Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Overview of Access and Information Protection
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Single Sign-On with Microsoft Azure
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps.
Office 365 Directory Synchronization Update: Deploying Password Sync.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Access resources in a federation partner organization.
Configuration Manager and InTune Gemeinsam oder einsam?
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
With ADFS and Azure Active Directory
User and Device Management
Craig Pringle & Derek Moir
Identities and Azure AD Premium
BYOD ESSENTIALS FOR IT PROS SANDER BERKOUWER, DirTeam.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
SaaS apps.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Today’s challenges Data Users Apps Devices
SaaS Application Deep Dive
Azure AD for the client management guy (or gal!)
Directory Synchronization in Office 365
10982B 10: Troubleshooting Resource Access for Clients That Are Not Domain Members Module 10 Presentation: 75 minutes Lab: 75 minutes After completing.
Windows 10 & Intune: A Modern Desktop Management Story Joe Crandall.
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Cloud Connect Seamlessly
Microsoft Ignite /20/2018 2:21 PM
Access and Information Protection Product Overview October 2013
Getting Started.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Microsoft Virtual Academy
Getting Started.
Office 365 Identity Management
SharePoint Online Authentication Patterns
AD FS Integration Active Directory Federation Services (AD FS) 7.4
Device Registration and Multi-Factor Authentication
System Center Marketing
11/25/ :29 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Virtual Academy
Presentation transcript:

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join

Account types in the Cloud Era Anatomy of a Microsoft Account Azure AD and Azure AD Accounts Authentication Evolution in Cloud World Workplace Join – This is how it began Connect Windows 10 to the Cloud! Anatomy of an Azure AD Logon Agenda

Account types in the Cloud Era Local account Personal use NTLM-based authentication Available since Windows 1.0 Microsoft account Former Windows Live Id Claims-based authentication Personal use Domain account Active Directory on-prem Kerberos-based authentication Business Use AzureAD account Claims-based authentication Business Use Online-only, synced or federated

Anatomy of a Microsoft Account Introduced with Windows 8 Connected account Option 1: connected to a local account Option 2: connected to a domain account Logon Interactive logon Added SID for the Microsoft account Single Sign-on for personal web resources

Azure Active Directory (Azure AD) Account object in the cloud Azure Active Directory Tenant-based Identity and Access Management Single Sign on (SSO) Multiple forms of Authentication Who has access where Identity Providers Cloud identity Synced identity - authenticated on-prem Azure Active Directory (online-only) Azure Active Directory Connect Active Directory Federation Services Single Sign-on Office 365, Windows Store, Azure, Intune …

Azure AD (Free) Features Directory as a Service User and Group Management Device registration Directory Objects End User Access Panel SSO for SaaS Apps Directory Synchronization User-based Access Management and Provisioning Basic Security Reports

Cloud Authentication Claims in SAML/OAuth Authentication Redirect

AD FS and the Future of AuthN SAML and OAuth2 are “web ready” Transport over TLS channel Tokens are optionally encrypted Relying Party trusts are very flexible Token contents defined per Relying Party (RP) Trust Relying Party Trusts are scalable Multi-factor Authentication AD FS authentication is “extensible” for third parties

Advanced Authentication On Premises Claims Authentication Redirect

Introducing Workplace Join Device Registration Employee verifies personal device(s) Endpoint provided by Active Directory Federation Services Service Discovery DNS Record (enterpriseregistration) for AutoDiscover DNS Record required per user domain Under the Hood Verified devices enroll a certificate from AD FS Per device an object in the Registered Devices container

Workplace Join Components AD FS Device registration service DNS CRL distribution point AD DS domain controller Workplace Join Enterpriseregistration.adatum.com

Workplace Join Internals Certificate In local User Store from MS-Organization-Access Workplace Join requires working CRL for AD FS Certificate Cookies Permanent Cookie enables Single Sign-on Active Directory msDS-Device object in Active Directory Tied to the user/device combination

Claims aware app before Workplace Join Workplace Join requirements Workplace Join PC Claims aware app after Workplace Join Demo

Anatomy of an Azure AD Logon Introduced with Windows 10 Organization Account Cloud-joined by an Azure tenant user Joined for everyone in the tenant Logon Interactive logon towards \\AzureAD SID for the AzureAD Account Single Sign-on for business web resources

Cloud Join – Connect Windows to Cloud Device Registration Device(s) are verified for tenant use Claims provided by Azure AD in legacy mode Azure AD Enablement Enabled Device Registration for the tenant DNS Records (enterpriseregistration and -.region) for AutoDiscover Under the hood Verified devices enroll a certificate from Azure AD Per device an object in the tenant, Per user reporting on device usage

Azure Management Portal Azure AD configuration Join Windows 10 to the Cloud Demo

Azure AD is Auth and Access provider If enabled, any user can add to the Cloud User becomes member of Administrators SSO to the claims based apps If they have relying trust in Azure AD Azure AD does not have Group Policy! Use MDM solutions instead Windows 10 in the Cloud

Windows 10 works with different accounts Workplace Join was first step to the Cloud Cloud = Azure Active Directory AD FS federates on-premises with Cloud Brings also many additional values Windows 10 can be connected to Cloud Learn about claims aware applications! Review

Join to Workplace from Any Device for SSO What is Azure Active Directory Azure Active Directory Device Registration Overview Setting up On-premises Conditional Access using Azure Active Directory Device Registration Additional Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.