IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active Directory. Users are more productive by having a single sign-on to all their resources. Users get access through accounts in Azure Active Directory to Azure, Office 365, and third-party applications. Developers can build applications that leverage the common identity model.
Active Directory AD DS Office 365 and SaaS Providers Microsoft Azure Active Directory FIM/MIM Sync On-premises Azure AD Connect Sync, Sign-In Salesforce Box DropBox Google Concur …. Identity Bridge LOB Your apps
Tight AD integration Desktop SSO from domain joined machines Honor AD login policies (e.g. work hours) Integration with AD lockout with support for independent ‘soft’ lockout for extranet Alternate login ID Security Policy Policy prevents any AD credential to be synced to public cloud Conditional Access Client Access Policies to control extranet access to applications Conditional access based on devices (workplace join) Strong Authentication Inbox support for AD cert authentication (e.g. SmartCards) Support for Azure MFA server or 3 rd party MFA vendors (RSA, SafeNet, LoginPeople, InWebo, Gemalto…) that a customer already has
Use Windows 2012 R2 Co-locate ADFS on domain controllers (no IIS needed) You don’t need SQL unless you are greater than 90K users! Use self-signed token signing certificates. Deployment Deploy Web Application Proxy. Current Outlook/EAS need this to work. AAD uses federation metadata endpoint that is internet accessible to keep token signing cert information up to date. Don’t use sticky sessions on your Load Balancer Configure SNI on load balancer or use HTTP health probes (MS14-08) Network Enable extranet soft account lockout Enable MFA with smartcards, Azure MFA or 3 rd party MFA (SafeNet, RSA, Gemalto, LoginPeople …) Enable client access policies in the prescribed manner. Security Ensure that SPN (HOST/adfs.contoso.com) is set on ADFS service account Customize illustration & logo to have a great end user experience Enable ‘Keep Me Signed In’ option for better SSO Sign-In Experience
Tue, Oct 28 3:15 PM-4:30 PMEM-B214Privileged Access Management for Active Directory Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator