Accelerate your journey to the cloud with integrated identity - PowerPoint Presentation

Slide1

Accelerate your journey to the cloud with integrated identity

Enterprise Mobility

ITPRO05

Slide2

What we will discuss

Get identities to the cloud

Mix on-premises and cloud identity for improved PC, mobile, and web productivity

Cloud identities help you run your business better

Slide3

The current reality…

EC2

On-premises

Private cloud

Managed devices

Slide4

Single sign-on

Self-service

Simple connection

•••••••••••

Username

Identity as the

control plane

Cloud

SaaS

Azure

Other

directories

Windows Server

Active Directory

On-premises

Microsoft Azure Active Directory

Office 365

Public

cloud

Slide5

Managed: Microsoft System Center Configuration Manager

On-premises LOB applications, traditional productivity

iOS, Android, Windows Phone, BYOD

Mobile apps, shadow IT SaaS solutions

Managed: Microsoft Intune connected to System Center Configuration ManagerOn-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation

Deployment of cloud-enabled rich clientsManaged cloud identities with Multi-Factor Authentication

Managed by EMS: combination of mobile clients (iOS, Android) and cloud-enabled clients (Windows 10)Managed SaaS and Office 365 Enterprise, full Azure IAM

Identity and access management evolution

On-premises

Event – Mobility

Hybrid

Event-Win 8.x/10

Cloud

Azure Active Directory

Slide6

Azure Active Directory momentum

Copyright (c) 2015 Microsoft Corporation

6

1 TrillionAzure AD authentications since the release of the service

>35kThird party applications used with Azure AD each month

>1 Billion authentications every day on Azure AD

More than 500 M user accounts on Azure Active Directory

Azure AD manages identity data for >7 M organizations

86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI)

Microsoft’s “Identity Management as a Service (

IDaas

)” for

organizations

Azure Active Directory supports identity across Azure, Office 365 and 3

rd

party clouds

E

volved

to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B)

Slide7

Scenario

#

1

Get identities to the cloud

Slide8

Customer story: British Airways

Challenge

Employees operate in more than 75 countries

How do they encourage employees to connect?Colleagues are not often behind PCsSolutionShare identity with your directory in the cloudEncourage collaboration with Yammer!Focus on web-based productivity from anywhereApproachOn-premises identity shared to the cloud

Slide9

Federated identity

Synchronized identity

On-premises

directory

On-premises

directory

Azure AD Connect

On-premises

identity

On-premises

identity

Azure AD Connect

Federation

Office 365

identity

m

odels

Zero on-premises

servers

Cloud

identity

Slide10

Synchronized identity model

Password hashes

User accounts

User

Sign in

Azure AD Connect

On-premises directory

Synchronized identity

Slide11

Azure AD

Hash

Extra

security

Password

On-premises

directory

Password hash sync security

Password hash AD DS

It is not reversible to get the

user’s password.

A

hash

Hashes are mathematical functions that are

nearly impossible to

reverse.

The

result of the hash algorithm is

called a

digest.

Additional

processing

We further process

it

with a

one-way hash SHA256 algorithm.Connections are only to the Azure AD service and are SSL encrypted.

Enables Azure AD to validate the user’s password when they log on.

User

Slide12

Demo

TaskSynchronize cloud-ready identities with Azure AD ConnectStepsInstall Azure AD ConnectReview four-step Express settingsCustomize appsCustomize attributesCustomize writebackResultIdentities are in the cloud and ready for SSO to Office 365

Slide13

Making the scenario successful

Tip #

1Perform an Active Directory health check first to make sure your identities are cloud-ready

Tip #2For most organizations, Azure AD Connect’s Express settings work well

Tip

#3

Azure AD Connect offers write back of passwords, users, groups, and devices

Slide14

Scenario

#

2

Mix on-premises and cloud identity for improved PC,

mobile,

and web productivity

Slide15

Customer

story: Aston Martin

Challenge

Need security and compliance for a global brand15-person IT department demands ease-of-useMust protect intellectual propertySolutionGroup policy on-premises, conditional-access cloudMDM for Office 365 to enforce mobile securityAzure RMS for file encryption and policyApproachHybrid identity, still evolving

Slide16

Federated identity

Federated

identity

m

odel

Password hashes

User accounts

Sign in

On-premises directory

Authentication

Authentication

User

Azure AD Connect

AD FS

Slide17

AD FS

Password s

ync

b

ackup

for

federated sign on

Backup

password

h

ash sync

User accounts

On-premises directory

This new backup

solution

for Office 365 customers using federated

sign on

provides the option to manually

switch their

domain in a short amount of time during

outages,

such as

on-premises

power loss, internet connection

interruption,

and any other on-premises outages.

Azure AD Connect

Federated identity

Slide18

AD FS is also easy

Use experienced deployment staff

Use Azure AD Connect

Read the TechNet Deployment Guide

http://technet.microsoft.com/en-us/library/jj205462.aspx

Only implement the Office 365 requirements

The only certificate required is the SSL certificate

Prepare with firewall update permissions

Slide19

Demo

TaskUse Azure AD Connect to sync username, etc., and AD FS for password authenticationStepsModify Azure AD Connect installationReview optional AD FS configurationDeploy AD FS for password proxy authenticationEnable Office 365 backup password hashConsider AD FS load balanced or high availabilityResultSSO to Office 365 optionally without password hash sync

Slide20

Making the scenario successful

Tip #

1Determine if security or compliance policies within your organization require this configuration

Tip #2AD FS requires additional servers to implement, so plan hardware and system requirements accordingly

Tip

#3

Windows Server 2012

R2 AD FS is currently required for use with Azure AD Connect

Slide21

Scenario

#

3

Cloud identity helps you

run your business better

Slide22

Customer

story: GameStop

ChallengeMore than 6,000 locations worldwideThe gamer experience thrives on loyaltyRetail portal needed to ensure consistencySolutionFocus on an excellent user experienceSuperior level of security requiredGameStop retail portal built in Microsoft’s cloudApproachCloud identity managed in Azure AD

Slide23

Cloud identity model

User accounts

User

http://portal.office.com

Azure Active

Directory

Cloud identity

Slide24

Slide25

Slide26

Demo

TaskUse cloud identity with Office 365StepsLog on to the Office 365 admin centerUnder “users and groups,” review configurationCreate a user profileEdit profileReview “settings” and “licenses”ResultVersatile, cloud-only identities, ready for Office 365

Slide27

Making the scenario successful

Tip #

1Cloud-only identities are well suited to a distributed, mobile workforce

Tip #2Rich profile information in Office 365 can provide useful identity information

Tip

#3

Make sure to assign an Office 365 license to your users

Slide28

What we discussed

Get identities to the cloud

Mix on-premises and cloud identity for improved PC, mobile, and web productivity

Cloud identities help you run your business better

Slide29

Next steps

To exploreTry Enterprise Mobility nowhttp://www.microsoft.com/emsTechNet @ http://technet.microsoft.com/MSDN @ http://www.msdn.com/http://aka.ms/ITInnovationTo doRate the sessionQ&AAccelerate your journey to the cloud with integrated identity

Slide30