What can you do in Azure?

Identity and Access Management

The Reality

Identity as the core of enterprise mobility

Single sign-onSelf-service

Simple connection

On-premises

Other directories

Windows ServerActive Directory

SaaSAzure

Publiccloud

CloudMicrosoft Azure Active Directory

Azure Active Directory• Microsoft’s “Identity Management as a Service (IDaaS)” for

organizations.

• Millions of independent identity systems controlled by

enterprise and government “tenants.”

• Information is owned and used by the controlling

organization—not by Microsoft.

• Born-as-a-cloud directory for Office 365. Extended to

manage across many clouds.

• Evolved to manage an organization’s relationships with its

customers/citizens and partners (B2C and B2B).

1 trillionAzure AD

authentications

since the release of

the service

>80kthird-party

applications used

with Azure AD

each month

>1.3

billion authentications every

day on Azure AD

More than

600 Muser accounts on

Azure AD

Azure AD

Directories

>9 M

86% of Fortune 500

companies use

Microsoft Cloud

(Azure, O365, CRM

Online, and PowerBI)

Every Office 365 and Microsoft Azure customer uses Azure Active Directory

Azure Active Directory Connect

ADFS

Sync engine

Making a hybrid identity simple

•Azure Active Directory Connect

DirSync

Azure Active Directory Sync

FIM+Azure Active Directory Connector

ADFS

Microsoft AzureActive Directory

Identity synchronization with password (hash) sync

Identity synchronization

User attributes are synchronized using

identity synchronization services,

including a password hash;

authentication is completed against

Azure Active Directory

User attributes are synchronized using

identity synchronization tools;

authentication is passed back through

federation and completed against

Windows Server Active Directory

Delivering a seamless user-authentication experience

ADFS

Microsoft AzureActive Directory

Co

rpo

rate

n

etw

ork

Microsoft AzureActive Directory

Azure Active Directory Application Proxy

DM

Z

https://app1-

contoso.msappproxy.net/Application Proxy

http://app1

Single sign-on to any app

Web apps

(Azure Active Directory Application Proxy)

Integrated

custom appsSaaS apps

OTHER DIRECTORIES

Microsoft Azure

AzureActive Directory

Lift-and-shift on-premises

apps to Azure IaaS

On-premises

Azure AD Connect

Windows Server Active Directory

Your Azure IaaS workloads/apps

Azure AD

Domain Services

Your virtual network

Azure

Azure Active Directory Domain Services

• Your domain controller as a service for lift-and-shift scenarios

Kerberos

NTLM

LDAP

Group Policy

Connect Health: Monitor your Identity Bridge

Monitor:

• The Azure AD Connect sync

engine health

• ADFS infrastructure health

• On-premises AD Domain Services health

B2B: cross-organization collaboration“I need to let my partners access my company’s apps using their own credentials”

Azure Active Directory B2C

• Consumer identity and access management in the cloud

“By using Azure Active Directory B2C we were

able to build a fully customized login page

without having to build custom code.

Additionally, with a Microsoft solution in

place, we alleviated all our concerns about

security, data breaches, and scalability."

- Rafael de los Santos, Head of Digital, Real

Madrid

Intune/MDM

auto-enrollment

Azure Active Directory Join makes

it possible to connect work-

owned Windows 10 devices to

your company’s Azure Active

Directory

• Enterprise-compliant services

• SSO from the desktop

• Support for hybrid environments

• MDM auto-enrollment

Azure Active Directory Join for Windows 10

Windows 10 Azure AD joined devices

Enterprise State Roaming

Cloud-powered protection

Protect against

advanced threats

Mitigate

administrative

risks

Ensure accountability with better security and governance

"Microsoft is consistently and constantly looking out for us from a security perspective. We benefit from its experience in securing millions of users across its cloud assets, from Outlook.com to Xbox Live to Office 365 and Azure. Microsoft is a silent partner on our security team.

