SlideShare una empresa de Scribd logo

AzureAAD

Descargar como PPSX, PDF
T
TonyHotko

This document discusses Microsoft Azure and identity management solutions from CCS Technology Group. It provides an overview of Azure Active Directory, Azure Multi-Factor Authentication, extending Active Directory to Azure, and deploying Active Directory Federation Services in Azure or on-premises. CCS Technology Group is a Microsoft partner that offers infrastructure deployment, managed services, custom cloud solutions, and custom software development.

1 de 40
CCS Technology is a Microsoft Partner Specializing in Infrasturcture Deployment, Managed Services, Custom Cloud Solutions and Custom Software Development www.CCSTechnologyGroup.com 224.232.5500 Palatine, Illinois ABOUT US
Why consider the cloud?
Cloud innovation presents challenges for IT
WHAT IS AZURE..? Microsoft Azure delivers. Enterprise ready by design.
Huge infrastructure scale is the enabler 19 Regions ONLINE…huge datacenter capacity around the world…and we’re growing  100+ datacenters  One of the top 3 networks in the world (coverage, speed, connections)  2 x AWS and 6x Google number of offered regions  G Series – Largest VM available in the market – 32 cores, 448GB Ram, SSD… Operational Announced Central US Iowa West US California North Europe Ireland East US Virginia East US 2 Virginia US Gov Virginia NorthCentralUS Illinois US Gov Iowa SouthCentralUS Texas Brazil South Sao Paulo West Europe Netherlands China North * Beijing China South * Shanghai Japan East Saitama Japan West Osaka India West TBD India East TBD East Asia HongKong SE Asia Singapore Australia West Melbourne Australia East Sydney * Operated by 21Vianet
Control Your Identity Empower Enterprise Mobility Extend Your Infrastructure
A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
IT professional
Self-service Single sign on ••••••••••• Username Identity as the control point Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
Devices Apps Data
The current reality…
Azure Active Directory Cloud App Discovery 10x Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates • SaaS app category • Number of users • Utilization volume Comprehensive reporting How Many SaaS apps are in use within your organization?
Devices Apps Data
Protect your data Enable your users Consistent User Experience Access & information protection Single User Identity Mobile device & application management
Microsoft Azure Web Apps (Azure Active Directory Application Proxy) SaaS apps Integrated custom apps Other Directories
Rich standards-based platform for developers
No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Premium + Basic Features Group-based access management/provisioning Yes Yes Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes SLA Yes Yes
Strengthening the authentication with Azure Multi-Factor Authentication What is multi-factor authentication? Multi-factor authentication, also commonly referred to as two-factor authentication, is a best practice for securing user access. It works by requiring any two or more of the following authentication factor:  A knowledge factor: something only you know (typically a password or a PIN).  A possession factor: something only you have (a trusted device that is not easily duplicated).  An inherence factor: something only you are (biometrics). The security of multi-factor authentication lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the trusted device. As already introduced, Azure MFA is, as its name indicates, an Azure service that helps safeguard access to data and applications by strengthening traditional sign-in approaches. In terms of applications, the service supports both cloud applications that use or integrate with Azure AD as well as on-premises applications using the Multi-Factor Authentication Server. With Azure MFA and the user’s telephone as the trusted device for a second or an additional factor of authentication: What is Azure Multi-Factor Authentication? You must have AAD Premium to use MFA
Strengthening the authentication with Azure Multi-Factor Authentication How it Works Azure MFA offers the additional security you demand using the phones your users already carry. Multiple phone-based authentication methods are available, allowing users to choose the one that works best for them, and, support for multiple methods ensures additional authentication is always available: Multi-Factor Auth apps are available for Windows Phone, iOS phones and tablets, and Android devices. Automated phone calls are placed by the Azure MFA online service to any phone, landline or mobile. The user simply answers the call and presses # on the phone keypad to complete their sign in through a distinct channel. Text messages are sent by the Multi-Factor Authentication service to any mobile phone. The text message contains a one-time passcode. The user is prompted to either reply to the text message with the passcode or enter the passcode into the sign in screen. The users always sign in with their existing username and password. After the user’s credentials are verified, Multi-Factor Authentication is initiated using the above methods depending on the user’s enrollment. Azure Multi-Factor Authentication enables compliance with regulatory requirements for multi-factor authentication such as the following ones to name of few: NIST 800-63 Electronic Authentication Guidelines for Level 3 Assurance, HIPAA Requirements Relative to Electronic Protected Health Information (EPHI), Payment Card Industry Data Security Standards (PCI DSS), Criminal Justice Information System (CJIS) Security Policy, Authentication in an Internet Banking Environment Guidance (FFIEC).
