Global Azure Bootcamp 2017 completed recently across the world with a great success and I got another opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you. Event URL: https://goo.gl/w8UWiM

1. Ravikumar Sathyamurthy | @ShakthiRavi
Microsoft MVP | Office Servers and Services
Understanding Azure Active Directory
and Enterprise Mobility & Security (EMS)
22/04/2017

3. Mobile-first, cloud-first reality
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
63% 0.6%
IT budget growth
Gartner predicts global IT spend
will grow only 0.6% in 2016.
Shadow IT
More than 80 percent of
employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%

5. Identity as the control plane
On-premises
Windows Server
Active Directory

6. Identity as the control plane
On-premises
Windows Server
Active Directory
VPN
BYO
SaaS
Azure
Cloud
Public
cloud
Customers
Partners

7. Identity as the control plane
On-premises
Windows Server
Active Directory
VPN
BYO
Microsoft Azure Active Directory
Azure
Cloud
Public
cloud
Customers
Partners

8. Customers
Azure AD as the control plane
On-premises
Partners
Azure
Cloud
Public
cloud
Microsoft Azure Active Directory
BYO
Windows Server
Active Directory

9. Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaSAzure
Public
cloud
CloudMicrosoft Azure Active Directory

10. A comprehensive identity and
access management cloud
solution.
It combines directory services,
advanced identity governance,
application access management
and a rich standards-based
platform for developers
It is available in 3 editions: free,
Basic and Premium
What is Azure Active Directory?

11. 33,000
Enterprise Mobility +
Security | Azure AD
Premium enterprise
customers
>110k
third-party
applications used
with Azure AD
each month
>1.3
billion
authentications every
day on Azure AD
More than
750 M
user accounts on
Azure AD
Azure AD
Directories
>10 M
>85%
of Fortune 500
companies use
Microsoft Cloud
(Azure, O365, CRM
Online, and PowerBI)
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
• Microsoft “Identity Management as a Service
(IDaaS)” for organizations.
• Millions of independent identity systems
controlled by enterprise and government “tenants.”
• Information is owned and used by the controlling
organization—not by Microsoft.
• Born-as-a-cloud directory for Office 365. Extended
to manage across many clouds.
• Evolved to manage an organization’s relationships
with its customers/citizens and partners (B2C and
B2B).

12. Built on top of the free offering, provides a
robust set of capabilities to empower
enterprises with demanding needs on identity
and access management
Additionally, Azure AD premium offers:
• An Enterprise SLA of 99.9%
• Usage rights to Identity Manager Server
and CALs
Azure Active Directory Premium
Azure AD Editions: http://bit.ly/1gyDRoN

13. Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Ensure user and admin
accountability with better
security and governance
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability
Azure Active Directory. Identity at the core of your business
1000s of apps,
1 identity
Cloud-powered
protection

14.  Strong support for modern,
cross-platform, cloud-friendly
APIs and protocols
 Certification program for third
party federation servers &
services
 Actively engaged in standards
bodies: IETF (OAuth, JOSE, SCIM,
ACE, …) OpenID, FIDO, etc.

15. Secure remote access to on-
premises
apps
Single sign
-on to mobile
apps
Support for
lift-and-
shift of
traditional
apps to
the cloud
Provide one persona to the
modern workforce for SSO
to 1000s of cloud and on-
premises applications
Single sign-on
to SaaS apps
1000s of apps,
1 identity

16. Azure AD
Connect
(sync + sign on)
Active Directory
LDAP directories

17. Azure Active
Directory Connect
ADFS
Sync engine
Consolidated deployment assistant
for your identity bridge
components.
All currently available sync engines
will be replaced by the sync engine
included in the Connect tool.
Assisted deployment of ADFS will
be available through Azure Active
Directory Connect.
ADFS is an optional component for
authentication in hybrid
implementation. Password sync can
replace ADFS for more scenarios.
DirSync
Azure Active
Directory Sync
FIM+Azure Active
Directory Connector
ADFS
1000s OF APPS, 1 IDENTITY

18. Microsoft Azure
Active Directory
Identity synchronization with
password (hash) sync
Identity
synchronization
User attributes are synchronized using
identity synchronization services,
including a password hash;
authentication is completed against
Azure Active Directory
User attributes are synchronized using
identity synchronization tools;
authentication is passed back through
federation and completed against
Windows Server Active Directory
ADFS
Microsoft Azure
Active Directory
1000s OF APPS, 1 IDENTITY

19. Azure Active Directory Connect
and Connect Health
*
MIM
*
Microsoft Azure
Active Directory
HR apps
OTHER DIRECTORIES
PowerShell
SQL (ODBC)
LDAP v3
Web Services
( SOAP, JAVA, REST)
Connect and sync on-premises
directories with Azure Active Directory
1000s OF APPS, 1 IDENTITY

