Presentation is loading. Please wait.

Presentation is loading. Please wait.

TechEd 2013 12/7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Published byAndrea Harrison Modified over 5 years ago

Similar presentations

Presentation on theme: "TechEd 2013 12/7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."— Presentation transcript:

1 TechEd 2013 12/7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Introduction to Windows Azure Active Directory
12/7/2018 2:17 PM WAD-B309 Introduction to Windows Azure Active Directory Girish Chander Principal Lead Program Manager © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Raise your hand if…..

4 Problem Statement App Cloud app App Cloud app Cloud app App Separate username/password sign-in Manual or semi-automated provisioning Separate username/password sign-in Manual or semi-automated provisioning No direct connection to directory Active Directory While enterprises working to consolidate directories on-premises, cloud apps are fragmenting directories… again

5 History of Azure Active Directory
Exchange Online Office365 services needed access to customer directories to provide best-in-breed experiences Offer identity services to Organizations without on-premises directories Run at internet scale Offer multi-tenancy SharePoint Online Lync Online ? ? ? Customer Directories on-premises

6 Windows Azure Active Directory
Exchange Online Active Directory revised to operate as Internet-scale multi-tenant directory service, built concurrently with Office 365 Extends Windows Server Active Directory into cloud Provides cloud-based directory and identity services for organizations without Windows Server AD SharePoint Online Lync Online Azure Active Directory Active Directory

7 Demo Cloud Directory Management

8 Directory and Identity as a Service
ISV App Consolidate directory management across cloud apps Connect to the directory from any platform, any device Connect with people from web identity providers and other organizations Office 365 ISV App Other MSFT Apps Your Custom IT App Azure Active Directory Active Directory

9 How Does a Cloud App Connect to Directory?
Contoso.com Directory ? ? Cloud Application ?

10 Anatomy of a Typical Cloud Application
Web application Web Application Browser Web Application Account and profile store Mobile app Web service API Web Service API Server app Web Service API Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages

11 Azure Active Directory Design Principles
The cloud design point demands capabilities that are not part of current-day Windows Server Active Directory Maximize device & platform reach http/web/REST based protocols Multi-tenancy Customer owns directory, not Microsoft Optimize for availability, consistent performance, scale Keep it simple

12 Directory access and authentication Adapting to the cloud paradigm
Powershell AAD REST Applications OAuth Portals Powershell AD LDAP Applications Kerberos Consoles

13 Directory Graph API RESTful programmatic access to directory
Objects such as users, groups, roles, licenses Relationships such as member, memberOf, manager, directReport Requests use standard HTTP methods POST, GET, PATCH, DELETE to create, read, update, and delete Response in XML or JSON; standard HTTP status codes Compatible with OData 3.0 OAuth 2.0 for authentication Role-based assignment for application and user authorization

14 Example Directory Graph Call
Tech Ready 15 12/7/2018 Example Directory Graph Call Request: { "Manager": { "uri": " }, "MemberOf": { "uri": " }, "ObjectId": "90ef7131-9d b5c6-fa2eb873ef19", "ObjectReference": "User_90ef7131-9d b5c6-fa2eb873ef19", "ObjectType": "User", "AccountEnabled": true, "DisplayName": "Ed Blanton", "GivenName": "Ed", "Surname": "Blanton", "UserPrincipalName": "Mail": "JobTitle": "Vice President", "Department": "Operations", "TelephoneNumber": " ", "Mobile": " ", "StreetAddress": "One Main Street", "PhysicalDeliveryOfficeName": "Building 2", "City": "Redmond", "State": "WA", "Country": "US", "PostalCode": "98007" } © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Protocols to connect with Azure AD
Purpose Details REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0 Service to service authentication Delegated access JWT token format SAML 2.0 Web application authentication SAML 2.0 token format Used with Office 365 Services WS-Federation 1.3 SAML 1.1 token format

16 Demo Directory Graph Explorer

17 Contoso.com Directory Authorized user creates principal in directory for app, authorizes it to use directory by associating with role Service Principal Role (Read) Authorized User Cloud Application Profile Store End User

18 Contoso.com Directory End user authenticates to directory to get token to call cloud app Service Principal Role (Read) User AuthN t1 Cloud Application Profile Store t1 End User

19 t2 t2 Cloud app gets token Accesses Directory Graph using token
Contoso.com Directory Cloud app gets token Accesses Directory Graph using token Uses user unique ID to find profile in local profile store Service Principal Role (Read) Directory Graph Delegated AuthN t2 t2 Cloud Application Profile Store End User

20 Demo AAD and your app

21 Relationship to Windows Server AD
On-premises and cloud Active Directory managed as one Directory information synchronized to cloud, made available to cloud apps via roles-based access control Federated authentication enables single sign on to cloud applications with corporate credentials Azure Active Directory Sync and Federation Active Directory

22 Directory and Identity as a Service
ISV App Consolidate directory management across cloud apps Connect to the directory from any platform, any device Connect with people from web identity providers and other organizations Users can use same identity to access on-prem and cloud apps Office 365 ISV App Other MSFT Apps Your Custom IT App Azure Active Directory Your On-prem App Sync & Federation Your On-prem App Active Directory

