Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite 2016 5/17/ :48 AM BRK3330

Published byLesley Sherman Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 5/17/ :48 AM BRK3330"— Presentation transcript:

1 Microsoft Ignite 2016 5/17/ :48 AM BRK3330 Join your Windows 10 devices to Azure AD for anywhere, anytime productivity Jairo Cadena Senior Program Manager @JairoC_AzureAD jairocadena.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 63% 80% 0.6% Mobile-first, cloud-first reality Data breaches Shadow IT
63% of confirmed data breaches involve weak, default, or stolen passwords. 63% Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80% 0.6% IT budget growth Gartner predicts global IT spend will grow only 0.6% in 2016.

3 Identity as the core of enterprise mobility
Build 2012 5/17/2018 Identity as the core of enterprise mobility Simple connection SaaS Azure Public cloud Cloud On-premises Other directories Windows Server Active Directory Self-service Single sign-on Microsoft Azure Active Directory

4 Azure Active Directory
Microsoft Confidential NDA Only 5/17/2018 Azure Active Directory 90% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Azure AD Directories >10 M More than 750 M user accounts on Azure AD Microsoft “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B). 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active Directory © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Identity and access management in the cloud
Azure Active Directory. Identity at the core of your business Cloud-powered protection Enable business without borders Manage access at scale 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Stay productive with universal access to every app and collaboration capability Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance

6 The current reality On-premises Managed devices Active Directory
5/17/2018 The current reality EC2 On-premises Managed devices Active Directory © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Azure AD in Windows 10 & work accounts
Microsoft Ignite 2016 5/17/ :48 AM Azure AD in Windows 10 & work accounts Single Sign-On to Office 365, SaaS and enterprise apps Allow access only to devices compliant with org. policy Users Admins © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Azure AD in Windows 10 & work accounts
Microsoft Ignite 2016 5/17/ :48 AM Azure AD in Windows 10 & work accounts Single Sign-On to Office 365, SaaS and enterprise apps Allow access only to devices compliant with org. policy Enterprise settings and work data across joined devices Piece of mind settings and work data in compliant cloud Users Admins © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Azure AD in Windows 10 & work accounts
Microsoft Ignite 2016 5/17/ :48 AM Azure AD in Windows 10 & work accounts Single Sign-On to Office 365, SaaS and enterprise apps Allow access only to devices compliant with org. policy Enterprise settings and work data across joined devices Piece of mind settings and work data in compliant cloud Users Admins Convenience of access with Windows Hello for Business Reduce risk of credential theft by not using passwords © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Azure AD in Windows 10 & work accounts
Microsoft Ignite 2016 5/17/ :48 AM Azure AD in Windows 10 & work accounts Single Sign-On to Office 365, SaaS and enterprise apps Allow access only to devices compliant with org. policy Enterprise settings and work data across joined devices Piece of mind settings and work data in compliant cloud Users Admins Convenience of access with Windows Hello for Business Reduce risk of credential theft by not using passwords Access to enterprise apps via Windows Store for Business Offer specific enterprise applications to users © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 User joins device to Azure AD and gets access to Office 365
Microsoft Ignite 2016 5/17/ :48 AM User joins device to Azure AD and gets access to Office 365 Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Azure AD AD corp.contoso.com Device contoso.com Win32 apps
Rich client apps Web servers Azure AD Proxy apps Browser, web apps Edge / IE Office workloads SaaS apps Office apps Office apps File/Print servers Office 365 Svc ticket Token Svc ticket Token Token? Creds Azure AD AD IWA stack Web Accnt Manager TGT > ST PRT Token TGT PRT Cert STK Creds > TGT Kerberos AP Credential Provider Cloud AP Creds Creds Creds PRT user user computer device corp.contoso.com Device contoso.com Password Certificate STK

13 Windows 10 devices in Azure AD
Mobile devices Domain joined Azure AD joined Workplace joined Personal devices Work-owned devices

14 Admin secures Office 365 by allowing access to compliant devices only
Microsoft Ignite 2016 5/17/ :48 AM Admin secures Office 365 by allowing access to compliant devices only Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Deployment considerations

16 Preparing devices for work with Azure AD
Domain joined devices Automatically register with Azure AD once requirements are set Device is not associated with a user in Windows 10 Azure AD Connect for registration and lifecycle management of computers and devices Windows Installer package for non-Windows 10/Windows Server 2016 computers Mobile devices Device registers by an end-user initiated experience Device is associated with user Experience registers device with Azure AD and enrolls it with MDM Alternative for personal devices is to use Mobile Application Management (MAM)

17 Preparing devices: domain joined
Requirements Service Connection Point for discovery (all Windows versions!) If federated, issuance transform rules for computer authentication upon registration Windows Installer package for non-Windows 10/Windows Server 2016 computers Windows 7, 8.0, 8.1, Server 2008 R2, Server 2012 and Server 2012 R2 Group Policy for roll-out of automatic registration Windows 10 Anniversary Update/Windows Server 2016 registers without policy set Windows 10 November 2015 Update requires the policy set to trigger registration Windows 8.1 responds to policy, can also use Windows Installer package Azure AD Connect Help with requirements setup – with caveats! Key for lifecycle management of computers and devices