20. Web apps
(Azure Active Directory
Application Proxy)
Integrated
custom apps
SaaS apps
OTHER DIRECTORIES
2700+ pre-integrated popular
SaaS apps and self-service integration via
templates
Connect and sync on-premises directories
with Azure
Easily publish on-premises web apps via
Application Proxy + custom apps
Microsoft Azure
1000s OF APPS, 1 IDENTITY

21. Corporate
network
Microsoft Azure
Active Directory
Connectors are usually deployed inside the
corpnet next to the applications. They
maintain an out-bound connection to the
service
Multiple connectors can be deployed
for redundancy, scale and access to
different sites
Users connect to the ‘published’ apps
and cloud service routes traffic to the
backend applications via ‘connectors’
DMZ
https://app1-
contoso.msappproxy.net/
Application Proxy
http://app1
Cloud service that allows users to
remotely access on-prem apps from
securely from any device and any place
Different types of web-apps and APIs
can be ‘published’
1000s OF APPS, 1 IDENTITY

22. Azure
Active Directory
Lift-and-shift on-premises
apps to Azure IaaS
On-premises
Azure AD Connect
Windows Server
Active Directory
Your Azure IaaS
workloads/apps
Azure AD
Domain Services
Your virtual network
Azure
Kerberos
NTLM
LDAP
Group Policy
1000s OF APPS, 1 IDENTITY
Your domain controller as a service for lift-and-shift scenarios

23. What’s Next ?…EMS

25. Azure
Protection

26. Enterprise Mobility & Security capabilities
Microsoft
Intune
Mobile device and app
management to protect corporate
apps and data on any device.
Managed Mobile Productivity
Microsoft Advanced Threat
Analytics
Identify suspicious activities &
advanced attacks on premises.
Microsoft
Cloud App Security
Bring enterprise-grade visibility,
control, and protection to your
cloud applications.
Identity Driven SecurityIdentity and access management
Azure Active Directory
Premium P1
Single sign-on to cloud and on-
premises applications. Basic
conditional access security
Azure Active Directory
Premium P2
Advanced risk based identity
protection with alerts, analysis, &
remediation.
Azure Information
Protection Premium P1
Encryption for all files and storage
locations. Cloud based file
tracking
Existing Azure RMS capabilities
Information Protection
Azure Information
Protection Premium P2
Intelligent classification, &
encryption for files shared inside &
outside your organization
Secure Islands acquisition
EMSE3
EMSE5

28. Enterprise Mobility & SecurityWindows 10 Enterprise

29. DEMOS!

30. Ease of use
for end usersAny time, any
place productivity
with Windows 10
Better connect
with your
consumers
Enable cross-
organization
collaboration
Enable business
without borders
Stay productive everywhere
with easy access to every
application and powerful
collaboration capabilities
across location, application,
and device borders

31. Intune/MDM
auto-enrollment
Azure Active Directory Join makes it possible
to connect work-owned Windows 10 devices
to your company’s Azure Active Directory
Enterprise-compliant services
SSO from the desktop to cloud and
on-premises applications with no VPN
Support for hybrid environments
MDM auto-enrollment
Windows 10 Azure AD
joined devices
ENABLE BUSINESS WITHOUT BORDERS
Enterprise
State Roaming

32. Manage access
at scale
Advanced user
lifecycle management
Monitor your
identity bridge
Manage identities
at scale in the cloud
and on-premises
Low IT
overhead

33. Centralized access administration for pre-integrated
SaaS apps and other cloud-based apps
Dynamic groups, device registration, secure business
processes with advanced access management capabilities
Comprehensive identity and access management console
IT professional
MANAGE ACCESS AT SCALE
Provisioning and deprovisioning with customization
options

34. Cloud-powered
protection
Protect against
advanced threats
Mitigate
administrative
risks
Ensure accountability
with better security
and governance
Conditional
access to resources
Compliance
reporting
R
X

35. IDENTITY-DRIVEN SECURITY
Conditions
Allow access or
Block access
Actions
Enforce MFA per
user/per app
User, App sensitivity
Device state
LocationUser
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIES
CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY
PROTECTION
Risk
On-premises
applications
Microsoft Azure

36. 1
AAD Self Service-Password
Reset & Group Management
AAD Privileged Identity
Management & AAD Identity
Protection
New Conditional Access
2 3

37. Everything You Want to, Need to, and/or
Should Know About EMS in 2017

38. Try Enterprise Mobility + Security for free, today:
https://aka.ms/EMSTrial
Read the CIO’s guide to Azure Active Directory
https://aka.ms/AzureADCIOGuide
Explore Identity + Access Management
www.microsoft.com/identity
Learn more from the Azure AD documentation library
https://aka.ms/AzureADDoc
Discover Password best practices
https://aka.ms/PasswordBestPractices
Check out the new Azure AD webinars
https://aka.ms/AADWebinars
Microsoft is a leader in Gartner's IDaaS MQ 2016
https://aka.ms/GartnerIDaaSMQ2016
Review design considerations for your hybrid Azure AD
https://aka.ms/HybridAzureADConsiderations

39. Questions?