Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Published byBryan Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist."— Presentation transcript:

1 Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist

2 The Infrastructure Optimization Model Customer Challenges Implementing Solutions What Will We Cover?

3 Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

4 Overview – The Core IO Model CROSS-MODEL ENABLERS IdentityIdentity Presence Presence Rights ManagementRights Management Network AccessNetwork Access Desktop, Device, and Server Management Security and Networking Identity and Access Management Data Protection and Recovery IT Management and Security Process

5 Identity and Access Management No common identity management model Identity management for user identification Centralized configuration and authentication, information protection infrastructure Centralized administration, federated identity management No server- based identity or access management Users operate in admin mode Limited or inconsistent use of passwords at the desktop Minimal enterprise access standards Active Directory for authentication and authorization Users have access to admin mode Security templates applied to standard images Desktops not managed by policy Policy and security templates used to manage desktops for security and settings Directory and certificate-based information protection infrastructure Certificate provisioning and authorization for mobile devices Centrally manage users provisioning across heterogeneous systems Federated identity management across organizational and platform boundaries

6 Contoso Identity Management Today User name Password

7 Key Challenges No single sign-on Non-standard computers and servers Passwords managed non-securely IT strained due to company growth

8 Provide single sign-on to network resources Enforce password security Implement scalable centralized management Our Goals: Optimize IDAM

9 Active Directory The Solution – Active Directory Provide single sign-on Enforce password security Implement scalable centralized management Robust replication Application- friendly Enforces security Simplified administration Scalable infrastructure

10 Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

11 OU design DNS design Domain design Forest design Active Directory Planning

12 Active Directory Domains Boundary of Authentication Boundary of Policies Boundary of Replication CONTOSO.COM

13 Domain Design Options Single domain structure Regional domains structure

14 Additional Domain Considerations Management of multiple service administrator groups Group Policy consistency Access control and auditing settings consistency Increased likelihood of objects moving between domains Solution: Single domain structure

15 Organizational Units – An Overview CONTOSO.COM OU Admin Organized For: Administration Same Requirements Delegation Group Policy Configuration Security Organized For: Administration Same Requirements Delegation Group Policy Configuration Security OU Security OU Policy

16 Organizational Unit Design Delegation of administration Scope Group Policy application Delegation of administration Scope Group Policy application Contoso.com Administrative Workstations Users Desktops Laptops SQL Servers Exchange Servers Print Servers Standard Users Power Users Data Entry Users Servers

17 Active Directory Deployment Deployed first forest root domain controller Deployed second domain controller Configured and verified DNS Configured global catalog settings Reviewed operations master roles

18 Demo Reviewing the Organizational Unit Structure Review the OU Structure demonstration

19 Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

20 Insufficient expiration policy Multiple passwords to remember Passwords written down Calls to helpdesk for password resets Username: aaronc Password: aaronc Username: aaronc Password: aaronc Password Challenges Weak passwords and desktop security Username: aaronc Password: abc123 Username: aaronc Password: abc123 Username: aaronc Password: P$7k#yZ Username: aaronc Password: P$7k#yZ Username: acon Password: password Username: acon Password: password

21 Password Security Solutions Solution: Group Policy Password policy Credential mapping Password synchronization Password reset Password change

22 Password Security Solutions - Notes Solution: Group Policy Password policy Credential mapping Password synchronization Password reset Password change

23 Password Security Solutions - Notes Solution: Group Policy Password policy Credential mapping Password synchronization Password reset Password change

24 Demo Setting Group Policy Password Options Configure Default Domain Policy Verify Group Policy Application demonstration

25 Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

26 Group Policy Security Templates Compatws.inf Secure*.inf Hisec*.inf

27 Demo Implementing Security Templates Create Security Template Create Desktops GPO and Apply Security Template demonstration

28 What Have We Accomplished? Desktop, Device, and Server Management Security and Networking Identity and Access Management Data Protection and Recovery IT Management and Security Process CROSS-MODEL ENABLERS IdentityIdentity Presence Presence Rights ManagementRights Management Network AccessNetwork Access

29 Deployed Active Directory Implemented password security Configured security templates Session Summary

30 www.microsoft.com/technet/hot-11 Visit TechNet at: www.microsoft.com/technet Visit the following site for additional information: For More Information

31 For the latest titles, visit: www.microsoft.com/learning/books/itpro/ Microsoft Press Publications

32 Self-study learning tool free to anyone Determines skills gaps Provides learning plans Post your score—see how you stack up Visit: www.microsoft.com/assessment Readiness with Skills Assessment

33 Become a Microsoft Certified Professional What are MCP certifications? Validation in performing critical IT functions. Why Certify? WW recognition of skills gained via experience. More effective deployments with reduced costs What Certifications are there for IT Pros? MCP, MCSE, MCSA, MCDST, MCDBA. www.microsoft.com/learning/mcp

34 For more information please visit www.microsoft.com/technet/subscriptions Introducing: TechNet Plus Direct! All the benefits of TechNet Plus for 30% less, TechNet Plus Direct subscribers receive… Online Benefits Portal – New! Immediate download access: software and betas – New! 2 free Professional Support Incidents Managed Newsgroups and Online Concierge The TechNet Library containing the KB, security updates, service packs, resource kits, and more …TechNet Plus Direct is available exclusively online without media shipments Available Now!

35 Live Events and Online Webcast series Microsoft Professional Blogs Directory Chats, Newsgroups, Forums and Virtual Labs Local Locator for Professional User Groups Where Else Can I Get Help? www.microsoft.com/technet/community

Download ppt "Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist."

Similar presentations

What is Infrastructure Optimisation and Why should you care?

What is Infrastructure Optimisation and Why should you care?
Rick Claus IT Pro Advisor Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada

Rick Claus IT Pro Advisor Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada
Active Directory Fundamentals

Active Directory Fundamentals
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:

Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada

Understanding Group Policy Part 1 of 3 Rick Claus IT Pro Advisor Microsoft Canada
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Building an Optimized Infrastructure

Building an Optimized Infrastructure
Module 14: Implementing an Active Directory Infrastructure.

Module 14: Implementing an Active Directory Infrastructure.
Practice Test Tour | The Simulation Item Type Getting Started - Microsoft Simulations Item Type Selecting the Item Type in Learn Mode Walk through a Simulation.

Practice Test Tour | The Simulation Item Type Getting Started - Microsoft Simulations Item Type Selecting the Item Type in Learn Mode Walk through a Simulation.
Welcome ITPROEXC-113. Pablo Vernocchi MVP Exchange Server Leandro Amore MVP Directory Services Disaster.

Welcome ITPROEXC-113. Pablo Vernocchi MVP Exchange Server Leandro Amore MVP Directory Services Disaster.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.

Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
4/17/2017 7:22 AM ©2005 Microsoft Corporation. All rights reserved.

4/17/2017 7:22 AM ©2005 Microsoft Corporation. All rights reserved.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Identity and Access Management

Identity and Access Management
Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Windows Network Policy Server Fundamentals Ranjana Jain MCSE, MCT, RHCE, CISSP, CIW Security Analyst IT Pro Evangelist Microsoft India

Similar presentations

Ads by Google