Microsoft Azure Active Directory PowerPoint Presentation, PPT - DocSlides

Microsoft Azure Active Directory PowerPoint Presentation, PPT - DocSlides

2016-06-21 313K 313 0 0

Description

Premium. Eran Dvir – Program Manager Azure AD. CDP-B312. A comprehensive identity and access management cloud solution. . It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers. ID: 371913

Embed code:

Download this presentation



DownloadNote - The PPT/PDF document "Microsoft Azure Active Directory" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentations text content in Microsoft Azure Active Directory

Slide1

Slide2

Microsoft Azure Active Directory Premium

Eran Dvir – Program Manager Azure AD

CDP-B312

Slide3

A comprehensive identity and access management cloud solution.

It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers

It is available in 3 editions: free, Basic and Premium

What is Azure Active Directory?

Slide4

Identity as the control plane

Slide5

Azure Active Directory editions feature comparison + Office 365 IAM features

Azure AD FreeAzure AD BasicAzure AD PremiumOffice 365 IAM featuresCommon FeaturesDirectory as a Service500,000 Object LimitNo Object LimitNo Object LimitNo Object limit for Office 365 user accountsUser/Group Management (add/update/delete)YesYesYesYesSSO to pre-integrated SAAS Applications /Custom Apps10 apps per user10 apps per userNo Limit10 apps per userUser-Based access management/provisioningYesYesYesYesSelf-Service Password Change for cloud usersYesYesYesYesIdentity Synchronization Tool (Windows Server AD integration, Multi Forest)YesYesYesYesSecurity Reports3 Basic Reports3 Basic ReportsAdvanced Security Reports3 Basic ReportsCloud App Discovery*Yes(Basic)Yes(Basic)Yes(Advanced)**Yes(Basic)Premium+ Basic FeaturesGroup-based access management/provisioningYesYesSelf-Service Password Reset for cloud usersYesYesCompany Branding (Logon Pages/Access Panel customization)YesYesSLAYesYesYesPremium FeaturesIdentity Synchronization Tool advanced write-back capabilities * (FY15 Roadmap)YesSelf-Service Group ManagementYesSelf-Service Password Reset/Change with on-premises write-backYesAdvanced Usage ReportingYesMulti-Factor Authentication (Cloud and On-premises (MFA Server))YesLimited Cloud only features for accessing Office 365Azure AD Application proxy*Yes MIM CAL + MIM ServerYesAdministrative Delegation* (FY15 Roadmap)Yes

*Features in Preview (Sept 2014) or in the roadmap

** Advanced functionality on Cloud App Discovery is in the roadmap for FY15 H2

10 Apps per user : Every user can have a different set of Apps, up to ten. MS Online apps (e.g. O365) are counted among these 10.

Slide6

Demo company

Tailspin

Slide7

Company Overview

Enterprise historically deployed on-premises

Started to move to cloud applications:

Office 365

Workday HR

Salesforce

Marketing applications (Twitter, Facebook,

etc

)

Slide8

Some people

Drew Fogarty

Director MarketingManages one or more departmentsAuthorizes use of SaaS apps for her departments (ex: performance management, expense reports, customer engagement).Doesn’t want to be blocked by ITMelvin WallenMarketing leadManages six marketing specialistsResponsible for granting, approving or validating his reports’ access to resources like apps and documentsIrwin McCraySocial media specialist - Starting todayVery sophisticated consumer or technology

Slide9

Demo

First day at work

Slide10

Azure AD Premium

Putting it all together

Slide11

ApplicationsPassword managementAccess managementReports

Overview

Slide12

Applications

Slide13

Pre-integrated:Provisioning – Inbound or OutboundSingle Sign-on – Federated, Password or ExistingShared accountsAdd your own:Cloud applications – Single tenanted, multi tenanted or GalleryOn-premises – publish an on-premises application for Azure AD access

Applications - Key

concepts

Slide14

Import Workday users and groups to Azure ADUsers are provisioned or joined when they become Workday workers and get accounts. Groups are provisioned and managed from Workday provisioning groups.Ongoing synchronization:GroupsUsersGroup membership

Inbound provisioning - Workday

UPN:Workday userID or…Workday userID + default domain

Group:

Workday provisioning group name

Slide15

Workday to Azure AD – User attributes

Azure AD

Workday

jobTitle

Business_Title

givenName

First_Name

surName

Last_Name

department

Job_Family_ID

preferredLanguage

Locale_ID

manager

Manager_Reference

Address (

streetAddress

; city; state; country;

postalCode

)

Municipality,

Country_Region_Reference

,

Country_Reference

,

Postal_Code

displayName

Formatted_Name

telephoneNumber

Phone_Data

'Work'

mailNickname

User_ID

physicalDeliveryOfficeName

Work_Space__Reference

mobilePhone

Phone_Data

Mobile'

