what is azure multi-factor authentication? an azure identity and access management service that...
TRANSCRIPT
Multi-Factor Authentication Deep Dive: Securing Access On-Premises and in the Cloud
Shawn Bishop, Program ManagerNasos Kladakis, Sr. Product Marketing Manager Azure
PCIT-B334
Authentication In Motion
What is multi-factor authentication?
Any two or more of the following factors:Something you know: a password or PIN.Something you have: a phone, credit card or hardware token.Something you are: a fingerprint, retinal scan or other biometric.
Stronger when using two different channels (out-of-band).
Hardware token
Certificates Smartcard Phone
01234
What is Azure Multi-Factor Authentication?
An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication
Trusted by thousands of enterprises to authenticate employee, customer, and partner access.
Mobile Apps
How It Works
Phone calls Text messages
ALERT
1 4 5 6 7 6
Microsoft Azure Multi-Factor Authentication flavors
• Azure Multi-Factor Authentication stand-alone
• Included in Azure Active Directory
Premium
• Free for Azure administrators
• A subset of Azure MFA functionality included in Office 365
Azure MFA vs MFA for Office 365MFA for Office 365 Azure Multi-Factor
Authentication
Administrators can Enable/Enforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor
Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (e.g. Outlook, Lync)
Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Remember Me (Public Preview coming in June)* Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications/ MFA Server. Yes
One-Time Bypass Yes
Block/Unblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
IP Whitelist (currently in Public Preview)* Yes
Demo
Sign-in Experience
On-Premises Apps
RADIUSLDAPIIS
RDS/VDI
Multi-FactorAuthenticationServer
Multi-FactorAuthenticationService
Cloud Apps
SAML
Users must also authenticate using their phone or mobile device before access is granted.
2
.NET, Java, PHP…
Users sign in from any device using their existing username/password.
1
Windows Server AD or Other LDAP
Active Directory
Employees
Partners
Customers
SecurityScaleConvenience
01
23
4
No devices or certificates to purchase, provision, and maintain
No end user training is required
Users replace their own lost or broken phones
Users manage their own authentication methods and phone numbers
Integrates with existing directory for centralized user management and automated enrollment
Convenience
Works with all leading on-premises applications
Supports ADFS and SAML-based apps for federation to the cloud
Built into Microsoft Azure Active Directory for use with cloud apps
SDK for integration with custom apps and directories
Reliable, scalable service supports high-volume, mission-critical scenarios
Scale
Security
Strong multi-factor authentication
Real-Time Fraud Alert
PIN option
Reporting and logging for auditing
Enables compliance with NIST 800-63 Level 3, HIPAA, PCI DSS, and other regulatory requirements
Demo
Multi-Factor Set UpCreating A Multi-Factor Authentication ProviderEnabling Microsoft Azure Active Directory UsersIntegration with Azure AD PremiumUsing the On-Premises Multi-Factor Authentication Server
On-Premises Apps
RADIUSLDAPIIS
RDS/VDI
Multi-FactorAuthenticationServer
Multi-FactorAuthenticationService
Cloud Apps
SAML
Users must also authenticate using their phone or mobile device before access is granted.
2
.NET, Java, PHP…
Users sign in from any device using their existing username/password.
1
Windows Server AD or Other LDAP
Active Directory
Putting it all together
Related content
Find us later at Azure Booth.
twitter : @akladakis
Session Title Timeslot
FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server
Monday, May 12 11:00 AM - 12:00 PM
DCIM-B382 Cloud Identity and Access Management: Microsoft Azure Active Directory Premium
Tuesday, May 13 10:15 AM – 11:30 AM
OFC-B250 Multi-Factor Authentication for Office 365 Wednesday, May 14 10:15 AM - 11:30 AM
PCIT-B212 Design Considerations for BYOD Tuesday, May 13 10:15 AM - 11:30 AM
PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure
Wednesday, May 14 3:15 PM - 4:30 PM
PCIT-B310 Empowering Your Users and Protecting Your Corporate Data Monday, May 12 1:15 PM - 2:30 PM
PCIT-B313 Hybrid Identity: Extending Active Directory to the Cloud Monday, May 12 4:45 PM - 6:00 PM
PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2
Tuesday, May 13 8:30 AM - 9:45 AM
PCIT-B330 Active Directory + BYOD = Peace of Mind Thursday, May 15 8:30 AM - 9:45 AM
Azure MFA Documentation:
http://azure.microsoft.com/en-us/documentation/services/multi-factor-authentication/
Track resources
MSDN Library : http://msdn.microsoft.com/en-us/library/azure/dn249471.aspx
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.