Azure AD & Azure AD B2C provide identity and access management services. Azure AD is primarily for enterprise use, allowing single sign-on for Office 365, Azure, and other cloud services. It offers features like multi-factor authentication, application access control, and on-premises Active Directory synchronization. Azure AD B2C is designed more for consumer-facing apps and allows fully customizable login experiences and identity providers like social accounts and local usernames. Both services provide user management and authentication capabilities for applications.
Azure Sentinel is Microsoft's cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution. It provides intelligent security analytics and threat detection across on-premises, cloud, and hybrid environments. Azure Sentinel collects data from various sources using connectors and agents, then analyzes the data using machine learning to detect threats and automate responses. It integrates with other Microsoft security solutions and allows threat hunting and visualization of security incidents.
This document provides an overview of Azure Active Directory and its capabilities for identity and access management. It discusses key use cases such as providing secure access to applications, protecting access to resources from threats, automating user lifecycle management, and complying with regulations. It describes Azure AD features for conditional access, multi-factor authentication, application management, user provisioning, privileged identity management, and more. The document also compares Azure AD and Azure AD B2C and their suitability for business and consumer-facing applications respectively.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
- Azure provides a unified platform for modern business with compute, data, storage, networking and application services across global Azure regions and a consistent hybrid cloud.
- Azure focuses on security and privacy with an emphasis on detection, response, and protection across infrastructure, platforms and applications.
- Security is a shared responsibility between Microsoft and customers, with Microsoft providing security controls and capabilities to help protect customer data and applications.
This document provides an overview of Microsoft Azure security features, including:
- Shared responsibility model where Microsoft secures the platform and customers secure their data and applications
- Identity and access management, encryption of data at rest and in transit, network security controls, and logging/monitoring capabilities
- Security Center provides visibility into threats and advanced analytics to detect attacks
- Operations Management Suite allows collecting logs from Azure, on-premises, and other clouds to analyze security events
- Microsoft works with partners to provide additional virtual network appliances and security solutions to customers
Azure AD & Azure AD B2C provide identity and access management services. Azure AD is primarily for enterprise use, allowing single sign-on for Office 365, Azure, and other cloud services. It offers features like multi-factor authentication, application access control, and on-premises Active Directory synchronization. Azure AD B2C is designed more for consumer-facing apps and allows fully customizable login experiences and identity providers like social accounts and local usernames. Both services provide user management and authentication capabilities for applications.
Azure Sentinel is Microsoft's cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution. It provides intelligent security analytics and threat detection across on-premises, cloud, and hybrid environments. Azure Sentinel collects data from various sources using connectors and agents, then analyzes the data using machine learning to detect threats and automate responses. It integrates with other Microsoft security solutions and allows threat hunting and visualization of security incidents.
This document provides an overview of Azure Active Directory and its capabilities for identity and access management. It discusses key use cases such as providing secure access to applications, protecting access to resources from threats, automating user lifecycle management, and complying with regulations. It describes Azure AD features for conditional access, multi-factor authentication, application management, user provisioning, privileged identity management, and more. The document also compares Azure AD and Azure AD B2C and their suitability for business and consumer-facing applications respectively.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
- Azure provides a unified platform for modern business with compute, data, storage, networking and application services across global Azure regions and a consistent hybrid cloud.
- Azure focuses on security and privacy with an emphasis on detection, response, and protection across infrastructure, platforms and applications.
- Security is a shared responsibility between Microsoft and customers, with Microsoft providing security controls and capabilities to help protect customer data and applications.
