Azure Active Directory helps secure and govern authentication with features like conditional access and privileged identity management. It allows organizations to mitigate admin risk, govern identities, and set terms of use policies for authentication and access across cloud and on-premises environments.
Enhancing Novell SecureLogin with Multi-factor AuthenticationNovell
Did you know that besides the single sign-on capabilities Novell SecureLogin delivers, it also supports multi-factor authentication? That means you can not only deploy stronger passwords, but also require the use of more advanced authentication to protect workstations and applications. In the session, the presenters will detail how Novell SecureLogin can help you control user authentication on the basis of:
• Something the user knows (user name and password)
• Something the user has (proximity card, smart card, one-time password token device)
• Something the user is (biometric device)
In particular, the presenters will demonstrate how to integrate SecureLogin with a smartcard for network authentication, and then require the smart card and PIN to access a specific application.
To show how advanced authentication works in the real world, you will also hear how a regional medical group integrated biometrics with Novell SecureLogin and Novell ZENworks to secure 400 workstations and 100 tablets across several locations. In addition to showcasing how the integrated solution works in their environment, the presenter will also offer tips for avoiding common pitfalls.
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAmazon Web Services
Bring the cloud closer to you and your customers by using your existing identity stores to access AWS services. Manage access to all of your cloud services and on-premises applications centrally. Join this webinar to learn how the Ping Identity platform offers federated single sign-on (SSO) to quickly and securely manage authentication of partners and customers through seamless integration with AWS Identity and Access Management service. You will also hear from Ping Identity partner and Amazon Web Services Customer, Geezeo, who will share best practices based on their experience.
What you'll learn:
• How the Ping Identity platform can be deployed simply and securely in Amazon EC2 adjacent to your offerings
• How any partner that can generate a SAML assertion can easily connect to AWS APIs while also continuing to manage its own customer identities
• How Geezeo has benefited from the Ping Identity platform’s seamless integration capabilities
Who should attend:
• Security and Identity professionals, Solution or System Architects, System Administrators, Development Leads and other Technical IT Leaders
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
Enhancing Novell SecureLogin with Multi-factor AuthenticationNovell
Did you know that besides the single sign-on capabilities Novell SecureLogin delivers, it also supports multi-factor authentication? That means you can not only deploy stronger passwords, but also require the use of more advanced authentication to protect workstations and applications. In the session, the presenters will detail how Novell SecureLogin can help you control user authentication on the basis of:
• Something the user knows (user name and password)
• Something the user has (proximity card, smart card, one-time password token device)
• Something the user is (biometric device)
In particular, the presenters will demonstrate how to integrate SecureLogin with a smartcard for network authentication, and then require the smart card and PIN to access a specific application.
To show how advanced authentication works in the real world, you will also hear how a regional medical group integrated biometrics with Novell SecureLogin and Novell ZENworks to secure 400 workstations and 100 tablets across several locations. In addition to showcasing how the integrated solution works in their environment, the presenter will also offer tips for avoiding common pitfalls.
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAmazon Web Services
Bring the cloud closer to you and your customers by using your existing identity stores to access AWS services. Manage access to all of your cloud services and on-premises applications centrally. Join this webinar to learn how the Ping Identity platform offers federated single sign-on (SSO) to quickly and securely manage authentication of partners and customers through seamless integration with AWS Identity and Access Management service. You will also hear from Ping Identity partner and Amazon Web Services Customer, Geezeo, who will share best practices based on their experience.
What you'll learn:
• How the Ping Identity platform can be deployed simply and securely in Amazon EC2 adjacent to your offerings
• How any partner that can generate a SAML assertion can easily connect to AWS APIs while also continuing to manage its own customer identities
• How Geezeo has benefited from the Ping Identity platform’s seamless integration capabilities
Who should attend:
• Security and Identity professionals, Solution or System Architects, System Administrators, Development Leads and other Technical IT Leaders
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
You'll understand how hackers can attack resources hosted in the Azure and protect Azure infrastructure by identifying vulnerabilities, along with extending your pentesting tools and capabilities.
