#Build2016

Windows 10 Identity OverviewKaranbir SinghSenior Program Manager

of employees use personal devices for work purposes.*

of employees that typically work on employer premises, also frequently work away from their desks.***

of all software will be available on a SaaS delivery by 2020.**

Mobility and the cloud is the new normal

66% 25% 33%

*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.

Identity Mental Model

Purpose

Ownership

Windows DevicesPCs/Tablets/Mobile/etc.

Personal

FunFun + some

work(BYOD)

Organizational

Work

Identity Mental Model

Purpose

Ownership

Windows DevicesPCs/Tablets/Mobile/etc.

Personal

FunFun + some

work(BYOD)

Organizational

Work

Self-service setup & sign in with Azure AD accountIdeal for users who primarily access Office365 & Cloud appsAutomatic enrollment to MDMAlso available on Windows Phone 10!

Domain Join only better: Connected to Azure ADGreat for hybrid orgs with deployment processes in-placeUse of existing on-premises management solutions

Domain Join

Azure AD Join

Org owned devices – Two models

Self-service setup & sign in with Azure AD accountIdeal for users who primarily access Office365 & Cloud appsAutomatic enrollment to MDM

Add a Work Account

Personally owned devices – One model

Identity Mental Model

Windows 10 Configuration

Purpose

Ownership

Windows DevicesPC/Tablets/Mobile/etc.

Personal

Fun

MSA Sign-in

Fun + some work(BYOD)

Add a Work Account

Organizational

Work

Domain Join Azure AD Join

Requirement Domain Join Azure AD Join Add a Work Account

Ownership Organization Organization Personal

Provisioning Prepared by IT Self configure in OOBE Self configure in Settings>>Accounts

Management Existing management solutions (e.g. SCCM, GP, etc.)

MDM MDM

Resources SSO to enterprise resources hosted on-premises and in the cloud

SSO to enterprise resources in the cloud, and to on-premises resources exposed via Proxy

SSO to enterprise resources in the cloud.

Deployment Traditional work place Seasonal workers, CYOD BYOD

Devices PCs and Tablets PCs, Tablets, and Windows Phone PCs, Tablets, and Windows Phone

Windows for Work

Identity is a means to an end, not the end.

Empowering every individual in your organization to achieve more is…

Web Account Manager

Web Account Manager is extensible.

Identity Mental Model

SSO

Windows 10 Configuration

Purpose

Ownership

Windows DevicesPC/Tablets/Mobile/etc.

Personal

Fun

MSA Sign-in

Fun + some work(BYOD)

Add a Work Account

Organizational

Work

Domain Join Azure AD Join

Web Account Manager

Microsoft Passport & Windows Hello

Password theft is an epidemicPass the hash attacks are no longer hypotheticalShared secrets are easily breached, stolen, or phishedAlternatives come with usability and/or operational costs

Reality

Key based authentication system built into Windows 10Users create a gesture to use their PassportTPM protects a private key used to sign auth requestsEliminates the need to authenticate using a password

Microsoft Passport

Identity Mental Model

Authentication

Windows 10 Configuration

Purpose

Ownership

Windows DevicesPC/Tablets/Mobile/etc.

Personal

Fun

MSA Sign-in

Fun + some work(BYOD)

Add a Work Account

Organizational

Work

Domain Join Azure AD Join

Web Account Manager

Microsoft Passport + Windows Hello

SummaryWindows for Work (IT admins)

- Domain Join- Azure AD Join- Add work account

Web Account Manager (Developers)- One stop shop for authentication

Microsoft Passport & Windows Hello (IT admins + Developers)- Say bye to passwords!

Azure AD JoinOverviewAzure AD Join on Windows 10 devicesAzure AD and Identity Show: Azure AD Join in Windows 10

Domain JoinMicrosoft Azure Active Directory and Windows 10: Better Together for Work or School

Resources

Web Account ManagerApp APIsWebAccountProvider APIsBuild 2015 – SSO with Secure Authentication

SDK samplesOther relevant sessions

3-767: Building Universal Windows Apps with Office 365 APIs2-769: Develop Modern Native Application with Azure Active Directory2-639: Microsoft Passport and Windows Hello3-765: App-to-App Communication: Building a Web of Apps3-654: Managing Mobile Devices and Applications in an Enterprise

Resources

Microsoft Passport and Windows HelloMicrosoft Passport OverviewWhat is Windows Hello?Microsoft Passport and AAD: Eliminating passwords one device at a time!Passport APIsBuild 2015:Microsoft Passport and Windows Hello: Moving Beyond Passwords and Credential Theft

Resources

© 2015 Microsoft Corporation. All rights reserved.