Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance
Next
Download to read offline and view in fullscreen.

Share

Understanding Azure Active Directory and Enterprise Mobility & Security (EMS)

Download to read offline

Global Azure Bootcamp 2017 completed recently across the world with a great success and I got another opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you.

Event URL: https://goo.gl/w8UWiM

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Understanding Azure Active Directory and Enterprise Mobility & Security (EMS)

  1. 1. Ravikumar Sathyamurthy | @ShakthiRavi Microsoft MVP | Office Servers and Services Understanding Azure Active Directory and Enterprise Mobility & Security (EMS) 22/04/2017
  2. 2. Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
  3. 3. Identity as the control plane On-premises Windows Server Active Directory
  4. 4. Identity as the control plane On-premises Windows Server Active Directory VPN BYO SaaS Azure Cloud Public cloud Customers Partners
  5. 5. Identity as the control plane On-premises Windows Server Active Directory VPN BYO Microsoft Azure Active Directory Azure Cloud Public cloud Customers Partners
  6. 6. Customers Azure AD as the control plane On-premises Partners Azure Cloud Public cloud Microsoft Azure Active Directory BYO Windows Server Active Directory
  7. 7. Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
  8. 8. A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium What is Azure Active Directory?
  9. 9. 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD More than 750 M user accounts on Azure AD Azure AD Directories >10 M >85% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory • Microsoft “Identity Management as a Service (IDaaS)” for organizations. • Millions of independent identity systems controlled by enterprise and government “tenants.” • Information is owned and used by the controlling organization—not by Microsoft. • Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. • Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
  10. 10. Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
  11. 11. Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability Azure Active Directory. Identity at the core of your business 1000s of apps, 1 identity Cloud-powered protection
  12. 12.  Strong support for modern, cross-platform, cloud-friendly APIs and protocols  Certification program for third party federation servers & services  Actively engaged in standards bodies: IETF (OAuth, JOSE, SCIM, ACE, …) OpenID, FIDO, etc.
  13. 13. Secure remote access to on- premises apps Single sign -on to mobile apps Support for lift-and- shift of traditional apps to the cloud Provide one persona to the modern workforce for SSO to 1000s of cloud and on- premises applications Single sign-on to SaaS apps 1000s of apps, 1 identity
  14. 14. Azure AD Connect (sync + sign on) Active Directory LDAP directories
  15. 15. Azure Active Directory Connect ADFS Sync engine Consolidated deployment assistant for your identity bridge components. All currently available sync engines will be replaced by the sync engine included in the Connect tool. Assisted deployment of ADFS will be available through Azure Active Directory Connect. ADFS is an optional component for authentication in hybrid implementation. Password sync can replace ADFS for more scenarios. DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector ADFS 1000s OF APPS, 1 IDENTITY
  16. 16. Microsoft Azure Active Directory Identity synchronization with password (hash) sync Identity synchronization User attributes are synchronized using identity synchronization services, including a password hash; authentication is completed against Azure Active Directory User attributes are synchronized using identity synchronization tools; authentication is passed back through federation and completed against Windows Server Active Directory ADFS Microsoft Azure Active Directory 1000s OF APPS, 1 IDENTITY
  17. 17. Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Connect and sync on-premises directories with Azure Active Directory 1000s OF APPS, 1 IDENTITY
  18. 18. Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2700+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure 1000s OF APPS, 1 IDENTITY
  19. 19. Corporate network Microsoft Azure Active Directory Connectors are usually deployed inside the corpnet next to the applications. They maintain an out-bound connection to the service Multiple connectors can be deployed for redundancy, scale and access to different sites Users connect to the ‘published’ apps and cloud service routes traffic to the backend applications via ‘connectors’ DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1 Cloud service that allows users to remotely access on-prem apps from securely from any device and any place Different types of web-apps and APIs can be ‘published’ 1000s OF APPS, 1 IDENTITY
  20. 20. Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure Kerberos NTLM LDAP Group Policy 1000s OF APPS, 1 IDENTITY Your domain controller as a service for lift-and-shift scenarios
  21. 21. What’s Next ?…EMS
  22. 22. Azure Protection
  23. 23. Enterprise Mobility & Security capabilities Microsoft Intune Mobile device and app management to protect corporate apps and data on any device. Managed Mobile Productivity Microsoft Advanced Threat Analytics Identify suspicious activities & advanced attacks on premises. Microsoft Cloud App Security Bring enterprise-grade visibility, control, and protection to your cloud applications. Identity Driven SecurityIdentity and access management Azure Active Directory Premium P1 Single sign-on to cloud and on- premises applications. Basic conditional access security Azure Active Directory Premium P2 Advanced risk based identity protection with alerts, analysis, & remediation. Azure Information Protection Premium P1 Encryption for all files and storage locations. Cloud based file tracking Existing Azure RMS capabilities Information Protection Azure Information Protection Premium P2 Intelligent classification, & encryption for files shared inside & outside your organization Secure Islands acquisition EMSE3 EMSE5
  24. 24. Enterprise Mobility & SecurityWindows 10 Enterprise
  25. 25. DEMOS!
  26. 26. Ease of use for end usersAny time, any place productivity with Windows 10 Better connect with your consumers Enable cross- organization collaboration Enable business without borders Stay productive everywhere with easy access to every application and powerful collaboration capabilities across location, application, and device borders
  27. 27. Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices ENABLE BUSINESS WITHOUT BORDERS Enterprise State Roaming
  28. 28. Manage access at scale Advanced user lifecycle management Monitor your identity bridge Manage identities at scale in the cloud and on-premises Low IT overhead
  29. 29. Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console IT professional MANAGE ACCESS AT SCALE Provisioning and deprovisioning with customization options
  30. 30. Cloud-powered protection Protect against advanced threats Mitigate administrative risks Ensure accountability with better security and governance Conditional access to resources Compliance reporting R X
  31. 31. IDENTITY-DRIVEN SECURITY Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk On-premises applications Microsoft Azure
  32. 32. 1 AAD Self Service-Password Reset & Group Management AAD Privileged Identity Management & AAD Identity Protection New Conditional Access 2 3
  33. 33. Everything You Want to, Need to, and/or Should Know About EMS in 2017
  34. 34. Try Enterprise Mobility + Security for free, today: https://aka.ms/EMSTrial Read the CIO’s guide to Azure Active Directory https://aka.ms/AzureADCIOGuide Explore Identity + Access Management www.microsoft.com/identity Learn more from the Azure AD documentation library https://aka.ms/AzureADDoc Discover Password best practices https://aka.ms/PasswordBestPractices Check out the new Azure AD webinars https://aka.ms/AADWebinars Microsoft is a leader in Gartner's IDaaS MQ 2016 https://aka.ms/GartnerIDaaSMQ2016 Review design considerations for your hybrid Azure AD https://aka.ms/HybridAzureADConsiderations
  35. 35. Questions?
  • tharakamadhusanka

    May. 8, 2020
  • EricSchmidt20

    Feb. 5, 2020
  • khanhlnq

    Jun. 10, 2019
  • miliiendkoltey

    Aug. 31, 2018
  • lucgagnon

    Aug. 27, 2018
  • RamalingamJayaraman

    Aug. 15, 2017
  • MirosawWasilewski

    Jun. 16, 2017
  • shakthiravi

    May. 7, 2017

Global Azure Bootcamp 2017 completed recently across the world with a great success and I got another opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you. Event URL: https://goo.gl/w8UWiM

Views

Total views

4,898

On Slideshare

0

From embeds

0

Number of embeds

84

Actions

Downloads

348

Shares

0

Comments

0

Likes

8

×