Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Slides:



Advertisements
Similar presentations
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Advertisements

Identity Manager vNext
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.
19 % System Center FY14 Revenue Growth Large enterprises actively using SC 63% SC customers actively using SCOM 30% SC customers still using.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
What is Azure Multi-Factor Authentication? An Azure Identity and Access management service that prevents unauthorized access to both on- premises.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.
4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Overview of Access and Information Protection
Single Sign-On with Microsoft Azure
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Office 365 Directory Synchronization Update: Deploying Password Sync.
Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.
Access resources in a federation partner organization.
Privileged Access Management (PAM) with MIM 2016
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
Building Azure Web Apps with Node.js and the Spotify Web API Daniel Larsen M361.
Identities and Azure AD Premium
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD
Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,
MIM/PAM Case Study Dean Guenther IAM Manager Washington State University May 2016 Copyright 2016, Washington State University.
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
James Cowling MIM Privileged Access Management.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Follow OCG Learning Twitter Facebook LinkedIn
Active Directory Modernization Technical competitive comparison
Reduce Risk Across Hybrid IT
Microsoft Ignite /27/2018 9:00 AM THR2016
Azure Active Directory voor Developers
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Module 1: Identity is the New Perimeter
Journey to Microsoft Secure Cloud
Implementing Active Directory Domain Services
Microsoft /20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.
Examine common architectures for hybrid identity
Azure RMS Deep Dive.
Wait, Microsoft is in the Security Game?
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Reduce Risk Across Hybrid IT
Identity Driven Security
Configuring and Deploying Just Enough and Just-In-Time Administration
Company Overview & Strategy
11/11/2018 Azure Active Directory Privileged Identity Management Deployment Training - Module 5   November 2016 Ed Wu, Senior Program Manager Mark Wahl,
11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Getting Started.
Identity Infrastructure Fundamentals and Key Capabilities
Office 365 and Azure Active Directory Premium
Getting Started.
Brian Arkills Microsoft Solutions Architect
1/3/2019 1:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
A 5-minute overview of ADAudit Plus
Protecting your data with Azure AD
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Azure AD Simon May Technical Evangelist.
Presentation transcript:

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next in the cloud

Research & Preparation First Workstation Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker Undetected) months Attack Discovered External attackers find admins Use spear-phishing, password guessing,... Leverage Active Directory for lateral movement

Learn more at CDP-B415 “JEA: A PowerShell Toolkit to Secure a Post-Snowden World” Tuesday, October 28 5:00 PM - 6:15 PM Room: Hall 8.1 Room J

Users might have rights they don’t need (and don’t know they have)

Least Privilege – Just in Time (JIT) Access, part of Best Practices for Securing AD #7: Eliminate permanent membership in highly privileged groups. #8: Grant temporary membership in privileged groups when needed.

Prepare Which users have privileged access rights based on AD groups? Protect Step-up lifecycle and AuthN protection of privileged user accounts Operate Users can request Just In Time (JIT) and Just Enough administrator access privileges Monitor Additional auditing, alerts & reports, of privileged access requests

Existing AD (without JIT) “CORP” Existing AD Forest(s) WS 2003 or later Existing Apps leverages AD/Kerberos User: CORP\Jen Groups: CORP\File Admins Refresh after: 1 week dn: cn=File Admins,dc=corp member: cn=Jen, dc=corp... User “Jen”

Privileged Access Management trust for admin access Microsoft Identity Manager vNext “PRIV” AD DS WS vNext Existing Apps access request User “Jen” leverages AD/Kerberos User: PRIV\JenAdmin Groups: CORP\File Admins Refresh after: 60 minutes dn: cn=File Admins,dc=corp member: cn=Jen, dc=corp... Group: File Admins Domain: CORP Candidates: Jen dn: cn=CORP File Admins dn: cn=JenAdmin member: cn=JenAdmin UNTIL 1 hour from now “CORP” Existing AD Forest(s) WS 2003 or later

MIM Service AD DS vNext AuthZ WF Action WF MPR New-PAMRequest MIM Service DB User Group PAM Role Event Log PAM Request Microsoft Identity Manager PowerShell runas whoami /groups

Tue, Oct 28 5:00 PM - 6:15 PMCDP-B415JEA: A PowerShell Toolkit to Secure a Post-Snowden World Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator Fri, Oct 31 2:45 PM - 4:00 PMCDP-B313Leveraging Service Management Automation and Windows PowerShell JEA in Service Provider Operations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.