build 2016 - p494 - windows 10 identity overview
TRANSCRIPT
#Build2016
Windows 10 Identity OverviewKaranbir SinghSenior Program Manager
of employees use personal devices for work purposes.*
of employees that typically work on employer premises, also frequently work away from their desks.***
of all software will be available on a SaaS delivery by 2020.**
Mobility and the cloud is the new normal
66% 25% 33%
*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Identity Mental Model
Purpose
Ownership
Windows DevicesPCs/Tablets/Mobile/etc.
Personal
FunFun + some
work(BYOD)
Organizational
Work
Identity Mental Model
Purpose
Ownership
Windows DevicesPCs/Tablets/Mobile/etc.
Personal
FunFun + some
work(BYOD)
Organizational
Work
Self-service setup & sign in with Azure AD accountIdeal for users who primarily access Office365 & Cloud appsAutomatic enrollment to MDMAlso available on Windows Phone 10!
Domain Join only better: Connected to Azure ADGreat for hybrid orgs with deployment processes in-placeUse of existing on-premises management solutions
Domain Join
Azure AD Join
Org owned devices – Two models
Self-service setup & sign in with Azure AD accountIdeal for users who primarily access Office365 & Cloud appsAutomatic enrollment to MDM
Add a Work Account
Personally owned devices – One model
Identity Mental Model
Windows 10 Configuration
Purpose
Ownership
Windows DevicesPC/Tablets/Mobile/etc.
Personal
Fun
MSA Sign-in
Fun + some work(BYOD)
Add a Work Account
Organizational
Work
Domain Join Azure AD Join
Requirement Domain Join Azure AD Join Add a Work Account
Ownership Organization Organization Personal
Provisioning Prepared by IT Self configure in OOBE Self configure in Settings>>Accounts
Management Existing management solutions (e.g. SCCM, GP, etc.)
MDM MDM
Resources SSO to enterprise resources hosted on-premises and in the cloud
SSO to enterprise resources in the cloud, and to on-premises resources exposed via Proxy
SSO to enterprise resources in the cloud.
Deployment Traditional work place Seasonal workers, CYOD BYOD
Devices PCs and Tablets PCs, Tablets, and Windows Phone PCs, Tablets, and Windows Phone
Windows for Work
Identity is a means to an end, not the end.
Empowering every individual in your organization to achieve more is…
Web Account Manager
Web Account Manager is extensible.
Identity Mental Model
SSO
Windows 10 Configuration
Purpose
Ownership
Windows DevicesPC/Tablets/Mobile/etc.
Personal
Fun
MSA Sign-in
Fun + some work(BYOD)
Add a Work Account
Organizational
Work
Domain Join Azure AD Join
Web Account Manager
Microsoft Passport & Windows Hello
Password theft is an epidemicPass the hash attacks are no longer hypotheticalShared secrets are easily breached, stolen, or phishedAlternatives come with usability and/or operational costs
Reality
Key based authentication system built into Windows 10Users create a gesture to use their PassportTPM protects a private key used to sign auth requestsEliminates the need to authenticate using a password
Microsoft Passport
Identity Mental Model
Authentication
Windows 10 Configuration
Purpose
Ownership
Windows DevicesPC/Tablets/Mobile/etc.
Personal
Fun
MSA Sign-in
Fun + some work(BYOD)
Add a Work Account
Organizational
Work
Domain Join Azure AD Join
Web Account Manager
Microsoft Passport + Windows Hello
SummaryWindows for Work (IT admins)
- Domain Join- Azure AD Join- Add work account
Web Account Manager (Developers)- One stop shop for authentication
Microsoft Passport & Windows Hello (IT admins + Developers)- Say bye to passwords!
Azure AD JoinOverviewAzure AD Join on Windows 10 devicesAzure AD and Identity Show: Azure AD Join in Windows 10
Domain JoinMicrosoft Azure Active Directory and Windows 10: Better Together for Work or School
Resources
Web Account ManagerApp APIsWebAccountProvider APIsBuild 2015 – SSO with Secure Authentication
SDK samplesOther relevant sessions
3-767: Building Universal Windows Apps with Office 365 APIs2-769: Develop Modern Native Application with Azure Active Directory2-639: Microsoft Passport and Windows Hello3-765: App-to-App Communication: Building a Web of Apps3-654: Managing Mobile Devices and Applications in an Enterprise
Resources
Microsoft Passport and Windows HelloMicrosoft Passport OverviewWhat is Windows Hello?Microsoft Passport and AAD: Eliminating passwords one device at a time!Passport APIsBuild 2015:Microsoft Passport and Windows Hello: Moving Beyond Passwords and Credential Theft
Resources
© 2015 Microsoft Corporation. All rights reserved.