This document provides an overview of Microsoft Azure security features, including:
- Shared responsibility model where Microsoft secures the platform and customers secure their data and applications
- Identity and access management, encryption of data at rest and in transit, network security controls, and logging/monitoring capabilities
- Security Center provides visibility into threats and advanced analytics to detect attacks
- Operations Management Suite allows collecting logs from Azure, on-premises, and other clouds to analyze security events
- Microsoft works with partners to provide additional virtual network appliances and security solutions to customers
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
If you struggle with identity manager and the user sign-in experience for your consumer applications and websites; here we are going to take a closer look at the custom implementation of Azure AD B2C for one big banking product with thousands of users daily. Azure AD B2C is a service to help you reliably and securely maintain user accounts of the B2C applications. We show you the scenes of the developer's journey that made it possible, some solutions and how we connected existing web and mobile apps and allowed users to sign-in and use existing APIs painlessly.
Microsoft Azure is a cloud computing platform offering various services including computing, storage, databases, and web hosting. Azure operates out of 32 regions worldwide. It offers three main service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). App Service is a PaaS offering that allows users to build, deploy, and manage web applications, REST APIs, mobile back ends, and web jobs. Traffic Manager helps distribute user traffic between different endpoints for availability and performance. It uses DNS to route clients to the optimal endpoint based on factors like location and health.
This document summarizes a presentation about using Azure Active Directory (Azure AD) for identity governance.
The presentation discusses how Azure AD features like Privileged Identity Management, Terms of Use, Entitlement Management, and Access Reviews can help address four challenges: 1) too many users had privileged access, 2) a need to enforce non-disclosure agreements, 3) streamlining access to resources, and 4) gaining visibility on guest users. Each Azure AD feature is mapped to a specific challenge.
The presentation concludes that Azure AD identity governance features can help govern the identity lifecycle, govern access, secure privileged access, and meet compliance requirements. Resources are provided for further reading. Feedback is requested from attendees.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
This document summarizes Microsoft Azure Active Directory (Azure AD) and how it compares to on-premises Active Directory Domain Services (AD DS). Azure AD provides identity and access management in the cloud, while AD DS is installed on-premises. Key differences include Azure AD being multi-tenant, lacking group policy support, and using REST APIs instead of LDAP. The document also outlines integrating Azure AD and AD DS through synchronization and federation for single sign-on capabilities across cloud and on-premises applications and services.
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
With more than a decade of organizations running large data & analytics workloads in the cloud, Microsoft have extended their architecture framework to provide best practices and guidance for businesses. In this session, we’ll introduce the 'Well Architected Framework', go into detail about effective data architectures, and give you concrete next steps you can take whether you already have a cloud data architecture or are planning your first implementation.
Azure Key Vault is a cloud service that securely stores keys, secrets, and certificates. It allows storing cryptographic keys and secrets that applications and services use while keeping them safe from unauthorized access. Key Vault uses hardware security modules to encrypt keys and secrets. Typical applications would store secrets like connection strings in Key Vault rather than configuration files for improved security and management. Key Vault integrates with Azure Active Directory for authentication so applications can access secrets securely.
A description of Azure Key Vault. Why do we need Azure Key Vault where does it fit in a solution. The details of storing keys, secrets and certificate inside of key vault. Using key vault for encryption and decryption of data
Azure Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution that uses built-in machine learning to detect threats and allows security teams to automate responses. It collects security data from across an organization, including Microsoft 365 data for free. Azure Sentinel is scalable and has no infrastructure costs, with customers only paying for resources used. It integrates with existing security tools and data sources.
Azure Active Directory - External Identities Demo Cheah Eng Soon
The document discusses configuring external identities in Azure Active Directory. It mentions partner authentication with Azure AD and consumer identity providers. It also discusses verifying identities with IDology and lists several organization names, addresses, and contact emails.
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
Microsoft 365 and Microsoft Cloud App SecurityAlbert Hoitingh
The document discusses Microsoft Cloud App Security (MCAS), which provides security, compliance, and risk management for cloud apps and Microsoft 365. MCAS allows organizations to discover cloud app usage, control user access through conditional access policies, protect sensitive information, and detect threats. It provides these capabilities for Office 365 as well as third-party cloud apps and infrastructure as a service. The document provides an overview of MCAS capabilities and some example usage scenarios.