Self-service Single sign on ••••••••••• Username Focus on Single Sign On Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory Enable Directory SynchronizationEnable AAD SSO
Depending on your Sync Method, you will have Single Sign On or Same Sign On Dirsync will provide you with the same UserName and Password Dirsync With ADFS will authenticate with your AD for Exact Same Sign On Single Sign On vs. Same Sign On What’s the difference?
Do you really need AD FS? Office 365 doesn’t require every customer to deploy directory synchronization services or Active Directory Federation Services (AD FS). In reality, most organizations require only cloud identities, where users receive cloud credentials for signing in to Office 365 services. The cloud ID password policy is stored in the cloud with the Office 365 service. Cloud credentials are separate from other desktop or corporate credentials. Using cloud identities, one optional server may be deployed to support directory synchronization from your on-premises Active Directory. In environments with just a few users, directory synchronization isn’t required. Users may be provisioned manually through the Office 365 portal. Federated identities, on the other hand, enable users to sign in to Office 365 services by using their Active Directory credentials. The corporate Active Directory authenticates the users, and then stores and controls the password policy. Deploying AD FS requires additional expertise, introduces complexity, and has higher operational costs.
Office 365 single sign on using AD FS and DirSync Office 365 same sign on using DirSync + Password Sync 1. The user logs on to a corporate network, and is authenticated to Windows Server Active Directory. 2. The user tries to access Office 365 (I am @contoso.com). 3. Office 365 redirects the user to Azure AD. 4. Since Azure AD can’t authenticate the user and understands there is a trust with AD FS on-premises, it redirects the user to AD FS 5. The user sends a Kerberos ticket to the AD FS STS. 6. AD FS transforms the Kerberos ticket to the required token format/claims and redirects the user to Azure AD. 7. The user authenticates to Azure AD (another transformation occurs). 8. Azure AD redirects the user to Office 365. 9. The user is silently signed on to Office 365 1. The user logs on to a corporate network, and is authenticated to Windows Server Active Directory. 2. The user tries to access Office 365 (I am @contoso.com). 3. Office 365 redirects the user to Azure AD. 4. Azure AD can’t accept Kerberos tickets directly and no trust relationship exists so it requests that the user enter credentials. 5. The user enters the same on-premises password, and Azure AD validates them against the user name and password that was synchronized by DirSync. 6. Azure AD redirects the user to Office 365. 7. The user can sign on to Office 365 and OWA using the Azure AD token.
Extending Active Directory Domain Services to Azure is the first step to support line- of-business applications in Azure IaaS. Supports cloud-based solutions that require NTLM or Kerberos authentication, or domain-joined virtual machines. Adds additional integration potential for cloud services and applications and can be added at any time. This configuration is a hybrid deployment of Active Directory on-premises and in Azure. It requires: • A virtual network in Azure IaaS. • A VPN connection or ExpressRoute connection. • Extending your on-premises IP address range to virtual machines in the virtual network. • Deploying one or more domain controllers to Azure designated as a global catalog server (reduces egress traffic across the VPN connection).This identity architecture supports a different set of solutions and applications compared to synchronization with Azure Active Directory.
Authentication is directed to the ADFS via the Web Application Proxy All On Premise at your location or your Hosted Datacenter When you lose connectivity or have an outage, your cloud authentication is out too Traditional on-premises AD FS deployment
The Azure AD Sync tool can be hosted in the cloud using Azure IaaS. • Potentially faster provisioning and lower cost of operations • Increased availability The architecture illustrated on the right details how you can configure Azure AD Sync Tool on IaaS. This solution works with with: • Office 365 services • Applications in Azure that are available over the Internet • Business applications in Azure that are available from on-premises environments through the secure VPN Azure Active Directory Sync Tool
If you haven t already deployed AD FS on-premises, consider whether the benefits of deploying this workload to Azure makes sense for you organization. • Provides autonomy for authentication to cloud services (no on-premises dependencies). • Reduces servers and tools hosted on-premises. • Uses a site-to-site VPN gateway on a two-node failover cluster to connect to Azure (new). • Use ACLs to ensure that Web Application Proxy servers can only communicate with AD FS, not domain controllers or other servers directly. This solution works with: • Applications that require Kerberos • All of Microsoft s SaaS services • Applications in Azure that are Internet-facing • Applications in Azure IaaS or PaaS that require authentication with your corporate Active Directory Domain Services AD FS + AD Sync Tool
AD FS + Sync Tool Full DR deployment
Aim for consistency of the user experience for: • The authentication process • Required credentials Utilizing Windows credentials, whether against Active Directory on-premises or by SAML authentication with Azure Active Directory, ensures that users can quickly authenticate and focus on their tasks. Build your Applications for AAD
CCS TECHNOLOGY GROUP, LLC 1540 E. Dundee Road, Suite 104 Palatine, IL 60074 224.232.5500 www.ccstechnologygroup.com @CCS4IT THANK YOU