- Will Lamb, Infrastructure Coordinator,Whole Foods Market

Conditional

access to resources

Compliance

reporting

R

X

Azure Active Directory Identity Protection

• Risk severity calculation

• Remediation recommendations

• Risk-based conditional access automatically protects against suspicious logins and compromised credentials

• Gain insights from a consolidated view of machine learning based threat detection

Leaked credentials

Infected devices Configuration

vulnerabilities Risk-based

policies

MFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in activities

Azure Active Directory Identity Protection•Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

Security/Monitoring/Reporting SolutionsNotifications

Data Extracts/Downloads

Reporting APIs

Apply Microsoft learnings to your existing security tools

Microsoft machine - learning engine

Leaked credentials

Infected devices Configuration

vulnerabilities Brute force

attacksSuspicious sign-

in activities

Privileged Identity Management

•Discover, restrict, and monitor privileged identities

Global Administrator

Billing Administrator

Exchange Administrator

User Administrator

Password Administrator

Privileged Identity Management

•CLOUD-POWERED PROTECTION

•How time-limited activation of privileged roles works

MFA is enforced during the activation process

Alerts inform administrators about out-of-band changes

Users need to activate their privileges to perform a task

Users will retain their privileges for a pre-configured amount of time

Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews

Audit

SECURITY ADMIN

Configure Privileged

Identity Management

USER

PRIVILEGED IDENTITY MANAGEMENT

Identity

verificationMonitor

Access reports

MFA

ALERT

Read only

ADMIN PROFILES

Billing Admin

Global Admin

Service Admin

Cloud App Discovery

•Discover all SaaS apps in use within your organization

Security reporting that tracks inconsistent access patterns, analytics, and alerts

Reporting API

Built-in security features

Monitor and protect access to enterprise apps

Step up to Multi-Factor Authentication

X X X X X

X X X X X

X X X X X

Storage

Microsoft Azure Storage Abstractions

Microsoft Azure Storage

• Highly durable and scalable

• Multiple copies of your data

• Financially backed SLAs

Automatic Storage Redundancy

> 600 KM

Windows Azure StorageDefend against regional disasters

Premium Storage

SSD based storage

Add up to 64 TB of storage per VM

Capable of >80,000 IOPS per VM

Less than 1ms read latency

Cool Storage

Generally Available

Low-cost Blob storage

As low as $0.01 per gigabyte

Storage Service Encryption

Encrypt Block and Page Blobs

256-bit AES encryption

Fully managed encryption process

Azure Disk Encryption

Windows and Linux

Standard and Premium

Fast data transfer to Azure

Encrypted data transfer

Efficient recovery

Office 365 Import Service

Bitlockered

HDD

COURIER

SERVICE

Azure Datacenter

Import/Export Your Data

Bitlockered

HDD

BLOB STORAGE

Customer

100

Terabytes

Hybrid Cloud Storage

StorSimple

Networking

Cloud Customer Segment & Workloads

Hybrid Networking Scenarios

Secure point-to-site connectivityVirtual network (Point-to-Site)

• Developers

• Small scale deployments

• Connect from anywhere

Secure site-to-site VPN connectivityVirtual network (Site-to-Site)

• SMB, Enterprises

• Connect to Azure compute

• IaaS and PaaS workloads

Private site-to-site connectivityExpressRoute

• SMB & Enterprises

• Mission critical workloads

• Backup/DR, media, HPC

• Connect to all hardware

Virtual Network and ExpressRoute

Publicinternet

Publicinternet

Publicinternet

Public, Private and Microsoft peering

VNet Peering

Directly link two virtual networks in the same

region

Internal Azure backbone network

No gateway

Low-latency, high-bandwidth connection

Networking

• Reserved IPs

• Multiple NIC’s

• Forced Tunneling

• Network Security Groups

• Virtual Network Appliances

• Multiple load balanced IPs per VM

• Create virtual networks with private or public IP ranges

• IPv6 in most regions

• Accelerated Networking (Preview)

• High performance S2S VPN gateways (200Mbps vs 100Mbps)

Compute

New H family ofvirtual machines

New N family ofvirtual machines

New F family ofvirtual machines

2 GB RAM & 8 GB (SSD) per

CPU core

2.4-GHz Intel Xeon E5-2673 v3

(Haswell) processor

Clock speeds as high as 3.1 GHz

G series virtual machines

Optimized for data workloads

Up to:

32 CPU cores

450 GB RAM

6.5 TB local SSD

Latest generation Intel processor

G

Scale-up options

VM Scale Sets

Generally Available

Reliably deploy and update at large scale

Scale automatically

Simplify networking

Support hyperscale workloads

Dev-Test Labs

Generally Available

Self-service without the worry

Quickly get to “ready to test”