One of the major concerns for most organizations considering cloud services is security in the cloud. Are you looking to secure your cloud environment or services, no matter what they may be – data, operating system, domain or applications from intrusion and vulnerabilities? Azure Active Directory is Microsoft's multi-tenant, cloud-based directory, and identity management service helping secure your cloud and on-premise environments.
In this presentation, we discussed Azure Active Directory (Azure AD) Identity Protection, Conditional Access, Identity Management which uses AI and machine learning capabilities to help secure your cloud environment – Office 365 and Azure. In this session, we discussed
Advanced features of Azure AD
Demonstrate the detection capabilities, and real-time prevention
Azure Active Directory B2C allows developers to add user authentication and authorization to web applications without having to build out identity management functionality. It provides single sign-on capabilities and handles security tokens through OAuth 2 and OpenID Connect while developers focus on their application logic. The presentation demonstrates how to use Azure AD B2C through code samples to avoid security vulnerabilities and implementation details while gaining centralized identity management through a policy manager.
This document summarizes Microsoft's security offerings and challenges in securing organizations. It discusses Microsoft surpassing $10 billion in security revenue due to comprehensive protection across devices, cloud services, and on-premises. Conditional access and multi-factor authentication are highlighted to maximize security and productivity. Microsoft provides many integrated security services like Azure Sentinel and Cloud App Security to detect threats using machine learning. The document encourages using default security settings and automation across Microsoft's security services.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Building an Enterprise-Grade Azure Governance ModelKarl Ots
This document summarizes Karl Ots's presentation on building an enterprise-grade Azure governance model. The presentation covers key decisions for an Azure governance model including subscription structure, organization-wide controls, user access management, and the Azure provisioning process. It also discusses the roles of governance and cloud strategy. Specific technical implementations of governance controls like Azure Policy, role-based access control, and shared networking services are described.
CSF18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
The document discusses Azure Active Directory B2B, which allows organizations to securely share access to resources with external users. It covers why organizations use AAD B2B, key benefits like access from any app or identity, and security capabilities. The document demonstrates inviting guest users through the AAD portal and via PowerShell/APIs, applying conditional access policies, and automating guest user management with Azure Functions. It addresses some current limitations and takes questions at the end.
Dear Azure: External collaboration with Azure AD B2BSjoukje Zaal
The document discusses Azure Active Directory B2B, which enables organizations to securely collaborate with external users. It provides key benefits like easy access to apps and data without requiring external directories or accounts. Admins can invite guest users via email or APIs and set access policies. The presentation demonstrates inviting and adding guest users through the Azure portal, PowerShell scripts, a self-service portal sample app, and integrating B2B with SharePoint Online using PowerApps and Flow. Current limitations like potential double MFA and directory limits are also noted.
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
If you struggle with identity manager and the user sign-in experience for your consumer applications and websites; here we are going to take a closer look at the custom implementation of Azure AD B2C for one big banking product with thousands of users daily. Azure AD B2C is a service to help you reliably and securely maintain user accounts of the B2C applications. We show you the scenes of the developer's journey that made it possible, some solutions and how we connected existing web and mobile apps and allowed users to sign-in and use existing APIs painlessly.
Microsoft Azure is a cloud computing platform offering various services including computing, storage, databases, and web hosting. Azure operates out of 32 regions worldwide. It offers three main service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). App Service is a PaaS offering that allows users to build, deploy, and manage web applications, REST APIs, mobile back ends, and web jobs. Traffic Manager helps distribute user traffic between different endpoints for availability and performance. It uses DNS to route clients to the optimal endpoint based on factors like location and health.
This document summarizes a presentation about using Azure Active Directory (Azure AD) for identity governance.
