20160400 Technet- Hybrid identity and access management with Azure AD Premium
•Download as PPTX, PDF•
0 likes•245 views
This webinar discusses Azure Active Directory Premium and how it provides a secure hybrid identity and access management platform. Azure AD Premium allows organizations to bring on-premises Active Directory identities to the cloud. It offers features like self-service password reset, application access approval workflows, and reporting on application usage. The webinar demonstrates how Azure AD Premium integrates on-premises and cloud applications and enables single sign-on. It also previews upcoming identity capabilities like Azure AD Connect for Azure VMs and expanded identity protection features.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (8)
Similar to 20160400 Technet- Hybrid identity and access management with Azure AD Premium
Similar to 20160400 Technet- Hybrid identity and access management with Azure AD Premium (20)
Recently uploaded
Recently uploaded (20)
20160400 Technet- Hybrid identity and access management with Azure AD Premium
- 1. IT Pro Webinar Microsoft Robin Vermeirsch Sr. IT consultant | XYLOS rovr@xylos.com @rovr_xylos Hybrid Identity & Access Management Azure Active Directory (Premium)
- 3. Cloud security in a changing world • Slow IT can drive business to cloud • Rise of shadow IT through acquired cloud functionalities • Securing data & identities end-to-end becomes a real challenge • IT needs to adapt and we need tooling that can help us
- 6. Overview Azure AD IDaaS Azure Active Directory
- 7. Azure AD Premium Secure hybrid Identity Platform Hybrid Application Integration Self Service Capabilities Next Gen Logging & Reporting Azure AD
- 8. Azure AD Premium Secure hybrid Identity Platform Application Integration Self Service Capabilities Next Gen Logging & Reporting Azure AD
- 9. Lab setup ² CLT01 (BYOD) Azure AD Azure AD Connect SYNC Identities (+passwords) Self Servicing (Groups + Passwords) DC01 APP02 (Inventory Application) SaaS Applications Web Server (WordPress) APP03 (Azure AD Proxy Azure MFA)
- 11. Secure hybrid Identity Platform • Bring active directory identities to the cloud • Provisioning of AD groups/devices/membership • Extensive support for complex federation/synchronization • Multi forest • Mix Cloud & Synced Identities • Password Sync vs on premise authentication • Support for Exchange hybrid
- 12. Azure AD Premium Secure hybrid Identity Platform Application Integration Self Service Capabilities Next Gen Logging & Reporting Azure AD
- 13. How does it work? ² BYOD AAD JOIN On Prem APPAD Azure AD SaaS Applications Token based authentication Azure AD Connect SYNC Identities (+passwords) Self Servicing (Groups + Passwords) SSO (Azure) SSO (Azure) Company Laptop SSO (Kerberos) SSO (ADFS) Win10 only
- 15. Application Integration • Quickly integrate SaaS applications • Publish and secure on premise applications • Unified platform for security and access policies • Allow easy access for end users • Context aware authentication policies
- 16. Azure AD Premium Secure hybrid Identity Platform Application Integration Self Service Capabilities Next Gen Logging & Reporting Azure AD
- 18. Self Service Capabilities • Allow approval based group management • In the cloud • On premise (with sync back) • Allow approval based application access (within portal) • Allow self service passwords resets
- 19. Azure AD Premium Secure hybrid Identity Platform Application Integration Self Service Capabilities Next Gen Logging & Reporting Azure AD
- 21. Next Gen Logging & Reporting • Reports about application access and usage • Integration with on premise Microsoft Identity Manager • Integration with ADFS (AAD Connect Health) • Supports B2B and B2C • Anomalous Activity Reporting using machine learning
- 22. Preview Features • Support for other identities • B2B • B2C • Azure AD Connect for Azure VM’s • Azure AD Identity protection • Privilege Identity Management • Administrative Units
- 23. Some Extras • Microsoft Identity Manager included for free • Included in the Enterprise Mobility Suite • Cloud App Discovery
- 24. Future • More integration with hybrid deployments • Release of Cloud App Security (Former Addalom) – 1st April • More: • https://blogs.technet.microsoft.com/ad/ • https://azure.microsoft.com/en-us/blog/topics/identity-access-management/ • https://www.microsoft.com/en-us/server-cloud/roadmap/
Editor's Notes
- Thank you
