Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Azure Active Directory


Published on

Sovelto Aamiaisseminaari 23.1.2015
Mika Seitsonen

Published in: Technology

Azure Active Directory

  1. 1. Vartti tunnista Azure Active Directory Mika Seitsonen
  2. 2. Kouluttajanne Mika Seitsonen • Faktat • M.Sc., University of Nottingham, U.K. • DI, Lappeenrannan teknillinen yliopisto • Co-author of "Inside Active Directory" • Sovelto • Senior-konsultti, vt. osaamisaluevastaava: Teknologia-asiantuntijat • Microsoft Certified Trainer (MCT) vuodesta 1997, Microsoft Certification ID 414xxx • MCSE: Communications • MCSA: Office 365, Windows 2008, Windows 7 • MS: Implementing Microsoft Azure Infrastructure Solutions • Yhteystiedot • e-mail • Twitter @MikaSeitsonen • Moottoriurheil(ija)un innokas seuraaja • Kuvattuna Päijänteen Ympäriajo:ssa 2009
  3. 3. Identity considerations: Cloud, Sync or Federated?     Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud B2B federated identity allows customers to securely share and collaborate with each other
  4. 4. Self-service Single sign on ••••••••••• Username Identity as the control plane Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
  5. 5. A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
  6. 6. No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Premium + Basic Features Group-based access management/provisioning Yes Yes Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes SLA Yes Yes Kurantti informaatio osoitteessa
  7. 7. Azure Active Directory Connect* Microsoft Azure Active Directory Other Directories PowerShell LDAP v3 SQL (ODBC) Web Services ( SOAP, JAVA, REST) *
  8. 8. Azure Active Directory Connect Consolidated deployment assistant for your identity bridge components Progressive learning while configuring the components ADFS is optional DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector Sync Engine
  9. 9. Microsoft Azure Microsoft Azure
  10. 10. SaaS appsMicrosoft Azure Active DirectoryOther Directories
  11. 11. Microsoft Azure Active Directory Identities and applications in one place. Web Apps (Azure Active Directory Application Proxy) SaaS apps Integrated custom apps Other Directories
  12. 12. Microsoft Azure Active Directory Corporate Network DMZ https://app1- A connector that auto connects to the cloud service http://app1
  13. 13. IT professional
  14. 14. alerts.
  15. 15. alerts.
  16. 16. How it works
  17. 17.
  18. 18.
  19. 19. Azure Active Directory 12-month investments Business to Business Business to Consumers Device Registration Administrative Units Cloud Domain Joined (Windows 10) Conditional Access
  20. 20. Roles Based Access Control Today RBAC to Azure Subscription Tomorrow RBAC to 3rd Party SASS apps Reade r SasS SasS Contributor SasS Owne r SasS SasS SasS Sas S Sas S Reade r ContributorOwne r Assign roles to users and groups at subscription, resource group, or resource level Assignments inherit down the hierarchy Use built-in roles with pre- configured permissions (at preview) Create custom roles (post preview)
  21. 21. B2B: cross-organization collaboration “I need to let my partners access my company’s apps using their own credentials.” Share without complex configuration or duplicate users. A user at a large partner may log into my company’s apps with their Active Directory usernames and passwords. A user at a smaller partner may log into my company’s apps with their Office 365 usernames and passwords. Admin configures sharing for cloud apps. “I can’t email my 25 MB file and need to share it with a partner using” Seamlessly provide Azure Active Directory to customers & partners For example, a user at a partner can set up everyone in their company. Users can bring their own email-based or social identities.
  22. 22. Contoso Azure Active Directory Global admins Org-wide permissions Manage global settings Create structure and policy Delegate permissions and resources Regional admins Manage regional users, devices, and applications Set local policy Regional policy and app management “Must login with MFA” “Have license/access to regional apps” Support for distributed organizational models Autonomous mgmt. while keeping common identity and org boundary Delegate administration to subsidiaries User management App procurement and mgmt. Scope policy US East Germany India AsiaEuropeNorth Am Administrative Units: In private preview
  23. 23. Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of thousands to millions) of individual customers, and whose business success depends upon consumer adoption of web applications for improving customer satisfaction and reducing operational costs. Azure Active Directory B2C(Business-to-Consumer ) Azure Active Directory B2Cwill include : Self-Service User registration Login with Social IdP or create your own credentials Optional MFA Bulk user import tools SSO to multiple web sites User interface customization
  24. 24. Cloud Domain Join makes it possible to connect work-owned Windows devices to your company’s Azure Active Directory tenancy in the cloud. Users can sign-in to Windows with their cloud-hosted work credentials and enjoy modern Windows experiences. Cloud Domain Joined Devices Enterprise compliant Services Roaming Settings, Windows backup/Restore, Store access… Data stored in enterprise compliant backend services onAzure. Noneedto addapersonal Microsoft account. SSO from the desktop to org resources SSO from desktop toOffice365 and1,000’s ofenterprise apps, websites andresources. Access enterprise-curated Store andinstall apps using awork account. Management Automatic MDMenrollment during first-run experience. Support for hybrid environments Traditional Domain Joined PCs also benefit from CloudDomain Join functionality whenthe on-prem Active Directory is connectedwith an Azure Active Directory in thecloud. Cloud Domain Join
  25. 25. Mitä sinun pitää tehdä (ellet ole jo tehnyt) • Luo ja sen jälkeen kokeile maksutonta Office 365 -tilausta • • Luo ja sen jälkeen kokeile maksutonta Intune-tilausta • • Muista kirjautua O365-tililläsi • Luo ja sen jälkeen kokeile maksutonta Azure-tilausta • • Huom: vaatii luottokortin numeron, luottokorttia ei laskuteta 26
  26. 26. Lisäinformaatiota • EMS-testiympäristö minuuteissa käyttöön • Oma labra pystyyn 27
  27. 27. Sovelton kursseja aiheen tiimoilta • Microsoft kumppaneille • Business Anywhere (vain Microsoft-kumppaneille) 26.1. tai 4.5. • Partner Practice Enablement: Microsoft Enterprise Mobility Suite (EMS) 23.-24.2. tai 23.-24.3. • Kaikille asiantuntijoille • Microsoft Intune hallinta 22.-23.4. • 55065 Microsoft Azure IT-asiantuntijoille 11.-13.3. • 20533 Implementing Microsoft Azure Infrastructure Solutions 13.-15.4. • 20532 Developing Microsoft Azure Solutions 10.-13.3. 28
  28. 28. KIITOS! 29