18 Auto-registration to Azure AD

19 Checking the registration state of a domain joined device
Microsoft Ignite 2016 5/17/ :48 AM Checking the registration state of a domain joined device Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Access denied pages You can’t get there from here
When policy is set for Domain joined required & device is not registered This application contains sensitive information and can only be accessed from: Contoso Inc. domain joined devices. Access from personal devices is not allowed. Please click here for more information or contact your administrator. More details More details The following information might be useful to your administrator: Access rules set by Contoso Inc. require device to be domain joined App name: Outlook 2016 Device Platform: Windows 10 Device State: non-registered IP address: Signed in as Correlation ID: xxxxxxxxxxxxxxxxxxx Time stamp: xxxxxxxxxxxx OK

21 Access denied pages You can’t get there from here
When multiple policy is set & device is not registered This application contains sensitive information and can only be accessed from: Contoso Inc. domain joined devices. Devices or client applications that meet Contoso Inc. management compliance policy. Please click here for more information or contact your administrator. If this is a personal device you can choose to let Contoso Inc. manage your device by going to Settings > Accounts > Access work or school and clicking in Connect. More details OK

22 Azure AD Connect SCP creation for discovery
Express installation creates the SCP, if Custom needs to run a cmdlet Need to make sure SCP is created in all forests computers are Used for all versions of Windows, including down-level with the new Windows Installer package Issuance transformation rules in AD FS Both Express and Custom installations take care of them, except for all multi-forest rules Multi-forest rules needed for environments where computers can be in different forests Computers authenticate using Windows Integrated Authentication Write-back operations Device write-back for conditional access control on-premises MS Passport for Work credential on user for password-less auth against on-premises (DC and AD FS)

23 On-premises applications and access control
In cloud: Azure AD Application Proxy You can publish on-premises apps through Azure AD They show in the ‘applications’ tab in the management portal You can set device-based CA policy to control access the same way as O365 apps On-premises: AD FS Require device write-back in Azure AD Connect AD FS in Windows Server 2016 required for Windows 10 authentication

24 Customer Stories Transportation, Logistics, Oil-Gas
Retail, Hospitality and Travel Government, Banking, Insurance Construction, Professional Services Education – Nonprofit Health

25 Identity and Access Management Sessions
5/17/ :48 AM Monday 02:15: BRK2139 Protect your business and empower your users with cloud Identity and Access Management Tuesday 12:30: BRK3107 Connect your on-premises directories to Azure AD and use one identity for all your apps 02:15: BRK3225 Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune 04:30: BRK3109 Deliver management and security at scale to Office 365 with Azure Active Directory Wednesday 09:00: BRK3111 Manage productivity at scale with Azure Active Directory 11:30: BRK2170 Learn how Unilever modernized IT with Azure Active Directory at the core 02:15: BRK3139 Throw away your DMZ – Azure Active Directory Application Proxy deep-dive 04:00: BRK3181 Secure your web applications with Microsoft identity Thursday 09:00: BRK3252 Use managed domain services on Microsoft Azure 12:30: BRK3182 Secure your native and mobile applications with Microsoft identity and application management 02:15: BRK3110 Respond to advanced threats before they start - identity protection at its best! 04:00: BRK3179 Modernize your app’s consumer identity management with Azure AD B2C 04:30: BRK2067 Manage access to SaaS Applications With Azure Active Directory Friday 09:00: BRK3074 Discover what’s new in Active Directory Federation and Domain Services in Windows Server 2016 10:45: BRK3108 Share corporate resources with your partners using Azure AD B2B collaboration 12:30: BRK3330 Join your Windows 10 devices to Azure AD for anywhere, anytime productivity © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Please evaluate this session
5/17/ :48 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 5/17/ :48 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite 2016 5/17/ :48 AM BRK3330"

Similar presentations

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
The time to address enterprise mobility is now

The time to address enterprise mobility is now
A lap around Azure Active Directory Business to Consumer (B2C)

A lap around Azure Active Directory Business to Consumer (B2C)
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Manage Office 365 more effectively: what’s new in Office 365 admin?

Manage Office 365 more effectively: what’s new in Office 365 admin?
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
Microsoft 2016 5/27/2018 1:55 PM BRK3179 Modernize your application’s consumer identity management with Azure Active Directory B2C Jose Rojas & Swaroop.

Microsoft /27/2018 1:55 PM BRK3179 Modernize your application’s consumer identity management with Azure Active Directory B2C Jose Rojas & Swaroop.
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services

Deployment Planning Services
O365 & AZURE ADDS Mladen Baranek, Miadria

O365 & AZURE ADDS Mladen Baranek, Miadria
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services

Deployment Planning Services
SaaS Application Deep Dive

SaaS Application Deep Dive

Similar presentations

Ads by Google