Recomendados

Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...Jan Ketil Skanke
 
Microsoft Enterprise Mobility Suite Poster
Microsoft Enterprise Mobility Suite PosterMicrosoft Enterprise Mobility Suite Poster
Microsoft Enterprise Mobility Suite PosterDavid J Rosenthal
 
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Okta-Inc
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanDavid J Rosenthal
 
Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1AgileIT
 

Recomendados

Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...Jan Ketil Skanke
 
Microsoft Enterprise Mobility Suite Poster
Microsoft Enterprise Mobility Suite PosterMicrosoft Enterprise Mobility Suite Poster
Microsoft Enterprise Mobility Suite PosterDavid J Rosenthal
 
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)
Avoiding the Hidden Costs of Active Directory Federation Services (AD FS)Okta-Inc
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanDavid J Rosenthal
 
Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1AgileIT
 
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Edge Pereira
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SBerry Schreuder
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSKris Wagner
 
Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itPeter Daalmans
 
Enterprise mobility suite
Enterprise mobility suiteEnterprise mobility suite
Enterprise mobility suiteAli Mkahal
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...Jürgen Ambrosi
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivityDiana Carolina Torres Viasus
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...Jan Ketil Skanke
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Okta-Inc
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...Joris Faure
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Enabling the digital workspace
Enabling the digital workspaceEnabling the digital workspace
Enabling the digital workspacePeter Ward
 
The digital workplace with office 365
The digital workplace with office 365The digital workplace with office 365
The digital workplace with office 365Bill Ryan
 

Más contenido relacionado

La actualidad más candente

Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Edge Pereira
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SBerry Schreuder
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSKris Wagner
 
Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementOkta-Inc
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itPeter Daalmans
 
Enterprise mobility suite
Enterprise mobility suiteEnterprise mobility suite
Enterprise mobility suiteAli Mkahal
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...Jürgen Ambrosi
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivityDiana Carolina Torres Viasus
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_securityAnil Pandey
 
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...Jan Ketil Skanke
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Okta-Inc
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...Joris Faure
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 

La actualidad más candente (20)

Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory
 
Slim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+SSlim omgaan met uw mobiele devices - EM+S
Slim omgaan met uw mobiele devices - EM+S
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMS
 
Extending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT ManagementExtending Active Directory to Box for Seamless IT Management
Extending Active Directory to Box for Seamless IT Management
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
Enterprise mobility suite
Enterprise mobility suiteEnterprise mobility suite
Enterprise mobility suite
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor Technology
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...From classification to protection of your data, secure your business with azu...
From classification to protection of your data, secure your business with azu...
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 

Destacado

Enabling the digital workspace
Enabling the digital workspaceEnabling the digital workspace
Enabling the digital workspacePeter Ward
 
The digital workplace with office 365
The digital workplace with office 365The digital workplace with office 365
The digital workplace with office 365Bill Ryan
 
Get more out of office 365 and increase ROI
Get more out of office 365 and increase ROIGet more out of office 365 and increase ROI
Get more out of office 365 and increase ROItrimbledp
 
Driving the Digital Workplace with Office 365
Driving the Digital Workplace with Office 365Driving the Digital Workplace with Office 365
Driving the Digital Workplace with Office 365Bill Ryan
 
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...Amplexor
 
O365 Tools for Building a Digital Workplace
O365 Tools for Building a Digital WorkplaceO365 Tools for Building a Digital Workplace
O365 Tools for Building a Digital WorkplaceJeff Fried
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Nordic Infrastructure Conference
 

