIM 2016
Image: http://cloudmmunity.blogspot.be/2014/04/office-365-sso-adfs-ad-on-premise.html
15. Demo: Self Servicing
• Allow approval based group
management
• In the cloud
• On premise (with sync back)
• Allow approval based application
access (within portal)
• Allow self service passwords
resets
16. Demo: Identity governance
• Reports about application access
• Integration with on premise
Microsoft Identity Manager
• Location based policy enforcement
• On Premise no MFA
• In the cloud MFA
• Supports B2B and B2C (See future)
17. Some Extras
• Microsoft Identity Manager included for free
• Included in the EMS (=Enterprise Mobility Suite)
• AAD has extensive support for complex federation/synchronization
• Multi Forest organizations (without need for Trusts)
• Different federation possibilities per domain (or UPN)
• Password hash synchronization
19. Future of Azure AD
• Support for other identities
• B2B
• Azure AD
• B2C
• Social Login (FB, LinkedIn, …)
• Self Service identity registration
• Future versions of MIM (FIM) will be cloud based
• “AD as a Service” for Azure VM’s*
• …
* Based on information from Gartner Catalyst
20. Competence Center Messaging - Solutions and services
• Identity and Access Management
• Identity providers (Microsoft Active
Directory, Azure Active Directory)
• Identity bridges (ADFS, Okta,
Imprivata)
• Access Management (Azure AD
Premium, MIM/FIM, Okta, Imprivata,
NPS)
• SSO, pre-authentication, (Azure AD
Premium, Kemp)
• Multi Factor Authentication (Azure
AD Premium, Okta, Certificates)
• Remote Access Technologies (Direct
Access, Windows RAS)
• Load Balancing and application proxies
• WAF and Reverse Proxies (Azure AD, Kemp,
MS WAP)
• Load Balancing (Kemp)
• Messaging
• Exchange Server implementations
• 3th party (Notes, Zarafa, GroupWise,…) to
Exchange/Office365 migrations and
coexistence
• Office 365 Migrations
• GAL synchronization and federation
• Automated signatures
• Archiving
• File, SharePoint, e-mail Archiving
(Enterprise Vault, Exchange Archiving,
Office 365 Archiving)
IDaaS = Identity as a service
ON PREM IAM you don’t want to say IAMAAS
QUESTIONS!!!!!!!!!!!!!!!!!!!!!!!
Next slide Why do we need to manage these identities? And even more // Are the SaaS identities we have today important for our business?
Crayola: 2015 => FB account was hacked and inappropriate content was posted. Brand which we usually associate with children
Restaurant 2013 : Twitter account used by user who left the company
NBCNews: Twitter account hacked.
Protect & manage SAAS identities
Extend existing governance (things like MFA, SSO, approval of access, password rotation)
How to protect shared identities
How to publish SaaS (and on prem apps) Partner + Customers (and users)
Schema
Identity and access management
AD
GAL Sync
App Proxy and LB
Kemp
Messaging
Exchange
Migrations
Office 365
Archiving
EV
O365
Exchange Archiving