You'll understand how hackers can attack resources hosted in the Azure and protect Azure infrastructure by identifying vulnerabilities, along with extending your pentesting tools and capabilities.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
In the modern workplace, the end user’s needs can easily be at odds with the requirements an IT department faces. Deana runs a lean team in IT and is tasked with modernizing Contoso’s identity and access management solution, all while reducing support costs. Not only is Contoso experiencing a hiring surge to support their latest product, but Deana is also dealing with an explosion in the number of apps employees use every day to do their jobs.
For Isaiah, as a new member of the Sales team, the ability to interact with teammates across groups and even outside the company is important. He must work seamlessly across a wide array of apps, both external and internal. The question is can he do all of this securely and easily and still be empowered to make good decisions for Contoso on his own.
CLICK STEP
Click to advance the slide.
While most of Contoso’s applications are enabled for one-click access, other applications, like BrowserStack, require very high security. IT needs to know that no one but Isaiah is accessing this application. So when Isaiah uses this application, he is prompted to confirm that his identity via authentication using his phone.
CLICK STEP
Click the BrowserStack app.
The Microsoft Authenticator app on his mobile device was previously configured to provide passwordless authentication for his work account.
CLICK STEP
Click Code to trigger typing animation.
[Presentation will auto type 123456.]
This is a very secure method of authentication because:
He’s authenticating with something he owns (his personal mobile device) and something he has (his biometrics).
Isaiah doesn’t have to use a password anywhere in this entire process.
CLICK STEP
Click Verify.
CLICK STEP
Click Yes.
CLICK STEP
Click to advance the slide.
Conditional Access provides the control and protection that Contoso needs to keep corporate data secure, while giving people an experience that allows them to do their best work from any device. With Conditional Access, Deanna can define policies that provide contextual controls at the user, location, device, and app levels. She can allow or block access or challenge users with multi-factor authentication, device enrollment, or a password change. Plus, machine learning-based identity protection, which leverages billions of signals daily, detects suspicious behavior and applies risk-based conditional access that protects Contoso’s applications and critical company data in real time.
With Conditional Access by Microsoft, Contoso gets the control needed to ensure that corporate data is secure, while allowing people to roam freely between apps and devices, accessing their data in the cloud and on‑premises.
CLICK STEP
Click to advance the slide.
Deana is going to configure Contoso’s environment to require multifactor authentication (MFA) for admins. Requiring MFA for admins protects the following administrator roles:
Global administrator
SharePoint administrator
Exchange administrator
Conditional access administrator
Security administrator
Helpdesk administrator/Password administrator
Billing administrator
User administrator
CLICK STEP
In the Contoso – Overview pane, click the scroll bar next to Manage to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Under Security, click Identity Secure Score.
POINT OUT:
Point out
Your Identity Secure Score
Current Score/Maximum Score
Improvement Actions
CLICK STEP
Under Improvement Actions, click Require MFA for Azure AD p….
POINT OUT:
Point to, but do not click, SCORE IMPACT, MAX SCORE, and DESCRIPTION.
CLICK STEP
In the Improvement action pane, click the scroll bar to begin scroll animation.
[Presentation will auto scroll.]
POINT OUT:
Point to, but do not click, WHAT AM I ABOUT TO CHANGE? and HOW WILL IT AFFECT MY USERS?
CLICK STEP
Click Get Started.
CLICK STEP
On the Conditional Access – Policies blade, click Baseline policy: Require MFA for admins (Preview).
POINT OUT:
Point to, but do not click, the bulleted list of directory roles.
CLICK STEP
On the Baseline policy: Require MFA for admins blade, click Use policy immediately.
CLICK STEP
Click Save.
