experts live summer night close your datacenter and give ...€¦ · • ws-federation • rest...
TRANSCRIPT
EXPERTS LIVE
SUMMER NIGHT
Close your datacenter and
give your users-wings
Stefan van der Wiele TSP EMS Blackbelt
Robbert van der Zwan TSP EMS Netherlands
EXPERTS LIVE
SUMMER NIGHT
Stefan van der Wiele
Stefan works as an Enterprise Mobility and
Security (EM+S) Technical Solution
Professional (TSP) for Microsoft Blackbelt
team. His expertise is centered around Azure
Infrastructure and EM+S with a core focus on
Identity management/security in hybrid
environments.
EXPERTS LIVE
SUMMER NIGHT
Robbert van der Zwan
Robbert works as an Enterprise Mobility and
Security (EM+S) Technical Solution
Professional (TSP) for Microsoft in the
Netherlands. His expertise is centered around
Azure Infrastructure and EM+S with a core
focus on Identity management/security in
hybrid environments.
Identity
Devices
Data
Applications
What is important for the company?
Active Directory
GPO/SCCM
File Shares
Win Integrated Auth
How do they handle that today?
VPN
BYO
SaaS
Azure
Customers
Partners
<< Demo 1>>
<< Demo 2 >>
Identity
Devices
Data
Applications
Security/Conditions/Health
How things are done with modern management?
Azure
Active
Directory
Identity
Protection
Conditional
Access
Business to
Business
(B2B)
RBAC
RBAC / Identity & Access ManagementMicrosoft Azure Active Directory
Consumer and business identity providers
Encrypted Synchronization
Azure AD
On-premises
Windows ServerActive Directory
Azure
Public Cloud, Your Apps, 2800+ popular SaaS apps
Publiccloud
Standards Bases Integration:
• OAuth2 & OpenID Connect
• SAML
• WS-Federation
• REST based Graph API
• SCIM
• FIDO
Cloud HR
ConditionsAllow access
Block access
ACTIONS
Enforce MFA per
user/per app
Location (IP range)
Device state
User groupUser
Risk
Identity Driven Security
Multi Factor
Authentication
NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES
CLOUD APP DISCOVERY
PRIVILEGED IDENTITY MANAGEMENT
Azure Active Directory Identity Protection(Preview)
• Consolidated view to examine suspicious user activities and configuration vulnerabilities
• Remediation recommendations
Brute force attacks
Leaked credentials
Infected devices
Suspicious sign-in
activities
Configuration
vulnerabilities
Azure
Active
Directory
Domain
Join
Intune BYOD CYODCompany
owned
Intune/MDM
auto-enrollment
Azure Active Directory Join makes it possible
to connect work-owned Windows 10 devices
to your company’s Azure Active Directory
Enterprise-compliant services
SSO from the desktop to cloud and
on-premises applications with no VPN
Support for hybrid environments
MDM auto-enrollment
Enabling anytime,anywhere productivity: Azure Active Directory Join for Windows 10
Windows 10 Azure AD joined devices
Enterprise State Roaming
Classified as Microsoft Confidential
Click to edit Master title style
Azure
Information
Protection
Location Classification Protection Track/Monitor
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
Azure InformationProtection DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
Full Data
Lifecycle
Azure AD
Domain
Services
Azure AD
Application
Proxy
SaaS
Application
Store
Active Directory
GPO/SCCM
File Shares
Win Integrated Auth
Looking back
VPN
BYO
SaaS
Azure
Customers
Partners
Microsoft Azure Active Directory
Lift-and-shift on-premises apps to Azure IaaS
Your Azure IaaS workloads/apps
Azure AD
Domain Services
Your virtual network
Azure
Cloud Only
SaaSAzure
Publiccloud
Cloud
CustomersPartners
Kerberos
NTLM
LDAP
Group PolicyIntune/MDM
auto-enrollment
Windows 10 Azure AD joined devices
Enterprise
State Roaming
OAuth2/OpenID
SAML
WS-Federation
SCIM
Simple deployment
Single managed domain per Azure AD directory
High availability with fault tolerance
Automatic health detection & remediation
Auto-sync from Azure AD – use same users, groups & passwords
On-premises SIDs are synced to SIDHistory in your managed domain
Domain join
Windows Integrated Authentication (Kerberos, NTLM)
LDAP bind and LDAP read
Secure LDAP (including over internet)
Create custom Organizational Units (OUs)
Administer DNS
Group Policy.
<< Demo 1>>
<< Demo 2 >>
EXPERTS LIVE
SUMMER NIGHT
Next session 16:00 - 16:45 uur
Windows 10 Creators Update
Samantha Kilkens