Create once, use everywhere

Integrates with your existing toolchain

What’s New About IaaS v2• v2: ARM APIs

• Tags and RBAC at granular levels• More asynchronous operations - massive and parallel

deployment of VMs• Dependencies• Network resource types are separate from compute• 3 Fault Domains in Availability Sets• Part of Azure-consistent private cloud. Deploy same JSON

template in Azure or Azure Stack

Management models for IaaS

•Classic Model (v1) •Resource Manager (V2)

Fault and Update Domains• Fault domains:

• Represent groups of resources anticipated to fail together, i.e. same rack, same server

• Fabric spreads instances across fault at least two fault domains• The number of fault domains is controlled by the Azure Fabric• Anticipated to fail together: share power source and network

switch• 3 fault domains by default

• Update domains:• Represents groups of resources that will be updated together• Host OS updates honor service update domains• Specified in service definition• Default of five (up to 5)• More than 5 update domains allowed

• Fabric spreads role instances across update domains and fault domains

VM Availability Sets•Update domains are honored by host OS updates

VM-In Place Migration

Eliminate the need for a full VM reboot

Fast pause for low-impact maintenance

Host OS Host OS

Host OS

Question...How long would it take to create this SharePoint environment today in Dev/Test?

1 Hour

• Visual Studio 2013 Update 4 or

Visual Studio 2015

• Azure SDK 2.8.x

• New ‘Azure Resource Group’

project available

• GUI JSON Editor

Visual Studio ARM Project Template

Preview : Portal Templates

Containers

Containers Introduction

What:• Virtualization Technology

• Host applications (processes)

• Shared kernel architecture

Why:• Fast Start

• Hyper Density

• Portable

• Potential to change how application are written and datacenters operate.

Container Images

Application 1 Application 2

Base OS Image

Application 3

Container Host

Base OS Image Base OS Image

Prerequisites VSRDPrerequisites VSRD Prerequisites VSRD Prerequisites VSRD

Base OS Image

Datacenter Evolution

Physical Computer

Hypervisor

Physical Computer

OS / Kernel

Prerequisites (.net)

Applications

Resources

Container Host

OS / Kernel

Base OS Image

Prerequisites (.net)

Application

Perquisites (.net)

OS / Kernel

Virtual Machine

Application

Perquisites (.net)

OS / Kernel

Virtual Machine

Applications

Applications

Applications

Enterprise Mobility & Security

What is EMS E3?

DEVICE & APP MANAGEMENT IDENTITY MANAGEMENT DATA PROTECTION SECURITY

Microsoft

Intune

Azure Active

Directory Premium

P1

Azure Information

Protection P1

Advanced Threat

Analytics

Manage Android, IOS

and Windows devices

Protect and manage

identities

Protect information at

the file level

Detect threats and

exploits fast with

behavioral analytics

What is EMS E5?

DEVICE & APP MANAGEMENT IDENTITY MANAGEMENT DATA PROTECTION SECURITY

Microsoft

Intune

Azure Active

Directory Premium

P2

Azure Information

Protection P2

Advanced Threat

Analytics

Manage Android, IOS

and Windows devices

Protect and manage

identities

Protect information at

the file level

Detect threats and

exploits fast with

behavioral analytics

SECURITY

Cloud App

Security

Discover, Investigate,

secure and control

cloud usage

Enterprise Mobility + SecurityInformation protection

Identity-driven security

Managed mobile productivity

Identity and access management

Azure Information

Protection Premium P2

Intelligent classification and

encryption for files shared

inside and outside your

organization

(includes all capabilities in P1)

Azure Information

Protection Premium P1

Encryption for all files and

storage locations

Cloud-based file tracking

Microsoft Cloud

App Security

Enterprise-grade visibility,

control, and protection for

your cloud applications

Microsoft Advanced

Threat Analytics

Protection from advanced

targeted attacks leveraging

user and entity behavioral

analytics

Microsoft Intune

Mobile device and app

management to protect

corporate apps and data on

any device

Azure Active Directory

Premium P2

Identity and access

management with advanced

protection for users and

privileged identities

(includes all capabilities in P1)

