/
Active Directory enables user productivity and IT risk mana Active Directory enables user productivity and IT risk mana

Active Directory enables user productivity and IT risk mana - PowerPoint Presentation

conchita-marotz
conchita-marotz . @conchita-marotz
Follow
373 views
Uploaded On 2016-04-05

Active Directory enables user productivity and IT risk mana - PPT Presentation

Samuel Devasahayam Principal Lead PM WCAB204 Deploying and managing applications across platforms is difficult Apps 3 Users expect to be able to work in any location and have access to all their work resources ID: 274271

device access resources users access device users resources devices apps web work user application microsoft applications corporate risk active

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Active Directory enables user productivi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1
Slide2

Active Directory enables user productivity and IT risk management strategies across a variety of devices

Samuel DevasahayamPrincipal Lead PM

WCA-B204Slide3

Deploying and managing applications

across platforms

is difficult.

Apps

3

Users expect to be able to

work in any location

and have access to all their work resources.

Users

Data

Users need to be productive while

maintaining compliance and reducing risk.

The

explosion of devices

is eroding the standards-based approach to corporate IT.

Devices

Today’s challengesSlide4

Users

4

Enable your end users

Allow users to work on the devices of their choice and provide consistent access to corporate resources.

Unify your environment

Deliver a unified application and device management on-premises and in the cloud.

Protect your data

Help protect corporate information and manage risk.

Management. Access. Protection.

Data

Devices

Apps

People-centric ITSlide5

Value

Proposition:

End user productivity, being able to work from anywhere, from any device

Companies can manage

their risk when dealing with different types of devicesENABLING PRODUCTIVITY AND RISK MANAGEMENTEmployees can access applications and data everywhere, on any deviceEasy IW experience

Employees can discover and access applications in an intuitive mannerAdmins can control who has access to what based on application, user, device & locationData GovernanceAdmins can classify and protect data in motion and at rest on any deviceDevice & Application Governance

Information Workers can access applications and data everywhere, on any device

IW Value

BDM + IT Value

Access to Company ResourcesAccess GovernanceEnabling IT to empower usersSlide6

Scenarios enabled by Active Directory

Single Sign On (SSO) experience on Workplace Joined devices

Join

Windows and

iOS devices to the WorkplaceSSO across browser and enterprise applicationsEnable users to work from anywhere, adhering to IT risk management strategyIT can conditionally grant access to company applicationsWorkplace joined devices provide a seamless second factor authenticationConditions include user, device and strength of authenticationAudit logs capture the user and device information

IT/ISV can author enterprise apps that deliver native experiences on devices and are integrated with AD for SSO and conditional accessSlide7

7

Active Directory

Files

LOB

Apps

SaaS

App

Web Apps

Public Cloud

Microsoft Cloud

Active Directory

SharePoint

On-premises

Coffee shop

Home

Access to company resources, from anywhere from any device

Identity and access: End user valueSlide8

8

Active Directory

Files

LOB Apps

SaaS

App

Web Apps

Public Cloud

Microsoft Cloud

Active Directory

SharePoint

On-premises

Manage company risk by allowing access only when certain criteria is met

Allow IT to publish on-premises resources at edge

Allow access from specific users, when accessing from devices known to me

Allow access from specific users, only when they are on-premises

All access to on-premises resources needs to be pre-authenticated

: only

known users from known devices allowed

Allow access from anywhere, from known devices. Require another additional factor on access

Identity and access: IT admin valueSlide9

AD

Workplace Join

Users join their device to their

workplace,

making the device known to the company’s Active DirectorySingle Sign On (SSO)Users sign-in once to their company from any application and are not prompted for credentials by every company application when using workplace joined devices.