The presentation discusses how Azure AD features like Privileged Identity Management, Terms of Use, Entitlement Management, and Access Reviews can help address four challenges: 1) too many users had privileged access, 2) a need to enforce non-disclosure agreements, 3) streamlining access to resources, and 4) gaining visibility on guest users. Each Azure AD feature is mapped to a specific challenge.
The presentation concludes that Azure AD identity governance features can help govern the identity lifecycle, govern access, secure privileged access, and meet compliance requirements. Resources are provided for further reading. Feedback is requested from attendees.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
This document summarizes Microsoft Azure Active Directory (Azure AD) and how it compares to on-premises Active Directory Domain Services (AD DS). Azure AD provides identity and access management in the cloud, while AD DS is installed on-premises. Key differences include Azure AD being multi-tenant, lacking group policy support, and using REST APIs instead of LDAP. The document also outlines integrating Azure AD and AD DS through synchronization and federation for single sign-on capabilities across cloud and on-premises applications and services.
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
With more than a decade of organizations running large data & analytics workloads in the cloud, Microsoft have extended their architecture framework to provide best practices and guidance for businesses. In this session, we’ll introduce the 'Well Architected Framework', go into detail about effective data architectures, and give you concrete next steps you can take whether you already have a cloud data architecture or are planning your first implementation.
Azure Key Vault is a cloud service that securely stores keys, secrets, and certificates. It allows storing cryptographic keys and secrets that applications and services use while keeping them safe from unauthorized access. Key Vault uses hardware security modules to encrypt keys and secrets. Typical applications would store secrets like connection strings in Key Vault rather than configuration files for improved security and management. Key Vault integrates with Azure Active Directory for authentication so applications can access secrets securely.
A description of Azure Key Vault. Why do we need Azure Key Vault where does it fit in a solution. The details of storing keys, secrets and certificate inside of key vault. Using key vault for encryption and decryption of data
Azure Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution that uses built-in machine learning to detect threats and allows security teams to automate responses. It collects security data from across an organization, including Microsoft 365 data for free. Azure Sentinel is scalable and has no infrastructure costs, with customers only paying for resources used. It integrates with existing security tools and data sources.
Azure Active Directory - External Identities Demo Cheah Eng Soon
The document discusses configuring external identities in Azure Active Directory. It mentions partner authentication with Azure AD and consumer identity providers. It also discusses verifying identities with IDology and lists several organization names, addresses, and contact emails.
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
Microsoft 365 and Microsoft Cloud App SecurityAlbert Hoitingh
The document discusses Microsoft Cloud App Security (MCAS), which provides security, compliance, and risk management for cloud apps and Microsoft 365. MCAS allows organizations to discover cloud app usage, control user access through conditional access policies, protect sensitive information, and detect threats. It provides these capabilities for Office 365 as well as third-party cloud apps and infrastructure as a service. The document provides an overview of MCAS capabilities and some example usage scenarios.
One of the major concerns for most organizations considering cloud services is security in the cloud. Are you looking to secure your cloud environment or services, no matter what they may be – data, operating system, domain or applications from intrusion and vulnerabilities? Azure Active Directory is Microsoft's multi-tenant, cloud-based directory, and identity management service helping secure your cloud and on-premise environments.
In this presentation, we discussed Azure Active Directory (Azure AD) Identity Protection, Conditional Access, Identity Management which uses AI and machine learning capabilities to help secure your cloud environment – Office 365 and Azure. In this session, we discussed
Advanced features of Azure AD
Demonstrate the detection capabilities, and real-time prevention
Azure Active Directory B2C allows developers to add user authentication and authorization to web applications without having to build out identity management functionality. It provides single sign-on capabilities and handles security tokens through OAuth 2 and OpenID Connect while developers focus on their application logic. The presentation demonstrates how to use Azure AD B2C through code samples to avoid security vulnerabilities and implementation details while gaining centralized identity management through a policy manager.