23 Directory Synchronization
Directory synchronization between on-premises and online Objects are created and managed on-premises and synchronized to the cloud Optionally password hashes can be sync’d to the cloud providing a single identity and credential, but not single Sign-On Reuse existing directory implementation on-premises, including Non-AD sources

24 Federation and single sign on
Single identity and sign-on for on-premises and cloud services Identities mastered on-premises, single point of management Secure Token based authentication Client access control based on IP address with AD FS and Office 365 services Strong factor authentication options for additional security

25 Windows Azure Active Authentication
Why multi factor Your data and applications are under attack Passwords are easily compromised Consumerization of IT has only increased the scope of vulnerability Strengthening regulatory requirements call for strongly authenticating access Proven Authentication Platform Powered by market-leading PhoneFactor platform Trusted by thousands of enterprise customers across a wide range of industries, including healthcare, financial services, manufacturing, and government Authenticating millions of logins and transactions each month

26 Enterprise authentication using any phone
Build 2012 12/7/2018 Enterprise authentication using any phone Mobile Apps Phone Calls Text Messages Out-of-Band Push One-Time-Passcode Out-of-Band Text One-Time Passcode Out-of-Band Call © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Build 2012 12/7/2018 Architecture 1 Users sign in from any device using their existing username/password. Custom LOB Apps Microsoft Apps Windows Azure Active Directory Credentials are checked in Windows Azure AD. Then Active Authentication is triggered for additional verification. ISV/CSV Apps Active Authentication Custom LOB Apps Users must also authenticate using their phone or mobile device before access is granted. 2 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Demo Active Authentication

29 Embracing BYOD AD Workplace Join Single Sign On (SSO)
Users join their device to their workplace, making the device known to the company’s Active Directory Single Sign On (SSO) Users sign-in once to their company from any application and are not prompted for credentials by every company application when using workplace joined devices. Work From Anywhere Businesses enable users to work from anywhere while adhering to their IT governance policies around risk management Multi-factor Authentication Businesses require additional factors of authentication when business critical resources are accessed or when there is perceived risk Multi-factor Access Control Businesses set conditional access control to resources based on four core pivots: the user, the device used, the user’s network location and use of additional auth factors AD Authentication Library ISVs build enterprise apps that delivery SSO and allow enterprises to set the access control policies based on user, device and network location, and MFA

30 Windows Azure AD Extension of Active Directory into the cloud
ISV App Extension of Active Directory into the cloud The platform for Microsoft Cloud Apps Designed to meet the needs of cloud applications, scale an multi-tenancy Provides directory and identity services: an essential part of Platform as a Service Your cloud directory for your apps Office 365 ISV App Other MSFT Apps Your Custom IT App Azure Active Directory Active Directory

31 Over 3 million tenants

32 Over 7 Billion authentications
Just last week

33

34 12/7/2018 2:17 PM Related content Break out: WAD-B308 (Fri 8:30)- Deep Dive into the Windows Azure Active Directory Graph API: Data Model, Schema, Query, and More Break out: WAD-B306 (Fri 8:30) - Securing Cloud Line-of-Business and SaaS Web Applications Using Windows Azure Active Directory Break out: OUC-B341 (Thur 3:15) - Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Resources Learning TechNet msdn http://channel9.msdn.com/Events/TechEd
12/7/2018 2:17 PM Resources Learning Sessions on Demand Microsoft Certification & Training Resources TechNet msdn Resources for IT Professionals Resources for Developers © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Evaluate this session Scan this QR code to evaluate this session.
12/7/2018 2:17 PM Required Slide *delete this box when your slide is finalized Your MS Tag will be inserted here during the final scrub. Evaluate this session Scan this QR code to evaluate this session. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 12/7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "TechEd 2013 12/7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."

Similar presentations

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.

A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
A lap around Azure Active Directory Business to Consumer (B2C)

A lap around Azure Active Directory Business to Consumer (B2C)
Deployment Planning Services

Deployment Planning Services
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
6/1/2018 2:18 AM OSP302 Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette donovanf@microsoft.com.

6/1/2018 2:18 AM OSP302 Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette
TechEd 2013 6/1/2018 7:56 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /1/2018 7:56 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
SaaS Application Deep Dive

SaaS Application Deep Dive
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
Build 2012 7/4/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Build /4/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
The power of common identity across any cloud

The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack

Understand Hybrid Identity with Azure and Azure Stack
Secure Remote Access to on-premises Web Apps using Azure AD

Secure Remote Access to on-premises Web Apps using Azure AD
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM
SharePoint Online Management and Control

SharePoint Online Management and Control
Microsoft Virtual Academy

Microsoft Virtual Academy
Azure AD Line Of Business Application Integration

Azure AD Line Of Business Application Integration
Integrating Microsoft SharePoint 2010 with Windows Azure

Integrating Microsoft SharePoint 2010 with Windows Azure

Similar presentations

Ads by Google