Upload File

pre-con ed: how to iam-enable your office 365 environment

  • Home
  • Technology
  • Pre-Con Ed: How to IAM-Enable Your Office 365 Environment
27
World ® ’1 6 IAM for Office 365 Environment John Zebrowski Sr. Principal Consultant, CA Technologies SCX10E SECURITY

Upload: ca-technologies

Post on 08-Jan-2017

219 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

World®’16

IAMforOffice365Environment

JohnZebrowskiSr.PrincipalConsultant,CATechnologies

SCX10E

SECURITY

Page 2: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

Page 3: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

BusinessesaremovingawayfromthetraditionalimplementationofMicrosoft®Officeandmigratingtothenew,cloud-basedOffice365™,whichoffersincreasedaccessibilityandsignificantcostsavings.However,thecloudalsointroducessignificantchallenges.Inthissession,we’lldiscusshowidentityandaccessmanagementsolutionsfromCAcanhelpenableandprotectthisenvironment.

JohnZebrowskiCATechnologiesSr.PrincipalConsultant

Page 4: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Agenda

OFFICE365IMPACT

SINGLESIGNONTOOFFICE365

STRONGAUTHENTICATIONFOROFFICE365

PROVISIONINGTOOFFICE365

1

2

3

4

Page 5: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TheImpactofOffice365

§ Businessesmigratingtocloud-basedOffice365

§ Adoptionrateisfastandaccelerating

§ Buttherearechallenges

1out of 5corporate employees uses an Office 365 cloud service, up from less than 7% just nine months ago1

1. https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/

Page 6: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

SingleSignOntoOffice365

§ Background– Asbusinessesmovefromclient-basedMicrosoftOfficeandtocloud-basedOffice

365,theyneedasimplewayforuserstoaccesstheseapplicationswithoutadditionallogins.

§ OneOption– Office365supportsADFS2.0claims-basedfederation,butifthisisbuiltwithAD,

youareforcedtoaccepta“loosecoupling”andlosecontroloftheuser’ssession.

§ TheCAAlternativeOption– CASSSOcansupportlooseortightcoupling,asneeded,andcansupportsingle

sign-ontohundredsofon-premise andcloud-basedapplications.

Page 7: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

AuthenticationtoOffice365ProcessFlow

Step1:UserlogsintonetworkandisauthenticatedbyActiveDirectory

EndUser Workstation ActiveDirectory

Page 8: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

AuthenticationtoOffice365ProcessFlow

CASSOleveragesIntegratedWindowsAuthenticationtologuserintoportal.

Step2:UserclickslinktoopenIntranetPortal,whichisprotectedbyCASSO.

EndUser Workstation ActiveDirectory

CASingleSign-OnIntranetPortal

Page 9: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser Workstation ActiveDirectory

CASingleSign-OnIntranetPortal

Office365

AuthenticationtoOffice365ProcessFlow

Step3:UserclickslinktoopenOffice365,whichisprotectedbyCASSO.

CASSOfederatesuserintoOffice365usingADFS.

Page 10: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

AuthenticationtoOffice365ProcessFlow

EndUser Workstation ActiveDirectory

CASingleSign-On

Office365

CASSOalsosupportsdirectaccesstoOffice365.

Page 11: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

AuthenticationtoOffice365ProcessFlow

EndUser Workstation ActiveDirectory

CASingleSign-On

Office365

LoginPage

Step1:UserwouldberedirectedtoCASSO,whichwouldpromptUsertoLogin.

CASSOwouldcollectCredentialsandValidatethemagainstActiveDirectory.

Page 12: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser Workstation ActiveDirectory

CASingleSign-On

Office365

AuthenticationtoOffice365ProcessFlow

Step2:CASSOfederatesuserintoOffice365.

Page 13: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

SummaryofCASSOSupportforOffice365

§ ProfilesSupported– WS-FederationPassiveRequestorProfile– WS-FederationActiveRequestorProfile

§ UseCasesSupported– Browser-basedSSOtoOffice365– Thickclient-basedSSOtoOffice365– IWA-basedSSOtoOffice365

§ BrowsersSupported– InternetExplorer,Safari

Page 14: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Whataboutadditionalauthenticationsecurity?

