SlideShare une entreprise Scribd logo

Understanding Azure Active Directory and Enterprise Mobility & Security (EMS)

Télécharger en tant que PPTX, PDF
Ravikumar Sathyamurthy
Ravikumar Sathyamurthy

Global Azure Bootcamp 2017 completed recently across the world with a great success and I got another opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you. Event URL: https://goo.gl/w8UWiM

Technologie
1  sur  39
Ravikumar Sathyamurthy | @ShakthiRavi Microsoft MVP | Office Servers and Services Understanding Azure Active Directory and Enterprise Mobility & Security (EMS) 22/04/2017
Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
Identity as the control plane On-premises Windows Server Active Directory
Identity as the control plane On-premises Windows Server Active Directory VPN BYO SaaS Azure Cloud Public cloud Customers Partners
Identity as the control plane On-premises Windows Server Active Directory VPN BYO Microsoft Azure Active Directory Azure Cloud Public cloud Customers Partners
Customers Azure AD as the control plane On-premises Partners Azure Cloud Public cloud Microsoft Azure Active Directory BYO Windows Server Active Directory
Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD More than 750 M user accounts on Azure AD Azure AD Directories >10 M >85% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory • Microsoft “Identity Management as a Service (IDaaS)” for organizations. • Millions of independent identity systems controlled by enterprise and government “tenants.” • Information is owned and used by the controlling organization—not by Microsoft. • Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. • Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability Azure Active Directory. Identity at the core of your business 1000s of apps, 1 identity Cloud-powered protection
 Strong support for modern, cross-platform, cloud-friendly APIs and protocols  Certification program for third party federation servers & services  Actively engaged in standards bodies: IETF (OAuth, JOSE, SCIM, ACE, …) OpenID, FIDO, etc.
Secure remote access to on- premises apps Single sign -on to mobile apps Support for lift-and- shift of traditional apps to the cloud Provide one persona to the modern workforce for SSO to 1000s of cloud and on- premises applications Single sign-on to SaaS apps 1000s of apps, 1 identity
Azure AD Connect (sync + sign on) Active Directory LDAP directories
Azure Active Directory Connect ADFS Sync engine Consolidated deployment assistant for your identity bridge components. All currently available sync engines will be replaced by the sync engine included in the Connect tool. Assisted deployment of ADFS will be available through Azure Active Directory Connect. ADFS is an optional component for authentication in hybrid implementation. Password sync can replace ADFS for more scenarios. DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector ADFS 1000s OF APPS, 1 IDENTITY
Microsoft Azure Active Directory Identity synchronization with password (hash) sync Identity synchronization User attributes are synchronized using identity synchronization services, including a password hash; authentication is completed against Azure Active Directory User attributes are synchronized using identity synchronization tools; authentication is passed back through federation and completed against Windows Server Active Directory ADFS Microsoft Azure Active Directory 1000s OF APPS, 1 IDENTITY
Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Connect and sync on-premises directories with Azure Active Directory 1000s OF APPS, 1 IDENTITY
Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2700+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure 1000s OF APPS, 1 IDENTITY
Corporate network Microsoft Azure Active Directory Connectors are usually deployed inside the corpnet next to the applications. They maintain an out-bound connection to the service Multiple connectors can be deployed for redundancy, scale and access to different sites Users connect to the ‘published’ apps and cloud service routes traffic to the backend applications via ‘connectors’ DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1 Cloud service that allows users to remotely access on-prem apps from securely from any device and any place Different types of web-apps and APIs can be ‘published’ 1000s OF APPS, 1 IDENTITY
Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure Kerberos NTLM LDAP Group Policy 1000s OF APPS, 1 IDENTITY Your domain controller as a service for lift-and-shift scenarios
What’s Next ?…EMS
Azure Protection
Enterprise Mobility & Security capabilities Microsoft Intune Mobile device and app management to protect corporate apps and data on any device. Managed Mobile Productivity Microsoft Advanced Threat Analytics Identify suspicious activities & advanced attacks on premises. Microsoft Cloud App Security Bring enterprise-grade visibility, control, and protection to your cloud applications. Identity Driven SecurityIdentity and access management Azure Active Directory Premium P1 Single sign-on to cloud and on- premises applications. Basic conditional access security Azure Active Directory Premium P2 Advanced risk based identity protection with alerts, analysis, & remediation. Azure Information Protection Premium P1 Encryption for all files and storage locations. Cloud based file tracking Existing Azure RMS capabilities Information Protection Azure Information Protection Premium P2 Intelligent classification, & encryption for files shared inside & outside your organization Secure Islands acquisition EMSE3 EMSE5
Enterprise Mobility & SecurityWindows 10 Enterprise
DEMOS!
Ease of use for end usersAny time, any place productivity with Windows 10 Better connect with your consumers Enable cross- organization collaboration Enable business without borders Stay productive everywhere with easy access to every application and powerful collaboration capabilities across location, application, and device borders
Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices ENABLE BUSINESS WITHOUT BORDERS Enterprise State Roaming
Manage access at scale Advanced user lifecycle management Monitor your identity bridge Manage identities at scale in the cloud and on-premises Low IT overhead
Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console IT professional MANAGE ACCESS AT SCALE Provisioning and deprovisioning with customization options
Cloud-powered protection Protect against advanced threats Mitigate administrative risks Ensure accountability with better security and governance Conditional access to resources Compliance reporting R X
IDENTITY-DRIVEN SECURITY Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk On-premises applications Microsoft Azure
1 AAD Self Service-Password Reset & Group Management AAD Privileged Identity Management & AAD Identity Protection New Conditional Access 2 3
Everything You Want to, Need to, and/or Should Know About EMS in 2017
Try Enterprise Mobility + Security for free, today: https://aka.ms/EMSTrial Read the CIO’s guide to Azure Active Directory https://aka.ms/AzureADCIOGuide Explore Identity + Access Management www.microsoft.com/identity Learn more from the Azure AD documentation library https://aka.ms/AzureADDoc Discover Password best practices https://aka.ms/PasswordBestPractices Check out the new Azure AD webinars https://aka.ms/AADWebinars Microsoft is a leader in Gartner's IDaaS MQ 2016 https://aka.ms/GartnerIDaaSMQ2016 Review design considerations for your hybrid Azure AD https://aka.ms/HybridAzureADConsiderations
Questions?