Azure Active Directory

Premium P1

Secure single sign-on to

cloud and on-premises apps

MFA, conditional access, and

advanced security reporting

EMS

E3

EMS

E5

AAD Versions

Azure AD Free

Azure AD Basic

Azure AD Premium

AAD Common Features•Directory Objects

•User/Group Management (add/update/delete)/

User-based provisioning, Device registration

•Single Sign-On (SSO)

•Self-Service Password Change for cloud users

•Connect (Sync engine that extends on-premises

directories to Azure Active Directory)

•Security / Usage Reports

AAD Basic Features

•Group-based access management / provisioning

•Self-Service Password Reset for cloud users

•Company Branding (Logon Pages/Access Panel

customization)

•Application Proxy

•SLA 99.9%

AAD Premium Features•Self-Service Group and app Management/Self-Service

application additions/ Dynamic Groups

•Self-Service Password Reset/Change/Unlock with on-

premises write-back

•Multi-Factor Authentication (Cloud and On-premises

(MFA Server))

•MIM CAL + MIM Server

•Cloud App Discovery

•Connect Health

•Automatic password rollover for group accounts

Azure AD Multi-Factor Authentication

• Secure cloud or On-Premises resources

• Using existing personal or company provided phones

• Users manage their own authentication methods and phone numbers

• Verification options include phone call, text message, or mobile app notification

Mobile application management

PC managementMobile device management

Enterprise mobility management with Intune

User IT

Azure InformationProtection

The evolution of Azure RMS

DOCUMENT

TRACKING

DOCUMENT

REVOCATION

Monitor &

respond

LABELINGCLASSIFICATION

Classification

& labeling

ENCRYPTION

Protect

ACCESS

CONTROLPOLICY

ENFORCEMENT

Full Data

Lifecycle

Operations Management Suite

Operations Management Suite

Enable a unified view of all your IT assets whether on-premises or in the cloud.

Manage Azure or AWS, Windows or Linux, VMware or OpenStack

• Log Analytics

• Automation

• Backup

• Site Recovery

• System Center*

Azure Backup - Files

• Backups are encrypted

• Efficient use of storage through compression

• Restore to the same server or different

• Integrates with DPM

• Retain data for up to 99 years

Azure Backup – VM’s

• Agentless backup

• No shut down of VM required

• No On-Premises resources required

• Perform scheduled daily or weekly backups

Azure Site Recovery

Replicate and protect physical, VMware, AWS and Hyper-V VMs to Azure

• Migration cutovers to Azure in as little as minutes

• Automated asset discovery and migration

• On the fly conversion of source VM

• Auto-provisioned target Azure VM’s

• Near zero downtime and data loss

• Failback to VMware infrastructure from Azure

Azure Automation

• Runbook authoring in Azure

• High availability engine

• Integrate into other systems

• Store secure credentials

• Desired State Configuration

• Source Control

• Hybrid Worker

• Script Gallery

Azure App Service

Azure App Service

Web Apps

Mobile Apps

Logic Apps

API Apps

APIM

Azure Functions

Create and deploy mission-critical web apps that scale with your business

Supports .NET, Java, PHP, Node.js, and Python

Built-in auto-scale and load balancing

High availability with auto-patching

Continuous deployment with Git, TFS, GitHub, and Visual Studio Team Services

Supports WordPress, Umbraco, Joomla, and Drupal

Web Apps

Develop and deliver powerful integration solutions with ease

Create business processes and workflows visually

Deliver integration capabilities in web, mobile, and API apps

Integrate with your SaaS and enterprise applications

Automate EAI, B2B, and business processes

Connect to on-premises data

Logic Apps

Build engaging iOS, Android, and Windows apps. Develop with Xamarin or local SDKs

Broadcast push with customer segmentation

Enterprise single sign-on with Active Directory

Autoscale to support millions of devices

Apps can work offline and sync

Social integration with Facebook, Twitter, Google

Leverage HockyApp or Azure Mobile Engagement to learn and improve

Mobile Apps

Process events with Serverless code

Make composing cloud apps insanely easy

Develop Functions in C#, Node.js, Python, PHP, Batch, and more

Easily schedule event-driven tasks across services

Expose Functions as HTTP API endpoints

Scale Functions based on customer demand

Easily integrate with Logic Apps

Azure Functions

Quickly build APIs in the cloud using the language of your choice. Publish, manage, secure, and analyze your APIs in minutes