Slide16

Automatic provisioning:Profiles or roles and existing assignments are imported on first syncAssigned users are provisioned to the applicationAccounts mapping - application user ID and Azure AD UPNAutomatic de-activationThe user is deactivated in application (cannot log-in by any means)Account is disabled or deleted in Azure ADAll assignments are removedOn hard-delete of Azure AD account application user ID is randomizedSchema mapping modificationsProvisioning and usage reports

Outbound provisioning

Slide17

Salesforce – Default attribute mapping

Salesforce attribute

Azure AD attribute

IsActive

IsSoftDeleted

Alias

userPrincipalName

Email

Mail

EmailEncodingKey

“ISO-8859-1”

LanguageLocaleKey

en_us

FirstName

givenName

LastName

surname

LocaleSidKey

preferredLanguage

TimeZoneSidKey

“America/

Los_Angeles

Username

userPrincipalName

UserPermissionsCallCenterAutoLogin

False

UserPermissionsMarketingUser

False

UserPermissionsOfflineUser

False

Slide18

Multiple users can access the same accountProtect organizational accounts:Administrator controls passwordGroup based assignment to individualsA user can have access to more then one shared accountCan coexist with user personal accountsPassword are protected in your Azure AD tenant.

Shared accounts

Slide19

Integrate on-prem apps with Azure AD

End-user portal – Access PanelAzure AD authentication capabilities:Username and password synced from on-prem ADFederated login to on-prem or other federation serversMulti-factor authenticationCustomized login screenAuthorization based on user or groupsSSO to Office365, thousands of SaaS apps and all applications integrated with AADReports, auditing and security monitoring based on big data and machine learning.

Azure Active Directory

Resource

Resource

Resource

Corporate Network

DMZ

Connector

Connector

Application

Proxy

Access Panel

Portal

Authentication + MFA

Reporting & Auditing

Security Monitoring

Authorization

Slide20

Direct user assignmentGroup membership assignmentGroups can be managed on WSAD, Workday or AzureADAssignments are constantly updated to reflect ongoing group membershipSelf service group management on AzureAD or on-premises can be used to delegate access control.Assignment OptionsDepending on application types:Default or Application roleSKU/licenseManaged password

Application assignments

Slide21

Consistent with application assignment experienceSupports direct assignment to users or by group membershipSupported licenses:Enterprise Mobility Suite (Intune, Azure AD RMS, Azure AD Premium)Azure AD PremiumAzure AD BasicOffice 365

License management

Slide22

Demo

Applications

Slide23

Self-service Password Management

Slide24

Password change and resetAzure AD for cloud usersWindows Server AD for federated SSO and password hash sync usersSupports FIM/MIM on-premises password sync solutionsPassword management in Azure and Windows Server AD can co-existPassword complexityWindows Server AD - Enforce on premise policy including complexity, age, and historyAzure AD pre-canned - strong (default) or weakCustomized user experiences

Password management: Administrator

Slide25

Password complexityPassword expiryUser passwordPassword expiry policy

Azure AD password management

Set-msoluser –UserPrincipalName <UserPrincipalName> -PasswordNeverExpires <Boolean>

Set-MsolUserPassword –UserPrincipalName <UserPrincipalName> –NewPassword <New Password> -ForceChangePassword <Boolean>

Set-MsolPasswordPolicy -DomainName  <Domain Name> -NotificationDays <Number Of Days> –ValidityPeriod <Number Of Days>

Set

-

msoluser

UserPrincipalName

<

UserPrincipalName

>

-

StrongPasswordRequired

<Boolean>

Slide26

Identity proofConfigurable for required and allowed typesIncludes phone, text, email, secret questionsRegistrationForced registration on access to MyApps.microsoft.comSynchronize from On-premises or WorkdayPrivate mobile phone numberAttestation for registration dataNotifications to users and adminsRegistration and activity reportsCommon usesPreregister user

Password reset: administration

Slide27

Common uses:First use/Account activation Forgot my passwordAdmin security resetSelf-service:Company brandedRegistration – setting/updating/verifying account recovery information.Reset - Guided experience only shows available gates Change user password

Password management:

E

nd user

Slide28

How it works

Slide29

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

When password

writeback

is enabled Azure AD connect creates a private service bus session and listens for password updates

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Slide30

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

Is the user federated SSO or password sync

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

?

Slide31

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

For on-premises user:

Azure AD sends the password to the Azure AD connect and attempts to set it on Windows Server AD

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Slide32

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

The user is informed of the results and can try again if they fail to meet password requirements.