- Hi I am Robin Vermeirsch Work for Xylos Focus on Exchange, O365, AD, Cloud Security Let’s start this session by taking a look at cloud security today
- When we look at Business today, it is changing more rapidly then ever before. And honestly they really need to be, definitely if they want to stay competitive for the road ahead. One of the issues we as IT face : is that following the business in it’s change can be a real challenging task. And when we are not able to keep up with the business, they often thinks of us as slow or unwilling. So for the business cloud technology becomes an really interesting alternative. It enables them acquire new technology really fast. Especially when traditional IT is stuck in mechanistic models. We see that slow it can drive te business to the cloud. <CLICK> And when does so without involving IT, we face some other issues we never had to handle. These risks are introduced by the rise of Shadow IT. We fail to meet compliancy or risk data loss/theft So as a conclusion you could say: We need to follow but that easier said the done. Think of securing multiple services we don’t actually manage – consumed by devices all over the world devices . <CLICK> IF we fail we face risks. For Example: When people leave the company or change roles They can misuse their access rights with data theft of data loss as a result WE as IT need to adapt and we need tooling that can help us <CLICK> So if we look at cloud in an enterprise context, we often have to admit that thing get foggy really fast…..
- We ask our self questions like: How can we achieve a similar level of security for our cloud identities as for our on premise identities? How do we manage access to all these applications AND make sure access is revoked when it’s obsolete? How do we collect the required logs and reports to meet our compliancy? So what tooling can we use to get the road ahead a little bit more clear?
- So for the answer to this question we actually look at 4 things we need: First of all Self servicing It enables business owners to manage access to their applications in a controlled way and takes away extra load on the helpdesk because they simply cannot manage all these applications Secondly Secure identity platform Ensures we can have a similar level of security for cloud and on premise identities As a third requirement we need a Secure Application platform Which we can use to consolidate all applications and where users have easy access using SSO. Finally Logging : which monitors application access or reporting which allows us to detect abnormal behavior that we can then investigate. So this is ware AAD comes in.
- What is AAD in short: A comprehensive identity and access management cloud solution. (=IdaaS) You could wonder, why not IAM AS A SERVICE. Well I think nobody wants to say I AM ASS
- So Azure AD// What does it provide you? directory services: Secure Hybrid Identity Platform application access management : Hybrid Application Integration Self Service Capabilities: For Password Reset, Group Management and application Access Logging & Reporting advanced identity governance Plus rich standards-based platform for developers AAD is available in 3 editions: free, Basic and Premium But Today we focus on Premium
- AAD ON PREM AD AAD SYNC APP02 APP
- Login to Azure AD Portal (Old Vs New) Note: If you have O365 Start from O365 tenant Show users/groups Cloud VS Synced SHOW AAD CONNECT Explain Device Registration Sign in to Perform Device Registration Win10 CLT (Link Intune)
- Bring active directory identities to the cloud Provisioning of AD groups/devices/membership Self Service group membership + Creation O365 Groups Devices Conditional access for intune & ADFS Extensive support for complex federation/synchronization Multi forest Mix Cloud & Synced Identities Password Sync vs on premise authentication Support for Exchange hybrid
- Show Application Portal Add new application (Twitter) with AddIn + ADD MFA Add Proxy app Show SAMAzureADL integration WordPress DEMO Show SSO
- Context aware authentication policies On Premise no MFA In the cloud MFA Step up verification Azure AD Identity Protection
- Self Service Group (ADMIN group) Self service Legacy Self Service Password Reset
- Open Report viewer
- B2B Azure AD B2C Social Login (FB, LinkedIn, …) Self Service identity registration AAD Connect Native AD Services for Azure IaaS/PaaS AAD Id Protection PIM Administrative Units