Successfully reported this slideshow.

[AFUN90] Azure Identity Fundamentals

Apr. 19, 2020
0 likes 195 views
Upcoming SlideShare
[IGNITE2018] [BRK3491] Azure Backup and Site Recovery
[IGNITE2018] [BRK3491] Azure Backup and Site Recovery
Loading in …3
×
1 of 61
1 of 61

[AFUN90] Azure Identity Fundamentals

Apr. 19, 2020
0 likes 195 views

Download to read offline

Technology

Descrição: A identidade é o coração da maioria das cargas de trabalho no Azure, e o Tailwind Traders deseja implementar o Azure Active Directory de uma maneira que combine corretamente suas identidades locais com as exigidas na nuvem.

Nesta sessão, aprenda a diferença entre autenticação e autorização, bem como diferentes modelos de identidade.

Em seguida, explore os benefícios do acesso condicional e da autenticação multifatorial (MFA) e conclua com uma demonstração mostrando como implementar esses tipos de proteção extra.

Descrição: A identidade é o coração da maioria das cargas de trabalho no Azure, e o Tailwind Traders deseja implementar o Azure Active Directory de uma maneira que combine corretamente suas identidades locais com as exigidas na nuvem.

Nesta sessão, aprenda a diferença entre autenticação e autorização, bem como diferentes modelos de identidade.

Em seguida, explore os benefícios do acesso condicional e da autenticação multifatorial (MFA) e conclua com uma demonstração mostrando como implementar esses tipos de proteção extra.

Technology

Recommended

More Related Content

Featured

Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
Shorter ER Wait Times
Knowledge@Wharton
Asia's Artificial Intelligence Agenda. MIT Technology Review
Alexander Jarvis
Martin Luther King's Pearl Of Wisdom!
SurveyCrest
Teaching Students with Emojis, Emoticons, & Textspeak
Shelly Sanchez Terrell
Inaugural Addresses
Booz Allen Hamilton
How to think like a startup
Loic Le Meur

Related Books

Free with a 14 day trial from Scribd

See all
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
System Identification: Tutorials Presented at the 5th IFAC Symposium on Identification and System Parameter Estimation, F.R. Germany, September 1979 Elsevier Books Reference
(4/5)
Free
Energy Conservation in Buildings: The Achievement of 50% Energy Saving: An Environmental Challenge? Elsevier Books Reference
(4/5)
Free
Young Men and Fire: Twenty-fifth Anniversary Edition Norman Maclean
(4.5/5)
Free
Longitude: The True Story of a Lone Genius Who Solved the Greatest Scientific Problem of His Time Dava Sobel
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free

