Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

Published byWendy Merritt Modified over 5 years ago

Similar presentations

Presentation on theme: "6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,"— Presentation transcript:

1 6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect, Microsoft Steve Lewis Senior Consultant, Microsoft © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 6/26/2018 5:24 AM Business Case Application data access is tightly coupled to application platforms Business needs must drive access across platforms in a consistent manner Application data access requirements must drive granular controls for data protection in business terms It is time for the business needs to drive the way content is protected with terms business users and systems understand. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Approach Provide a centralized authorization model
6/26/2018 5:24 AM Approach Provide a centralized authorization model Accessible via enterprise applications Accessible via an API © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Policy Management Components
6/26/2018 5:24 AM Policy Management Components Data Classification Management Tool User Users with attributes Rules Policies defining access privileges and obligations Resources Securable items User Attributes Employee Type Office Citizenship Resource Tags Document Type Creation Office Releasability Controls Rule 1: User.EmployeeType = Resource.Document Type Rule 2: User.Office Contained In Resource.Creation Office Rule 3: User.Citizenship Contained In Resource. ReleasabilityControls OR Resource.ReleaseabilityControls = UNKNOWN © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Successful User Access
6/26/2018 5:24 AM Successful User Access Resource Tags Document Type = Engineer Creation Office = Flight Controls Releaseability Controls = UNKNOWN User Attributes Employee Type = Engineer Office = Aerospace, Flight Controls Citizenship = USA Rule 1: User.EmployeeType = Resource.Document Type Rule 2: User.Office Contained In Resource.Creation Office Rule 3: User.Citizenship Contained In Resource. ReleasabilityControls OR Resource.ReleaseabilityControls = UNKNOWN © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Failed User Access User Attributes Resource Tags
6/26/2018 5:24 AM Failed User Access User Attributes EmployeeType = Engineer, FTE Office = Aerospace, Flight Controls Citizenship = USA Resource Tags Document Type = Engineer Creation Office = Avionics ReleasabilityControls = UNKNOWN Rule 1: User.EmployeeType = Resource.Document Type Rule 2: User.Office Contained In Resource.Creation Office Rule 3: User.Citizenship Contained In Resource. ReleasabilityControls OR Resource.ReleaseabilityControls = UNKNOWN © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 High Level Solution Overview
Authorization Policy Enforcement for: Access Control Data Filtering Redaction Masking Encryption Dynamic SoD Controls Data Segregation Data Residency Data Classification Data Loss Prevention Rights Protection Document Quarantine Document Control User Activity 1 Authorized Access 8 2 Intercept Event 7 Enforce Decision AuthZ Request 3 Decision 6 Attribute Sources LDAP Get Attributes 5 4 Evaluate Policies Services

8 Key Takeaways Consistent Data Categorization and Classification
6/26/2018 5:24 AM Key Takeaways Consistent Data Categorization and Classification Aligning data tagging with user attributes Defined processes to manage attribute life cycle User Attributes must be kept up to date Leverage user attributes from HR or other systems of record Service accounts have identities and need to be managed just like people Provide attributes for service accounts Or Exclude service accounts from policies © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Please evaluate this session
Tech Ready 15 6/26/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 6/26/2018 5:24 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,"

Similar presentations

MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Session 1.

Session 1.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Azure SDKs and Tools for You

Azure SDKs and Tools for You
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
“Enable, Invent & Adopt, Transform”

“Enable, Invent & Adopt, Transform”
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
SQL Server on Linux on All-Flash Arrays

SQL Server on Linux on All-Flash Arrays
Excel and Power BI Better Together Democratization of data

Excel and Power BI Better Together Democratization of data
Workflow Orchestration with Adobe I/O

Workflow Orchestration with Adobe I/O

Similar presentations

Ads by Google