SlideShare una empresa de Scribd logo

Colabora.dk - Meetup - 29.october 2018

Descargar como PPTX, PDF
Peter Selch Dahl
Peter Selch Dahl

Presentation from the colabora.dk meetup on the 29th of October. https://www.meetup.com/CoLabora/events/255702198/ http://colabora.dk/

Tecnología
1 de 50
CoLabora User Group Meeting – October 2018 - Azure AD: Passwordless, Hardware OATH tokens and integration between Azure AD and Log Analytics Peter Selch Dahl – Azure MVP – I’m ALL Cloud First  Level 200-300
Microsoft MCSA: Cloud Platform - Certified 2018, Microsoft MCSA: Office 365 - Certified 2018, Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018 Microsoft MCSA: 2016 Windows Server 2016, Microsoft MCSA: 2012 Windows Server 2012, Microsoft MCITP: 2008 Server and Enterprise Administrator, Microsoft MCSA: 2008 Windows Server 2008, Microsoft MCSA/MCSE : 2003 Security, Microsoft MCSA/MCSE : 2000 Security, VMWare Certified Professional VI3/VI4/VI5, CompTIA A+, Network+, EC-Council: Certified Ethical Hacker (CEH v7), And more Peter Selch Dahl Cloud Architect, Azure MVP Twitter: @PeterSelchDahl www: www.peterdahl.net Blog : http://blog.peterdahl.net Mail: psd@apento.com
• Passwordless authentication • Using Azure Authenticator and OATH Hardware Key • Azure Active Directory integration with Log Analytics • Using the Log Analytics Dashboard
Microsoft Identity: Going passwordless NOVEMBER 8, 2018 4 Intune Windows Server Active Directory Microsoft Azure Active Directory Username Password Username Password Primary Refresh Token PRT TGT OneDrive Office 365 Dynamics
Microsoft Identity: Going passwordless NOVEMBER 8, 2018 5 Intune Windows Server Active Directory Microsoft Azure Active Directory SSO Token OneDrive Office 365 Dynamics Kerberos TicketPRT TGT
John Doe lllllll
John Doe lllllll 2FA verification code: 020987 MESSAGES + John Doe lllllll 2FA verification code: 020987 MESSAGES
High Security Low Security ConvenientInconvenient 2FA verification code: 020987 MESSAGES John Doe lllllll ?
On the road to…
Strategy 1. Develop password- replacement offerings 2. Reduce user- visible password surface area 3. Transition into password-less deployment 4. Eliminate passwords from identity directory Achieve End-User Promise Achieve Security Promise
What’s available today? 1. Develop password- replacement offerings 2. Reduce user- visible password surface area 3. Transition into password-less deployment 4. Eliminate password from identity directory Windows Hello for Business Authenticator app
Passwordless authentication User-friendly experience Enterprise grade security 37M 200+
Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 14 - The Future of Passwordless with YubiKey & Microsoft Azure AD
Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 15 - The Future of Passwordless with YubiKey & Microsoft Azure AD
janetsmith@Hotmail.com janetsmith@Hotmail.com Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange janetsmith@hotmail..com Microsoft
© 2017 Microsoft Terms of Use Privacy & Cookies Cancel Need Help? Making sure it’s you janetsmith@contoso.com Follow the instructions on the Microsoft Authenticator app and enter the number you see below. 4026 Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange Great solution for Windows 7, MacOS, and Linux Contoso janetsmith@contoso.com
Just around the bend…
Works with the same devices people use every day Based on public key cryptography Biometrics and keys never leave the device Protects against phishing, man-in-the-middle and replay attacks Standards-based, interoperable authentication 2.0
Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 20 - Microsoft joined the FIDO alliance in 2016
FIDO Alliance board members …and hundreds of industry partners
FIDO 2.0 compliant • Device sign in (POC with FIDO dongle) Windows S is passwordless ready One time code + SMS sign in https://cloudblogs.microsoft.com/microsoftsecure/2018/05/ 01/building-a-world-without-passwords/
Personas Day to Day Activities Our Recommended Passwordless Solutions Executives • Uses their own PCs (desktop, laptop & phone) • Requires access to modern as well as legacy apps (i.e. financial software) • Windows Hello • FIDO • Authenticator App Information Workers • Uses their own PCs (desktop, laptop & phone sometimes) • Windows Hello • Authenticator App • FIDO Deskless Workers • Uses shared PCs • FIDO dongles (cheap) • One time code + SMS sign in
High Security Low Security ConvenientInconvenient 2FA verification code: 020987 MESSAGES John Doe lllllll +
On-premises app Web app SaaS service Device sign in Microsoft Authenticator Device + Biometric Biometric on device + Windows 10 or other OS Microsoft Edge or other browser Any device Azure Active Directory Microsoft account
1 2 3 4
New hires download the authenticator app during orientation Set up their machine using the authenticator app Provision Windows Hello (face, fingerprint and/or PIN) Unlock PC with Hello and get SSO into apps Incorporate FIDO as it starts to gain more ground Use authenticator app to access web resources
Allowed methods Password All users i Authentication methods Wingtiptoys – Azure AD Security ResetMethods Registration Save Discard Phone call All users i configure All users i configure Mobile app notification i Add/remove methods Quick start Overview Use this page to enable authentication methods for groups of users. Once a user is enabled for a particular method and have registered that method, they can use it to verify their identity in your organization. • Troubleshoot • FAQ • Top Tips from our customers Read Targeting Configuration Some methods require additional configuration. Select the “configure” option under each method to change settings related to that method. To enable a method, click the checkbox next to the method. Then, choose “All users” or a specific group to enable the method for that group. Add/remove authentication methods Add Password Phone call Mobile app notification (enabled) Text message Verification code – mobile app Verification code – hardware token Duo FIDO Email address Security questions PIN Wingtip toys > Password reset > Authentication methods Select methods to add or remove to the list of allowed methods. Enabled methods must be disabled from allowed methods list before then can be deselected and removed.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · More information required Use a different account Learn more Next riley@contoso.com Your organization requires more information to keep your account secure. login.microsoftonline.com
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com Choose a way to sign in Use Duo Authentication Approve a request on my Microsoft Authenticator app Cancel riley@contoso.com I don’t have any of these Use my password
Next Sign in Email, phone, or Skype No account? Create one! Sign in with FIDO
Cancel Sign in with FIDO Use your FIDO device to sign in. Insert your security key into the USB port Web site microsoft.com wants to verify your identity
Cancel Sign in with FIDO Use your FIDO device to sign in. Insert your security key into the USB port Web site microsoft.com wants to verify your identity PIN Change PIN Continue Enter your security key PIN to continue Web site microsoft.com wants to verify your identity for kelly@outlook.com
© 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com Choose a way to sign in Use Duo Authentication Approve a request on my Microsoft Authenticator app Cancel riley@contoso.com I don’t have any of these Use my FIDO device
Yubico U2F Key for Azure MFA https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Hardware-OATH-tokens-in-Azure-MFA-in-the-cloud-are-now-available/ba-p/276466
Yubico U2F Key for Azure MFA
Azure AD Logging
Azure AD Logging
Azure AD Logging
Azure AD Logging
Colabora.dk - Meetup - 29.october 2018
Colabora.dk - Meetup - 29.october 2018