[AFUN90] Azure Identity Fundamentals

  1. 1. Resources aka.ms/AFUN90Repo aka.ms/AFUN90 aka.ms/mymsignitethetour
  2. 2. devices datausers apps Windows Server Active Directory Security used to be so much easier
  3. 3. Simplify access to devices and apps Protect at access attempt Safeguard their credentials Identity & Access Goals
  4. 4. Identity & Access Goals
  5. 5. aka.ms/AFUN90 #MSIgniteTheTour How does Tailwind Traders customize Azure Active Directory and configure administrative permissions?
  6. 6. Demo: Configuring Azure Active Directory and an administrator account
  7. 7. Microsoft’s Cloud-Based Identity and Access Management Service A dedicated and trusted instance of Azure AD that represents a single organization Initial Domain will be x.onmicrosoft.com
  8. 8. Some Critical Azure AD Administrative Roles Role Function Global Administrator • Have access to all administrative features of Azure Active Directory • Different from “classic” Service Administrator role Billing Administrator • Make purchases • Manage subscriptions • Manage support tickets • Monitor service health Application Administrator • Create and manage all aspects of enterprise applications Authentication Administrator • Can set or reset non-password credentials • Can update passwords for all users Helpdesk Administrator • Change passwords • Invalidate refresh tokens • Manage service requests and monitor service health
  9. 9. Microsoft’s Identity Services
  10. 10. Office 365 and Microsoft 365
  11. 11. aka.ms/AFUN90 #MSIgniteTheTour How does Tailwind Traders synchronize on- premises and cloud identities?
  12. 12. Demo: Configuring Azure AD Connect
  13. 13. Microsoft’s Identity Services
  14. 14. Azure AD Connect Seamless authentication Sync engine On-premises / Private cloud Azure AD ConnectWindows Server Active Directory Self Service MFA Single sign-on Microsoft Azure Active Directory
  15. 15. ON PREMISES Azure AD Azure AD Connect Active Directory Secure and compliant Only non-reversible hashes are stored in the cloud Leaked credential report available Easy to deploy & administer No on-premises agent needed Small on-premises footprint Great user experience Same passwords for cloud-based and on-premises apps Integrated with Smart Lockout, Identity Protection and Conditional Access Disaster recovery option incase other authN methods are unavailable Password Hash Sync
  16. 16. ON PREMISES Azure AD AuthN Agent AuthN agent Active Directory Secure and compliant Passwords remain on-premises No DMZ and no inbound firewall requirements Easy to deploy & administer Agent-based deployment High availability out-of-the-box No complex on-premises deployments or network config Zero management overhead Great user experience Same passwords for cloud-based and on-premises apps Integrated with Self-Service Password Reset Integrated with Smart Lockout, Identity Protection and Conditional Access Pass thru Authentication
  17. 17. ON PREMISES Active Directory Easy to administer No additional on-premise infrastructure Register non-Windows 10 devices without AD FS Great user experience SSO experience from domain- joined devices within your corpnet Easy to integrate Works with Password Hash Sync and Pass-through Authentication Supports Alternate Login ID Azure AD Seamless Single Sign On
  18. 18. aka.ms/AFUN90 #MSIgniteTheTour How does Tailwind Traders give external users access to their Azure resources?
  19. 19. Demo: Configuring Azure AD Guest Access
  20. 20. Microsoft’s Identity Services
  21. 21. Azure AD B2B and Azure AD B2C Azure AD B2B Azure AD B2C • Allows organization to share files and resources with external users for direct collaboration • Suitable for customer-facing apps. • Azure AD handles the federation between your organization and the external organization • Allows customers to sign in with their own established identity (Gmail / Facebook)
  22. 22. aka.ms/AFUN90 #MSIgniteTheTour How can Tailwind Traders allow users to reset their own passwords?
  23. 23. Demo: Configuring Self-Service Password Reset
  24. 24. Resolving user password issues is one of the largest IT costs Enable resets from an intuitive web interface or directly from the Windows login screen ???????? Empower user self-service to save time and money
  25. 25. Connected intelligence Continuous detection Actionable insights Observe trillions of signals and risk events from cloud systems Apply artificial intelligence and human expertise to derive accurate insights Send alerts, self-mitigate, and automatically remediate threats Detecting threats to accounts as they occur
  26. 26. aka.ms/AFUN90 #MSIgniteTheTour How can Tailwind Traders require a user to take extra steps to identify themselves when performing a risky sign-in?
  27. 27. Demo: Configuring Conditional Access
  28. 28. Corporate Network Geo-location Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD Conditional Access
  29. 29. Smart Lockout
  30. 30. User Normally logs in from Redmond, WA Redmond = Familiar location Smart Lockout in action
  31. 31. User 0 Familiar Location Counter Unfamiliar Location Counter 0 Data Center Redmond, WA Smart Lockout in action
  32. 32. User 0 0 Data Center Logs in from Redmond, WA with the correct password Counter remains unchanged Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  33. 33. User 1 0 Data Center Logs in from Redmond, WA with an incorrect password Familiar location’s counter increases Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  34. 34. User 2 0 Data Center Logs in from Redmond, WA with an incorrect password again Familiar location’s counter increases Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  35. 35. User 0 0 Data Center Logs in from Redmond, WA a third time with correct password Familiar location’s counter resets Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  36. 36. User 0 0 Data Center Bad Actor Bad actor located in Tasmania Tasmania = unfamiliar location Redmond, WA Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  37. 37. User 0 1 Data Center Bad Actor Logs in from Tasmania with incorrect password Unfamiliar location counter increases Redmond, WA Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  38. 38. User 0 2 Data Center Bad Actor Logs in from Tasmania with incorrect password again Unfamiliar location counter increases Redmond, WA Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  39. 39. User 0 10 Data Center Bad Actor Logs in from Tasmania with incorrect password again Unfamiliar location counter increases Redmond, WA Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  40. 40. User 0 10 Data Center Logs in from Redmond, WA with the correct password User hit familiar location counter, not unfamiliar location counter Bad Actor Smart Lockout in action Familiar Location Counter Unfamiliar Location Counter
  41. 41. Password Challenges
  42. 42. aka.ms/AFUN90 #MSIgniteTheTour How can Tailwind Traders ensure their users don’t use banned or common passwords?
  43. 43. Demo: Azure AD Password Protection
  44. 44. Azure AD Password Protection Cloud intelligence to ensure strong passwords
  45. 45. Hybrid Azure AD Password Protection
  46. 46. Nobody likes passwords
  47. 47. Passwords are expensive and insecure Data breaches are expensive Passwords are the weak link Passwords generate tons of support calls Password reuse across multiple accounts $3.86 million, the average total cost of a data breach #1 cost for IT departments is forgotten passwords 81% of breaches leveraged passwords 73% of passwords are duplicates
  48. 48. Microsoft’s password-replacement offerings Standards-based private key authentication - aka.ms/gopasswordless Windows Hello for Business Microsoft Authenticator Microsoft compatible security keys (FIDO2)
  49. 49. Identity & Access Goals
  50. 50. Want to learn more?
  51. 51. /Upcoming Session alert
  52. 52. /MS Learn alert aka.ms/AFUN90MSLearnCollection
  53. 53. #MSIgniteTheTour /Microsoft Certification alert Get hired, stay ahead, and receive the recognition you deserve #MSIgniteTheTour aka.ms/AzureFunCert aka.ms/AzureAdminCert
  54. 54. aka.ms/LearningPartner Microsoft.com/Learn Microsoft.com/Certifications
  55. 55. Resources aka.ms/mymsignitethetour aka.ms/AFUN90Repo aka.ms/AFUN90 #MSIgniteTheTour Get Certified • Microsoft Certified: Azure Fundamentals aka.ms/AzureFunCert • Microsoft Certified: Azure Administrator Associat aka.ms/AzureAdminCert

×