Deana’s CTO is adamant about higher security on SharePoint due to the sensitive nature of the documents stored there. No one should be able to access the SharePoint site from an unmanaged device. Deana will ensure that these security requirements are set for SharePoint and publish the appropriate policy.
CLICK STEP
Click the SharePoint admin center browser tab.
Deana first enables the Access Control Policy for Unmanaged Devices in the SharePoint admin center. This will auto-generate the Conditional Access Policy in Azure Active Directory (Azure AD) for fine tuning and further control.
CLICK STEP
Click Unmanaged devices.
CLICK STEP
In the Unmanaged devices pane, click Block access.
CLICK STEP
Click Save.
CLICK STEP
Click the Conditional Access – Policies browser tab.
In Azure Active Directory, Deana adds mobile apps and desktop clients to the devices that must be managed in order to access SharePoint.
CLICK STEP
Click [SharePoint admin center]Use app-enforced Restrictions for browser access.
CLICK STEP
Under Assignments, click Conditions.
CLICK STEP
Click Client apps (preview).
CLICK STEP
Click Mobile apps and desktop clients.
CLICK STEP
Click Other clients.
CLICK STEP
In the Clients apps (preview) pane, click Done.
CLICK STEP
In the Conditions pane click Done.
CLICK STEP
In the [SharePoint admin center]… pane click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Under Access controls, click Session.
POINT OUT
Point to, but do not click, Use app enforced restrictions.
CLICK STEP
Click Select.
CLICK STEP
Click Save.
Once this policy is enabled, users will no longer be able to access SharePoint from browsers that are not managed by Azure Active Directory.
Now, lets see the policy in action from an end user perspective.
CLICK STEP
Click to advance the slide.
CLICK STEP
Click SharePoint.
POINT OUT:
Point to, but do not click, the Access Denied message.
CLICK STEP
Click to advance the slide.
Legacy authentication protocols (ex: IMAP, SMTP, POP3) are normally used by mail clients to authenticate. Legacy protocols do NOT support MFA.
Even if you have an MFA policy for your tenant, a bad actor can authenticate using one of these legacy protocols and bypass MFA.
CLICK STEP
In the left-hand navigation, click Azure Active Directory.
CLICK STEP
In the Contoso – Overview pane, click the scroll bar next to Manage to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Under Security, click Conditional Access.
Today, majority of all compromising sign-in attempts come from legacy authentication. What better way to get protected than blocking these sign-in attempts altogether!
To make it easier for you to block all sign-in requests made by legacy protocols, we recommend enabling the baseline policy that does just that.
In fact, Security Basics, a new feature of Azure AD, will be applying these Baseline policies to all new tenants by default.
CLICK STEP
Under POLICY NAME, click Baseline policy: Block legacy authentication (Preview).
POINT OUT
Point to, but do not click, the bulleted list of apps the policy applies to.
CLICK STEP
In the Baseline policy: Block lega… pane, click the X.
POINT OUT:
Point to, but do not click, Baseline policy: Require MFA for admins (Preview), Baseline policy: End user protection (Preview), and Baseline policy: Require MFA for Service Management (Preview).
CLICK STEP
In the left-hand navigation, click Azure Active Directory.
A great way to keep users secure while empowering employee productivity is by setting up automated remediation policies for any risky users.
CLICK STEP
In the Contoso – Overview pane, click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
First, you’ll want to understand your security posture. Reviewing your Identity Secure Score is a great way to see how many of your users represent low, medium, or high risk. Based on the user risk, you can automatically set risk mediation policies—like requiring a password change when the user risk is medium or higher.
CLICK STEP
Under Security, click Identity Secure Score.
CLICK STEP
Under Security, click Overview (Preview).
CLICK STEP
Halfway down the Overview (Preview) pane, click Configure user risk policy.
With so many users being flagged as risky, a policy requiring them to change their password on next logon is a good idea. That way, Deana can be sure any Identities that were leaked are now protected by new passwords.