This document summarizes Microsoft's security offerings and challenges in securing organizations. It discusses Microsoft surpassing $10 billion in security revenue due to comprehensive protection across devices, cloud services, and on-premises. Conditional access and multi-factor authentication are highlighted to maximize security and productivity. Microsoft provides many integrated security services like Azure Sentinel and Cloud App Security to detect threats using machine learning. The document encourages using default security settings and automation across Microsoft's security services.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
Building an Enterprise-Grade Azure Governance ModelKarl Ots
This document summarizes Karl Ots's presentation on building an enterprise-grade Azure governance model. The presentation covers key decisions for an Azure governance model including subscription structure, organization-wide controls, user access management, and the Azure provisioning process. It also discusses the roles of governance and cloud strategy. Specific technical implementations of governance controls like Azure Policy, role-based access control, and shared networking services are described.
CSF18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
The document discusses Azure Active Directory B2B, which allows organizations to securely share access to resources with external users. It covers why organizations use AAD B2B, key benefits like access from any app or identity, and security capabilities. The document demonstrates inviting guest users through the AAD portal and via PowerShell/APIs, applying conditional access policies, and automating guest user management with Azure Functions. It addresses some current limitations and takes questions at the end.
Dear Azure: External collaboration with Azure AD B2BSjoukje Zaal
The document discusses Azure Active Directory B2B, which enables organizations to securely collaborate with external users. It provides key benefits like easy access to apps and data without requiring external directories or accounts. Admins can invite guest users via email or APIs and set access policies. The presentation demonstrates inviting and adding guest users through the Azure portal, PowerShell scripts, a self-service portal sample app, and integrating B2B with SharePoint Online using PowerApps and Flow. Current limitations like potential double MFA and directory limits are also noted.
Azure Active Directory B2B enables organizations to securely collaborate with external users by providing access to applications, documents, and data. Key benefits include supporting any user identity, easy administration for both admins and users, and enterprise-grade security. Admins can invite guest users via email or APIs/PowerShell, set sharing policies and conditional access controls, and customize the onboarding experience.
Azure Saturday: External Collaboration With Azure AD B2BSjoukje Zaal
Azure Active Directory Business-to-Business (Azure AD B2B) enables organizations to securely collaborate with external users by allowing invited guest users to access internal applications and resources using their existing credentials. The key benefits of Azure AD B2B include supporting users from any identity source, simple and secure access management, and enterprise-grade security for shared applications and data. Admins can invite guest users through the Azure portal or customize the invitation process using PowerShell and APIs. Guest users receive an invitation email to access shared resources after accepting terms and conditions. Conditional access policies and auditing capabilities provide control and visibility over external user access.
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
This document discusses Azure Active Directory B2B collaboration, which allows organizations to securely share resources and applications with external users. It provides an overview of Azure B2B capabilities, including inviting guest users via email, setting conditional access policies, and customizing the user onboarding experience. The document demonstrates configuring Azure B2B through the Azure portal and PowerShell, and compares external sharing options in Azure B2B and Office 365 applications like SharePoint.
Intelligent Cloud Conference: Azure AD B2C Application security made easySjoukje Zaal
Azure Active Directory B2C (Azure AD B2C) is an identity management service that allows customization of how customers interact with applications. It provides secure, scalable authentication with minimal application code. Key capabilities include default and social identity providers, single sign-on, multi-factor authentication, and custom user flows and policies. The demos illustrated creating a user flow, configuring an identity provider, customizing the UI, and enabling multi-factor authentication.
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!Anco Stuij
An Azure AD B2B solution allows for safe collaboration between users from different organizations. It provides a simple, safe, and free way to invite external users to access resources like Office 365 groups without complex infrastructure setup. The presenters demonstrate how to invite an external user to access an Office 365 group using Azure AD B2B and discuss some conditions and considerations for using the solution.
