Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management at Microsoft

Published byیلدا ایروانی Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity Management at Microsoft"— Presentation transcript:

1 Identity Management at Microsoft
2/23/ :41 PM Identity Management at Microsoft Alan Stone ANZ IT Director Microsoft Corporation © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

2 2/23/ :41 PM Our definition.. Identity and Access Management is a set of processes enabled by software to manage the lifecycle of identities, as well as the security and privacy policies that govern how the identities can be used to access IT resources. © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

3 Identity Management Service
2/23/ :41 PM Identity Management Service The Service guarantees the privacy, consistency and fidelity of all identities in the Identity Systems (enterprise) through secured access while ensuring regulatory compliance. Microsoft IT approaches Identity Management as an end to end service Identity Management (IdM) is tied to the AD and is core to ensuring a secure, private and controlled environment. This is a key focus area for Sarbanes-Oxley compliance. © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4 2/23/ :41 PM Microsoft IT and IdM Identity Management in Microsoft similar to your experience Provisioning and Lifecycle Management Secure Access Management Password Management Enterprise Directory Management Governance and Compliance Manageability challenges similar to customers How to ensure security, enforce least privilege while still providing necessary access Need to centrally manage a federated (multi-forest) environment Value of Microsoft IT Highly effective partnership with Windows Product Group IT driving solid business requirements into AD, MIIS teams from real-world experiences © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

5 The Identity Management Lifecycle
2/23/ :41 PM The Identity Management Lifecycle Departing User De-provision Account Remove Entitlements Synchronize Identity Extend lifecycle information across all identity stores Entitlement Reporting Audit/log any changes Keep track of Entitlements Account Changes Promotions Transfers New Privileges Attribute Changes New User User ID Creation Credential Issuance Account Provisioned Access Assignments © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

6 Microsoft IT User Provisioning and Lifecycle
2/23/ :41 PM Microsoft IT User Provisioning and Lifecycle Microsoft IT Guidelines Clearly define authoritative source for all user attributes Clearly define and document processes and policies HR is authority of who works at Microsoft, of Address Book information (Manager, Phone number) IT is authority of network account name, mailbox, remote access Increase IT efficiency through automation Consistency checking automated Terminations fully automated Creation partially automated today, full automation coming Automated Address Book Updates - from HR systems, thru AD to Exchange Automated Provisioning of some entitlements – OWA, RAS, etc. Microsoft Identity Integration Server (MIIS) provides foundation for all Identity automation © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

7 How Does Identity Flow in MIIS?
2/23/ :41 PM How Does Identity Flow in MIIS? Metadirectory Connector Namespace Metaverse Namespace Suzan Fine Full Name Title Employee # 1 Full Name Title Employee # Suzan Fine Full Name Title Employee # Suzan Fine Name Post Office Location Sue Fine 4 HR Database Full Name Title Employee # Suzan Fine 3 5 5 Sue Fine Name Post Office Location Employee # Suzan Fine Name Post Office Location Employee # Name Post Office Location Employee # Sue Fine 2 Suzan Fine AD and Messaging © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

8 Access is a privilege not a right!
2/23/ :41 PM Access is a privilege not a right! Microsoft IT Guidelines Investigate adopting most restrictive policies and implement company-wide Build a Policy Management strategy Post all user policies centrally Build a Policy Education and Awareness campaign Microsoft focuses on Business Code of Conduct, Security Basics, Diversity Principle of Least Privilege Authorization Role-based access based on minimum access needed Used to lock-down Intellectual Property (IP) like source code, HR systems MIIS Solution coming – calculated security group creation and management © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

9 Elevated Access Management
2/23/ :41 PM Elevated Access Management Elevated Access = Administrative Account Any access above and beyond regular user access Includes Read, Read/Write, Full Admin Control Access level based on individual’s role and responsibility Alternate Account created for better auditing, reporting Has limited privileges (no , no RAS) Terminated automatically when user account terminated Requires: Two-factor authentication Director approval and re-justification every 6 months Annual Security and Compliance training Pledge to abide by policies every 6 months © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

10 Password Management Guidelines
2/23/ :41 PM Password Management Guidelines Microsoft IT Password Policy NO Non-expiring Passwords – users, service or administrative accounts Strong and complex passwords are required, including local Admin accounts Password cannot be serial, synchronized nor have been used previously Group Policy used to enforce security policies in all Forests Password Delivery Process Must prove identity Securely delivered only to user or manager Acquisitions challenging Password Reset Cost Expensive - #1 Helpdesk support call but is secure Testing MIIS Self Service Password Reset Application today © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

11 Enterprise Directory Management
2/23/ :41 PM Enterprise Directory Management Manage Active Directory Infrastructure Content Forests, Domains, Trusts, Organizational Units, Schema, Group Policy Objects, Group Management Microsoft IT Guidelines Clearly document process, timeframes for users Use Infopath Forms for requests Strong Workflow with approvals required Emergency process requires request Director approval Deployments Plan, Plan, Plan Always phased with clear roll-back plans Change Control Board notified Goal is to maintain Active Directory Stability! © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