CLICK STEP
Click All users.
CLICK STEP
Click Select individuals and groups.
CLICK STEP
Click Select users.
CLICK STEP
Click Search by name or email address, to trigger typing animation.
[Presentation will auto type sg-s.]
CLICK STEP
Click sg-Sales and Marketing.
CLICK STEP
Click Select.
CLICK STEP
Click Done.
CLICK STEP
Under Assignments, click Conditions.
CLICK STEP
Click Select a risk level.
CLICK STEP
Click Medium and above.
CLICK STEP
Click Select.
CLICK STEP
Click Done.
CLICK STEP
Under Controls click Select a control.
POINT OUT
Point to, but do not click, Allow access and Require password change.
CLICK STEP
Click Select.
CLICK STEP
Click Save.
CLICK STEP
Click to advance the slide.
CLICK STEP
Click to advance the slide.
With Azure AD Privileged Identity Management, Contoso can manage, control, and monitor access within the organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune.
CLICK STEP
At the top, click Search resources, services, and docs to trigger typing animation.
[Presentation will auto type Azure AD Pri.]
CLICK STEP
Click Azure AD Privileged Identity Management.
The Azure AD Privileged Identity Management console in the Azure Portal gives Deana important information such as:
Alerts that point out opportunities to improve security
The number of users who are assigned to each privileged role
The number of eligible and permanent admins
Ongoing access reviews
CLICK STEP
Under Manage, click Azure AD roles.
CLICK STEP
Under Manage, click Roles.
POINT OUT:
Point to, but do not click, the ROLE and DESCRIPTION columns.
CLICK STEP
On the far right click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Click Global Administrator.
Contoso has several permanent Global Admins. They have full access and control over the directory and the Office 365 tenant all the time. This means that Contoso is continually open to malicious attacks.
CLICK STEP
In the Global Administrator - Members blade, on the entry for Isaiah Langer, click the ellipsis (…).
With Privileged Identity Management, Contoso can decide who should have permanent access and who should just have temporary access when required. Isaiah does not need permanent admin access, so the admin sets him to eligible.
CLICK STEP
Click Make eligible.
Eligible admins are users that need privileged access now and then, but not every day. The role is inactive until Isaiah needs access. When he needs access, he will complete an activation process and becomes an active admin for a predetermined amount of time.
CLICK STEP
Click X to close the Global Administrator - Members blade.
CLICK STEP
Under Manage, click Settings.
CLICK STEP
Click Roles.
CLICK STEP
On the Roles pane, click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Click Global Administrator.
The admin can also configure the details of the admins access, including how long it lasts, and if any notification or additional authentication is needed. Note that for certain high privileged roles, MFA is always required.
CLICK STEP
Click the bar under Maximum activation duration (hours).
CLICK STEP
Under Notifications, click Enable.
CLICK STEP
At the top of the Global Administrator pane, click Save.
CLICK STEP
Click to advance the slide.
When Isaiah needs higher privileges for a specific task, he can go into Privileged Identity Management in the Azure portal and request activation for the access role. Any type of admin can use Azure AD Privileged Identity Management to activate.
CLICK STEP
Click the email from Microsoft Azure with the title PIM: You can now active…
CLICK STEP
Click Activate role.
CLICK STEP
Click Maybe later.
CLICK STEP
Click We have deprecated this blade.
CLICK STEP
Under Tasks, click My roles.
CLICK STEP
On the line for Global Administrator, click Activate.
CLICK STEP
At the top of the Global Administrator pane, click Activate.
CLICK STEP
In the Activation reason (max 500 characters), click to trigger typing animation.
[Presentation will auto type Demo.]
Isaiah can now activate the request. Role activation is customizable. In the PIM settings, Isaiah can determine the length of the activation and provide a business justification.
CLICK STEP
At the bottom, click Activate.
Isaiah is auto-approved for the requested access with an expiration time for that permission.