Recomendados

CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
 
Global Azure Bootcamp 2019 - Aarhus
Global Azure Bootcamp 2019 - AarhusGlobal Azure Bootcamp 2019 - Aarhus
Global Azure Bootcamp 2019 - AarhusPeter Selch Dahl
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...Peter Selch Dahl
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 

Recomendados

CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
 
Global Azure Bootcamp 2019 - Aarhus
Global Azure Bootcamp 2019 - AarhusGlobal Azure Bootcamp 2019 - Aarhus
Global Azure Bootcamp 2019 - AarhusPeter Selch Dahl
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...
Customer story - NAC - The journey from Microsoft hybrid cloud to Microsoft n...Peter Selch Dahl
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Managing enterprise applications, permissions, and consent in Azure Active Di...
Managing enterprise applications, permissions, and consent in Azure Active Di...Peter Selch Dahl
 
Global Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffGlobal Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffPeter Selch Dahl
 
Global azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoffGlobal azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoffPeter Selch Dahl
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....Peter Selch Dahl
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
EWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplacesEWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplacesPeter Selch Dahl
 
Global Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - KeynoteGlobal Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - KeynotePeter Selch Dahl
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Más contenido relacionado

Más de Peter Selch Dahl

Global Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffGlobal Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffPeter Selch Dahl
 
Global azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoffGlobal azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoffPeter Selch Dahl
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....Peter Selch Dahl
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
EWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplacesEWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplacesPeter Selch Dahl
 
Global Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - KeynoteGlobal Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - KeynotePeter Selch Dahl
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 

Más de Peter Selch Dahl (7)

Global Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - KickoffGlobal Azure Bootcamp 2018 Aarhus Denmark - Kickoff
Global Azure Bootcamp 2018 Aarhus Denmark - Kickoff
 
Global azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoffGlobal azure bootcamp 2018 aarhus denmark - kickoff
Global azure bootcamp 2018 aarhus denmark - kickoff
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
EWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplacesEWUG - Bridging the legacy gap in modern workplaces
EWUG - Bridging the legacy gap in modern workplaces
 
Global Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - KeynoteGlobal Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
Global Azure Bootcamp 2017 - Aarhus, Denmark - Keynote
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 

Último

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Colabora.dk - Meetup - 29.october 2018