Recommandé

Getting started with Azure Active Directory
Getting started with Azure Active DirectoryGetting started with Azure Active Directory
Getting started with Azure Active DirectorySasha Rosenbaum
 
Application Architecture
Application ArchitectureApplication Architecture
Application ArchitectureLars-Erik Kindblad
 
SPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSasha Rosenbaum
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureEduardo Castro
 
AAD with MVC App
AAD with MVC AppAAD with MVC App
AAD with MVC AppSasha Rosenbaum
 
Publish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorPublish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorLars-Erik Kindblad
 
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationLeverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationCapgemini
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformDavid Chou
 

Recommandé

Getting started with Azure Active Directory
Getting started with Azure Active DirectoryGetting started with Azure Active Directory
Getting started with Azure Active DirectorySasha Rosenbaum
 
Application Architecture
Application ArchitectureApplication Architecture
Application ArchitectureLars-Erik Kindblad
 
SPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSasha Rosenbaum
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureEduardo Castro
 
AAD with MVC App
AAD with MVC AppAAD with MVC App
AAD with MVC AppSasha Rosenbaum
 
Publish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorPublish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorLars-Erik Kindblad
 
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationLeverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationCapgemini
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformDavid Chou
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
Single point of failure
Single point of failureSingle point of failure
Single point of failureSasha Rosenbaum
 
Balancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCSBalancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCSTata Consultancy Services
 
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSInnovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSTata Consultancy Services
 
Transforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTransforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTata Consultancy Services
 
TCS PoV on Digitize
TCS PoV on DigitizeTCS PoV on Digitize
TCS PoV on DigitizeTata Consultancy Services
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...Tata Consultancy Services
 
Digital Blurring Business Boundaries
Digital Blurring Business BoundariesDigital Blurring Business Boundaries
Digital Blurring Business BoundariesTata Consultancy Services
 
PSEG TCS SAP Collections Management
PSEG TCS SAP Collections ManagementPSEG TCS SAP Collections Management
PSEG TCS SAP Collections ManagementTata Consultancy Services
 
Digital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyDigital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyTata Consultancy Services
 