CLICK STEP
In the Activation status pane, click Sign out.
Using Azure AD Privileged Identity Management, the admin can track changes in privileged role assignments and role activation history.
CLICK STEP
On the Roles pane, click the X.
CLICK STEP
On the Azure AD roles – Settings pane, click the scroll bar to trigger scroll animation.
CLICK STEP
Under Activity, click Directory roles audit history.
The admin can see Isaiah just requested access as a Global Administrator. This information can be critical for auditing and forensic investigations.
CLICK STEP
Click to advance the slide.
This demo shows how a Global Administrator can require users to accept the Terms of Use.
CLICK STEP
Click to advance the slide.
Azure AD Terms of Use provides a simple method that organizations can use to present information to end users. This presentation ensures users see relevant disclaimers for legal or compliance requirements.
CLICK STEP
In the Contoso – Overview pane, next to Manage, click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Under Security, click Conditional Access.
CLICK STEP
Under Manage, click Terms of use.
CLICK STEP
Click + New terms.
Azure AD Terms of Use uses the PDF format to present content. The PDF file can be any content, such as an existing contract documents, allowing you to collect end-user agreements during user sign-in.
CLICK STEP
Next to Terms of use document, click the folder icon.
CLICK STEP
Click ToUPDF.pdf.
CLICK STEP
Click Open.
CLICK STEP
In the Example: ‘All users terms of use’ box, click to trigger typing animation.
[Presentation will auto type Contoso Terms of Use Policy.]
CLICK STEP
In the Example: ‘Contoso Terms of Use’ box, click to trigger typing animation.
[Presentation will auto type Contoso Terms of Use.]
CLICK STEP
Click Select default language.
CLICK STEP
In the drop-down list, click the scroll bar to trigger scroll animation.
CLICK STEP
Click English.
CLICK STEP
Next to Require users to expand the terms of use, click On.
CLICK STEP
In the New terms of use pane, click the scroll bar to trigger scroll animation.
CLICK STEP
Click Policy templates.
When the option Create conditional access policy later is selected, the terms of use will appear in the grant control list when creating a conditional access policy.
CLICK STEP
Click Create conditional access policy later.
CLICK STEP
Click Create.
CLICK STEP
In the Conditional Access – Terms of use pane, click Policies.
[Presentation will auto type External User Saas Apps Terms of Use Policy.]
CLICK STEP
Under Assignments, click Users and groups.
CLICK STEP
Click Select users and groups.
CLICK STEP
Click Users and groups.
CLICK STEP
Click Select.
CLICK STEP
Click Search by name or email address to trigger typing animation.
[Presentation will auto type sg-s.]
CLICK STEP
Click sg-Sales and Marketing.
CLICK STEP
Click Select.
CLICK STEP
Click Done.
CLICK STEP
Under Assignments, click Cloud apps or actions.
CLICK STEP
Click Select apps.
CLICK STEP
Click Select.
CLICK STEP
In the Select pane, click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Click Salesforce.
CLICK STEP
Click Select.
CLICK STEP
Click Done.
CLICK STEP
Under Access controls, click Grant.
CLICK STEP
Click Contoso Terms of Use Policy.
CLICK STEP
Click Select.
CLICK STEP
In the New pane, click the scroll bar to trigger scroll animation.
CLICK STEP
Under Enable policy, click On.
CLICK STEP
Click Create.
CLICK STEP
Click to advance the slide.
An external user’s Terms of Use policy can be verified via the newly enhanced Conditional Access feature. This custom control enables verification of a complete set of terms of use to manage users and group access.
CLICK STEP
Click Salesforce.
CLICK STEP
Click Accept.
POINT OUT:
Point to, but do not click, the warning message.
CLICK STEP
Click Ok.
CLICK STEP
Click Contoso Terms of Use.
CLICK STEP
Click the far-right scroll bar to trigger scroll animation.
