Enterprise Mobility Suite- Azure AD Premium
•
2 likes•1,240 views
The document discusses enterprise mobility suite (EMS) and its hybrid identity capabilities. EMS provides single sign-on, self-service experiences, and a common identity across cloud and on-premises applications. It enables a unified user experience with a single verified identity that spans both environments. EMS reduces the burden on IT by integrating identity management and lowering risks through a single solution rather than separate cloud and on-premises identities.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Enterprise Mobility Suite- Azure AD Premium
Similar to Enterprise Mobility Suite- Azure AD Premium (20)
More from Lai Yoong Seng
More from Lai Yoong Seng (20)
Recently uploaded
Recently uploaded (20)
Enterprise Mobility Suite- Azure AD Premium
- 1. Enterprise Mobility Suite (EMS) Lai Yoong Seng | MVP Hyper-V Senior Consultant | Yoongseng.lai@infrontconsulting.com
- 4. Single sign-on Self-service experiences Common identity Conditional access SaaS applications EMS Access & information protection Mobile device & application management Hybrid identity
- 7. User’s identity ••••••••••••• Username ? New app Identity layer ITUser On-premises
- 9. User’s identity ••••••••••••• Username ? Forgot your password? ITUser Cloud On-premises
- 10. User’s identity ••••••••••••• New device ITUser Cloud On-premises Policy control SaaS discovery
- 12. Identity: Cloud, Sync or Federated? Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud
- 17. Enriched user experience through a single, verified identity Unified across cloud and on-premises with single sign-on Integrated identity solution reduces risk across the business Reduced IT burden of creating and managing multiple identities
Editor's Notes
- On previous slide we saw 3 components Devices Lock down app Lock down of files
- Identity is the core components. The best is 1 identity to control access to devices, app & files. In this scenario: AD With federated active directory and sync to Azure AD, we can achieve SSO. Do not require to key in password. In case staff forget password. They can go to portal and perform self service password reset. Which reduce the burden of IT staff. With 1 identify able access to multiple corporate SaaS. When access app, the most common scenario is use user name & app. To enhance security, you can enable additional security called “MFA”.
- Technology suppose to assist people and not create a burden and prevent people from using it. Now let into a scenario: A (Jane)busy woman staff which has multiple app that she need to access. 1 app – 1 identity What happen when 30 app and 30 user name and password that she need to access.
- Soon or later. She will forget password! If you’re IT, How to solve this issue? Let look into your scenario: Active Directory on-premise. If yes, let start to sync username and password to Azure Active Directory. Password is hash and protected. Read need to rehash Once it is sync to AAD, you can now login with same user name and password exactly on-prem and link to multiple SaaS.
- When introduce new app, you do not need to create user name & password
- By sync to AAD, you can have 1 common identity to access all password and achieve single sign on (without need to key in password)
- That’s not all – if our User forgets a password (and that has happened), she doesn’t need to call the helpdesk – there’s a self-service password reset facility. IT can carry on.
- Identify SaaS app. You can use Azure AD Discovery to detect SaaS
- Let’s say our User travels a lot and has been known to lose a device or two. Our IT Pro has the peace of mind to know that his Hybrid Identity solution will allow him to spot anomalies in user behavior. Even our User is unlikely to be accessing her expense account from New York at 9am and Bangkok at 10am.
- Central console to manage user account, group -configuration Set MFA Change page branding SaaS
- Once activated Azure AD Premium, the system will monitor, learn and detect on abnormal behavior Scenario- cannot from 2 different location. Authentication 1st level using user name & password 2nd level – use MFA Use app code Use phone Use sms
- So, in summary – Hybrid Identity as part of the Microsoft solution for Enabling Enterprise Mobility puts your user at the center of the solution and gives IT an integrated identity management solution that reduces risk across the business.