Destacado (7)

Enabling the digital workspace
Enabling the digital workspaceEnabling the digital workspace
Enabling the digital workspace
 
The digital workplace with office 365
The digital workplace with office 365The digital workplace with office 365
The digital workplace with office 365
 
Get more out of office 365 and increase ROI
Get more out of office 365 and increase ROIGet more out of office 365 and increase ROI
Get more out of office 365 and increase ROI
 
Driving the Digital Workplace with Office 365
Driving the Digital Workplace with Office 365Driving the Digital Workplace with Office 365
Driving the Digital Workplace with Office 365
 
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...
Amplexor lunch seminar - Enhancing your digital workplace with Microsoft Offi...
 
O365 Tools for Building a Digital Workplace
O365 Tools for Building a Digital WorkplaceO365 Tools for Building a Digital Workplace
O365 Tools for Building a Digital Workplace
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 

Similar a AzureAAD

Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicVMware Academy
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner EventVuzion
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Kesavan Munuswamy
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?Vignesh Ganesan I Microsoft MVP
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure PlatformDavid Chou
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access ManagementJarek Sokolnicki
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0Huy Pham
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 TrainningHuy Pham
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxjeffsrosalyn
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 

Similar a AzureAAD (20)

Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - Infographic
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event15th December 2016 - Microsoft Paddington Vuzion Partner Event
15th December 2016 - Microsoft Paddington Vuzion Partner Event
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
 
Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
What is Windows Azure Platform
What is Windows Azure PlatformWhat is Windows Azure Platform
What is Windows Azure Platform
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access Management
 
EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0EMS-HPT Template-v.1.0
EMS-HPT Template-v.1.0
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning1. Day 1 - Office 365 Trainning
1. Day 1 - Office 365 Trainning
 
School of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docxSchool of Computer & Information SciencesITS-532 Cloud C.docx
School of Computer & Information SciencesITS-532 Cloud C.docx
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 