DevSum: Azure AD B2C Application security made easySjoukje Zaal
This document summarizes a presentation about Azure Active Directory B2C (Azure AD B2C). It discusses what Azure AD B2C is, its key benefits including being highly available, scalable, secure, and flexible. It covers capabilities like default and social identity providers, single sign-on, and multi-factor authentication. It also outlines demo sections covering registering an application, creating user flows, configuring identity providers, customizing the UI, and enabling multi-factor authentication.
SPS Zurich 2018 - Azure Logic Apps: the new workflow engineDavid Schneider
This document summarizes a presentation about Azure Logic Apps. It introduces Logic Apps as a configuration-first integration platform that allows automating business processes and integrating cloud and on-premises systems through a no-code designer or code view. It describes built-in API connectors, when to use Azure Functions instead, and compares Logic Apps to Microsoft Flow. The document also provides examples of using Logic Apps with cognitive services and best practices for Logic App development.
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
Windows Azure Active Directory provides easy-to-use, multi-tenant identity management services for applications running in the cloud and on any device and any platform. Originally created to support Office 365 it is now available as an Azure service. On November 28th, 2012 Microsoft shared that Windows Azure Active Directory (AD) has processed 200 BILLION authentications.
“At Microsoft, we have been on a transformative journey to cloud computing and we have been working with customers every step of the way. Millions of customers have embraced the cloud and we are excited to share the news that we’ve reached a major milestone in cloud scale computing. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. This is a massive workload when you consider others in the industry are attempting to process 7B logins per year, Azure processes close to that amount in a week.
These numbers sound big right? They are. To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around the world. Not only are we processing a huge number of authentications but we’re doing it really fast! We respond to 9,000 requests per second and in the U.S. the average authentication takes less than 0.7 seconds. That’s faster than you can get your coffee from your cup and into your mouth! (Do not attempt this at home :-))!”
In this session we will take a tour of Windows Azure Active Directory to learn about its capabilities, interfaces and supported scenarios, and understand how you can take advantage of the features in your application.
This document provides an overview of Microsoft Azure Active Directory (Azure AD). Azure AD is a cloud-based identity and access management solution that can be used as a standalone directory or integrated with an existing on-premises Active Directory. It allows single sign-on access to SaaS applications and stores user identity data in the cloud. Premium versions of Azure AD provide additional features like self-service password reset and security reports. Administrators can manage users, groups, applications and domains through the Azure AD portal.
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
In this Webinar, Envision IT demonstrates how to set up ADFS so that staff are automatically signed in to their corporate network, and external users are provided with a rich login experience. View more details and the webinar recording here:
http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-Office-365.aspx
Azure Networking, Azure Storage, Enterprise Azure Active Directory, Daemon or Server application authentication workflow, Worker processes, Daemon, Daemon application to Web API, Azure Active Directory in old azure portal, ASM, Azure active directory and Mutl-tenant applications, Sharding, Federation, Shared singe, RBAC, Differences between AAD and AD DS, Azure AD Subscription models, Azure Domain Names, Manage Users, Groups,Co-Admin Role, Default Azure Active Directory, Adding access to another azure subscription. Contributor, Owner , Roles in Azure Subscriptions, Roles, MFA, Multi-Factor Authentication, How does MFA works, Scenarios for Azure MFA, Setting up MFA in Azure AD, Setting MFA, Azure Authenticator, Hybrid AD solutions, AD DS, Federated Trust, Domain Controller, AD, AAD Connecter, AD FS, AAD, Active Directory Password synchronization, Benefits of Active Directory, Active Directory Replication, vulnerabilities with multiple Domain Controller, Azure AD features, Synchronization with AD Connect, Write-back policies, Azure AD Health COnnect, Installing Azure AD COnnect Health,Integrating Azure AD and SaaS Applications, Benefits of using SaaS Solutions with your products, Benefits