CLICK STEP
Click Accept.
When a company policy changes or new compliance rules are to be enforced, Conditional Access for Terms of Use easily manages the changes for all users, in a systematic and targeted way.
CLICK STEP
Click to advance the slide.
The Terms of use blade shows a count of the users who have accepted and declined.
CLICK STEP
In the Contoso – Overview pane, click the scroll bar next to Manage to trigger scroll animation.
CLICK STEP
Under Security, click Conditional Access.
CLICK STEP
Under Manage, click Terms of use.
These counts and who accepted/declined are stored for the life of the Terms of use.
CLICK STEP
Under ACCEPTED, click 1.
POINT OUT:
Point to, but do not click, Isaiah Langer’s status as Accepted.
CLICK STEP
Click to advance the slide.
In the modern workplace, the end user’s needs can easily be at odds with the requirements an IT department faces. Deana runs a lean team in IT and is tasked with modernizing Contoso’s identity and access management solution, all while reducing support costs. Not only is Contoso experiencing a hiring surge to support their latest product, but Deana is dealing with an explosion in the number of apps employees are using every day to do their jobs.
For Isaiah, as a new member of the Sales team, the ability to interact with teammates across groups and even outside the company is important. He must work seamlessly across a wide array of apps, both internal and external. The question is whether he can do all of this securely and easily, and still be empowered to make good decisions for Contoso on his own.
CLICK STEP
Click to advance the slide.
Identity is the center of security. More than ever before, employees, customers and partners share information across devices, locations, and a world of apps. Today, the power of the cloud is leveraged to ensure identities and access to information and apps are seamless and secure.
Let’s look at a specific example of how identity improves both security and productivity–Identity governance.
Identity Governance allows Deana to manage, monitor and audit the end-to-end Identity Access management lifecycle.
CLICK STEP
Under Entitlement management (Preview), click Access packages.
When users request access to resources, governance policies ensure access is granted easily, securely and in line with your security and compliance requirements.
Let me show you how an admin can grant resource access to a partner company using this capability.
CLICK STEP
Click Sales and Marketing.
The admin for Adatum Corporation wants to enable a business partner inside Contoso to collaborate with their Sales and Marketing team. With the new Azure AD Identity Governance feature, he creates an entitlement.
CLICK STEP
Under Manage click Policies.
CLICK STEP
Click Initial Policy.
CLICK STEP
Click Edit.
CLICK STEP
Under Users who can request access, click For users not in your directory.
CLICK STEP
Click the far-right scroll bar to trigger scroll animation.
CLICK STEP
Click + Add directories.
CLICK STEP
Click Search by domain, example: contoso.com to trigger typing animation.
[Presentation will auto type adatum.com.]
CLICK STEP
In the Select directories pane, click the scroll bar to trigger scroll animation.
[Presentation will auto scroll.]
CLICK STEP
Click Add.
CLICK STEP
Click Select.
POINT OUT:
Point to, but do not click, Request approval, Access package expires, and Enable policy.
CLICK STEP
Click Updated.
Entitlements are the cornerstone of governance, and allow the Administrator to group users, resources and policies needed to grant access.
CLICK STEP
Under Manage, click Resource roles.
For this demo, the Adatum Administrator has already created a set of entitlements for his organization. Let’s look at the Sales and Marketing entitlement that will enable employees from Contoso, a partner organization, to collaborate with Adatum.
First, resources must be specified and associated with the entitlement. Here, 2 apps, 1 user group, and 1 SharePoint site are listed. More resources can be added here, as necessary.
CLICK STEP
At the top, click Search resources, services, and docs.
[Presentation will auto type Identity Gov.]
There are quite a few ways to control application access in Azure AD. A lot of organizations use groups in AD or Azure AD to control access. Users can also request application access. The Office 365 Groups feature allows more users across your organization to create their own groups and pick who they want in those groups.
