Presentation is loading. Please wait.

Presentation is loading. Please wait.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Published byJuliet McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity."— Presentation transcript:

1

2

3 Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity

4

5 Apps Users Data Devices

6

7 Hybrid Identity Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting √

8

9 A centralized and consistent corporate identity HR System LDAP Exchange Database title Coordinator givenName surname employeeID Samantha Dearing 007 e-mailsamd@contoso.com telephone555-123-4567 givenName surname title E-mail employeeID telephone samd@contoso.com Samantha Dearing 007 Coordinator 555-123-4567 Identity attributes are often located in multiple repositories Identity Manager creates a compilation of these attributes with validation and keeps this in sync with all identity realms LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

10 Common Identity with Sync and Federation User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory Synchronization Federation AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication Write back of attributes to support cloud first and co-existence

11 Direct to cloud identity sync Azure Active Directory Sync provides the ability to sync disparate on-premises identity repositories directly to Azure Active Directory LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

12 Identity Federation Conditional access with multi-factor authentication is provided on a per- application basis, leveraging user identity, device registration & network location Organizations can federate with partners and other organizations for seamless access to shared resources Organizations can connect to SaaS applications running in Azure, Office 365 and 3 rd party providers Enhancements to AD FS include simplified deployment and management Published applications

13

14 Office 365 & Windows Intune Identity Models Cloud Identity Single identity in the cloud suitable for small organizations with no integration to on- premises directories Single identity suitable for medium and large organizations with passwords stored both on-premises and in the cloud without federation Directory Sync Single federated identity and credentials suitable for medium and large organizations, passwords stored only on-premises Federated Identity

15

16

17 Provide users with self-service experiences Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the user’s attributes. Users can reset their passwords significantly reducing help desk burden and costs. Users can edit their profile details to update and add missing information All changes and updates are workflow and policy driven with approval routing as appropriate Users can onboard new users and contractors into their teams and provide access to required resources

18 Cloud based self-service experiences Self Service Password change and reset for cloud users Users can easily access the SaaS apps they need, using their existing Active Directory credentials. Leverage existing investments in Active Directory for a single set of user credentials Users can edit their profile details to update and add missing information Users can manage access requests through self-service group management

19 Provide users with single sign-on experiences Sync or federate users to Azure Active Directory for single sign-on to cloud apps Users can access all their company resources with a single set of credentials Leverage existing investments in Active Directory for a single set of user credentials Users can sign onto 3 rd party SaaS apps with their company credentials Users gain seamless access to Office 365, Windows Intune and other Microsoft cloud apps LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

20

21 Single sign-on to Office 365 and Windows Intune Cloud Identity A user with a cloud only identity can sign in to Office 365 and Windows Intune using their Azure Active Directory credentials When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Directory Sync When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory Federated Identity

22

23

24 Active Directory for the cloud Run Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning. Developers can integrate applications for single sign-on across on- premises and cloud- based applications. Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises. Manage Active Directory using Windows PowerShell, use the improved deployment experience and leverage the Active Directory Administrative Center for centralized management Activate clients running Office on at least Windows 8 or Windows Server 2012 automatically using existing Active Directory infrastructure.

25 Choose among hundreds of popular SaaS apps from a pre-populated application gallery. Easily add custom cloud-based apps. Facilitate developers with identity management. Comprehensive cloud based identity and access management combining directory services, identity governance, application access management and a developer’s identity management platform Sync identity or provide federated identity for single sign-on Add multi-factor authentication for additional user identity verification Azure Active Directory Administrators have access to security reporting that tracks inconsistent access patterns and view users who signed in from unknown sources LDAP v3 PowerShell SQL (ODBC) Web Services (SOAP, JAVA, REST)

26 1. Users attempts to login or perform an action that is subject to MFA 2. When the user authenticates, the application or service performs a MFA call 3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a mobile app 4. The response is returned to the app which then allows the user to proceed User Devices Apps & Data

27 Protect Data with Rights Management Hybrid options across Windows Server and Azure Rights Management Easy to use with integration with Office 2010/13, Windows Shell Extensions and cross platform clients Integration with SharePoint and Exchange Automatically identify and classify data based on content with automatic encryption Securely share documents with colleagues and business partners

28 Maintain governance and compliance Demonstrate that access rights comply with organizational policies and industry regulations Easily define and manage access based on user roles Perform attestation by regularly ensuring access rights are maintained and allow managers to review and approve existing access rights of users Enable users with self-service access request and approval Enforce segregation of duties by defining incompatible permissions and roles

29

30 Workload: SharePoint with conditional access & MFA Users can connect to a published on-premises SharePoint server that has been integrated with AD FS. Through conditional access policies we can enforce additional authentication and authorization requirements, such as device registration. With integrated MFA, AD FS facilitates the device registration process and allows the user to continue and gain access to the SharePoint site.

31

32 Hybrid Identity Review Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting √

33

34 www.microsoft.com/learning http://developer.microsoft.com http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

35

36

37

Download ppt "Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.
Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-

Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards-
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Microsoft Ignite /16/2017 3:28 PM

Microsoft Ignite /16/2017 3:28 PM
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Understanding Active Directory

Understanding Active Directory
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Tech Ed North America 2010 4/24/2017 1:59 AM SESSION CODE: SIA327

Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327

Similar presentations

Ads by Google