12 Microsoft IT Governance
2/23/ :41 PM Microsoft IT Governance Governance is the centralized body used to integrate and manage the policies and processes for regulatory compliance Regulatory Compliance is rapidly becoming mission critical Impacts Privacy, Security, Investor Confidence, Revenue Examples: EU Fair Information Act, EU Data Protection Directive, US HIPPA, US Sarbanes-Oxley Act, etc. It is all about Managing Access IT manages access to and provides support for financial systems, therefore is heavily involved in Sarbanes-Oxley Act © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

13 Microsoft IT Guidelines - Governance
2/23/ :41 PM Microsoft IT Guidelines - Governance Governance - Step by Step What’s key to your business? It’s all about securing your Intellectual Property Document, Document, Document! Develop your audit plans Must show evidence! Perform Audit Report successes and failures to Management Failures – remediate and audit again Management Sign-off Required for Internal and External Auditors Governance Guidelines Automate everywhere possible Build Applications with auditing and reporting capabilities Review documentation regularly Make Operations Managers accountable © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

14 Microsoft IT Governance Controls
2/23/ :41 PM Microsoft IT Governance Controls Manage Elevated Access Ensure Roles and Responsibilities correspond to access granted for Users and Applications Enforce Security and Privacy Policy Use Active Directory settings and Group Policy deployment Closely monitor requests that expose Identity data Manage Account Lifecycle Ensure Accounts terminated on time When Roles change – access change Integrate Workflow and Consistency Ensure regulatory compliance is a key decision factor in workflow Forces compliance requirements into application development © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

15 For More Information Identity Management and MIIS
2/23/ :41 PM For More Information Identity Management and MIIS Microsoft Identity & Access Management IT Identity Management Whitepaper Webcast: IT Identity Management via MIIS 2003 Microsoft Identity Integration Server 2003 IT Showcase: How Microsoft does IT Active Directory and GPO Microsoft Active Directory Microsoft Group Policy Management GPMC, Troubleshooting Guide, Best Practices Documents © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

16 For More Information Microsoft and Sarbanes-Oxley
2/23/ :41 PM For More Information Microsoft and Sarbanes-Oxley Microsoft Office Solution Accelerator for Sarbanes-Oxley Microsoft and Partner Resources to Reduce Risk, Increase Productivity Around Sarbanes-Oxley Compliance The Sarbanes-Oxley Information Portal COSO – Guidelines on Establishing Internal Controls to Achieve Objectives, Including Reliable Financial Reporting © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

17 © 2003-2004 Microsoft Corporation. All rights reserved.
2/23/ :41 PM © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

18 Sarbanes-Oxley Act Overview
2/23/ :41 PM Sarbanes-Oxley Act Overview Sarbanes-Oxley Act (SOX) impacts all publicly traded corporations Fraud and Collusion - requires quarterly certification by Exec Management that significant changes & deficiencies are disclosed Access to Financial Reporting – requires yearly certification by both Exec Management and External Auditor that controls are effective. Sarbanes-Oxley Act signed into law on July 30, 2002 Radically changes corporate governance and reporting obligations of publicly traded companies, and significantly increases personal accountability for organizations’ officers, auditors, securities analysts and legal counsel Purpose is to restore investor and stockholder confidence Fundamental change in how Audit Committees, management and auditors carry out responsibilities and interact © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

19 Microsoft SOX Program Organization
2/23/ :41 PM Microsoft SOX Program Organization 2 Executive Sponsors “Ultimate Owner and Decision Maker” Steering Committee 20 “Remove Resource Barriers” Project Management Office & Core Team 8 “Day to Day Approach and Activities” Subcycle and Regional leads (business, functional & regional sponsors) 100 “Owners and Setting Direction for the Business Cycles” Sub-cycle Location Owners and local controllers 200 “Local Project Mgrs. to execute activities at a Location” Transaction Teams 600 “On the Ground Documentation and Testing Teams” PwC Internal Audit External audit © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

20 2/23/ :41 PM So what can you expect? Prepare Now! Compliance requirements are coming your way! Requirements shift - Auditors are learning about IT Plan to Invest in Change - Time, resources, technology © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Identity Management at Microsoft"

Similar presentations

Harnessing the power of SWIFT for enterprise financial messaging Published: April 2007 Microsoft BizTalk Accelerator for SWIFT.

Harnessing the power of SWIFT for enterprise financial messaging Published: April 2007 Microsoft BizTalk Accelerator for SWIFT.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Identity and Access Management

Identity and Access Management
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Understanding Active Directory

Understanding Active Directory
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.

©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.

Similar presentations

Ads by Google