premier webcast - identity management with windows azure ad
TRANSCRIPT
Attention
The following webcast session was developed to provide an
expedient method of relaying information to Premier
customers. We would like to ask your help in ensuring that only
registered attendees view this information. Please do not share
the content of this delivery with peers who are not
registered. Thank you.
AGENDA
1. Factors driving cloud identity
2. What is claim based authentication?
3. Azure Active Directory features
4. Demos
Devices Apps Data
The current reality…
Self-service Singlesign on
•••••••••••
Username
Identity as the control plane
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Claims-Based Identity
Applications
Need
Identities
10
Identities 5
Years Ago
11
•Authentication was integrated Auth (Kerberos/NTLM)
•Authorization : Active Directory Security Groups
•User Data: LDAP and ADSI
•Kerberos was not a problem, application servers were joined to domain and port 88 was open in the internal network
•Kerberos tickets included group SIDs for access decisions
Application
Had Free
Access to
Corporate
Identities
Applications
Ran Almost
Entirely On-
Premises
•RPC to a DC was not a problem
?
!
A comprehensive identity and access management cloud solution.
It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers
It is available in 3 editions: free, Basic and Premium
What is Azure Active Directory?
Microsoft Confidential
Standalone
Microsoft Confidential
Directory Sync
17
Microsoft Confidential
Directory Sync with
Password Sync
18
Microsoft Confidential
Directory Sync with
Single Sign-on
19
Azure Active Directory Connect
DirSync
Azure Active Directory Sync
FIM+Azure Active Directory Connector
Sync Engine
Microsoft Azure
Microsoft Azure
Microsoft Azure
Identities and applications in one place.
Web Apps
(Azure Active Directory Application Proxy)
SaaS apps Integrated
custom apps
Other Directories
Cloud App Discovery
AD Agent
Logs
A world of SaaS applications and services
Microsoft AzureActive Directory
Co
rpo
rate
N
etw
ork
DM
Z
https://app1-
contoso.msappproxy.net/
http://app1
IT professional
alerts.
alerts.
Users sign in from any device using their existing username/password.1
On-Premises Apps
Windows Server Active Directory or
Other LDAP
Users must also authenticate using their phone or mobile device before access is granted.2
Microsoft AzureActive Directory
Multi-Factor
AuthenticationServer
Multi-Factor
AuthenticationServer
User
How it works
Allow Access
Block Access
Cloud Apps
On-premises
Application Access policies
Enforce MFA per
user/per app
Location (IP Range)
Device State
User Group
http://myapps.microsoft.com
Rich standards-based platform for developers
Azure AD Join makes it possible to connect
work-owned Windows 10 devices to your
company’s Azure Active Directory.
Users can sign into Windows with their cloud-
hosted work credentials and enjoy modern
Windows experiences.
Enterprise-compliant services
SSO from the desktop to cloud and on-premises applications with no VPN
MDM auto enrollment
Support for hybrid environments
Azure AD Join for Windows 10
Windows 10 Azure AD Joined Devices
MDM
Auto-enrolment
No Object Limit No Object Limit
No Limit
Advanced Security Reports
Premium+ Basic Features
Group-based access management/provisioning Yes Yes
Self-Service Password Reset for cloud users Yes Yes
Company Branding (Logon Pages/Access Panel customization) Yes Yes
Application Proxy Yes Yes
SLA Yes Yes
Yes
Yes
Yes
Yes
Yes
Windows Intune
Mobile device settings
management
Mobile application
management
Selective wipe
Microsoft Azure Active Directory Premium
security reports, and
audit reports, multi-
factor authentication
Self-service password
reset and group
management
Connection between
Active Directory and
Azure Active Directory
Microsoft Azure Rights Management service
Information protection Connection to on-
premises assets
Bring your own key
Enterprise Mobility Suite
Demo: Provisioning and
Application Integration
37
Microsoft Confidential
Reference links
http://msdn.microsoft.com/library/azure/jj673460.aspx
http://social.technet.microsoft.com/wiki/contents/articles/14133.windows-azure-ad-
content-map.aspx
http://blogs.technet.com/b/ad/
https://azure.microsoft.com/en-us/documentation/services/active-directory/
http://azure.microsoft.com/en-us/documentation/infographics/cloud-identity-and-
access/
https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos?page=2
38
We Want Your Feedback
You will receive a survey via email following this session. Please let
us know how we did. Thank you!