AzureAAD

  • 1.
  • 2. CCS Technology is a Microsoft Partner Specializing in Infrasturcture Deployment, Managed Services, Custom Cloud Solutions and Custom Software Development www.CCSTechnologyGroup.com 224.232.5500 Palatine, Illinois ABOUT US
  • 5. WHAT IS AZURE..? Microsoft Azure delivers. Enterprise ready by design.
  • 6. Huge infrastructure scale is the enabler 19 Regions ONLINE…huge datacenter capacity around the world…and we’re growing  100+ datacenters  One of the top 3 networks in the world (coverage, speed, connections)  2 x AWS and 6x Google number of offered regions  G Series – Largest VM available in the market – 32 cores, 448GB Ram, SSD… Operational Announced Central US Iowa West US California North Europe Ireland East US Virginia East US 2 Virginia US Gov Virginia NorthCentralUS Illinois US Gov Iowa SouthCentralUS Texas Brazil South Sao Paulo West Europe Netherlands China North * Beijing China South * Shanghai Japan East Saitama Japan West Osaka India West TBD India East TBD East Asia HongKong SE Asia Singapore Australia West Melbourne Australia East Sydney * Operated by 21Vianet
  • 7.
  • 8. Control Your Identity Empower Enterprise Mobility Extend Your Infrastructure
  • 9.
  • 10. A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
  • 11.
  • 13. Self-service Single sign on ••••••••••• Username Identity as the control point Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
  • 16. Azure Active Directory Cloud App Discovery 10x Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates • SaaS app category • Number of users • Utilization volume Comprehensive reporting How Many SaaS apps are in use within your organization?
  • 18. Protect your data Enable your users Consistent User Experience Access & information protection Single User Identity Mobile device & application management
  • 19. Microsoft Azure Web Apps (Azure Active Directory Application Proxy) SaaS apps Integrated custom apps Other Directories
  • 20.
  • 22.
  • 23. No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Premium + Basic Features Group-based access management/provisioning Yes Yes Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes SLA Yes Yes
  • 24. Strengthening the authentication with Azure Multi-Factor Authentication What is multi-factor authentication? Multi-factor authentication, also commonly referred to as two-factor authentication, is a best practice for securing user access. It works by requiring any two or more of the following authentication factor:  A knowledge factor: something only you know (typically a password or a PIN).  A possession factor: something only you have (a trusted device that is not easily duplicated).  An inherence factor: something only you are (biometrics). The security of multi-factor authentication lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the trusted device. As already introduced, Azure MFA is, as its name indicates, an Azure service that helps safeguard access to data and applications by strengthening traditional sign-in approaches. In terms of applications, the service supports both cloud applications that use or integrate with Azure AD as well as on-premises applications using the Multi-Factor Authentication Server. With Azure MFA and the user’s telephone as the trusted device for a second or an additional factor of authentication: What is Azure Multi-Factor Authentication? You must have AAD Premium to use MFA
  • 25. Strengthening the authentication with Azure Multi-Factor Authentication How it Works Azure MFA offers the additional security you demand using the phones your users already carry. Multiple phone-based authentication methods are available, allowing users to choose the one that works best for them, and, support for multiple methods ensures additional authentication is always available: Multi-Factor Auth apps are available for Windows Phone, iOS phones and tablets, and Android devices. Automated phone calls are placed by the Azure MFA online service to any phone, landline or mobile. The user simply answers the call and presses # on the phone keypad to complete their sign in through a distinct channel. Text messages are sent by the Multi-Factor Authentication service to any mobile phone. The text message contains a one-time passcode. The user is prompted to either reply to the text message with the passcode or enter the passcode into the sign in screen. The users always sign in with their existing username and password. After the user’s credentials are verified, Multi-Factor Authentication is initiated using the above methods depending on the user’s enrollment. Azure Multi-Factor Authentication enables compliance with regulatory requirements for multi-factor authentication such as the following ones to name of few: NIST 800-63 Electronic Authentication Guidelines for Level 3 Assurance, HIPAA Requirements Relative to Electronic Protected Health Information (EPHI), Payment Card Industry Data Security Standards (PCI DSS), Criminal Justice Information System (CJIS) Security Policy, Authentication in an Internet Banking Environment Guidance (FFIEC).
  • 26. Self-service Single sign on ••••••••••• Username Focus on Single Sign On Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory Enable Directory SynchronizationEnable AAD SSO
  • 27.
  • 28.
  • 29. Depending on your Sync Method, you will have Single Sign On or Same Sign On Dirsync will provide you with the same UserName and Password Dirsync With ADFS will authenticate with your AD for Exact Same Sign On Single Sign On vs. Same Sign On What’s the difference?