Work From AnywhereBusinesses enable users to work from anywhere while adhering to their IT governance policies around risk managementMulti-factor Authentication Businesses require additional factors of authentication when business critical resources are accessed or when there is perceived risk

Multi-factor

Access Control

Businesses set conditional access control to resources based on four core pivots: the user, the device used, the user’s network location and use of additional auth factorsAD Authentication Library

ISVs build enterprise apps that delivery SSO and allow enterprises to set the access control policies based on user, device and network location, and MFAIdentity capabilities for BYOD Slide10

Demo

Workplace Join, working from anywhereSlide11

Demo Environment

WhoAmI

(Claims based)

AD FS

Web application proxy

Web app

(Windows

auth

)

Device registration service

Firewall

Allow

access from specific users, when accessing from

devices they have workplace joined

Active DirectorySlide12

Increasing the value in Active Directory Federation Services

12

SaaS Apps

Users can

register their devices

to gain access to corporate data and apps and single sign-on through

device authentication

Conditional access

with multi-factor authentication is provided on a

per-application basis

, leveraging user identity, device registration & network location

Organizations can

federate

with partners and other organizations for

seamless access to shared resources

Organizations can

connect

to SaaS applications running in Windows Azure, Office 365 and

3

rd party providersEnhancements to ADFS include simplified deployment and managementPublished applicationsRestful OAuth appsOffice Forms Based AccessClaims & Kerberos web appsFirewall

ADFSWeb Application Proxy(includes ADFS Proxy)ADFSActive Directory

Resources in other businesses or identity realmsSlide13

Workplace Join

Associates the device with

a user

Provides a seamless second factor authentication Enables IT to conditionally restrict access only to workplace joined devicesEnables

a better end user experience with SSO Avoids risks involved in saving passwords with each application Avoids users having to repeatedly enter their credentialsEnabled by device registration service in AD FS Slide14

Expanding device support

Limited access

No IT Control

Device at work with IT governance & controlled access to apps

Company owned device with full IT control & full access

Active Directory

Not Joined to AD

Workplace Joined

Domain JoinedSlide15

Enabling work from anywhere

15

IT can

publish access

to resources with the

Web Application Proxy

based on device awareness and the users identity

IT can provide seamless corporate access with

DirectAccess

and

automatic VPN connections.

Users can

work from anywhere

on their device with access to their corporate resources.

Users can register devices for

single sign-on and access to corporate data with Workplace JoinUsers can enroll devices for access to the Company Portal for easy access to corporate applicationsIT can publish Desktop Virtualization (VDI) for access to centralized resourcesActive DirectoryWeb Apps

Web Application Proxy

Remote Access

RDS Gateway

VDI

Session host

FilesLOB AppsSlide16

Publish web applications

Manage risk

Work from anywhere

SSO across applications

Browser-based web applications

(integrated with Windows authentication or using claims)Rich applications accessing RESTful services

Pre-authentication

Access based on

user, known device, location and MFAAccount soft-lockoutAccess to corporate resources from inside and outside the corporate networkAccess to corporate resources from any device

User needs to provide credentials just onceSSO across browser based web apps including OfficeSSO across rich applicationsIT adminUserWeb Application ProxySlide17

Demo

Single Sign-On (SSO) and IT Risk management, with conditional access controlSlide18

IT risk m

anagement with conditional access

Network location

Additional

auth

factors (MFA)

Web app

Access control based on multiple criteriaSlide19

Questions?Slide20

Related content

Find me later at Access

& Information Protection Booth

WCA-B214

Windows Server Work Folders overview – my corporate data on all my devices

WCA-B332Windows Server Work Folders – a deep dive into the new Windows Server data sync solution WCA-B333Enable work from anywhere without losing sleep: remote access with the Web Application Proxy and VPN solutionsWCA-B334Secure anywhere access to corporate resources such as Windows Server Work Folders using ADFSBreakout SessionsSlide21

msdn

Resources for Developers

http://microsoft.com/msdn

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning TechNetResources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Resources for IT Professionalshttp://microsoft.com/technet Slide22

Evaluate this session

Scan

this QR code

to

evaluate this session.Required Slide *delete this box when your slide is finalized

Your MS Tag will be inserted here during the final scrub. Slide23

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.