Identity Manager vNext 4/12/2017 PCIT-B328 Identity Manager vNext Adam Hall Senior Product Manager (Hybrid Identity) Mark Wahl Principal Program Manager © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disclaimer This is a directional view into the Microsoft Identity Manager investments. Dates and capabilities are subject to change. Disclaimer The following slides contain preliminary information that may be changed substantially prior to final commercial release of the software described herein. The information contained represents the current view of Microsoft Corporation on the issues discussed as of the date of the presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of the presentation. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THE ROADMAP PORTION OF THIS PRESENTATION. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this presentation. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this information does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2014 Microsoft Corporation. All rights reserved.

Empowering people-centric IT Unified device management Desktop Virtualization Hybrid Identity Access and information protection

Hybrid Identity Management 4/12/2017 Hybrid Identity Management Single sign-on Access to all resources Datacenter and cloud identities © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Strategy Investments Schedule

Identity And Access Delivered Azure Active Directory Provides a rich standards- based platform for developing applications Includes user provisioning and SSO to Microsoft Online Services and third party SaaS Adds enterprise features, including self-service and security reports, for cloud- managed resources Includes Multi-Factor Authentication, and server and user CALs for on- premises Identity Manager Windows Server Active Directory is the primary auth source for >90% of customers Active Directory Federation Services with integrated MFA Web Application Proxy for at the edge pre-Auth Enforce conditional access to resources Identity Manager Delivers self-service identity management Automates lifecycle management across heterogeneous platforms Provides a rich policy framework for enforcing corporate security policies for identity and access

Identity And Access Management Scenarios Meet governance goals Integrated identity lifecycle management Hybrid identity synchronization across on- premises and cloud applications Reduce IT burden Self-service credential management Delegated group and access management with approvals and attestation Enterprise security Certificate and smartcard management Role-based access provisioning

Our approach to Identity Manager vNext Forward looking Lead with forward looking, modern scenarios that are focused on our customer’s emerging needs and the cloud and mobile worlds that our customers are looking to adopt and manage Hybrid connections Connect the on-premises identity and access management capabilities to cloud based services including Azure Active Directory, Office 365 and a range of third party SaaS applications Easy to deploy Focus on new scenarios, delivering complete and powerful solutions that are easy to adopt and customize, while continuing to evolve existing identity and access management features

Microsoft Identity Manager Investment Areas

Modernize the IAM Experiences 4/12/2017 Modernize the IAM Experiences Enable the mobile access scenarios that customers are looking to adopt and manage from a broad range of devices across on-premises and cloud services. Deliver easy-to-deploy end-to-end scenarios that complement investments in Windows, Office, Microsoft Azure, and Active Directory with end user self-service, delegation and configurable policies. Support recent versions of server and client platforms Provide additional easy-to-integrate-with APIs Update IAM with modern user interfaces Enable self-service account unlock in addition to self-service password reset Continue to enhance Certificate Management with multi-forest and additional features © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Privileged Access Management 4/12/2017 Privileged Access Management As attacks (such as the Advanced Persistent Threat) have attempted to leverage Active Directory administrative accounts as part of expanding the scope of compromised assets, enterprise IT and security teams need to demonstrate that they are proactively addressing the threat landscape relevant to their industry. The foundation of this protection is the Active Directory privileges that govern access to datacenter and cloud resources. Simplify privileged user and account discovery across Active Directory forests Improve protection of privileged access Enable Just In Time (JIT) administrator access controls Additional auditing, including alerts & reports, of privileged access requests © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/12/2017 Hybrid Integration Connect on-premises and private cloud IAM with Azure Active Directory, to integrate with its features and extend the reach of enterprise identity to a range of Software-as-a-Service (SaaS) applications. Self-service password reset using phone verification (part of Azure Multi-Factor Authentication) Integration with employee data sourced from Software-as-a-Service HCM (HR) apps Easy-to-deploy reporting with additional reports incorporating on-premises IAM data © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity Manager vNext Investments Summary 4/12/2017 12:42 AM Identity Manager vNext Investments Summary Modernize Recent platform versions supported Easy to integrate APIs Modern user interfaces Self-service account unlock Multi-forest Certificate Management Privileged Access Mgmt. Privileged user and account discovery Improved protection of privileged access Just In Time (JIT) admin access controls Auditing, including alerts & reports Hybrid scenarios* Self-service password reset with MFA Integration with SaaS HCM (HR) apps Easy-to-deploy reporting Additional reports * Some features may require a subscription to Microsoft Azure services © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity Manager Timelines and Deliverables FIM 2010 R2 SP1 Identity Manager Identity Manager post-vNext updates January 2013 Mid 2015 H1 2016