  • 30. Do you really need AD FS? Office 365 doesn’t require every customer to deploy directory synchronization services or Active Directory Federation Services (AD FS). In reality, most organizations require only cloud identities, where users receive cloud credentials for signing in to Office 365 services. The cloud ID password policy is stored in the cloud with the Office 365 service. Cloud credentials are separate from other desktop or corporate credentials. Using cloud identities, one optional server may be deployed to support directory synchronization from your on-premises Active Directory. In environments with just a few users, directory synchronization isn’t required. Users may be provisioned manually through the Office 365 portal. Federated identities, on the other hand, enable users to sign in to Office 365 services by using their Active Directory credentials. The corporate Active Directory authenticates the users, and then stores and controls the password policy. Deploying AD FS requires additional expertise, introduces complexity, and has higher operational costs.
  • 31. Office 365 single sign on using AD FS and DirSync Office 365 same sign on using DirSync + Password Sync 1. The user logs on to a corporate network, and is authenticated to Windows Server Active Directory. 2. The user tries to access Office 365 (I am @contoso.com). 3. Office 365 redirects the user to Azure AD. 4. Since Azure AD can’t authenticate the user and understands there is a trust with AD FS on-premises, it redirects the user to AD FS 5. The user sends a Kerberos ticket to the AD FS STS. 6. AD FS transforms the Kerberos ticket to the required token format/claims and redirects the user to Azure AD. 7. The user authenticates to Azure AD (another transformation occurs). 8. Azure AD redirects the user to Office 365. 9. The user is silently signed on to Office 365 1. The user logs on to a corporate network, and is authenticated to Windows Server Active Directory. 2. The user tries to access Office 365 (I am @contoso.com). 3. Office 365 redirects the user to Azure AD. 4. Azure AD can’t accept Kerberos tickets directly and no trust relationship exists so it requests that the user enter credentials. 5. The user enters the same on-premises password, and Azure AD validates them against the user name and password that was synchronized by DirSync. 6. Azure AD redirects the user to Office 365. 7. The user can sign on to Office 365 and OWA using the Azure AD token.
  • 32. Extending Active Directory Domain Services to Azure is the first step to support line- of-business applications in Azure IaaS. Supports cloud-based solutions that require NTLM or Kerberos authentication, or domain-joined virtual machines. Adds additional integration potential for cloud services and applications and can be added at any time. This configuration is a hybrid deployment of Active Directory on-premises and in Azure. It requires: • A virtual network in Azure IaaS. • A VPN connection or ExpressRoute connection. • Extending your on-premises IP address range to virtual machines in the virtual network. • Deploying one or more domain controllers to Azure designated as a global catalog server (reduces egress traffic across the VPN connection).This identity architecture supports a different set of solutions and applications compared to synchronization with Azure Active Directory.
  • 33. Authentication is directed to the ADFS via the Web Application Proxy All On Premise at your location or your Hosted Datacenter When you lose connectivity or have an outage, your cloud authentication is out too Traditional on-premises AD FS deployment
  • 34.
  • 35. The Azure AD Sync tool can be hosted in the cloud using Azure IaaS. • Potentially faster provisioning and lower cost of operations • Increased availability The architecture illustrated on the right details how you can configure Azure AD Sync Tool on IaaS. This solution works with with: • Office 365 services • Applications in Azure that are available over the Internet • Business applications in Azure that are available from on-premises environments through the secure VPN Azure Active Directory Sync Tool
  • 36. If you haven t already deployed AD FS on-premises, consider whether the benefits of deploying this workload to Azure makes sense for you organization. • Provides autonomy for authentication to cloud services (no on-premises dependencies). • Reduces servers and tools hosted on-premises. • Uses a site-to-site VPN gateway on a two-node failover cluster to connect to Azure (new). • Use ACLs to ensure that Web Application Proxy servers can only communicate with AD FS, not domain controllers or other servers directly. This solution works with: • Applications that require Kerberos • All of Microsoft s SaaS services • Applications in Azure that are Internet-facing • Applications in Azure IaaS or PaaS that require authentication with your corporate Active Directory Domain Services AD FS + AD Sync Tool
  • 37. AD FS + Sync Tool Full DR deployment
  • 38. Aim for consistency of the user experience for: • The authentication process • Required credentials Utilizing Windows credentials, whether against Active Directory on-premises or by SAML authentication with Azure Active Directory, ensures that users can quickly authenticate and focus on their tasks. Build your Applications for AAD
  • 39.
  • 40. CCS TECHNOLOGY GROUP, LLC 1540 E. Dundee Road, Suite 104 Palatine, IL 60074 224.232.5500 www.ccstechnologygroup.com @CCS4IT THANK YOU