MicrosoftExcel29%

Other23%AdobePDF

19%

MicrosoftWord17%

MicrosoftPowerPoint10%

MicrosoftOutlook(MSG/PST)2%

58%of sensitive data stored in the cloud is stored in OFFICE DOCUMENTS1

1. https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/

Page 15: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser MultipleDevices ActiveDirectory

IntranetPortal

Office365

AuthenticationtoOffice365TheSecurityRisk

SensitivedatastoredinOffice365cloudisprotected,inmostcases,byapassword

LoginwithUserID&Password

Acredentialthatcanbeeasilycracked,stolen,orgivenaway

Page 16: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser MultipleDevices ActiveDirectory

IntranetPortal

Office365

CAAdvancedAuthentication

AuthenticationtoOffice365TheSecuritySolution

Butwhatifyoucouldenhancethepasswordwithoutimpactingtheuserexperience

WithCAAdvancedAuthentication,youcan!

Page 17: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser MultipleDevices ActiveDirectory

IntranetPortal

Office365

AuthenticationtoOffice365TheSecurityOptions

ThreeOptionstoenhancethepasswordloginprocesstoOffice365

Option3– CombinationofBoth2FACredentialsandRiskEvaluation

Option2RiskEvaluation

Option12FACredentials

Page 18: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EndUser MultipleDevices ActiveDirectory

IntranetPortal

Office365

CAAdvancedAuthentication

AuthenticationtoOffice365TheDeploymentOptions

CAAdvancedAuthenticationcanbedeployedasstandalonesolution,or…

ItcanbedeployedwithCASingleSignOn!EndUser MultipleDevices ActiveDirectory

IntranetPortal

Office365

CASingleSign-On CAAdvancedAuthentication

Page 19: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

SummaryofCAAASupportforOffice365

§ ProfilesSupported– WS-FederationPassiveRequestorProfile– WS-FederationActiveRequestorProfile

§ UseCasesSupported– Browser-basedSSOtoOffice365– Thickclient-basedSSOtoOffice365

§ AuthenticationMechanismsSupported– CAAuthID,CAMobileOTP,knowledge-basedsecurityquestions,OATH

tokens,out-of-bandOTP,andrisk-basedadaptiveauthentication.

Page 20: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ProvisioningtoOffice365

§ UserProvisioning– CAIdentitySuitecanautomaticallyprovisionandde-provisionusers

andaccessrightstoOffice365basedonchangessubmittedtoitfromanAuthoritativeSource.

§ IdentityGovernance– CAIdentitySuitecancertifyuseraccesstoOffice365toensurethat

onlytherightpeoplehaveaccesstosensitivedocumentsanddata.

Page 21: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CAIdentityService

§ SSOtoOffice365– ProfilesSupported

§ WS-FederationPassiveRequestorProfile§ WS-FederationActiveRequestorProfile

– UseCasesSupported§ Browser-basedSSOtoOffice365§ Thickclient-basedSSOtoOffice365

§ ProvisioningtoOffice365– Automateduserprovisioningandde-provisioningtoOffice365

Page 22: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

HowCAIAMSolutionsWorkTogether

Add-OnPossibilities

Product OutoftheBox CAAA CAIDM CAIDMService CASSO

CASingle SignOn FederatedSSOtoO365

CAIdentityManager UserProvisioningtoO365

CAAdvanced Auth StrongAuthtoO365

CAIdentityServiceSSO&

ProvisioningtoO365

Page 23: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

RecommendedSessions

SESSION# TITLE DATE/TIME

SCX09E CASSO:AccessModels 11/14/2016at1:00pm

SCT44TWAM&Federation:TwoGreatTastesthatTasteGreatTogether 11/16/2016at11:30am

SCX20S CASSO&AARoadmap 11/17/2016at1:45pm

Page 24: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Don’tMissOurINTERACTIVESecurityDemoExperience!

SNEAKPEEK!

24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Page 25: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Questions?

Page 26: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Thankyou.

