Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

Published byRoland Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory."— Presentation transcript:

1

2

3

4 User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Windows Azure Active Directory

5 Directory store Authentication platform Windows Azure Active Directory Your App

6 Cloud Identities Synchronized Passwords Single identity suitable for medium and large organizations without federation Federated Identities Single federated identity and credentials suitable for medium and large organizations Single identity in the cloud suitable for small organizations with no integration to on- premises directories

7 Cloud IDsPassword SyncFederated IDs Same password to access resources on-premises and in cloud Can control password policies on-premises Single Sign-on for no password re-entry if on premises Client access filtering by IP, client type, or by time schedule Authentication occurs and is audited on-premises Can immediately block disabled accounts on-premises Change password available from web Works with Forefront Identity Manager 2010 R2 Can customize the User Sign-in Page Use with cloud based Multi-Factor Authentication Use with on-premises based Multi-Factor Authentication Source: http://technet.microsoft.com/en-us/library/jj573649.aspx

8

9

10 *For representative purposes only. WS-Trust & WS-Federation WS-Federation (passive auth) SAML (passive auth) Active Directory with ADFS Flexibility to reuse existing identity provider investments Confidence that the solution is qualified by Microsoft Coordinated support between the partner and Microsoft Customer Benefits

11

12

13

14 Account Directory Exchange OrgsAzure ADSupported?Sync Solution 1 AD Forest1, in AD forest.1 TenantYesDirSync 1 AD Forestn resource forest(s), will retire all Exchange Forests. 1 TenantYesDirSync n AD Forestsn in resource forest(s), will not retire. 1 TenantYesFIM + AAD Connector 1 LDAP DirectoryN/A1 TenantYesLDAP DirSync 1 AD Forestn TenantsYesFIM + AAD Connector OR n DirSyncs Non-AD directoryN/An TenantsYesFIM + AAD Connector n AD Forests + m non-AD N/An TenantsYesFIM + AAD Connector

15 Azure AD Tenant DirSync Login Forest Resource Forest (migrate data) AD FS (“sync, UPN, ImmutableID”)

16 Azure AD Tenant DirSync AD Forest Azure AD Tenant DirSync AD FS

17 Number Active Directory forests Use FIM 2010 R2 Connectors Number Exchange Orgs See consolidation whitepaper Use Single Forest DirSync Want to consolidate single forest? Single (1) Multiple (>1) Yes None (0) Start After consolidation No Single (1) http://technet.microsoft.com/library/cc974332.aspx

18

19

20 DirSync Front-Ends GRAPH/PS Front-Ends (workflows) Exchange Online OneDrive Windows InTune Admin portals

21

22

23

24

25

26

27

28 Web Clients Office 2010, Office 2007 SP2 with SharePoint Online Outlook Web Application Remember last user Mail Clients Office 2010, Office 2007 SP2 Active Sync/POP/IMAP Entourage Can save credentials Rich Applications (SIA) Lync Online Office Subscriptions CRM Rich Client Office 2013 Can save credentials SSO IDs (from domain joined machines) Cloud IDs No Prompt Username and Password Online ID AD credentials Password Sync (SSO from non-domain Joined machines) Username and Password AD credentials Username Username and Password Online ID AD credentials Username and Password AD credentials Username and Password Online ID AD credentials Username and Password AD credentials

29

30 Customer Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

31 Customer Microsoft Online Services Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729

32 Customer Windows Azure Active Directory Logon (SAML 1.1) Token UPN:user@contoso.com Source User ID: ABC123 Auth Token UPN:user@contoso.com Unique ID: 254729 Basic Auth Credentilas Username/Password

33

34

35  *Out of band refers to being able to use a second factor with no modification to the existing app UX. Excludes Office 365 dedicated SKU and SMB SKUs. Upgradeable to Azure Multi-Factor Authentication

36 Multi-Factor Authentication for Office 365 Windows Azure Multi- Factor Authentication Administrators can Enable/Enforce MFA to end-usersYes Use Mobile app (online and OTP) as second authentication factorYes Use Phone call as second authentication factorYes Use SMS as second authentication factorYes App passwords for non-browser clients (e.g. Outlook, Lync)Yes Default Microsoft greetings during authentication phone callsYes Custom greetings during authentication phone callsYes Fraud alertYes Event ConfirmationYes Security ReportsYes Block/Unblock UsersYes One-Time BypassYes Customizable caller ID for authentication phone callsYes MFA Server - MFA for on-premises applicationsYes MFA SDK – MFA for custom appsYes

37

38

39

Download ppt "User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-

Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-
Office 365 Identity aka Azure Active Directory

Office 365 Identity aka Azure Active Directory
Identity management integration options for Office 365

Identity management integration options for Office 365
Peter Ginnegar Technical Solution Professional Microsoft Corporation

Peter Ginnegar Technical Solution Professional Microsoft Corporation
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.

What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.
Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Similar presentations

Ads by Google