Notas del editor

  1. In the last few years, we have seen an explosive growth in the use of the public cloud. While most of the initial adoption was seen by startups and smaller orgs, most of the new growth will come from larger organizations adopting the public cloud. Why? SPEED: Provision Servers and Services IN Minutes. Want to try something? Spin it up, work on it, and if it works, great. If not, turn it off. All done. That alone is driving Innovation. Help your business move forward against the competition. In fact, it is the speed and agility that traditional IT hasn’t been able to provide that is causing droves of business units to use their credit cards to procure computing resources outside of the purview of the IT. SCALE: Cloud gives you an almost infinite set of computing resources. Your applications will enjoy massive global scale, and can easily scale up or down depending on the demand. That means, you never have to worry about running out of capacity or worry about overprovisioning. You use just enough resources for your needs - nothing more, nothing less. ECONOMICS: And of course, you’re paying only for what you use in the Cloud. This in itself saves you money for any app that has variable computing needs. For some organizations, there is also an additional benefit of changing CapEX to OpEX, which frees up capital from infrastructure investments so it can be put to other uses.
  2. We have two opposing forces both looking to the cloud for solutions. Business Innovation vs. IT. Departments want to try things, IT is responsible to guard, protect and support. It’s not a fair fight.
  3. Windows Azure is a true enterprise ready platform that can help both sides. IT can put the controls in place, and Departments can have freedom to try things.
  4. Microsoft has delivered a huge infrastructure around the globe.
  5. Azure is the most complete cloud offering available. You can build IaaS with VMs, virtual networks and storage. PaaS with Web Sites and SQL Databases, SaaS with Office 365 and Dynamics CRM. Azure supports more than Microsoft software and tools.
  6. Let’s focus on what Azure brings to the IT PRO to put you back in the good graces of your Line of Business Managers. It provides the framework to Control the Identity (user access control) Extend your Infrastructure, quickly, low cost, low investment Empowering the mobile workforce as we break the binds of the Office and the Server Room.
  7. An average user already deals with a bunch of usernames and passwords for his on-premises applications, and [Click] cloud based applications are piling up with an increasing pace. There are already enterprises that have many cloud based applications in their environment. (There are more than 20.000 SaaS apps in the market already according to IDC)   Huge amounts of money have been invested in on premises identity and access management solution without actually having the problem of Single Sign On solved. Help centers and IT departments all over the world can confirm that. If you add personal cloud applications' identities into the mix along with the desire to access applications from different devices, you get many frustrated users who voice their unhappiness and place pressure on IT for simpler solutions. The challenge for IT in today’s world of many devices, on premises apps, cloud apps, and hybrid apps is that they are not always aware of all the cloud-based applications their users are accessing. IT has not purchased or deployed these apps and in most cases they have no visibility into how they were purchased or if they are being managed. With the dramatic increase in cloud applications and the ease of sign up and free trials, Management and users are asking from IT departments to provide single sign on from everywhere to everything…   A solution to this problem could be a federation with each and every one of those cloud-based applications. But not all of them are using the same protocols or standards when it comes to identity management, which can make federation a very difficult task. Instead, organizations need a hub that can sync their on-premises Active Directory, seamlessly connect with many cloud applications, can integrate with various protocols and can scale around the globe to authenticate users everywhere from any device in a way that integrates simply with their existing identities. With more than 95% of fortune 1000 organizations using Windows Server Active Directory on premise, they would prefer not to reinvent the wheel or recreate all of their identities. The good news is that they don’t have to. That’s exactly what Windows Azure Active Directory provides. And it does that in a secure and comprehensive manner. Multi0factor authentication can provide an additional way to increase access protection even more
  8. With a central management interface, the IT Pro can grant or revoke access to resources in the office or in the cloud
  9. We are designing a way for IT to easily stay in control of User Access, provide true Single Sign On to both internal and cloud applications, and even extend Self Service features to the Users.
  10. Users want to use their choice of devices and Apps to get at the data they want. IT can be viewed as a roadblock, or an enabler.
  11. LOOK Familiar?!
  12. 10 X more than you think!
  13. IT can get back in the game and be the enabler
  14. Azure Active Directory is the central control, extending your local ID to the cloud and providing the control over the explosion of Web Apps.
  15. How Many? As of October 2014, there were 2400+ apps supported
  16. IT Developers can easily build the integration using any number of standard methods
  17. Of course, once you set up VPN connectivity, you’re treating the virtual network in Azure almost as if it were an extension of your on-prem datacenter. You can domain join your VMs with an AD running on-premises or an AD running inside of the virtual network. You can have hybrid multi-tier apps with perhaps the presentation and logic tiers running in Azure, and the database tier running on-premises for compliance reasons.   <From IaaS scenario for AD> Identity with AD in Virtual Machines Hybrid apps and hybrid IT: When apps live both in the cloud and on-premises, and need to synch with on-premises directory, simply bring DirSync into Virtual Machines. Specific AD capabilities in the cloud: When applications in need of on-premises optimized AD capabilities are moving to cloud and Windows Azure Active Directory is not the solution, bring your AD into Virtual Machines. Same AD, same skill sets and same trustworthy capabilities. Identity synch with Office 365: When you need to synch identity with O365 and want to minimize your on premise identity infrastructure, rely on running AD in Virtual Machines. Even when you have an on-premises identity infrastructure synching with Office 365, simply build your high availability copy in Virtual Machines and keep working when internet connectivity is down.  
  18. You must have AAD Premium to use MFA
  19. How do we make the user experience manageable? What if we can eliminate all the username and password clutter? WE CAN with SSO! Get an Azure Active Directory, if you are using Office 365 or Azure, you already have one. Assuming you already have a Windows Server Active Directory, we deploy Synch. Then Turn on the SSO features in the Azure AAD to manage the cloud apps.
  20. Run the AD Cartoon 0-3:00 for base information 3:05 for AAD information 5:45 to describe how applications work with AAD 9:46 to end for developer