IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

Slides:

Advertisements

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Advertisements

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Microsoft Ignite /16/2017 3:28 PM

Identity management integration options for Office 365

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Microsoft Ignite /16/2017 4:55 PM

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.

Active Directory Integration with Microsoft Office 365

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Single Sign-On with Microsoft Azure

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.

Identity Decision Tree Framework Quick Reference Guides.

101 ways to authenticate with Azure Active Directory

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Access resources in a federation partner organization.

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

With ADFS and Azure Active Directory

DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.

Pat Fetty – Principal PM Manager Securing your mobile assets with Microsoft Intune WIN33 1.

Identities and Azure AD Premium

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Today’s challenges Data Users Apps Devices

Identity; What you need to know to be in the Microsoft Cloud

Microsoft 365 Security and Compliance: Training and Resources

Microsoft Ignite /27/2018 9:00 AM THR2016

Azure AD for the client management guy (or gal!)

Wait, Microsoft is in the Security Game?

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Cloud Connect Seamlessly

Azure AD Application Proxy

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Microsoft Ignite /20/2018 2:21 PM

Access and Information Protection Product Overview October 2013

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

PCIT-B313 Hybrid Identity

Office 365 Identity Management

M3: Guidance for choosing the right integration option

Surviving identity management in a hybrid world

4/3/2019 3:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

PCIT-B314 BYOD and WS2012R2 Adam Hall

7/18/2019 7:04 PM Pregled scenarijev uporabe storitve Azure Active Directory pri integraciji in nadzoru identitete uporabnika Gregor Šuster Microsoft Slovenija.

Microsoft Virtual Academy

Presentation transcript:

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active Directory. Users are more productive by having a single sign-on to all their resources. Users get access through accounts in Azure Active Directory to Azure, Office 365, and third-party applications. Developers can build applications that leverage the common identity model.

Active Directory AD DS Office 365 and SaaS Providers Microsoft Azure Active Directory FIM/MIM Sync On-premises Azure AD Connect Sync, Sign-In Salesforce Box DropBox Google Concur …. Identity Bridge LOB Your apps

Tight AD integration Desktop SSO from domain joined machines Honor AD login policies (e.g. work hours) Integration with AD lockout with support for independent ‘soft’ lockout for extranet Alternate login ID Security Policy Policy prevents any AD credential to be synced to public cloud Conditional Access Client Access Policies to control extranet access to applications Conditional access based on devices (workplace join) Strong Authentication Inbox support for AD cert authentication (e.g. SmartCards) Support for Azure MFA server or 3 rd party MFA vendors (RSA, SafeNet, LoginPeople, InWebo, Gemalto…) that a customer already has

Firewall Start

Firewall Start

Use Windows 2012 R2 Co-locate ADFS on domain controllers (no IIS needed) You don’t need SQL unless you are greater than 90K users! Use self-signed token signing certificates. Deployment Deploy Web Application Proxy. Current Outlook/EAS need this to work. AAD uses federation metadata endpoint that is internet accessible to keep token signing cert information up to date. Don’t use sticky sessions on your Load Balancer Configure SNI on load balancer or use HTTP health probes (MS14-08) Network Enable extranet soft account lockout Enable MFA with smartcards, Azure MFA or 3 rd party MFA (SafeNet, RSA, Gemalto, LoginPeople …) Enable client access policies in the prescribed manner. Security Ensure that SPN (HOST/adfs.contoso.com) is set on ADFS service account Customize illustration & logo to have a great end user experience Enable ‘Keep Me Signed In’ option for better SSO Sign-In Experience

Tue, Oct 28 3:15 PM-4:30 PMEM-B214Privileged Access Management for Active Directory Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator