Enterprise Mobility ITPRO05 What we w ill d iscuss Get identities to the cloud Mix onpremises and cloud identity for improved PC mobile and web productivity Cloud identities help you run your business better ID: 775813
Download Presentation The PPT/PDF document " Accelerate your journey to the cloud wi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Accelerate your journey to the cloud with integrated identity
Enterprise Mobility
ITPRO05
Slide2What we will discuss
Get identities to the cloud
Mix on-premises and cloud identity for improved PC, mobile, and web productivity
Cloud identities help you run your business better
Slide3The current reality…
EC2
On-premises
Private cloud
Managed devices
Slide4Single sign-on
Self-service
Simple connection
•••••••••••
Username
Identity as the
control plane
Cloud
SaaS
Azure
Other
directories
Windows Server
Active Directory
On-premises
Microsoft Azure Active Directory
Office 365
Public
cloud
Slide5Managed: Microsoft System Center Configuration Manager
On-premises LOB applications, traditional productivity
iOS, Android, Windows Phone, BYOD
Mobile apps, shadow IT SaaS solutions
Managed: Microsoft Intune connected to System Center Configuration ManagerOn-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation
Deployment of cloud-enabled rich clientsManaged cloud identities with Multi-Factor Authentication
Managed by EMS: combination of mobile clients (iOS, Android) and cloud-enabled clients (Windows 10)Managed SaaS and Office 365 Enterprise, full Azure IAM
Identity and access management evolution
On-premises
Event – Mobility
Hybrid
Event-Win 8.x/10
Cloud
Azure Active Directory
Slide6Azure Active Directory momentum
Copyright (c) 2015 Microsoft Corporation
6
1 TrillionAzure AD authentications since the release of the service
>35kThird party applications used with Azure AD each month
>1 Billion authentications every day on Azure AD
More than 500 M user accounts on Azure Active Directory
Azure AD manages identity data for >7 M organizations
86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI)
Microsoft’s “Identity Management as a Service (
IDaas
)” for
organizations
Azure Active Directory supports identity across Azure, Office 365 and 3
rd
party clouds
E
volved
to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B)
Slide7Scenario
#
1
Get identities to the cloud
Slide8Customer story: British Airways
Challenge
Employees operate in more than 75 countries
How do they encourage employees to connect?Colleagues are not often behind PCsSolutionShare identity with your directory in the cloudEncourage collaboration with Yammer!Focus on web-based productivity from anywhereApproachOn-premises identity shared to the cloud
Slide9Federated identity
Synchronized identity
On-premises
directory
On-premises
directory
Azure AD Connect
On-premises
identity
On-premises
identity
Azure AD Connect
Federation
Office 365
identity
m
odels
Zero on-premises
servers
Cloud
identity
Slide10Synchronized identity model
Password hashes
User accounts
User
Sign in
Azure AD Connect
On-premises directory
Synchronized identity
Slide11Azure AD
Hash
Extra
security
Password
On-premises
directory
Password hash sync security
Password hash AD DS
It is not reversible to get the
user’s password.
A
hash
Hashes are mathematical functions that are
nearly impossible to
reverse.
The
result of the hash algorithm is
called a
digest.
Additional
processing
We further process
it
with a
one-way hash SHA256 algorithm.Connections are only to the Azure AD service and are SSL encrypted.
Enables Azure AD to validate the user’s password when they log on.
User
Slide12Demo
TaskSynchronize cloud-ready identities with Azure AD ConnectStepsInstall Azure AD ConnectReview four-step Express settingsCustomize appsCustomize attributesCustomize writebackResultIdentities are in the cloud and ready for SSO to Office 365
Slide13Making the scenario successful
Tip #
1Perform an Active Directory health check first to make sure your identities are cloud-ready
Tip #2For most organizations, Azure AD Connect’s Express settings work well
Tip
#3
Azure AD Connect offers write back of passwords, users, groups, and devices
Slide14Scenario
#
2
Mix on-premises and cloud identity for improved PC,
mobile,
and web productivity
Slide15Customer
story: Aston Martin
Challenge
Need security and compliance for a global brand15-person IT department demands ease-of-useMust protect intellectual propertySolutionGroup policy on-premises, conditional-access cloudMDM for Office 365 to enforce mobile securityAzure RMS for file encryption and policyApproachHybrid identity, still evolving
Slide16Federated identity
Federated
identity
m
odel
Password hashes
User accounts
Sign in
On-premises directory
Authentication
Authentication
User
Azure AD Connect
AD FS
Slide17AD FS
Password s
ync
b
ackup
for
federated sign on
Backup
password
h
ash sync
User accounts
On-premises directory
This new backup
solution
for Office 365 customers using federated
sign on
provides the option to manually
switch their
domain in a short amount of time during
outages,
such as
on-premises
power loss, internet connection
interruption,
and any other on-premises outages.
Azure AD Connect
Federated identity
Slide18AD FS is also easy
Use experienced deployment staff
Use Azure AD Connect
Read the TechNet Deployment Guide
http://technet.microsoft.com/en-us/library/jj205462.aspx
Only implement the Office 365 requirements
The only certificate required is the SSL certificate
Prepare with firewall update permissions
Slide19Demo
TaskUse Azure AD Connect to sync username, etc., and AD FS for password authenticationStepsModify Azure AD Connect installationReview optional AD FS configurationDeploy AD FS for password proxy authenticationEnable Office 365 backup password hashConsider AD FS load balanced or high availabilityResultSSO to Office 365 optionally without password hash sync
Slide20Making the scenario successful
Tip #
1Determine if security or compliance policies within your organization require this configuration
Tip #2AD FS requires additional servers to implement, so plan hardware and system requirements accordingly
Tip
#3
Windows Server 2012
R2 AD FS is currently required for use with Azure AD Connect
Slide21Scenario
#
3
Cloud identity helps you
run your business better
Slide22Customer
story: GameStop
ChallengeMore than 6,000 locations worldwideThe gamer experience thrives on loyaltyRetail portal needed to ensure consistencySolutionFocus on an excellent user experienceSuperior level of security requiredGameStop retail portal built in Microsoft’s cloudApproachCloud identity managed in Azure AD
Slide23Cloud identity model
User accounts
User
http://portal.office.com
Azure Active
Directory
Cloud identity
Slide24Slide25Slide26Demo
TaskUse cloud identity with Office 365StepsLog on to the Office 365 admin centerUnder “users and groups,” review configurationCreate a user profileEdit profileReview “settings” and “licenses”ResultVersatile, cloud-only identities, ready for Office 365
Slide27Making the scenario successful
Tip #
1Cloud-only identities are well suited to a distributed, mobile workforce
Tip #2Rich profile information in Office 365 can provide useful identity information
Tip
#3
Make sure to assign an Office 365 license to your users
Slide28What we discussed
Get identities to the cloud
Mix on-premises and cloud identity for improved PC, mobile, and web productivity
Cloud identities help you run your business better
Slide29Next steps
To exploreTry Enterprise Mobility nowhttp://www.microsoft.com/emsTechNet @ http://technet.microsoft.com/MSDN @ http://www.msdn.com/http://aka.ms/ITInnovationTo doRate the sessionQ&AAccelerate your journey to the cloud with integrated identity
Slide30