  • 1. CoLabora User Group Meeting – October 2018 - Azure AD: Passwordless, Hardware OATH tokens and integration between Azure AD and Log Analytics Peter Selch Dahl – Azure MVP – I’m ALL Cloud First  Level 200-300
  • 2. Microsoft MCSA: Cloud Platform - Certified 2018, Microsoft MCSA: Office 365 - Certified 2018, Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018 Microsoft MCSA: 2016 Windows Server 2016, Microsoft MCSA: 2012 Windows Server 2012, Microsoft MCITP: 2008 Server and Enterprise Administrator, Microsoft MCSA: 2008 Windows Server 2008, Microsoft MCSA/MCSE : 2003 Security, Microsoft MCSA/MCSE : 2000 Security, VMWare Certified Professional VI3/VI4/VI5, CompTIA A+, Network+, EC-Council: Certified Ethical Hacker (CEH v7), And more Peter Selch Dahl Cloud Architect, Azure MVP Twitter: @PeterSelchDahl www: www.peterdahl.net Blog : http://blog.peterdahl.net Mail: psd@apento.com
  • 3. • Passwordless authentication • Using Azure Authenticator and OATH Hardware Key • Azure Active Directory integration with Log Analytics • Using the Log Analytics Dashboard
  • 4. Microsoft Identity: Going passwordless NOVEMBER 8, 2018 4 Intune Windows Server Active Directory Microsoft Azure Active Directory Username Password Username Password Primary Refresh Token PRT TGT OneDrive Office 365 Dynamics
  • 5. Microsoft Identity: Going passwordless NOVEMBER 8, 2018 5 Intune Windows Server Active Directory Microsoft Azure Active Directory SSO Token OneDrive Office 365 Dynamics Kerberos TicketPRT TGT
  • 7. John Doe lllllll 2FA verification code: 020987 MESSAGES + John Doe lllllll 2FA verification code: 020987 MESSAGES
  • 8. High Security Low Security ConvenientInconvenient 2FA verification code: 020987 MESSAGES John Doe lllllll ?
  • 9.
  • 10. On the road to…
  • 11. Strategy 1. Develop password- replacement offerings 2. Reduce user- visible password surface area 3. Transition into password-less deployment 4. Eliminate passwords from identity directory Achieve End-User Promise Achieve Security Promise
  • 12. What’s available today? 1. Develop password- replacement offerings 2. Reduce user- visible password surface area 3. Transition into password-less deployment 4. Eliminate password from identity directory Windows Hello for Business Authenticator app
  • 14. Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 14 - The Future of Passwordless with YubiKey & Microsoft Azure AD
  • 15. Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 15 - The Future of Passwordless with YubiKey & Microsoft Azure AD
  • 16. janetsmith@Hotmail.com janetsmith@Hotmail.com Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange janetsmith@hotmail..com Microsoft
  • 17. © 2017 Microsoft Terms of Use Privacy & Cookies Cancel Need Help? Making sure it’s you janetsmith@contoso.com Follow the instructions on the Microsoft Authenticator app and enter the number you see below. 4026 Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange Great solution for Windows 7, MacOS, and Linux Contoso janetsmith@contoso.com
  • 18. Just around the bend…
  • 19. Works with the same devices people use every day Based on public key cryptography Biometrics and keys never leave the device Protects against phishing, man-in-the-middle and replay attacks Standards-based, interoperable authentication 2.0
  • 20. Microsoft Identity: Going passwordless NOVEMBER 8, 2018 @EWUGDK 20 - Microsoft joined the FIDO alliance in 2016
  • 21. FIDO Alliance board members …and hundreds of industry partners
  • 22.
  • 23. FIDO 2.0 compliant • Device sign in (POC with FIDO dongle) Windows S is passwordless ready One time code + SMS sign in https://cloudblogs.microsoft.com/microsoftsecure/2018/05/ 01/building-a-world-without-passwords/
  • 24. Personas Day to Day Activities Our Recommended Passwordless Solutions Executives • Uses their own PCs (desktop, laptop & phone) • Requires access to modern as well as legacy apps (i.e. financial software) • Windows Hello • FIDO • Authenticator App Information Workers • Uses their own PCs (desktop, laptop & phone sometimes) • Windows Hello • Authenticator App • FIDO Deskless Workers • Uses shared PCs • FIDO dongles (cheap) • One time code + SMS sign in