Secure APIs with Active Directory, single sign-on, and OAuth

Generate client proxies or APIs in your language of choice

Mashup existing enterprise APIs

Integrate with API Management and Logic Apps

API Apps & APIM

Data Insights

Azure SQL Database

Manual Backup to Azure Storage

Secure your Data

Benefits of Backing Up to Azure Storage

• Flexible, reliable, limitless off-site storage

•Backup Archive

•1-time backup

•No overhead of hardware management

•By-pass Azure VM attached disk limit

•Cost

Managed Backup to Azure

More options to store your database

• What is it?• An agent that manages and automates

SQL Server backup policy

• Benefits• Simple + flexible

• Minimal input – control retention period

• Manages entire instance, or individual DBs

• Leverages Backup to Azure (page blob)• Supports backup encryption• Inherently off-site & geo-redundant• Minimal storage cost/hardware

management• Intelligence built-in

• Retention• Context-aware – e.g.

workload/throttling• Backups consider log accumulation

Managed Backup to Azure

Example:EXEC smart_admin.sp_set_db_backup

@database_name='TestDB',

@retention_days=30,

@credential_name='MyCredential',

@encryption_algorithm='NO_ENCRYPTIO

N',

@enable_backup=1

GO

Your SQL Server

Be flexible

Current landscape

Stretch mindset

How it works

Only on SQL Server 2016

Keep, keep,

keep! Cut, cut,

cut!

???!#$^*

Business owners, end-users, …

Storage admins, budget owners, …

DBA

StretchDB – automatic scalingAzure

On-

premises

SQL Server

instanceOn-premises

application(s)

DB in SAN/Local Storage

Ord_detail

Storage

Shard 1

Ord_detail_archive

table

Txn_detailTxn_detail(cold rows

only)

Compute

Storage

Shard 2

Ord_detail_archive

table

Txn_detail(cold rows

only)

Transparent scaleout

On-premises

Hadoop / HDInsight

Be Bold

Why do it?

How to do it?

Introducing Apache Hadoop

Apache Open Source Project

Highly scalable distributed file system (HDFS)

Distributed processing on data nodes

Hadoop is a platform with portfolio of projects•Governed by Apache Software Foundation (ASF)

•Comprises core services of MapReduce, HDFS, and YARN

• In addition to the core, includes functions across: • Data services which allow you to manipulate and move data (Hive, HBase, Pig, Flume, Sqoop)

• Operational services which help manage the cluster (Ambari, Falcon, and Oozie)

http://Hortonworks.com/hdp/whats-new

PowerBI

POWERFUL data visualization

What is it? Really?

Lets clear some cloud around it

See all your data in a single pane of glassLive dashboards and interactive reports

146.03K145.84K145.96K146.06K 40.08K38.84K39.99K40.33K

PowerBI Overview

Azure ML

POWERFUL data visualization

Overview of Machine Learning

Overview of Azure ML

Reduce complexity to broaden participation

Microsoft Azure Machine LearningFeatures and Benefits

• Accessible through a web browser, no software to install;

• Collaborative work with anyone, anywhere via Azure workspace

• Visual composition with end2end support for data science workflow;

• Best in class ML algorithms;

• Extensible, support for R OSS.

Microsoft Azure Machine LearningFeatures and Benefits

Rapid experimentation to create a

better model

Immutable library of models, search discover and reuse;

Rapidly try a range of features, ML algorithms and modeling strategies;

Quickly deploy model as Azure web service to our ML API service.

Other Services

Azure Media Services

Scalable components for building custom media workflows in the cloud

• Cloud upload and storage

• Encoding & packaging

• Content protection

• CDN for live & on-demand streaming

• Player clients

• Backend for Office 365 video

Traffic Manager

www.contoso.com

What next?

Try Azure App Service

https://trywebsites.azurewebsites.net/

Migrating IIS to Azure

https://www.migratetoazure.net/

Mig

ratio

n To

ol

• Windows Server 2003 is EOL

• 22M instances still running worldwide

• 17% are running IIS

• 1 in 6 instances use SQL 2005

• 53% are non-virtualized physical instances

Microsoft IT Pro Cloud Essentials

https://www.Itprocloudessentials.com

Get startedVisit azure.microsoft.com

http://aka.ms/try-azure

http://aka.ms/azuredd