Martin Kiær

Security & Cloud Architect

Microsoft Enterprise Services, Corp HQ

Dansk Industri – Data Protection by Design

90% of compromises abuse identity*

Device Infected with

Malware

Fact: Active Directory and Administrators control most of the assets within your enterprise

You should always treat

your Active Directory as a

High Value Asset (HVA) as

part of your classification

strategy

2. Time-bound privileges (no permanent admins)http://aka.ms/PAM http://aka.ms/AzurePIM

1. Privileged Access Workstations (PAWs) Phases 2 and 3 –All Admins and additional hardening

(Credential Guard, RDP Restricted Admin, etc.)http://aka.ms/CyberPAW

4. Just Enough Admin

(JEA) for DC Maintenancehttp://aka.ms/JEA

987252

1

6. Attack Detectionhttp://aka.ms/ata

5. Lower attack surface

of Domain and DCs http://aka.ms/HardenAD

Build visibility and control of administrator activity, increase protection against typical follow-up attacks

3. Multi-factor for elevation

Identity as the control plane (legacy)

On-premises

Windows ServerActive Directory

Identity as the control plane (legacy)

On-premises

Windows ServerActive Directory

VPN

BYO

SaaSAzure

Cloud

Publiccloud

Customers

Partners

Identity as the control plane (our vision)

On-premises

Windows ServerActive Directory

VPN

BYO

Microsoft Azure Active Directory

Azure

Cloud

Publiccloud

Customers

Partners

Customers

Azure AD as the control plane

On-premises

Partners

Azure

Cloud

Publiccloud

Microsoft Azure Active Directory

BYO

Windows ServerActive Directory

A comprehensive identity and

access management cloud

solution for your employees,

partners, and customers.

It combines directory services,

advanced identity governance,

application access management,

and a rich standards-based

platform for developers. B2E B2B B2C

Azure Active Directory as the control plane

Identity as the core of enterprise mobility

Single sign-onSelf-service

Simple connection(Identity Bridge)

On-premises

Other directories

Windows ServerActive Directory

SaaSAzure

Publiccloud

CloudMicrosoft Azure Active Directory

CustomersPartners

With Azure AD Premium, Bristow Group now has

the capabilities for multifactor authentication;

access control (dependent upon device health

and user location); holistic security reports;

audits; and alerts. Azure Active Directory makes

the work of a busy and mobile workforce easier,

secures data and protects access to the

company’s assets both in the cloud and on-

premises.

- Kapil Mehta Productivity &

Directory Services Manager

Cloud-powered protection

Protect against

advanced threatsConditional access

to resources

Compliance Reporting

Mitigate

administrative

risks

Conditions

Allow access or

Block access

Actions

Enforce MFA per

user/per app

User, App sensitivity

Device state

LocationUser

NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT

MFA

IDENTITY PROTECTION

Risk

CLOUD-POWERED PROTECTION

CLOUD-POWERED PROTECTION

Identity Protection at its best

Risk severity calculation

Remediation recommendations

Risk-based conditional access automatically protects against suspicious logins and compromised credentials

Gain insights from a consolidated view of machine learning based threat detection

Leaked credentials

Infected devices Configuration

vulnerabilities Risk-based

policies

MFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in activities

CLOUD-POWERED PROTECTION

Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

Security/Monitoring/Reporting SolutionsNotifications

Data Extracts/Downloads

Reporting APIs

Apply Microsoft learnings to your existing security tools

Microsoft machine - learning engine

Leaked credentials

Infected devices Configuration

vulnerabilities Brute force

attacksSuspicious sign-

in activities

CLOUD-POWERED PROTECTION

Discover, restrict, and monitor privileged identities

Enforce on-demand, just-in-time administrative access when needed

Provides more visibility through alerts, audit reports and access reviews

Global Administrator

Billing Administrator

Exchange Administrator

User Administrator

Password Administrator

CLOUD-POWERED PROTECTION

How time-limited activation of privileged roles works

MFA is enforced during the activation process

Alerts inform administrators about out-of-band changes

Users need to activate their privileges to perform a task

Users will retain their privileges for a pre-configured amount of time

Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews

Audit

SECURITY ADMIN

Configure Privileged

Identity Management

USER

PRIVILEGED IDENTITY MANAGEMENT

Identity

verificationMonitor

Access reports

MFA

ALERT

Read only

ADMIN PROFILES

Billing Admin

Global Admin

Service Admin

"Azure AD Premium makes life simpler

for the business and for employees.

It gives them access to enterprise

applications from any device with a

single sign-on that is secure and reliable.

That is fundamental in increasing the

adoption of cloud technology.”

- Kapil Mehta, Productivity &

Directory Services Manager

1000s of apps,1 identity

Single sign-on

for SaaS apps

Single

sign-on

for mobile

apps

Support for

lift-and-shift

of traditional

apps to the

cloud

Secure remote

access to

on-premises

app

Connect your

on-premises

identities

to the cloud