azure active directory - en pointe technologies · microsoft azure. web apps (azure active...

30

Upload: lamdang

Post on 04-Jun-2018

256 views

Category:

Documents


1 download

TRANSCRIPT

Azure Active Directory

Brian MansureAzure [email protected]

Your Cloud Identity

Agenda

• What Azure Active Directory is• What Azure Active Directory is not• Hybrid Identity• Features• Roadmap

of employees use personal devices for work purposes.*

of employees that typically work on employer premises, also frequently work away from their desks.***

of all software will be available on a SaaS delivery by 2020.**

66% 25% 33%

*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.

Mobility is the new normal

Devices Apps Data

The current reality…

Protect your data

Enable your users Unify your environment

People-centric approach

Devices Apps Data

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management serviceIt combines directory services, advanced identity governance, application access management and a rich standards-based platform for developersAvailable in 3 editions: Free, Basic and Premium

What is Azure Active Directory?

You host it, on-premises / CloudYou manage the infrastructure and the data

Core Services:

• Active Directory services• Kerberos authentication• NTLM authentication

• Active Directory Lightweight Directory Services (AD LDS)• Active Directory Federated Services (AD FS)• Active Directory Certificate Services (AD CS)• Active directory Rights Management Services (AD RMS)

Microsoft hosts it in their datacentersMicrosoft manages the infrastructureYou manage the data

Core Services:

• Windows Azure Active Directory services• Federated authentication

• WS-Federation• SAML • Oauth 2.0• More to come…

• Windows Azure Access Control Service (ACS)

Windows AzureActive Directory

Windows Azure Active Directory

• Runs from 28 datacenters spread across the globe with automated failover

• The directory behind Office 365

• On average 14 billion authentications every week

• 99.9% availability guarantee (Basic and Premium)

Azure Active Directory Connect*

Microsoft AzureActive Directory

Other Directories

PowerShell

LDAP v3

SQL (ODBC)

Web Services ( SOAP, JAVA, REST)

*

Windows Azure Conference 2014

Hybrid IdentityDelivering a seamless user authentication experience

=Same Sign-on

Users will be able to have a single set of credentials to access their cloud applications but will be prompted for username and password

Single Sign-on

Users will experience true single sign-on for cloud applications and on-premises applications alike

=

SaaS appsMicrosoft AzureActive DirectoryOther Directories

Microsoft Azure

Web Apps(Azure Active Directory

Application Proxy)

SaaS apps Integratedcustom apps

Other Directories

Centrally managed identities and access

IT professional

alerts.

Monitor and protect access to enterprise apps

alerts.

Monitor and protect access to enterprise apps

How Azure Multi Factor Authentication works

http://myapps.microsoft.com

http://myapps.microsoft.com

Cloud App Discovery

AD Agent

Logs

Active DirectoryCloud App Discovery

SSO with SaaS

Azure Active Directory Cloud App Discovery

10xSource: Help Net Security 2014

as many Cloud apps are in use than IT estimates

• SaaS app category• Number of users• Utilization volume

Comprehensivereporting

Discover all SaaS apps in use within your organization

Rich standards-based platform for developers

Azure Active Directory – Looking Forward

Business to Business

Business to Consumers Azure AD Directory

Domain Services

Administrative Units

Cloud Domain Joined

(Windows 10)

Conditional Access

Self-service Singlesign on

•••••••••••

Username

Identity as the control plane

Simple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On-premises Microsoft Azure Active Directory

Common Features

Directory as a Service 500,000 Object Limit No Object Limit No Object Limit

User/Group Management (add/update/delete) Yes Yes Yes

SSO to pre-integrated SAAS Applications /Custom Apps 10 apps per user 10 apps per user No Limit

User-Based access management/provisioning Yes Yes Yes

Self-Service Password Change for cloud users Yes Yes YesConnect (Sync engine that extends on-premises directories to Azure Active Directory) * Yes Yes Yes

Security Reports/Audit 3 Basic Reports 3 Basic Reports Advanced Security Reports

Premium+ Basic Features

Group-based access management/provisioning Yes Yes

Self-Service Password Reset for cloud users Yes Yes

Company Branding (Logon Pages/Access Panel customization) Yes Yes

Application Proxy Yes Yes

SLA Yes Yes

Premium Features

Self-Service Group Management Yes

Self-Service Password Reset/Change with on-premises write-back Yes

Advanced Usage Reporting Yes

Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Yes

MIM CAL + MIM Server Yes

Administrative Units Yes

Cloud App Discovery Yes

Conditional Access : MFA per application (in Preview) YesAutomated password roll-over (in Preview) Yes

Connect health Yes

Windows Intune

Mobile device settings management

Mobile application management Selective wipe

Microsoft Azure Active Directory PremiumSecurity reports, audit reports and multi-factor authentication

Self-service password reset and group management

Connection between Active Directory and Azure Active Directory

Information protection Connection to on-premises assets Bring your own key

Enterprise Mobility Suite

Microsoft Azure Rights Management

Advanced Threat Analytics

Detect threats fast with behavioral analytics

Adapt as fast as your enemies Reduce false positives

THANK YOUQUESTIONS?

Brian MansureAzure [email protected]