Successfully reported this slideshow.
Your SlideShare is downloading. ×

Identity management challenges when moving share point to the cloud antonio maio

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 38 Ad

More Related Content

Similar to Identity management challenges when moving share point to the cloud antonio maio (20)

Advertisement

More from AntonioMaio2 (19)

Recently uploaded (20)

Advertisement

Identity management challenges when moving share point to the cloud antonio maio

  1. 1. Protiviti Antonio Maio Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Identity Management Challenges Moving SharePoint to the Cloud Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
  2. 2. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. About Protiviti INDIA (3) Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE® 1000 and Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. • 2,500+ professionals • 1,000+ clients • 70+ offices • Over 20 countries in the Americas, Europe and Asia-Pacific Protiviti is one of the fastest growing consulting firms worldwide. Our revenues have increased from US $15 million in 2002, to US $423.8 million in 2011.
  3. 3. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. • Sensitive data • Access systems and data • Log/track access • Malicious access to systems/data • Business Identity Theft
  4. 4. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. …moving to the Cloud
  5. 5. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Why Hybrid? • Get started slowly | Take small steps | Explore cloud services • Access to collaboration features for extranet & remote users • Employees connect to Corp. resources/content from almost anywhere • 3rd party solutions or custom code – continue to use & extend to cloud • Retain corporate control & storage of sensitive data Hybrid Deployments
  6. 6. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Identity Models for Office 365
  7. 7. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Cloud Identity Model
  8. 8. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Synchronized Identity Model
  9. 9. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Federated Identity Model
  10. 10. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Select the Simplest Model
  11. 11. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Selecting an Identity Model I need to… Directory Sync Scenario Directory Sync with Password Sync Directory Sync with Single Sign-On Sync new user, contact, & groups created in on-premises Active Directory to cloud automatically Sync incremental updates made to existing accounts in on-premises Active Directory to cloud automatically Set up my tenant for Office 365 hybrid scenarios Enable users to sign in to cloud services using on-premises password Reduce password administration costs Control password policies from on-premises Active Directory Enable cloud-based multi-factor authentication solutions Enable on-premises multi-factor authentication solutions Ensure user authentications occur in on-premises Active Directory Implement single sign-on using corporate credentials Customize the user Sign-In page Limit access to cloud services based on the location, client type or Exchange endpoint of the client
  12. 12. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Synchronization 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization
  13. 13. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. DEMONSTRATION
  14. 14. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Synchronization 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization
  15. 15. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Alternate UPN Suffix for .local Domain
  16. 16. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Alternate UPN Suffix for .local Domain
  17. 17. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Clean up Active Directory – set UPN for each user identity
  18. 18. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Clean up Active Directory – set proxyAddresses each user identity
  19. 19. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Clean up Active Directory – set proxyAddresses each user identity
  20. 20. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Synchronization 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization
  21. 21. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Register Domain with Office 365 & Validate Ownership
  22. 22. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Register Domain with Office 365 & Validate Ownership
