Accelerate your journey to the cloud with integrated
30 Slides1.69 MB
Accelerate your journey to the cloud with integrated Enterprise Mobility identity ITPRO05
What we will discuss Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business better
The current reality EC2 On-premises Managed devices Private cloud
Identity as the control plane Simple connectio n Windows Server Active Directory Other directories Selfservice Single sign-on Username SaaS Azure Public cloud Onpremises Microsoft Azure Active Directory Office 365 Cloud
Identity and access management evolution Azure Active Directory On-premises Event – Mobility Hybrid Event-Win 8.x/10 Cloud Managed: Microsoft System Center Configuration Manager iOS, Android, Windows Phone, BYOD Managed: Microsoft Intune connected to System Center Configuration Manager Deployment of cloudenabled rich clients Managed by EMS: combination of mobile clients (iOS, Android) and cloudenabled clients (Windows 10) On-premises LOB applications, traditional productivity Mobile apps, shadow IT SaaS solutions On-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation Managed cloud identities with MultiFactor Authentication Managed SaaS and Office 365 Enterprise, full Azure IAM
Azure Active Directory momentum Microsoft’s “Identity Management as a Service (IDaas)” for organizations Azure Active Directory supports identity across Azure, Office 365 and 3rd party clouds Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B) 86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI) More than Azure AD manages identity data for 7 M 500 M user accounts on Azure Active Directory organizations 35k 1 Third party Trillion applications used with Azure AD authentication s since the release of the service Azure AD each month Copyright (c) 2015 Microsoft Corporation 1 Billion authentication s every day on Azure AD 6
Scenario 1 Get identities to the cloud #
Customer story: British Airways Challenge Employees operate in more than 75 countries How do they encourage employees to connect? Colleagues are not often behind PCs Solution Share identity with your directory in the cloud Encourage collaboration with Yammer! Focus on web-based productivity from anywhere Approach On-premises identity shared to the cloud
Office 365 identity models Synchronized identity Onpremises directory Federated identity Cloud identity Onpremises directory Azure AD Connect Federation On-premises identity On-premises identity Azure AD Connect Zero on-premises servers
Synchronized identity model Password hashes Synchronized identity User accounts Azure AD Connect Sign in User On-premises directory
Password hash sync security Password hash AD DS It is not reversible to get the user’s password. A hash Azure AD Extra securit y Hashes are mathematical functions that are nearly impossible to reverse. The result of the hash algorithm is called a digest. On-premises directory Additional processing We further process it with a one-way hash SHA256 algorithm. Connections are only to the Azure AD service and are SSL encrypted. Password Hash User Enables Azure AD to validate the user’s password when they log on.
Demo Task Synchronize cloud-ready identities with Azure AD Connect Steps 1) 2) 3) 4) 5) Install Azure AD Connect Review four-step Express settings Customize apps Customize attributes Customize writeback Result Identities are in the cloud and ready for SSO to Office 365
Making the scenario successful Tip #1 Tip #2 Tip #3 Perform an Active Directory health check first to make sure your identities are cloudready For most organizations, Azure AD Connect’s Express settings work well Azure AD Connect offers write back of passwords, users, groups, and devices
Scenario 2 Mix on-premises and cloud identity for improved PC, mobile, and web productivity #
Customer story: Aston Martin Challenge Need security and compliance for a global brand 15-person IT department demands ease-of-use Must protect intellectual property Solution Group policy on-premises, conditional-access cloud MDM for Office 365 to enforce mobile security Azure RMS for file encryption and policy Approach Hybrid identity, still evolving
Federated identity model Password hashes Federated identity User accounts Azure AD Connect Sign in Authentication AD FS User Authentication On-premises directory
Password sync backup for federated sign on Backup password hash sync Federated identity User accounts Azure AD Connect This new backup solution for Office 365 customers using federated sign on provides the option to manually switch their domain in a short amount of time during outages, such as on-premises power loss, internet connection interruption, and any other on-premises outages. AD FS On-premises directory
AD FS is also easy Use experienced deployment staff Use Azure AD Connect Read the TechNet Deployment Guide http://technet.microsoft.com/en-us/library/jj205462.aspx Only implement the Office 365 requirements The only certificate required is the SSL certificate Prepare with firewall update permissions
Demo Task Use Azure AD Connect to sync username, etc., and AD FS for password authentication Steps 1) 2) 3) 4) 5) Modify Azure AD Connect installation Review optional AD FS configuration Deploy AD FS for password proxy authentication Enable Office 365 backup password hash Consider AD FS load balanced or high availability Result SSO to Office 365 optionally without password hash sync
Making the scenario successful Tip #1 Tip #2 Tip #3 Determine if security or compliance policies within your organization require this configuration AD FS requires additional servers to implement, so plan hardware and system requirements accordingly Windows Server 2012 R2 AD FS is currently required for use with Azure AD Connect
Scenario 3 Cloud identity helps you run your business better #
Customer story: GameStop Challenge More than 6,000 locations worldwide The gamer experience thrives on loyalty Retail portal needed to ensure consistency Solution Focus on an excellent user experience Superior level of security required GameStop retail portal built in Microsoft’s cloud Approach Cloud identity managed in Azure AD
Cloud identity model http://portal.office.com User accounts User Cloud identity Azure Active Directory
Demo Task Use cloud identity with Office 365 Steps 1) 2) 3) 4) 5) Log on to the Office 365 admin center Under “users and groups,” review configuration Create a user profile Edit profile Review “settings” and “licenses” Result Versatile, cloud-only identities, ready for Office 365
Making the scenario successful Tip #1 Tip #2 Tip #3 Cloud-only identities are well suited to a distributed, mobile workforce Rich profile information in Office 365 can provide useful identity information Make sure to assign an Office 365 license to your users
What we discussed Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business better
Next steps To explore Try Enterprise Mobility now http://www.microsoft.com/ems TechNet @ http://technet.microsoft.com/ MSDN @ http://www.msdn.com/ http://aka.ms/ITInnovation To do Rate the session Q&A Accelerate your journey to the cloud with integrated identity
2015 Microsoft Corporation. All rights reserved.