Managing Identities in the Microsoft Cloud

  • Published on
    12-Apr-2017

  • View
    61

  • Download
    1

Transcript

COMBINING STRENGTHS, DELIVERING SOLUTIONSMANAGING IDENTITIES IN THE MICROSOFT CLOUDWim Buysse12ENABLEYOURUSERSUSERPROTECTYOURDATAITWHY AZURE ACTIVE DIRECTORY?3 AMYE OLDEN DAYSIEmailFileServerDatabase4 AMYE OLDEN DAYSIDIRECTORY SERVICES5 AMYE OLDEN DAYSIDIRECTORY SERVICES6TODAYS MESH (MESS?)EC2ON-PREMISESPRIVATE CLOUDMANAGED DEVICES7SELFSERVICESINGLESIGN-ON UsernameADRESSING THE MESH (MESS?)SINGLESYNCHCLOUDSaaSAzureOffice 365PubliccloudACTIVE DIRECTORYON-PREMISESAZURE ACTIVE DIRECTORYBuild 20129/15/20168TIP: CLOUD APP DISCOVERY9EMPOWER YOURUSERSCENTRALLY MANAGED IDENTITY & ACCESSMONITOR & PROTECT CLOUD APP ACCESSYOUR DIRECTORY IN THE CLOUDWHAT IS IAM ALL ABOUT?Windows Server Management Marketing 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.9/15/201610Active DirectoryAADCONNECT password hash syncAADCONNECT AD FSAZURE ACTIVE DIRECTORYAZURE ACTIVE DIRECTORYYOUR DIRECTORY IN THE CLOUDAZURE ACTIVE DIRECTORYCLOUDIDENTITYSYNCHEDIDENTITYFEDERATEDIDENTITY 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.9/15/201611DIRSYNC SHORTCOMINGS ADDRESSEDAADCONNECT REPLACES DIRSYNCSYNCHRONIZE MULTIPLE FORESTS TO SINGLE TENANTEXTENDING AZURE AD SCHEMAIMPROVED RULES EDITOR12APPLICATION INTEGRATIONSaaS APPSOWN APPS13CENTRALLY MANAGED IDENTITIES & ACCESS SaaS APPSAZURE ACTIVE DIRECTORYThis scenario is about managing identities, users, groups, and access to applications though a central Azure AD management console. This also includes the capability to provision and de-provision users to a small subset of standards-supporting apps such as BoxWithin Azure AD Premium, you not only manage Identities, but from the same console you will configure access to the integrated applications. and assign the application to groups or individual users. The application will then come available in their application portal14CENTRALLY MANAGED IDENTITIES & ACCESS SaaS APPSAZURE ACTIVE DIRECTORYUSER ATTRIBUTEDEVICELOCATIONALLOWBLOCKMFA15MONITOR & PROTECT CLOUD APP ACCESSULTIMATE SECURITY VS. ULTIMATE USABILITY16EMPOWER YOUR USERSAPPLICATION PORTAL17EMPOWER YOUR USERSPASSWORD SELF-SERVICE(Writeback)18TAKE IT FURTHER: B2B COLLABORATIONI need my partners to access my enterprise applications using their own credentialsPARTNER MANAGED IDENTITIESSHARING INVITATION MODELCONTROL APPLICATION ACCESS19TAKE IT FURTHER: B2CI have an online application and I need individual customers to sign-up and enroll for ITSELF SERVICE REGISTRATIONSUPPORT SOCIAL ACCOUNTSMFA (OPTIONAL)20KEY TAKEAWAYSEC2ON-PREMISESPRIVATE CLOUDMANAGED DEVICESSIMPLICITYIS THE ULTIMATE SOPHISTICATION21