This webinar discusses Azure Active Directory Premium and how it provides a secure hybrid identity and access management platform. Azure AD Premium allows organizations to bring on-premises Active Directory identities to the cloud. It offers features like self-service password reset, application access approval workflows, and reporting on application usage. The webinar demonstrates how Azure AD Premium integrates on-premises and cloud applications and enables single sign-on. It also previews upcoming identity capabilities like Azure AD Connect for Azure VMs and expanded identity protection features.
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
20160400 Technet- Hybrid identity and access management with Azure AD Premium
1. IT Pro Webinar
Microsoft
Robin Vermeirsch
Sr. IT consultant | XYLOS
rovr@xylos.com
@rovr_xylos
Hybrid Identity & Access Management
Azure Active Directory (Premium)
3. Cloud security in a changing world
• Slow IT can drive business to cloud
• Rise of shadow IT through acquired cloud functionalities
• Securing data & identities end-to-end becomes a real challenge
• IT needs to adapt and we need tooling that can help us
11. Secure hybrid Identity Platform
• Bring active directory identities to the cloud
• Provisioning of AD groups/devices/membership
• Extensive support for complex federation/synchronization
• Multi forest
• Mix Cloud & Synced Identities
• Password Sync vs on premise authentication
• Support for Exchange hybrid
12. Azure AD Premium
Secure hybrid
Identity Platform
Application Integration
Self Service
Capabilities
Next Gen
Logging & Reporting
Azure AD
13. How does it work?
²
BYOD
AAD JOIN
On Prem APPAD
Azure AD
SaaS Applications
Token based authentication
Azure AD Connect
SYNC Identities (+passwords)
Self Servicing (Groups + Passwords) SSO (Azure)
SSO (Azure)
Company Laptop
SSO (Kerberos)
SSO (ADFS)
Win10 only
18. Self Service Capabilities
• Allow approval based group management
• In the cloud
• On premise (with sync back)
• Allow approval based application access (within portal)
• Allow self service passwords resets
19. Azure AD Premium
Secure hybrid
Identity Platform
Application Integration
Self Service
Capabilities
Next Gen
Logging & Reporting
Azure AD
21. Next Gen Logging & Reporting
• Reports about application access and usage
• Integration with on premise Microsoft Identity Manager
• Integration with ADFS (AAD Connect Health)
• Supports B2B and B2C
• Anomalous Activity Reporting using machine learning
22. Preview Features
• Support for other identities
• B2B
• B2C
• Azure AD Connect for Azure VM’s
• Azure AD Identity protection
• Privilege Identity Management
• Administrative Units
23. Some Extras
• Microsoft Identity
Manager included for
free
• Included in the Enterprise
Mobility Suite
• Cloud App Discovery
24. Future
• More integration with hybrid deployments
• Release of Cloud App Security (Former Addalom) – 1st April
• More:
• https://blogs.technet.microsoft.com/ad/
• https://azure.microsoft.com/en-us/blog/topics/identity-access-management/
• https://www.microsoft.com/en-us/server-cloud/roadmap/
Hi I am Robin Vermeirsch
Work for Xylos Focus on Exchange, O365, AD, Cloud Security
Let’s start this session by taking a look at cloud security today
When we look at Business today, it is changing more rapidly then ever before. And honestly they really need to be, definitely if they want to stay competitive for the road ahead.
One of the issues we as IT face : is that following the business in it’s change can be a real challenging task.
And when we are not able to keep up with the business, they often thinks of us as slow or unwilling.
So for the business cloud technology becomes an really interesting alternative. It enables them acquire new technology really fast.
Especially when traditional IT is stuck in mechanistic models. We see that slow it can drive te business to the cloud.
<CLICK>
And when does so without involving IT, we face some other issues we never had to handle.
These risks are introduced by the rise of Shadow IT. We fail to meet compliancy or risk data loss/theft
So as a conclusion you could say: We need to follow
but that easier said the done. Think of securing multiple services we don’t actually manage – consumed by devices all over the world devices .
<CLICK>
IF we fail we face risks.
For Example: When people leave the company or change roles They can misuse their access rights with data theft of data loss as a result
WE as IT need to adapt and we need tooling that can help us
<CLICK>
So if we look at cloud in an enterprise context, we often have to admit that thing get foggy really fast…..
We ask our self questions like:
How can we achieve a similar level of security for our cloud identities as for our on premise identities?
How do we manage access to all these applications AND make sure access is revoked when it’s obsolete?
How do we collect the required logs and reports to meet our compliancy?
So what tooling can we use to get the road ahead a little bit more clear?
So for the answer to this question we actually look at 4 things we need:
First of all Self servicing It enables business owners to manage access to their applications in a controlled way and takes away extra load on the helpdesk because they simply cannot manage all these applications
Secondly Secure identity platform Ensures we can have a similar level of security for cloud and on premise identities
As a third requirement we need a Secure Application platform Which we can use to consolidate all applications and where users have easy access using SSO.
Finally Logging : which monitors application access or reporting which allows us to detect abnormal behavior that we can then investigate.
So this is ware AAD comes in.
What is AAD in short:
A comprehensive identity and access management cloud solution. (=IdaaS)
You could wonder, why not IAM AS A SERVICE.
Well I think nobody wants to say I AM ASS
So Azure AD// What does it provide you?
directory services: Secure Hybrid Identity Platform
application access management : Hybrid Application Integration
Self Service Capabilities: For Password Reset, Group Management and application Access
Logging & Reporting advanced identity governance
Plus rich standards-based platform for developers
AAD is available in 3 editions: free, Basic and Premium But Today we focus on Premium
AAD
ON PREM AD
AAD SYNC
APP02
APP
Login to Azure AD Portal (Old Vs New)Note: If you have O365 Start from O365 tenant
Show users/groups Cloud VS Synced
SHOW AAD CONNECT
Explain Device Registration
Sign in to Perform Device Registration Win10 CLT (Link Intune)
Bring active directory identities to the cloud
Provisioning of AD groups/devices/membership
Self Service group membership + Creation O365 Groups
Devices Conditional access for intune & ADFS
Extensive support for complex federation/synchronization
Multi forest
Mix Cloud & Synced Identities
Password Sync vs on premise authentication
Support for Exchange hybrid
Show Application Portal
Add new application (Twitter) with AddIn + ADD MFA
Add Proxy app
Show SAMAzureADL integration WordPress
DEMO Show SSO
Context aware authentication policies
On Premise no MFA
In the cloud MFA
Step up verification Azure AD Identity Protection
Self Service Group (ADMIN group)
Self service Legacy
Self Service Password Reset
Open Report viewer
B2B
Azure AD
B2C
Social Login (FB, LinkedIn, …)
Self Service identity registration
AAD Connect
Native AD Services for Azure IaaS/PaaS
AAD Id Protection
PIM
Administrative Units