How to build a digital insurance company
How to build a digital insurance companyHow to build a digital insurance company
How to build a digital insurance companyTata Consultancy Services
 
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...Tata Consultancy Services
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Contenu connexe

En vedette

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
Balancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCSBalancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCSTata Consultancy Services
 
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSInnovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSTata Consultancy Services
 
Transforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTransforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTata Consultancy Services
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...Tata Consultancy Services
 
Digital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyDigital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyTata Consultancy Services
 
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...Tata Consultancy Services
 

En vedette (15)

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Single point of failure
Single point of failureSingle point of failure
Single point of failure
 
Balancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCSBalancing Creativity with Discipline – Innovation management at TCS
Balancing Creativity with Discipline – Innovation management at TCS
 
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSInnovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
 
Transforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTransforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud Applications
 
TCS PoV on Digitize
TCS PoV on DigitizeTCS PoV on Digitize
TCS PoV on Digitize
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
 
Digital Blurring Business Boundaries
Digital Blurring Business BoundariesDigital Blurring Business Boundaries
Digital Blurring Business Boundaries
 
PSEG TCS SAP Collections Management
PSEG TCS SAP Collections ManagementPSEG TCS SAP Collections Management
PSEG TCS SAP Collections Management
 
Digital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyDigital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case Study
 
How to build a digital insurance company
How to build a digital insurance companyHow to build a digital insurance company
How to build a digital insurance company
 
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
 

Dernier

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Understanding Azure Active Directory and Enterprise Mobility & Security (EMS)