  • 25. High Security Low Security ConvenientInconvenient 2FA verification code: 020987 MESSAGES John Doe lllllll +
  • 26. On-premises app Web app SaaS service Device sign in Microsoft Authenticator Device + Biometric Biometric on device + Windows 10 or other OS Microsoft Edge or other browser Any device Azure Active Directory Microsoft account
  • 27. 1 2 3 4
  • 28. New hires download the authenticator app during orientation Set up their machine using the authenticator app Provision Windows Hello (face, fingerprint and/or PIN) Unlock PC with Hello and get SSO into apps Incorporate FIDO as it starts to gain more ground Use authenticator app to access web resources
  • 29. Allowed methods Password All users i Authentication methods Wingtiptoys – Azure AD Security ResetMethods Registration Save Discard Phone call All users i configure All users i configure Mobile app notification i Add/remove methods Quick start Overview Use this page to enable authentication methods for groups of users. Once a user is enabled for a particular method and have registered that method, they can use it to verify their identity in your organization. • Troubleshoot • FAQ • Top Tips from our customers Read Targeting Configuration Some methods require additional configuration. Select the “configure” option under each method to change settings related to that method. To enable a method, click the checkbox next to the method. Then, choose “All users” or a specific group to enable the method for that group. Add/remove authentication methods Add Password Phone call Mobile app notification (enabled) Text message Verification code – mobile app Verification code – hardware token Duo FIDO Email address Security questions PIN Wingtip toys > Password reset > Authentication methods Select methods to add or remove to the list of allowed methods. Enabled methods must be disabled from allowed methods list before then can be deselected and removed.
  • 30. © 2017 Microsoft Terms of Use Privacy and Cookies · · · More information required Use a different account Learn more Next riley@contoso.com Your organization requires more information to keep your account secure. login.microsoftonline.com
  • 31. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
  • 32. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
  • 33. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
  • 34. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
  • 35. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com FIDO You’ll use your FIDO device when we need to verify your identity.
  • 36. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com Choose a way to sign in Use Duo Authentication Approve a request on my Microsoft Authenticator app Cancel riley@contoso.com I don’t have any of these Use my password
  • 37. Next Sign in Email, phone, or Skype No account? Create one! Sign in with FIDO
  • 38. Cancel Sign in with FIDO Use your FIDO device to sign in. Insert your security key into the USB port Web site microsoft.com wants to verify your identity
  • 39. Cancel Sign in with FIDO Use your FIDO device to sign in. Insert your security key into the USB port Web site microsoft.com wants to verify your identity PIN Change PIN Continue Enter your security key PIN to continue Web site microsoft.com wants to verify your identity for kelly@outlook.com
  • 40. © 2017 Microsoft Terms of Use Privacy and Cookies · · · login.microsoftonline.com Choose a way to sign in Use Duo Authentication Approve a request on my Microsoft Authenticator app Cancel riley@contoso.com I don’t have any of these Use my FIDO device
  • 41.
  • 42. Yubico U2F Key for Azure MFA https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Hardware-OATH-tokens-in-Azure-MFA-in-the-cloud-are-now-available/ba-p/276466
  • 43. Yubico U2F Key for Azure MFA
  • 44.