  23. 23. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Register Domain with Office 365 & Validate Ownership
  24. 24. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Register Domain with Office 365 & Validate Ownership
  25. 25. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Register Domain with Office 365 & Validate Ownership
  26. 26. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Activate Directory Synchronization
  27. 27. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • Activate Directory Synchronization
  28. 28. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Sync 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization • Requires: AD Enterprise Domain Admin Acct • Requires: O365 Service Admin Acct
  29. 29. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Synchronization 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization
  30. 30. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync • After users & groups are synchronized
  31. 31. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Directory Sync Multi-steps process 1. Prepare for Directory Synchronization • Prerequisites, Permissions, Understand Limits • Alternate UPN Suffix for .local Domain • Clean Up Active Directory 2. Activate Directory Synchronization • Register your Domain with Office 365 & Validate Ownership • Use “Microsoft Deployment Readiness Tool” 3. Setup Directory Synchronization Server • Option: Hybrid Deployment • Option: Enable Password Synchronization 4. Synchronize Directories 5. Activate Users & Assign Office 365 Licenses 6. Manage Directory Synchronization
  32. 32. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Identity Federation Multi-steps process: 1. Prepare for Single Sign On • Prerequisites, Prepare Active Directory • Prepare Network infrastructure for Federation servers 2. Setup the On Premise Security Token Service (STS) - Active Directory Federation Services (ADFS) • Set up Windows PowerShell for SSO with AD FS • Set up trust between AD FS and Azure AD 3. Setup Directory Synchronization 4. Verify & Manage Single Sign On
  33. 33. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Identity Federation Multi-steps process: 1. Prepare for Single Sign On • Prerequisites, Prepare Active Directory • Prepare Network infrastructure for Federation servers 2. Setup the On Premise Security Token Service (STS) - Active Directory Federation Services (ADFS) • Set up Windows PowerShell for SSO with AD FS • Set up trust between AD FS and Azure AD 3. Setup Directory Synchronization 4. Verify & Manage Single Sign On
  34. 34. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Identity Federation Multi-steps process: 1. Prepare for Single Sign On • Prerequisites, Prepare Active Directory • Prepare Network infrastructure for Federation servers 2. Setup the On Premise Security Token Service (STS) - Active Directory Federation Services (ADFS) • Set up Windows PowerShell for SSO with AD FS • Set up trust between AD FS and Azure AD 3. Setup Directory Synchronization 4. Verify & Manage Single Sign On
  35. 35. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Configuring Identity Federation Multi-steps process: 1. Prepare for Single Sign On • Prerequisites, Prepare Active Directory • Prepare Network infrastructure for Federation servers 2. Setup the On Premise Security Token Service (STS) - Active Directory Federation Services (ADFS) • Set up Windows PowerShell for SSO with AD FS • Set up trust between AD FS and Azure AD 3. Setup Directory Synchronization 4. Verify & Manage Single Sign On
  36. 36. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Overall Benefits • Reduced administration costs • Leveraging your already existing on-premises user and group accounts • Improved productivity • Significantly reduce the amount of time it takes to make cloud based services accessible • Increased security • Ensures that only those appropriate users have access to your corporate assets
  37. 37. © 2014 Protiviti Consulting Private Ltd. An Equal Opportunity Employer. CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party. Step by Step Procedures Please see 2 blog posts: • Part 1: http://sharepoint.protiviti.com/blog/Lists/Posts/Post.aspx?ID=142 • Part 2: http://sharepoint.protiviti.com/blog/Lists/Posts/Post.aspx?ID=165 This deck will be posted to my blog: www.trustsharepoint.com
  38. 38. Email: Antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2 Identity Management Challenges when moving SharePoint to the Cloud Antonio Maio Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Thank You – Question and Answer