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Does NOT meet history requirements

Your password does not meet the password history requirements

Please try again…

Slide33

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

Azure AD sends the password to the Azure AD connect and attempts to set it on Windows Server AD

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Slide34

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

The user is informed of the results and can try again if they fail to meet password requirements.

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Success

Password has been reset!!!

Slide35

Password management

writeback

Self-Service Password Management

Cloud Service

DMZ

Active Directory

Active Directory

Azure Service Bus

TailspinOnline.com

corpnet

Azure AD Connect

AD DS

FIM/MIM

Applications

Success

FIM/MIM sync pushes password to other applications

Slide36

Demo

Setting up SSPR

Slide37

Delegated access management

Slide38

Administrator controls:ApplicationsShared accountsSKUs/LicensesDelegate controls:Self-service workflow and approvalAdd and remove usersEnd userSelf-service access request

Overview

Slide39

Demo

Access to Twitter

Slide40

Reporting

Slide41

Rule based (free)Sign ins from unknown sourcesSign ins after multiple failuresSign ins from multiple geographiesSpecialized informationSign ins from possibly infected devicesSign ins from IP addresses with suspicious activityMachine learningIrregular sign in activity

Security reports

CombinedUsers with anomalous sign in activityActionsReset passwordManage Multi-factor authIgnore eventDownload reports

Slide42

ActivityAudit (free)Password reset activityPassword reset registration activityApplication ManagementApplication usageAccount provisioning activity (free)Account provisioning errors (free)

Operational reports

Slide43

Overview

Reporting services

Active Directory

Active Directory

User Activity and Devices

SaaS Apps

Location

UI

Notifications

APIs

Slide44

Demo

Reports

Slide45

Related content

Microsoft Solutions Experience Location (MSE)

Tue, Oct 28 3:15 PM-4:30 PM

EM-B214

Privileged Access Management for Active Directory

Wed, Oct 29 8:30 AM-9:45 AM

EM-B316

Directory Integration: Creating One Directory with Active Directory and Azure Active Directory

Wed, Oct 29 3:15 PM-4:30 PM

EM-B319

Microsoft Identity Manager

vNext

Overview

Wed, Oct 29 3:15 PM-4:30 PM

CDP-B210

Cloud Identity: Microsoft Azure Active Directory Explained

Wed, Oct 29 5:00 PM-6:15 PM

EM-B318

Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy

Thu, Oct 30 10:15 AM-11:30 AM

CDP-B312

Microsoft Azure Active Directory Premium, in Depth

Fri, Oct 31 2:45 PM-4:00 PM

EM-B313

Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud

Thu, Oct 30 12:00 PM-1:15 PM

EM-B310

Active Directory + BYOD = Peace of Mind

Thu, Oct 30 5:00 PM-6:15 PM

DEV-B322

Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management

Fri, Oct 31 8:30 AM-9:45 AM

CDP-B207

Securing Organizations: Azure Active Directory Intelligence as a Differentiator

Slide46

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http

://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Slide47

Come visit us in the Microsoft Solutions Experience (MSE)!Look for the Cloud and Datacenter Platform area TechExpo Hall 7

For more information

Windows Server Technical Preview

http://technet.microsoft.com/library/dn765472.aspx

Windows Server

Microsoft Azure

Microsoft Azure

http://azure.microsoft.com/en-us/

System Center

System Center Technical Preview

http://

technet.microsoft.com/en-us/library/hh546785.aspx

Azure Pack

Azure Pack

http://

www.microsoft.com/en-us/server-cloud/products/

windows-azure-pack

Slide48

Azure

Implementing Microsoft Azure Infrastructure Solutions

Classroomtraining

Exams

+

(Coming soon)

Microsoft Azure Fundamentals

Developing Microsoft Azure Solutions

MOC

10979

Implementing Microsoft Azure Infrastructure Solutions

Onlinetraining

(Coming soon)Architecting Microsoft Azure Solutions

(Coming soon)Architecting Microsoft Azure Solutions

Developing Microsoft Azure Solutions

(Coming soon)

Microsoft Azure Fundamentals

http://bit.ly/Azure-Cert

http://bit.ly/Azure-MVA

http://bit.ly/Azure-Train

Get certified for 1/2 the price at TechEd Europe 2014!

http://bit.ly/TechEd-CertDeal

2

5

5

MOC20532

MOC20533

EXAM532

EXAM533

EXAM534

MVA

MVA

Slide49

Please Complete An Evaluation FormYour input is important!

TechEd Schedule Builder CommNet station or PC

TechEd Mobile

app

Phone or Tablet

QR code

Slide50

Evaluate this session

Slide51

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Slide52

Slide53

Slide54

Slide55

Slide56

Slide57

Slide58


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.