Premier Webcast - Identity Management with Windows Azure AD
1.
2.
3. Attention
The following webcast session was developed to provide an
expedient method of relaying information to Premier
customers. We would like to ask your help in ensuring that only
registered attendees view this information. Please do not share
the content of this delivery with peers who are not
registered. Thank you.
4. AGENDA
1. Factors driving cloud identity
2. What is claim based authentication?
3. Azure Active Directory features
4. Demos
8. Self-service Single
sign on
•••••••••••
Username
Identity as the control plane
Simple
connection
Cloud
SaaS
Azure
Office 365Public
cloud
Other
Directories
Windows Server
Active Directory
On-premises Microsoft Azure Active Directory
11. Identities 5
Years Ago
11
• Authentication was integrated Auth (Kerberos/NTLM)
• Authorization : Active Directory Security Groups
• User Data: LDAP and ADSI
• Kerberos was not a problem, application servers were
joined to domain and port 88 was open in the internal
network
• Kerberos tickets included group SIDs for access
decisions
Application
Had Free
Access to
Corporate
Identities
Applications
Ran Almost
Entirely On-
Premises
• RPC to a DC was not a problem
14. A comprehensive identity and access
management cloud solution.
It combines directory services,
advanced identity governance,
application access management and
a rich standards-based platform for
developers
It is available in 3 editions: free, Basic
and Premium
What is Azure Active Directory?
22. Microsoft Azure
Identities and applications in one place.
Web Apps
(Azure Active Directory
Application Proxy)
SaaS apps Integrated
custom apps
Other Directories
29. Users sign in from any device using
their existing username/password.1
On-Premises
Apps
Windows Server
Active Directory or
Other LDAP
Users must also authenticate using their phone
or mobile device before access is granted.2
Microsoft Azure
Active Directory
Multi-Factor
Authentication
Server
Multi-Factor
Authentication
Server
User
34. Azure AD Join makes it possible to connect
work-owned Windows 10 devices to your
company’s Azure Active Directory.
Users can sign into Windows with their cloud-
hosted work credentials and enjoy modern
Windows experiences.
Enterprise-compliant services
SSO from the desktop to cloud and on-
premises applications with no VPN
MDM auto enrollment
Support for hybrid environments
Azure AD Join for Windows 10
Windows 10 Azure AD
Joined Devices
MDM
Auto-enrolment
35. No Object Limit No Object Limit
No Limit
Advanced Security
Reports
Premium
+ Basic
Features
Group-based access management/provisioning Yes Yes
Self-Service Password Reset for cloud users Yes Yes
Company Branding (Logon Pages/Access Panel customization) Yes Yes
Application Proxy Yes Yes
SLA Yes Yes
Yes
Yes
Yes
Yes
Yes
36. Windows Intune
Mobile device settings
management
Mobile application
management
Selective wipe
Microsoft Azure Active Directory Premium
security reports, and
audit reports, multi-
factor authentication
Self-service password
reset and group
management
Connection between
Active Directory and
Azure Active Directory
Microsoft Azure Rights Management service
Information protection Connection to on-
premises assets
Bring your own key
Enterprise Mobility Suite