Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Published byMoris Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks."— Presentation transcript:

1 4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Role-Based Access Control for Azure CDP-B213
4/15/2017 Role-Based Access Control for Azure CDP-B213 Dushyant Gill © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Question Do you consider finer-grained access management for Azure a critical requirement?

4 Question Have you used the Azure preview portal?

5 Question Do you know what Azure Active Directory is?

6 Adoption of IAAS/PAAS in Organizations
IT managed identities Owner = Active Directory Owner = Owner = Owner =

7 Access to Azure and rest of the cloud: Powered by Azure AD
2000+ Pre-Integrated SAAS Apps IT managed identities Microsoft Online Services Users & Groups Sync Azure Active Directory Owner = Roles and Role Assignments Active Directory Owner = Microsoft Azure IAAS/PAAS Company In-House Developed Cloud Apps

8 Demo: Azure RBAC in action
Dushyant Gill

9 Azure RBAC: First Preview Release
3 built-in roles (Owner, Contributor and Reader) available for assignment to Users, Groups and Services on Azure scopes: Subscription, Resource Group and Resources. Access management using Azure preview portal, Command Line Tools & REST API for bulk operations. In the new RBAC model the existing subscription administrators and co-admins become ‘Owners’ of the subscription.

10 Roles and Roles Assignments
Role is a collection of actions Role Assignments Role Subject = Users or Groups or Service Identity Scope = Directory or Subscription or ResourceGroup or Resource Actions Not Actions Owner * Contributor Microsoft.Authorization/* Reader */Read SQL Contributor Microsoft.SQL\* Tier 1 Operator */Read + Microsoft.Compute\VirtualMachine\*

11 Access Inheritance and Resource Hierarchy
RG S R Role Assignment Role = ‘Reader’ Subject = AAD Group Scope = Subscription Role = ‘Owner’ Subject = AAD User Scope = Resource Role = ‘Contributor’ Scope = Resource Group Access Inheritance

12 Azure AD Authorization Platform
Azure Active Directory Azure Preview Portal & APIs (Azure Resource Manager) Roles and Role Assignments Synced to closest geo location Token with group membership claims Access Check SDK Reason over Policy and Audit Policy Audit Users and Groups Sync Active Directory

13 Demo: Access Management
Dushyant Gill

14 RBAC & Azure Resource Manager
Azure Active Directory Azure Events Roles & Role Assignments RBAC RP Events Azure Resource Manager

15 Demo: Access Change History - RBAC and Events RP
Dushyant Gill

16 Integrate your app’s access with AAD groups
Using AAD Groups Directly Using AAD App Roles 1 Ellen (Resource Owner) Grants access to an AAD group ‘Ellen’s Team’ App renders “people picker” using AAD Graph API App persists the group objectId in “permissions table” Publishes App Roles in AAD App Developer 1 App Roles = “Publisher”, “Subscriber” 2 Joe (Member of ‘Ellen’s Team’) Accesses the resource. Token contains groups claim App checks access by comparing groups claim value with persisted objectIds Assigns App Roles to Users, Groups and Client Applications Customer Admin 2 Kim -> “Publisher” Ellen’s Team -> “Subscriber” Accesses the resource. Token contains roles claim roles=“Publisher” 3 Kim App checks access using “IsInRole” 3 Sam (Member of ‘Ellen’s Team’) Accesses the resource. Token contains overage claim App checks access by comparing user’s groups with persisted objectIds App queries AAD Graph API for user’s groups

17 What’s ahead Custom Roles Access Change History
Reporting over Policy and Audit Just-in Time Access Conditional Access Resource tag based Access Control User attribute based Access Control Available to 3rd Party Applications Separation of Duties

18 For more information Windows Server System Center Azure Pack
Windows Server Technical Preview Windows Server System Center System Center Technical Preview Azure Pack windows-azure-pack Microsoft Azure Come visit us in the Microsoft Solutions Experience (MSE)! Look for the Cloud and Datacenter Platform area TechExpo Hall 7

19 Resources Learning TechNet Developer Network
4/15/2017 Resources Sessions on Demand Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Developer Network © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Azure Exams EXAM 532 Developing Microsoft Azure Solutions Implementing Microsoft Azure Infrastructure Solutions EXAM 533 (Coming soon) Architecting Microsoft Azure Solutions EXAM 534 Azure-Cert + Classroom training (Coming soon) Microsoft Azure Fundamentals MOC 10979 MOC 20532 Developing Microsoft Azure Solutions Implementing Microsoft Azure Infrastructure Solutions MOC 20533 2 5 5 Azure-Train Online training (Coming soon) Microsoft Azure Fundamentals MVA (Coming soon) Architecting Microsoft Azure Solutions MVA Azure-MVA Get certified for 1/2 the price at TechEd Europe 2014! TechEd-CertDeal

21 Please Complete An Evaluation Form Your input is important!
4/15/2017 Please Complete An Evaluation Form Your input is important! TechEd Mobile app Phone or Tablet QR code TechEd Schedule Builder CommNet station or PC © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Evaluate this session 4/15/2017
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.

Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.
SQL Server Primary SQL Server Secondary SLA 99.95 SLA High Availability Hardware and Software Windows and Linux.

SQL Server Primary SQL Server Secondary SLA SLA High Availability Hardware and Software Windows and Linux.
External Collaboration Internal users Office 2007 Office 2010 Office 2013 New mobile REST endpoints Identity and Collaboration Office 2007.

External Collaboration Internal users Office 2007 Office 2010 Office 2013 New mobile REST endpoints Identity and Collaboration Office 2007.
Enables enterprise operations teams to transform machine data into near real-time operational intelligence Microsoft Azure Operational Insights Preview.

Enables enterprise operations teams to transform machine data into near real-time operational intelligence Microsoft Azure Operational Insights Preview.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio

Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
Microsoft Ignite /16/2017 3:37 PM

Microsoft Ignite /16/2017 3:37 PM
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
DiscoverFollow Node.js Express ASP.NET Web API SQL Table Storage Blob Storage WNS APNS GCM Mongo DB Notification Hubs Source Control Facebook.

DiscoverFollow Node.js Express ASP.NET Web API SQL Table Storage Blob Storage WNS APNS GCM Mongo DB Notification Hubs Source Control Facebook.
The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.

The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
AZURE RESOURCE MANAGER API  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource.

AZURE RESOURCE MANAGER API  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource.
Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what.

Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
Available via NuGet independently, major revisions infrequent and with minimal breaking changes, sole dependency for each MAML library. Contains HTTP,

Available via NuGet independently, major revisions infrequent and with minimal breaking changes, sole dependency for each MAML library. Contains HTTP,
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure

Similar presentations

Ads by Google