Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Published byNoel George Modified over 7 years ago

Similar presentations

Presentation on theme: "EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries"— Presentation transcript:

1 EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries #OCGUS16 @OCGUSOfficial

2 Traditionally at this point Active Directory HR SAP Another Dir

3 Active Directory HR Another Directory AAD Connect SSO

4 Active Directory HR AAD Connect SSO

5 What’s driving adoption of EMS?

6 AD Connect AADP Azure RMS Conditional access Mobile Device Management Agenda

7 AD is designed for on- premises Active Directory LDAP Kerberos

8 AAD is designed for the cloud Windows Azure Active Directory SAML-P RESTful Graph API OAUTH and OpenIDConnect WS-Federation Portal

9 AAD is designed for the cloud

10

11

12

13 APIs

14 Active Directory HR SSO Demo environment

15 Demo AD Connect

16 AADP

17

18 Demo AADP

19 Azure RMS

20

21 Conditional Access

22 Randomization

23 Demo Conditional Access Denied/Device Enrollment

24 Conditional Access On-premises

25 Overview

26

27 Demo Conditional Access

28 Active Directory Federation Services (ADFS) On-premises

29 Integration overview User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory Synchronization Federation AD FS provides true SSO, conditional access to resources, Work Place Join for device registration and integrated Multi- Factor Authentication Microsoft Azure

30 AAD Connect with Single Sign-on O365 / Azure STS redirects authentication requests to AD FS STS User authentication is completed against AD Optionally passwords can be sync’d too, for quick fall-back AD

31 Active Directory Federation Services

32 Multi-Factor Configuration

33 Demo Active Directory Federation Services (ADFS)

34 Multi-Factor Authentication On-premises

35 AD DS or LDAP On-Premises Apps MFA Server Cloud MFA Cloud Apps 2 Azure Active Directory 1 How it works

36 MFA for Office 365 (included in Office 365 SKUs) MFA for Azure Administrators (included with Azure Subscription) Azure MFA (Included in AADP/EMS) Administrators can protect accounts with MFA●Administrator accounts only● Mobile app as a second factor●●● Phone call as second factor●●● SMS as second factor●●● App passwords for clients that don’t support MFA●●● Admin control over authentication methods● PIN mode● Fraud alert● MFA Reports● One-Time Bypass● Custom greetings for phone calls● Customizable caller ID for phone calls● Event Confirmation● Trusted IPs● Suspend MFA for remembered devices (Public Preview)●● MFA SDK● MFA for on-premises applications using MFA Server● MFA Versions – Feature Comparison

37 Authentication Methods Phone CallSMS (2-way) SMS (1-way) Authentication Code App Notification

38 Demo Multi-Factor Authentication

39 Mobile Device Management (MDM) Windows Intune

40 Mobile Device Management (MDM)

41 Demo Mobile Device Management

42 Mobile Application Management (MAM) Windows Intune

43 Mobile Application Management

44 MAM ‘enlightened’ apps https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/partners.aspx

45 Demo Mobile Application Management

46 What is driving EMS adoption?

Download ppt "EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-

Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-
Identity management integration options for Office 365

Identity management integration options for Office 365
Peter Ginnegar Technical Solution Professional Microsoft Corporation

Peter Ginnegar Technical Solution Professional Microsoft Corporation
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.

What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Microsoft Azure Active Directory.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Microsoft Azure Active Directory.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google