ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

Slides:

Advertisements

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Advertisements

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Implementing and Administering AD FS

Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Conditional access DirectAccess & automatic VPN Desktop Virtualization.

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

UAGSharePoint InternetIntranet.

Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.

Microsoft Identity and Access Solutions Market Trends and Futures

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Overview of Access and Information Protection

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Single Sign-On with Microsoft Azure

Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

(Azure+O365) Identity Presenter Name Position or role Microsoft Azure.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Access resources in a federation partner organization.

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

User and Device Management

Craig Pringle & Derek Moir

Identities and Azure AD Premium

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Recording Brief EMS Partner Bootcamp Variables Values Module Title

Today’s challenges Data Users Apps Devices

Identity and Access Management

Secure Single Sign-On Across Security Domains

Azure Active Directory - Business 2 Consumer

Azure Identity Premier Fast Start

Azure Active Directory voor Developers

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Azure AD Application Proxy

Access and Information Protection Product Overview October 2013

TechEd /7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /9/2018 1:09 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Office 365 Identity Management

12/29/2018 8:46 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Matthew Levy Azure AD B2B vs B2C Matthew Levy

SharePoint Online Authentication Patterns

System Center Marketing

TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Presentation transcript:

ARC312

Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication Authorization Includes create, update and delete of objects; Granting and revoking of access Access management – initial and ongoing Important for every component! Anywhere that digital identities live Mobile devices, remote access for mobile users Logon method, password management, MFA Identity standards and toolkits for developers

Security Policy Govern ance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication Authorization

Directory

Logon

Conditional access with multi- factor authentication is provided on a per-application basis Logon to SaaS applications in Windows Azure and other providers Enhancements to ADFS include simplified deployment and management Published applications Firewall

Part of Remote Access Server role in Windows Server 2012 R2 Replaces ADFS Proxy Publish applications for external use (like TMG/UAG) Multi-Factor Authentication Variable authentication based on device and location

Voice call SMS Smartphone App

Provisioning

Built-in workflow for identity management Automatically synchronize all user information to different directories across the enterprise Automate the process of on-boarding new users Real-time de-provisioning from all systems to prevent unauthorized access and information leakage LDAP Certificate Management

Access Control

Mobility

AD includes a new “device” object class for registering mobile devices. Registration does not make the device “managed”, only “known”. Certificate dropped on the device – this becomes the second authentication factor. Workplace Join end point is published using the Web Application Proxy

Registration end point published on the Web Application Proxy. Registered device then works as a second factor for authentication when accessing applications and services. Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device AD with 2012 R2 schema extensions including device object class Device Registration Service

Development

POST HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY { "accountEnabled":true, "displayName":"New User", "passwordProfile":{ "forceChangePasswordNextLogin":true}, "mailNickname":"NewUser" } RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements. (2 )the minimum set of properties to create a user is shown in the example above.

version= &$filter=state eq ‘WA’ Graph URL (static) Specific entity type, such as users, groups, contacts, tenantDetails, roles, applications, etc. Tenant of interest – can be tenant’s verified domain or objectId. API version OData filter on particular attribute values Follow relationships – memberOf, manager … Differential Query – changes since last query

Security Policy Governance AuditReporting Analysis Data Quality

AuthN AuthZ Dir Prov Logon AC Dev Mob Internal: Corporate AD External: DMZ Domain Trusted Partner IdP Providers Application: Own Id Store Internal: FIM External: Self-Reg Portal External: Trusted IdP Managed IdP + Password Reset Extranet: Web App Proxy ADFS Application managed Claims based Device Join Windows Identity Foundation

Head to... aka.ms/te