aos brussels - azure active directory news
TRANSCRIPT
aOS BrusselsDecember 5th
2016
Azure Active Directory NewsMaxime Rastello @MaximeRastello http://www.maximerastello.com
aOS Brussels December 5th 2016
Maxime Rastello
• IT & Cloud Architect – AZEO
• Microsoft MVP Enterprise Mobility
• Microsoft P-Seller Device, EMS, WE
• Books: Windows 8.1, Office 365
aOS Brussels December 5th 2016
Agenda• Licensing changes
• New Features & Enhancements• Authentication / Azure AD Connect / Connect Health• Conditional Access• New Management Portal• Access Panel• Azure AD PowerShell 2.0• Azure AD Identity Protection• Privileged Identity Management• Azure B2B Invitation API• Azure AD Domain Services
aOS Brussels December 5th 2016
Features Free Basic Premium P1
Premium P2
Office 365
CommonActive Directory objects 500 000 Illimité Illimité Illimité Illimité
SSO with SaaS apps 10 / utilisateur
10 / utilisateur Illimité Illimité 10 / utilisateur
User creation, management, Device Registration ✓ ✓ ✓ ✓ ✓Directory sync with Azure AD Connect ✓ ✓ ✓ ✓ ✓Self-Service Password Change for cloud users ✓ ✓ ✓ ✓ ✓Usage & Security advanced Reports 3 rapports 3 rapports Avancés Avancés 3 rapportsBasicGroup-based access management / provisioning ✓ ✓ ✓Self-Service Password Reset for cloud users ✓ ✓ ✓ ✓Company Branding ✓ ✓ ✓ ✓Azure App Proxy ✓ ✓ ✓SLA 99,9% ✓ ✓ ✓ ✓PremiumSelf-Service Password Change/Reset/Unlock for AD Synced users ✓ ✓Self-Service Group and app Management/Self-Service application additions/Dynamic Groups ✓ ✓Administrative Units ✓ ✓
Multi-Factor Authentication cloud (Azure MFA) & on-premises (MFA Server) ✓ ✓ Cloud uniquement
MIM CALs / MIM Server LicenseConnect Health ✓ ✓Cloud App Discovery ✓ ✓Azure AD Identity Protection / Azure AD Privileged Identity Management ✓
Azure Active Directory Editions
aOS Brussels December 5th 2016
Authentication Mecanisms
• Existing solutions :• Full Cloud• Password Hash Sync (PHS)• ADFS Federation
• Pass-Through Authentication (PTA)• Azure AD Connect for Kerberos proxy• Authentication is made on-premises• Avoid Password Sync• Private Preview
Licensing : All
aOS Brussels December 5th 2016
Azure Active Directory Connect
• New build v1.1.343.0 - November 2016
• Now supports :• Windows Server 2016• SQL Server 2016• AD FS 2016
• LDAP Support : Private Preview
Licensing : All
General Availability
aOS Brussels December 5th 2016
Azure AD Connect Health
• Monitoring solution for on-premises services
• Monitored products:• Active Directory Domain Services (AD DS)• Active Directory Federation Services (AD FS)• Azure AD Connect
• Sync error report : Public Preview
Licensing : Premium P1 & P2
General Availability
aOS Brussels December 5th 2016
Conditional Access
• SaaS application access for compliant, domain-joined or enrolled devices
• Supported operating system:• Windows 7 (MSI)• Windows 8.1 (Native)• Windows 10 (Native)
• Supports IE11 and Edge
Licensing : Premium P1 & P2
General Availability
aOS Brussels December 5th 2016
New Management Portal
• Azure Active Directory management in new Portal (portal.azure.com)
• Not all features are available for now (Preview)• User• Groups• Apps• Domains• Branding• Light reports
• New Preview Release soon• Full parity with Classic Portal
Licensing : All
Public Preview
aOS Brussels December 5th 2016
Azure AD Access Panel
• Also called “My Apps” (myapps.microsoft.com)
Licensing : All
General Availability
BEFO
RE
AFTE
R
aOS Brussels December 5th 2016
Azure AD PowerShell module v2
• Install-Module -Name AzureADPreview
• Old cmdlets : New-MSOLUser• New cmdlets : New-AzureADUser
• Features :• Better alignment with Graph API• SearchString parameter• Token lifetime management• Certificate Authority management• App management
Licensing : All
Public Preview
aOS Brussels December 5th 2016
Azure AD Identity Protection
• Detect suspicious user activity• Different locations in a short period of time• Access using anonymous proxies (Tor…)
• Enforce MFA registration for your users
• Start automatic remediation• Trigger MFA at sign-in• Trigger a password change
Licensing : Premium P2
General Availability
aOS Brussels December 5th 2016
Azure AD Privileged Identity Management
• Set users as Eligible administrators• Different locations in a short period of time• Access using anonymous proxies (Tor…)
• Assign temporary Admin Roles• From 30min to 72h max
• Monitor admin rights usage in your organization
Licensing : Premium P2
General Availability
aOS Brussels December 5th 2016
Azure AD Business 2 Business (B2B)
• Current behavior : CSV import for user invitation (max 2000)• New feature : use API to send user invitation
Licensing : All
Public Preview
aOS Brussels December 5th 2016
Azure AD Domain Services• Standalone AD DS domain in Azure
• Identities are synced from Azure AD• Not an extension of your on-prem AD
• Use to domain-join Azure VMs• Kerberos authentication
• New GA features• Secure LDAP• DNS management• Domain-Join for Linux• Custom Ous• …
Licensing : Separate pricing
General Availability