CLICK STEP
Click Identity Governance.
Of course, over time, group memberships and application access assignments can get stale–people change jobs or no longer need access to a particular application. For example, maybe a guest who was given access isn’t affiliated with their original organization any longer. This staleness can cause a problem for protecting business-sensitive assets or applications subject to compliance. To avoid access getting out of hand, organizations can now schedule access reviews to make sure only the users they want to have access to their assets and applications o.
CLICK STEP
Under Access reviews, click Access reviews.
CLICK STEP
Click Salesforce Access Review.
POINT OUT:
Point to, but do not click, Owner, App, Scope, Review status, and Recurrence.
An access review asks users to recertify (or “attest”) to access rights to an app or membership in a group. You can ask users to review their own rights or select reviewers to review everyone in a group, or everyone currently assigned access to an app. You can also ask the group owners to review. And finally, for those organizations that have other processes in place to manage employee access, you can scope the review to include only guest members or guests who have access.
CLICK STEP
Click + to open a new browser tab.
There are two ways users’ access can be reviewed: by group membership or by application access.
The access review is configured to run for a time to allow the reviewers to review and respond. Reviewers will receive an email notification that an access review needs their response.
To review the results, the reviewers can click on the link in the email or access the results via https://myapps.microsoft.com.
CLICK STEP
Click Search or enter web address to trigger typing animation.
CLICK STEP
Click Access reviews.
CLICK STEP
Click Begin review.
For a user that has not signed in recently, the recommendation is access denial. This can be overridden if desired.
In one click, all the Access Review recommendations can be accepted.
When the review period ends, or if the review is manually stopped, the results can then be applied.
CLICK STEP
Click Lynne Robbins.
CLICK STEP
Click Approve.
POINT OUT:
Point to, but do not click, the Reason box is now required.
CLICK STEP
Click Cancel.
CLICK STEP
Click the Salesforce Access Review tab.
Admins can see the results of an access review through Azure Identity Governance at any time once the access review is created. In the Results pane they can see the list of users, the outcome, the recommended action, the reason, and the reviewer for each entry of the access review. Should changes be made to the access review settings, the Admin can use the Audit logs to review them.
CLICK STEP
Under Manage, click Results.
POINT OUT:
Point to, but do not click, User, Outcome, and Reviewed By columns.
CLICK STEP
Under Activity, click Audit logs.
POINT OUT:
Point to, but do not click, Service, Category, Activity, Status, Target(s), and Initiated By columns.
Should an Admin wish to create an access review from scratch, they may do this in the Identity Governance – Access reviews blade.
CLICK STEP
At the top in the breadcrumbs, click Identity Governance – Access reviews.
CLICK STEP
Click + New access review.
Admins can set the frequency, scope, and start date for the review to run. The access review can be targeted to members of a group or to an application. Reviewers can be selected individually or given to group owners. Results of the access review can be auto-applied with or without reviewer response. Once an access review is started it can take some time to complete, so reminders can be sent to reviewers once the review is started and to admins when a review completes.
CLICK STEP
Click the Review name box to trigger typing animation.
[Presentation will auto type Salesforce Access Review Admin.]
CLICK STEP
Click Members of a group.
CLICK STEP
Click Assigned to an application.
CLICK STEP
Click the far-right scroll bar to trigger scroll animation.
CLICK STEP
Click Everyone.
CLICK STEP
Click Select an application.
CLICK STEP
Click Search by name or email address to trigger typing animation.
[Presentation will auto type S.]
CLICK STEP
Click Salesforce.
CLICK STEP
Click Select.
CLICK STEP
Click 0 users selected.
CLICK STEP
Click Search by name or email address to trigger typing animation.
[Presentation will auto type MOD.]
CLICK STEP
Click MOD Administrator.
CLICK STEP
Click Select.
CLICK STEP
Click Start.
CLICK STEP
Click to advance the slide and end the presentation.