Identity Manager Roadmap (beyond vNext) Modernize Virtual smartcard management Additional operational and audit reports Flexible workflow policies including org-structure based approvals Credential management for emerging credential types Continued updates for compliance and governance Privileged Access Mgmt. Threat detection, analytics and alerting Just-in-time access experiences for users in non-administrator roles Management in application and non-interactive access scenarios Extension to non-AD-based applications Constrained delegation of privilege administration and use Hybrid scenarios* Continued integration with Office 365 and Azure capabilities Role management, mining and access recertification for SaaS Identity and access management for external users Cross-organization access management REST API and claims-based authentication for cloud apps * Some features may require a subscription to Microsoft Azure services

Download Azure AD Sync for Hybrid Identity 4/12/2017 12:42 AM Next Steps Upgrade to FIM 2010 R2 SP1 http://support.microsoft.com/kb/2772429/en-us Download Azure AD Sync for Hybrid Identity http://aka.ms/recl8c Evaluate Azure Active Directory http://aka.ms/aadmsdn © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid Identity and Identity Manager 4/12/2017 12:42 AM Learn more Hybrid Identity and Identity Manager http://aka.ms/HybridIdentity http://aka.ms/IdentityManager http://aka.ms/fim2010forum Active Directory Blog http://blogs.technet.com/b/ad/ IAM Connect Site https://connect.microsoft.com/site433 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Related content 4/12/2017 Session Title Timeslot DCIM-B382 Cloud Identity and Access Management: Microsoft Azure Active Directory Premium Tuesday, May 13 10:15 AM - 11:30 AM FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Monday, May 12 11:00 AM - 12:00 PM PCIT-B212 Design Considerations for BYOD PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B310 Empowering Your Users and Protecting Your Corporate Data Monday, May 12 1:15 PM - 2:30 PM PCIT-B313 Hybrid Identity: Extending Active Directory to the Cloud Monday, May 12 4:45 PM - 6:00 PM PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2 Tuesday, May 13 8:30 AM - 9:45 AM PCIT-B321 Deploying the New RMS for Cloud-Friendly and Cloud-Reluctant Customers Tuesday, May 13 5:00 PM - 6:15 PM PCIT-B322 Deploying and Managing Work Folders Wednesday, May 14 10:15 AM - 11:30 AM PCIT-B324 How to Rapidly Design and Deploy an Active Directory Federation Services Farm: The Do's and the Don'ts Wednesday, May 14 8:30 AM - 9:45 AM PCIT-B326 Providing SaaS Single Sign-on with Microsoft Azure Active Directory Thursday, May 15 10:15 AM - 11:30 AM PCIT-B327 Introducing Web Application Proxy in Windows Server 2012 R2: Enable Work from Anywhere PCIT-B328 Microsoft Identity Manager vNext Overview Wednesday, May 14 5:00 PM - 6:15 PM PCIT-B330 Active Directory + BYOD = Peace of Mind Thursday, May 15 8:30 AM - 9:45 AM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Track resources Web Links Hands on Labs (online) 4/12/2017 Hybrid Identity http://aka.ms/hybrididentity Access & Information Protection http://aka.ms/aip Windows Server 2012 R2 http://aka.ms/ws2012r2 Azure Active Directory http://aka.ms/azureactivedirectory Identity Manager http://aka.ms/identitymanager Hybrid Identity Whitepaper http://aka.ms/hybrididentitywp Hybrid Identity Datasheet http://aka.ms/hybrididentityds Hands on Labs (online) Active Directory Deployment and Management Enhancements http://go.microsoft.com/?linkid=9838440 Enabling Secure Remote Users with RemoteApp, DirectAccess and DAC http://go.microsoft.com/?linkid=9838462    Migrating Active Directory to Windows Server 2012 R2 http://go.microsoft.com/?linkid=9842894   Implementing a Basic PKI in Windows Server 2012 R2 http://go.microsoft.com/?linkid=9842895 Windows Server 2012 R2: New Features in AD FS http://go.microsoft.com/?linkid=9842896 Workplace Join http://go.microsoft.com/?linkid=9836553 Work Folders http://go.microsoft.com/?linkid=9839828 AD FS and Claims apps http://go.microsoft.com/?linkid=9836552 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources Learning TechNet msdn http://channel9.msdn.com/Events/TechEd 4/12/2017 Resources Sessions on Demand http://channel9.msdn.com/Events/TechEd Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet msdn Resources for Developers http://microsoft.com/msdn © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete an evaluation and enter to win! 4/12/2017 Complete an evaluation and enter to win! © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Evaluate this session Scan this QR code to evaluate this session. 4/12/2017 Evaluate this session Scan this QR code to evaluate this session. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/12/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.