Samuel Devasahayam Principal Lead PM WCAB204 Deploying and managing applications across platforms is difficult Apps 3 Users expect to be able to work in any location and have access to all their work resources ID: 274271
Download Presentation The PPT/PDF document "Active Directory enables user productivi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Active Directory enables user productivity and IT risk management strategies across a variety of devices
Samuel DevasahayamPrincipal Lead PM
WCA-B204Slide3
Deploying and managing applications
across platforms
is difficult.
Apps
3
Users expect to be able to
work in any location
and have access to all their work resources.
Users
Data
Users need to be productive while
maintaining compliance and reducing risk.
The
explosion of devices
is eroding the standards-based approach to corporate IT.
Devices
Today’s challengesSlide4
Users
4
Enable your end users
Allow users to work on the devices of their choice and provide consistent access to corporate resources.
Unify your environment
Deliver a unified application and device management on-premises and in the cloud.
Protect your data
Help protect corporate information and manage risk.
Management. Access. Protection.
Data
Devices
Apps
People-centric ITSlide5
Value
Proposition:
End user productivity, being able to work from anywhere, from any device
Companies can manage
their risk when dealing with different types of devicesENABLING PRODUCTIVITY AND RISK MANAGEMENTEmployees can access applications and data everywhere, on any deviceEasy IW experience
Employees can discover and access applications in an intuitive mannerAdmins can control who has access to what based on application, user, device & locationData GovernanceAdmins can classify and protect data in motion and at rest on any deviceDevice & Application Governance
Information Workers can access applications and data everywhere, on any device
IW Value
BDM + IT Value
Access to Company ResourcesAccess GovernanceEnabling IT to empower usersSlide6
Scenarios enabled by Active Directory
Single Sign On (SSO) experience on Workplace Joined devices
Join
Windows and
iOS devices to the WorkplaceSSO across browser and enterprise applicationsEnable users to work from anywhere, adhering to IT risk management strategyIT can conditionally grant access to company applicationsWorkplace joined devices provide a seamless second factor authenticationConditions include user, device and strength of authenticationAudit logs capture the user and device information
IT/ISV can author enterprise apps that deliver native experiences on devices and are integrated with AD for SSO and conditional accessSlide7
7
Active Directory
Files
LOB
Apps
SaaS
App
Web Apps
Public Cloud
Microsoft Cloud
Active Directory
SharePoint
On-premises
Coffee shop
Home
Access to company resources, from anywhere from any device
Identity and access: End user valueSlide8
8
Active Directory
Files
LOB Apps
SaaS
App
Web Apps
Public Cloud
Microsoft Cloud
Active Directory
SharePoint
On-premises
Manage company risk by allowing access only when certain criteria is met
Allow IT to publish on-premises resources at edge
Allow access from specific users, when accessing from devices known to me
Allow access from specific users, only when they are on-premises
All access to on-premises resources needs to be pre-authenticated
: only
known users from known devices allowed
Allow access from anywhere, from known devices. Require another additional factor on access
Identity and access: IT admin valueSlide9
AD
Workplace Join
Users join their device to their
workplace,
making the device known to the company’s Active DirectorySingle Sign On (SSO)Users sign-in once to their company from any application and are not prompted for credentials by every company application when using workplace joined devices.
Work From AnywhereBusinesses enable users to work from anywhere while adhering to their IT governance policies around risk managementMulti-factor Authentication Businesses require additional factors of authentication when business critical resources are accessed or when there is perceived risk
Multi-factor
Access Control
Businesses set conditional access control to resources based on four core pivots: the user, the device used, the user’s network location and use of additional auth factorsAD Authentication Library
ISVs build enterprise apps that delivery SSO and allow enterprises to set the access control policies based on user, device and network location, and MFAIdentity capabilities for BYOD Slide10
Demo
Workplace Join, working from anywhereSlide11
Demo Environment
WhoAmI
(Claims based)
AD FS
Web application proxy
Web app
(Windows
auth
)
Device registration service
Firewall
Allow
access from specific users, when accessing from
devices they have workplace joined
Active DirectorySlide12
Increasing the value in Active Directory Federation Services
12
SaaS Apps
Users can
register their devices
to gain access to corporate data and apps and single sign-on through
device authentication
Conditional access
with multi-factor authentication is provided on a
per-application basis
, leveraging user identity, device registration & network location
Organizations can
federate
with partners and other organizations for
seamless access to shared resources
Organizations can
connect
to SaaS applications running in Windows Azure, Office 365 and
3
rd party providersEnhancements to ADFS include simplified deployment and managementPublished applicationsRestful OAuth appsOffice Forms Based AccessClaims & Kerberos web appsFirewall
ADFSWeb Application Proxy(includes ADFS Proxy)ADFSActive Directory
Resources in other businesses or identity realmsSlide13
Workplace Join
Associates the device with
a user
Provides a seamless second factor authentication Enables IT to conditionally restrict access only to workplace joined devicesEnables
a better end user experience with SSO Avoids risks involved in saving passwords with each application Avoids users having to repeatedly enter their credentialsEnabled by device registration service in AD FS Slide14
Expanding device support
Limited access
No IT Control
Device at work with IT governance & controlled access to apps
Company owned device with full IT control & full access
Active Directory
Not Joined to AD
Workplace Joined
Domain JoinedSlide15
Enabling work from anywhere
15
IT can
publish access
to resources with the
Web Application Proxy
based on device awareness and the users identity
IT can provide seamless corporate access with
DirectAccess
and
automatic VPN connections.
Users can
work from anywhere
on their device with access to their corporate resources.
Users can register devices for
single sign-on and access to corporate data with Workplace JoinUsers can enroll devices for access to the Company Portal for easy access to corporate applicationsIT can publish Desktop Virtualization (VDI) for access to centralized resourcesActive DirectoryWeb Apps
Web Application Proxy
Remote Access
RDS Gateway
VDI
Session host
FilesLOB AppsSlide16
Publish web applications
Manage risk
Work from anywhere
SSO across applications
Browser-based web applications
(integrated with Windows authentication or using claims)Rich applications accessing RESTful services
Pre-authentication
Access based on
user, known device, location and MFAAccount soft-lockoutAccess to corporate resources from inside and outside the corporate networkAccess to corporate resources from any device
User needs to provide credentials just onceSSO across browser based web apps including OfficeSSO across rich applicationsIT adminUserWeb Application ProxySlide17
Demo
Single Sign-On (SSO) and IT Risk management, with conditional access controlSlide18
IT risk m
anagement with conditional access
Network location
Additional
auth
factors (MFA)
Web app
Access control based on multiple criteriaSlide19
Questions?Slide20
Related content
Find me later at Access
& Information Protection Booth
WCA-B214
Windows Server Work Folders overview – my corporate data on all my devices
WCA-B332Windows Server Work Folders – a deep dive into the new Windows Server data sync solution WCA-B333Enable work from anywhere without losing sleep: remote access with the Web Application Proxy and VPN solutionsWCA-B334Secure anywhere access to corporate resources such as Windows Server Work Folders using ADFSBreakout SessionsSlide21
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning TechNetResources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionalshttp://microsoft.com/technet Slide22
Evaluate this session
Scan
this QR code
to
evaluate this session.Required Slide *delete this box when your slide is finalized
Your MS Tag will be inserted here during the final scrub. Slide23
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.