Editor's Notes

  • Most sensitive information: employees, partners, clients
    With many online services available & constant reports of identity thefts
    org’s are becoming concerned with protecting id’s and info they contain
    How – when moving a collab platform like SP to cloud provider like O365 – presents challenges
    …intro

    Abstract: Identity Management Challenges when moving SharePoint to the Cloud
    Some of the most sensitive information in our organizations are our identities - the identities of our employees, our partners and of our clients. With the many online services available to us and the constant public reports about massive identity thefts, businesses are becoming increasingly concerned with protecting those identities and the information they contain. But - how do you effectively protect identity information when moving a collaboration platform like SharePoint to a cloud provider like Office 365? This can present interesting challenges.

    My name is Antonio Maio and identity is something that I’m passionate about. I’m here to talk to you today about how we manage those identities in a secure way and overcome some of those challenges - challenges like single sign on, storing sensitive identity information and identity synchronization. In this session we'll explore those challenges and provide a short walk-through of the capabilities that Microsoft has built to effectively solve these challenges.


    Bio
    Antonio Maio is an information security professional with over 20 years of experience in cyber security practices and systems. Based in the Dallas/Fort Worth area, Antonio is a senior manager and senior SharePoint architect with Protiviti. His varied background includes in-depth knowledge of public key infrastructure, identity management and access control systems, as well as information security best practices. His broad knowledge and experience with Microsoft SharePoint extends over the last 8 years and focusses on solving security challenges for enterprise customers, military organizations and governments. Antonio is passionate about helping customers be productive with software and he has received a Microsoft MVP Award (Most Valuable Professional) for the last 3 consecutive years specializing in Microsoft SharePoint Server. When he’s not working with customers to help them get the most out of SharePoint, he can be found contributing to the SharePoint community either through sessions at user group meetings and conferences or through his blog at www.trustsharepoint.com.
  • Protiviti is a global consulting firm with over 70 offices and 2500 professionals worldwide
    We’ve served over 40% of the world’s fortune 1000 enterprises
    Our organization includes leading consulting practices in the areas of internal audit, health care, risk, governance and IT security
    We also have an award-winning SharePoint consulting practice - where we’ve helped over 1000 organizations with all aspects of their SharePoint implementation
    these clients also look to us to guide them in establishing appropriate SharePoint security controls and planning their governance strategy for SharePoint
    …and that’s what we’re here today to talk about
  • Identities are primarily digital.

    Most sensitive information: employees, partners, clients
    With many online services available & constant reports of identity thefts
    org’s are becoming concerned with protecting id’s and info they contain
    How – when moving a collab platform like SP to cloud provider like O365 – presents challenges
    …intro

    Abstract: Identity Management Challenges when moving SharePoint to the Cloud
    Some of the most sensitive information in our organizations are our identities - the identities of our employees, our partners and of our clients. With the many online services available to us and the constant public reports about massive identity thefts, businesses are becoming increasingly concerned with protecting those identities and the information they contain. But - how do you effectively protect identity information when moving a collaboration platform like SharePoint to a cloud provider like Office 365? This can present interesting challenges.

    My name is Antonio Maio and identity is something that I’m passionate about. I’m here to talk to you today about how we manage those identities in a secure way and overcome some of those challenges - challenges like single sign on, storing sensitive identity information and identity synchronization. In this session we'll explore those challenges and provide a short walk-through of the capabilities that Microsoft has built to effectively solve these challenges.

    Why we secure identities:
    Contain sensitive data
    Used to access systems and data
    Used to log/track access
    Lead to malicious access to systems/data
    Lead to Business Identity Theft
  • Why Hybrid?
    Get started slowly in the cloud; Take small steps & explore cloud services as needed
    Provide access to collaboration features for extranet users & remote divisions
    Enterprise users can connect to corporate resources & content from almost anywhere
    Continue using 3rd party solutions or custom code & extend them to the cloud when needed
    Retain corporate control & storage of sensitive data

    Common SharePoint Scenarios
    Search content in both SharePoint 2013 on prem & SharePoint Online
    Seamlessly access files/data in SharePoint Server 2013 on prem & SharePoint Online
    Access corporate line of business systems (ex. SAP) from SharePoint 2013 on prem & SharePoint Online
    Extend SharePoint 2013 on prem solutions using business connectivity services (BCS) to SharePoint Online
    Keep sensitive corporate data within SharePoint 2013 on prem, with non-sensitive data in SharePoint Online
  • Overall Benefits:
    Reduced administration costs - Leveraging your already existing on-premises user and group accounts, eliminates the need to manually manage them in your Azure AD, which removes a costly manual operation from your budget.
    Improved productivity - By automating the process of synchronizing user and group accounts, you can significantly reduce the amount of time it takes to make cloud based services accessible for your employees.
    Increased security - Automated provisioning and de-provisioning of user and group accounts ensures that only those physical entities have access to your corporate assets that really require it as long as they need it.

×