  • 1. Ravikumar Sathyamurthy | @ShakthiRavi Microsoft MVP | Office Servers and Services Understanding Azure Active Directory and Enterprise Mobility & Security (EMS) 22/04/2017
  • 2.
  • 3. Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
  • 4.
  • 5. Identity as the control plane On-premises Windows Server Active Directory
  • 6. Identity as the control plane On-premises Windows Server Active Directory VPN BYO SaaS Azure Cloud Public cloud Customers Partners
  • 7. Identity as the control plane On-premises Windows Server Active Directory VPN BYO Microsoft Azure Active Directory Azure Cloud Public cloud Customers Partners
  • 8. Customers Azure AD as the control plane On-premises Partners Azure Cloud Public cloud Microsoft Azure Active Directory BYO Windows Server Active Directory
  • 9. Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
  • 10. A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
  • 11. 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD More than 750 M user accounts on Azure AD Azure AD Directories >10 M >85% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory • Microsoft “Identity Management as a Service (IDaaS)” for organizations. • Millions of independent identity systems controlled by enterprise and government “tenants.” • Information is owned and used by the controlling organization—not by Microsoft. • Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. • Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
  • 12. Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
  • 13. Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability Azure Active Directory. Identity at the core of your business 1000s of apps, 1 identity Cloud-powered protection
  • 14.  Strong support for modern, cross-platform, cloud-friendly APIs and protocols  Certification program for third party federation servers & services  Actively engaged in standards bodies: IETF (OAuth, JOSE, SCIM, ACE, …) OpenID, FIDO, etc.
  • 15. Secure remote access to on- premises apps Single sign -on to mobile apps Support for lift-and- shift of traditional apps to the cloud Provide one persona to the modern workforce for SSO to 1000s of cloud and on- premises applications Single sign-on to SaaS apps 1000s of apps, 1 identity
  • 16. Azure AD Connect (sync + sign on) Active Directory LDAP directories
  • 17. Azure Active Directory Connect ADFS Sync engine Consolidated deployment assistant for your identity bridge components. All currently available sync engines will be replaced by the sync engine included in the Connect tool. Assisted deployment of ADFS will be available through Azure Active Directory Connect. ADFS is an optional component for authentication in hybrid implementation. Password sync can replace ADFS for more scenarios. DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector ADFS 1000s OF APPS, 1 IDENTITY
  • 18. Microsoft Azure Active Directory Identity synchronization with password (hash) sync Identity synchronization User attributes are synchronized using identity synchronization services, including a password hash; authentication is completed against Azure Active Directory User attributes are synchronized using identity synchronization tools; authentication is passed back through federation and completed against Windows Server Active Directory ADFS Microsoft Azure Active Directory 1000s OF APPS, 1 IDENTITY
  • 19. Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Connect and sync on-premises directories with Azure Active Directory 1000s OF APPS, 1 IDENTITY
  • 20. Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2700+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure 1000s OF APPS, 1 IDENTITY
  • 21. Corporate network Microsoft Azure Active Directory Connectors are usually deployed inside the corpnet next to the applications. They maintain an out-bound connection to the service Multiple connectors can be deployed for redundancy, scale and access to different sites Users connect to the ‘published’ apps and cloud service routes traffic to the backend applications via ‘connectors’ DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1 Cloud service that allows users to remotely access on-prem apps from securely from any device and any place Different types of web-apps and APIs can be ‘published’ 1000s OF APPS, 1 IDENTITY
  • 22. Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure Kerberos NTLM LDAP Group Policy 1000s OF APPS, 1 IDENTITY Your domain controller as a service for lift-and-shift scenarios
  • 24.
  • 26. Enterprise Mobility & Security capabilities Microsoft Intune Mobile device and app management to protect corporate apps and data on any device. Managed Mobile Productivity Microsoft Advanced Threat Analytics Identify suspicious activities & advanced attacks on premises. Microsoft Cloud App Security Bring enterprise-grade visibility, control, and protection to your cloud applications. Identity Driven SecurityIdentity and access management Azure Active Directory Premium P1 Single sign-on to cloud and on- premises applications. Basic conditional access security Azure Active Directory Premium P2 Advanced risk based identity protection with alerts, analysis, & remediation. Azure Information Protection Premium P1 Encryption for all files and storage locations. Cloud based file tracking Existing Azure RMS capabilities Information Protection Azure Information Protection Premium P2 Intelligent classification, & encryption for files shared inside & outside your organization Secure Islands acquisition EMSE3 EMSE5
  • 27.
  • 28. Enterprise Mobility & SecurityWindows 10 Enterprise
  • 30. Ease of use for end usersAny time, any place productivity with Windows 10 Better connect with your consumers Enable cross- organization collaboration Enable business without borders Stay productive everywhere with easy access to every application and powerful collaboration capabilities across location, application, and device borders
  • 31. Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices ENABLE BUSINESS WITHOUT BORDERS Enterprise State Roaming
  • 32. Manage access at scale Advanced user lifecycle management Monitor your identity bridge Manage identities at scale in the cloud and on-premises Low IT overhead
  • 33. Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console IT professional MANAGE ACCESS AT SCALE Provisioning and deprovisioning with customization options
  • 34. Cloud-powered protection Protect against advanced threats Mitigate administrative risks Ensure accountability with better security and governance Conditional access to resources Compliance reporting R X
  • 35. IDENTITY-DRIVEN SECURITY Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk On-premises applications Microsoft Azure
  • 36. 1 AAD Self Service-Password Reset & Group Management AAD Privileged Identity Management & AAD Identity Protection New Conditional Access 2 3
  • 37. Everything You Want to, Need to, and/or Should Know About EMS in 2017
  • 38. Try Enterprise Mobility + Security for free, today: https://aka.ms/EMSTrial Read the CIO’s guide to Azure Active Directory https://aka.ms/AzureADCIOGuide Explore Identity + Access Management www.microsoft.com/identity Learn more from the Azure AD documentation library https://aka.ms/AzureADDoc Discover Password best practices https://aka.ms/PasswordBestPractices Check out the new Azure AD webinars https://aka.ms/AADWebinars Microsoft is a leader in Gartner's IDaaS MQ 2016 https://aka.ms/GartnerIDaaSMQ2016 Review design considerations for your hybrid Azure AD https://aka.ms/HybridAzureADConsiderations

Notes de l'éditeur

  1. Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy)
  2. Case Study Bristow Group: https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=28655
  3. Counter- https://azure.microsoft.com/en-us/marketplace/active-directory/all/
  4. Case Study Vetco: https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=29237&fbid=NOFBID&mtag=mbar-twitter
  5. Case Study: Whole foods
  6. Case Study St. Luke’s Health System: https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=21651 “Microsoft is consistently and constantly looking out for us from a security perspective. We benefit from its experience in securing millions of users across its cloud assets, from Outlook.com to Xbox Live to Office 365 and Azure. Microsoft is a silent partner on our security team.” Will Lamb, Infrastructure Coordinator, Whole Foods Market
  7. To vi