Notas del editor

  1. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Hardware-OATH-tokens-in-Azure-MFA-in-the-cloud-are-now-available/ba-p/276466?lightbox-message-images-276466=57943iE7E75D10219DD926 https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/17/windows-hello-fido2-security-keys/ https://support.yubico.com/support/solutions/articles/15000006494-yubikey-neo
  2. Alpha-numeric passwords are hard for humans to remember and easy for computers to guess. Frequent password changes lead to predictable pattern transformations. Credential reuse across multiple services increases attack surface. People work around policies that are too difficult. Even the strongest passwords are easily phishable.
  3. Who here has successfully deployed these? If yes, what are your experiences with it?
  4. <Ask Karanbir to come talk quickly about Windows Hello> Overall we have more than 37M users using Windows Hello, including consumer and commercial users. More than 200 enterprises have deployed Windows Hello for Business. Our biggest enterprise deployment of Windows Hello for Business, outside of Microsoft itself, is 25000+ users in a single enterprise.
  5. https://www.ronnipedersen.com/2018/10/14/password-less-phone-sign-in-with-microsoft-authenticator-app/
  6. Based on public key cryptography Keys stay on device and no server-side shared secrets to steal Protects against phishing, man-in-the-middle and replay attacks Biometrics, if used, never leave device No link-ability between services or accounts No 3rd party in the protocol -- Reduces reliance on complex passwords Single gesture to log on Works with the same devices people use every day User the same authentication with different services
  7. Other industry partners for FIDO
  8. yes we're working on making this process easier. Our current recommendation is below: One-time bypass ETA: Now, kindof Bypass is a feature that can be used when a user doesn't have the ability to register for MFA, or temporarily can't do MFA. It removes the requirement to do MFA so that they can log in with just their password. If you're looking for a way to let someone temporarily do MFA if other methods are inaccessible, look at "Time-limited passcode" below. There is currently a workaround to support one-time bypass in Azure MFA, if you're enforcing MFA through Conditional Access as is recommended. Follow these steps: Create a "bypass" group and add it as an excluded group to any Conditional Access policies that enforce MFA. Delegate ownership of the group to anyone who should have the authority to allow users to bypass MFA, for example help desk workers. Set up a script to automatically clear the group at the end of your business day. When someone needs to bypass MFA (e.g. forgot their phone at home) they will call the helpdesk and the helpdesk will validate their identity (your process is up to your organization, but it should be more intense than just reaching the helpdesk). The user will be able to log in with just a password for the day, and then the next day they'll be required to do MFA again. This setup provides good flexibility – you can allow the bypass based on your policies. For example, if MFA is always required for certain apps for compliance or security reasons, you can not add the bypass group as an exclusion. Someone who has the bypass can log into Outlook without MFA, but not your important apps – they'll have to go get their phone if they need to do a critical operation that day. That said, there is more work to be done. We are working on formalizing this process – creating a group for you, adding it as an exclusion to policies, and providing a built-in way to remove users from the group after a certain amount of time. ETA: In design, not started collapse
  9. Right now our big gap is legacy apps
  10. Add windows hello and auth app on the fourth quadrant
  11. But come on this journey with us.
  12. We do have gaps for sure, such as legacy apps and password requirements for a lot of our VM scenarios. However we are slowly figuring out how to scrub password requirements from the OS as well as our service so atleast us and companies such as yourselves can go passwordless if you want to. For legacy apps, we are exploring time restricted passwords or one time passwords, which will help get around those gnarly hardcoded password requirements that we don’t control. But it’s definitely a journey and we are learning too as we are going through it.
  13. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-Activity-logs-in-Azure-Log-Analytics-now/ba-p/274843
  14. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-Activity-logs-in-Azure-Log-Analytics-now/ba-p/274843
  15. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-Activity-logs-in-Azure-Log-Analytics-now/ba-p/274843
  16. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-Activity-logs-in-Azure-Log-Analytics-now/ba-p/274843