Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

Published byJasper Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active."— Presentation transcript:

1

2

3

4

5 IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active Directory. Users are more productive by having a single sign-on to all their resources. Users get access through accounts in Azure Active Directory to Azure, Office 365, and third-party applications. Developers can build applications that leverage the common identity model.

6 Active Directory AD DS Office 365 and SaaS Providers Microsoft Azure Active Directory FIM/MIM Sync On-premises Azure AD Connect Sync, Sign-In Salesforce Box DropBox Google Concur …. Identity Bridge LOB Your apps

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22 Tight AD integration Desktop SSO from domain joined machines Honor AD login policies (e.g. work hours) Integration with AD lockout with support for independent ‘soft’ lockout for extranet Alternate login ID Security Policy Policy prevents any AD credential to be synced to public cloud Conditional Access Client Access Policies to control extranet access to applications Conditional access based on devices (workplace join) Strong Authentication Inbox support for AD cert authentication (e.g. SmartCards) Support for Azure MFA server or 3 rd party MFA vendors (RSA, SafeNet, LoginPeople, InWebo, Gemalto…) that a customer already has

23

24 Firewall Start

25 Firewall Start

26 Use Windows 2012 R2 Co-locate ADFS on domain controllers (no IIS needed) You don’t need SQL unless you are greater than 90K users! Use self-signed token signing certificates. Deployment Deploy Web Application Proxy. Current Outlook/EAS need this to work. AAD uses federation metadata endpoint that is internet accessible to keep token signing cert information up to date. Don’t use sticky sessions on your Load Balancer Configure SNI on load balancer or use HTTP health probes (MS14-08) Network Enable extranet soft account lockout Enable MFA with smartcards, Azure MFA or 3 rd party MFA (SafeNet, RSA, Gemalto, LoginPeople …) Enable client access policies in the prescribed manner. Security Ensure that SPN (HOST/adfs.contoso.com) is set on ADFS service account Customize illustration & logo to have a great end user experience Enable ‘Keep Me Signed In’ option for better SSO Sign-In Experience

27

28

29 Tue, Oct 28 3:15 PM-4:30 PMEM-B214Privileged Access Management for Active Directory Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator

30

31 www.microsoft.com/learning http://developer.microsoft.com http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

32

33

34

Download ppt "IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.

Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Similar presentations

Ads by Google