Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /16/2017 3:37 PM

Published byMaud Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /16/2017 3:37 PM"— Presentation transcript:

1 Microsoft Ignite 2015 4/16/2017 3:37 PM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Enterprise-Grade Access Control for Azure
Microsoft Ignite 2015 4/16/2017 3:37 PM BRK2707 Enterprise-Grade Access Control for Azure Dushyant Gill Product Manager, Azure Active Directory © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 IAAS/PAAS adoption in Organizations
Microsoft Ignite 2015 4/16/2017 3:37 PM IAAS/PAAS adoption in Organizations Managed Identity Owner = Active Directory Owner = Owner = Owner = © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Access to Azure & rest of the cloud Powered by Azure AD
2500+ Pre-Integrated SAAS Apps Managed Identity Users & Groups Microsoft Online Services Roles and Role Assignments Sync Azure Active Directory Owner = Active Directory Owner = Microsoft Azure IAAS/PAAS Roles-Based Access Control Self-Service Groups Management B2B Access Management Conditional Access (MFA, Device Health, Network) Attribute Based Access Control Managed Access to Daemon Services Secure Sharing with Consumer Accounts Self-Service Password Management Company In-House Developed Cloud Apps

5 Demo Azure RBAC in Action
New member joins the team, and automatically gets appropriate access to Azure.

6 RBAC in Azure 20 Built-In Roles Fine-Grained Control
Microsoft Ignite 2015 4/16/2017 3:37 PM RBAC in Azure 20 Built-In Roles Owner, Contributor, Reader and Resource type-specific admin roles: VM Contributor, VNet Contributor, SQL DB Contributor … Custom roles coming soon Fine-Grained Control Grant access to AD groups, users, and services Manage access at granular scopes (resource groups, subscriptions, and individual resources) Delegate specific access management Simple Access Management Experience Manage access using portal, command-line, and REST APIs Analyze access settings and keep track of changes Co-existence with classic service admin, and co-admin model © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Access Inheritance and Resource Hierarchy
RG R R S RG R Role Assignment Role = ‘Owner’ Subject = AAD User Scope = Resource R RG Role Assignment Role = ‘Reader’ Subject = AAD Group Scope = Subscription R Role Assignment Role = ‘Contributor’ Subject = AAD User Scope = Resource Group

8 Demo Analyze Access Policy
Access change history. Who has access to my subscriptions? What access does a user have on my subscriptions?

9 Azure RBAC Usage Microsoft Ignite 2015 4/16/2017 3:37 PM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Key Learnings from Enterprise Customers
Microsoft Ignite 2015 4/16/2017 3:37 PM Key Learnings from Enterprise Customers Organizational Accounts not LiveIds Use organizational accounts to sign-up and manage Azure. Connect your Azure AD with on-prem AD. Resource Groups not Subscriptions Use resource groups to segregate workloads with different access needs. Avoid granting access to individual resources unless necessary. Manage Access using Groups Assign access to AD groups, manage membership of groups for on-going access management. Enable Multi-Factor Auth Use Azure AD conditional access policies to enable MFA for Azure management. Least Privilege Pick the right role for the job. Contributor not Owner. Model on-premises roles using resource-type specific Azure roles. Keep a tab on Access Changes Monitor changes to access settings. Regularly dump and review entire access policy. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Actual Enterprise Implementation
Microsoft Ignite 2015 4/16/2017 3:37 PM Actual Enterprise Implementation On-Premises Azure Active Directory Azure Active Directory Users, Groups and Password Sync Sector 1 Sector 2 .. Region NA Region SA Division Mktg Division Sales Project 1 Project 2 Subscription per Sector Resource Group per Project Tags Region, Division, Project “Standard” VNet per Division in separate resource group Billing Tracked per Division Subnet On “standard” Vnet assigned to each Project IT Director’ Office Owners of Subscriptions Network Admins VNet Contributors of “standard” VNet RGs Infrastructure Admins and Support Virtual Machine Contributors of Project RGs and “standard” VNet RGs Project Team Roles Appropriate Role on Project RGs Express Route(s) © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Coming Soon Azure RBAC Custom Roles
Microsoft Ignite 2015 4/16/2017 3:37 PM Coming Soon Azure RBAC Custom Roles Model specific access needs using Azure RBAC custom roles. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Custom Roles: New-AzureRoleDefinition
Microsoft Ignite 2015 4/16/2017 3:37 PM Custom Roles: New-AzureRoleDefinition © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Custom Roles: Get-AzureSecurableActions
Microsoft Ignite 2015 4/16/2017 3:37 PM Custom Roles: Get-AzureSecurableActions © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Custom Roles: Create Using Script

16 Custom Roles: Create Using Json

17

18

19

20 Demo Conditional Access for Azure Management
Microsoft Ignite 2015 4/16/2017 3:37 PM Demo Conditional Access for Azure Management Enforce multi-factor auth in Azure Portal and Command-Line from outside company network. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Demo Bye-bye Azure storage account keys
Extend Azure AD access management to Storage Account Data using Key Vault.

22 Secure Access to Storage Accounts using Key Vault and Azure AD
2) Read Secret (Storage Account Key) Scheduled Job Running in Azure Automation Key Vault Storage Account 3) Access Storage Account with Key Write Secret (New Storage Account Key) Regenerate Storage Account Key User/Service Azure AD 1) Authenticate

23 Demo Attribute-Based Access Control for Azure
Microsoft Ignite 2015 4/16/2017 3:37 PM Demo Attribute-Based Access Control for Azure ABAC for Azure using Azure AD criteria-based groups. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Thank you! Please complete the evaluation.
4/16/2017 3:37 PM Thank you! Please complete the evaluation. Reach out to Dushyant at © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Please evaluate this session
4/16/2017 3:37 PM Please evaluate this session Your feedback is important to us! Visit Myignite at or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 4/16/2017 3:37 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /16/2017 3:37 PM"

Similar presentations

Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
SQL Server Primary SQL Server Secondary SLA 99.95 SLA High Availability Hardware and Software Windows and Linux.

SQL Server Primary SQL Server Secondary SLA SLA High Availability Hardware and Software Windows and Linux.
4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/15/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
Microsoft Cloud Microsoft Confidential SaaS Office 365 Azure SQL PaaS Azure Storage Azure HDInsight IaaS SQL Server Apache One common problem: “How.

Microsoft Cloud Microsoft Confidential SaaS Office 365 Azure SQL PaaS Azure Storage Azure HDInsight IaaS SQL Server Apache One common problem: “How.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.

The product strategyThe indirect sales WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
AZURE RESOURCE MANAGER API  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource.

AZURE RESOURCE MANAGER API  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource.
Build 2015 4/17/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /17/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Microsoft Dynamics CRM Passwords AttributeFeature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering Coexistence enables on-premise.

Microsoft Dynamics CRM Passwords AttributeFeature SafeSendersHash BlockedSendersHash SafeRecipientHash Filtering Coexistence enables on-premise.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.

SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
5 | Microsoft Confidential 6 | Microsoft Confidential.

5 | Microsoft Confidential 6 | Microsoft Confidential.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure

Similar presentations

Ads by Google