Stayconnectedatcommunities.ca.com

Page 27: Pre-Con Ed: How to IAM-Enable Your Office 365 Environment

@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.27 @CAWORLD#CAWORLD

Security

FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw


IAM Cahier7

Iam urgencia

Boston Office 365 User Group - January 16th, 2019...Office 365 and other cloud applications. Capabilities • Enable persistent chat across the team, in organized buckets • Securely

How to trust and enable S/MIME certificates in Office 365 ...€¦ · How to trust and enable S/MIME certificates in Office 365 Exchange Online using Internet Explorer / Chrome &

Actionable IAM

INTERMOT - ADVANCED - MOTORS IAM SERIES H1 … · pag. 16 IAM rev. 01 HYDRAULIC MOTORS ITALY s.r.l. TECHNICAL DATA H1 MODEL IAM 80 H1 IAM 100 H1 IAM 150 H1 IAM 175 H1 IAM 195 H1 IAM

Ishoptherefore iam

Tools for administering Office 365 “Out-of-the-box” solution Easy to use but extensible Office 365 Admin Center Enable an ecosystem Access to advanced

IAM Certificate And IAM Diploma Syllabi Modules and Contents · This document deals with the detailed content of the IAM Certificate and IAM Diploma examinations, describing each

IAM Certificate And IAM Diploma Syllabi Modules and Contents€¦ · IAM Diploma Syllabi Modules and Contents . SUMMARY This document deals with the detailed content of the IAM Certificate

WITH MICROSOFT DYNAMICS 365 · with a Sunrise demo. Want to future-proof your infrastructure? Dynamics 365 is the last platform you’ll ever need. Call Sunrise to enable and support

GROUP ESTABLISHED MEMBERS ON 12/1/16 · •ConfigMgr Current Branch 1702 and higher •Select Office 365 Updates in SUP Catalog •Enable Office 365 Client Setting •XML configuration

ANGOR - IAM

iam and harvard policiesiam.harvard.edu/files/iam/files/iam-security-privacy-policies.pdf · IAM$Security$&Privacy$Policies Scott%Bradner November%24,%2015 December%2,%2015 Tuesday

The Holistic Self-Driven IAM Solution - Tuebora · Tuebora IAM Suite The Holistic Self-Driven IAM Solution Tuebora IAM Suite Data Sheet 01 Overview Identity and Access Management

ADFS + IAM

IAM Anatomy

The ROI of IAM - docs.bankinfosecurity.comdocs.bankinfosecurity.com/files/handbooks/IAM/IAM-eHandbook.pdf · IAM, of course, is a huge issue for financial institutions – not just

Asset Management – the IAM · 2017. 11. 14. · IAM Qualifications – targets IAM Certificate: aimed at those new to Asset Management IAM Diploma: designed to help existing Asset

TD and HBUG Meetings - NCEdCloud IAM Service · The Identity and Access Management (IAM) Service Questions? Links: IAM Information Site - ncedcloud.mcnc.org NCEdCloud IAM Service

IAM Full Control Document v01 - IAM RoadSmart

CASE STUDY Cloud Connect Cloud calling for Office 365 · enable internal and external voice calling via Office 365. MNF is the first Australian carrier to deliver Office 365 calling

IAM eWay Intelligent Adapter User’s Guide · database eWays, such as VSAM, ADABAS, DB2/UDB, and IDMS. The eWay uses its own properties settings and eGate components to enable IAM

Rapid Identity Implementation and IAM, Active Directory ...€¦ · IAM, Active Directory and Office 365 Roadmap . Vendor to provide an assessment and roadmap for a number of critical

Office 365 for IT Pros - Amazon S3 · Office 365 for IT Pros ... you must enable directory synchronization in the Office 365 tenant and install the appropriate directory synchronization

IAM CLASIFICACIONES

FastTrack for Dynamics 365 - download.microsoft.com · FastTrack for Dynamics 365 for Finance and Operations pilots tiered services that enable ... • Methodology and tools based

CloudP Service Deployment Guide - · PDF file• Office 365 Enterprise E1 • Office 365 Enterprise E3 ... Enable Office365 Web Service checkbox, click Next and follow the steps to

Brian Limperopulos Programs Manager IAM. IAM Programs IAM Governing Members’ Meeting How IAM serves its Governing Membership: Receivable Protection Program

Infarto IAM

Therefore IAM

YOUR BENEFIT PLAN US Airways, Inc. IAM Mechanic Employees ... · Certificate Number 15 YOUR BENEFIT PLAN US Airways, Inc. IAM Mechanic Employees, IAM Fleet Employees, IAM MTC Employees,

Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Cardiologia iam

IAM Qualifications