of SaaS Solutions, Azure Marketplace, DropBox Integrations with AAD, New Relic Integrations, New Relic, Dropbox, Azure AD Enterprise Application, VSTS integration for Automated Builds, Federation Overview, Claims, Single Sign On, Federated Trusts, Claim based authentications, Federated trusts, Claims Processing, Web Application Proxy, ADFS Proxy, ADFS 2.0 Proxy, How does ADFS proxy works for internal users, How does ADFS proxy works for internal users,Azure AD B2C Directory, B2C applications, Business 2 Customers application, 3rd Party Authentication, Bearer Token, OAuth, 3rd Party Identity Provider, OAuth server, Azure AD B2C Authentication & Authorization, Implementing Azure AD B2C Directory, Setting up Single Sign On with Facebook, Google, Microsoft. Linkedin, SignUP Policies, SignIN Policies, Email SignUp, SignUpSignIN PolicyID, Configuring Application with Azure Application ID,Modern Applications, Requirements for Modern Apps, API, Logic Applications, Mobile App, Web App, Function App, Go To Market, Microsoft Application Platform, App Service Plan, App Service Environment - Private Infrastructure, Why use App Service, App service Features & Capabilities, Azure App Service, Virtual Machine, Service Fabric & Cloud Services Comparison, Creating a Mobile App, Swagger UI, API Apps, API management, API APPS & API Management, Implementing API APP via Visual Studio,
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Marius Zaharia
Today's complex enterprise environments involve the existence of multiple identity structures, especially in the case of cloud resource management. The management and governance of Azure Active Directory tenants, cloud & federated identities, and authorizations and roles on Azure subscriptions and resources, is the purpose of this session.
Working with credentials for Azure resources, you want to avoid storing your credentials in repositories when possible. In this session, we will talk about some of the options for working with credentials in Azure development without checking them into repositories - including managed identities, DefaultAzureCredential, and ChainedTokenCredential.
This document provides an overview of Azure Active Directory (Azure AD) presented by Max Fritz. It defines Azure AD as Microsoft's cloud-based identity and access management service. It describes key Azure AD features like single sign-on, multi-factor authentication, self-service password reset, and conditional access. It also explains how to connect Azure AD to an on-premises Active Directory using Azure AD Connect and how to access Azure AD using the Azure portal or PowerShell.
The document discusses hybrid cloud applications using Azure and Azure Stack. It describes Azure Stack as an extension of Azure that allows using Azure services on-premises. Data and applications can be shared between private and public clouds using a hybrid cloud environment. The document also covers data migration to Azure SQL Database Managed Instance, hybrid identity using Azure AD Connect, and hybrid CI/CD pipelines that allow deploying applications to both Azure and Azure Stack.
Experts Live NL 2018 - Extern delen van data in Office 365Maarten Eekels
Slides for my session on external data sharing in Office 365 for the Experts Live Netherlands 2018 conference. Topics include sharing in SharePoint, Teams, how to govern sharing settings, invitations, and leveraging Azure AD B2B
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It provides identity management capabilities for cloud, mobile, and on-premises applications. Azure AD uses the same Active Directory that many organizations already have on-premises but extends it to cloud services. It allows single sign-on for access to Office 365, Azure, and thousands of SaaS applications. Azure AD Premium provides additional advanced capabilities for security, access management, application management, and identity protection.
The document discusses technologies from Microsoft including Azure Active Directory, Azure Table Storage, Logic Apps, Machine Learning, and Mixed Reality. It provides an overview of each technology and examples of how to create applications that integrate them, such as creating an Azure AD application, using a Logic App to store messages from Microsoft Teams in Table Storage, training a sentiment model with Machine Learning Studio and accessing it via a web service, and building a Mixed Reality app for HoloLens using these other technologies.
Similar to External collaboration with Azure B2B (20)
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
3. Agenda
What is Azure B2B?
Why Azure B2B?
Key Benefits and Capabilities
Demos!
Automating Adding Guest Users
More Demos!
4. What is Azure Active Directory B2B?
Azure Active Directory Business-to-Business (B2B) enables any
organization to work safely and securely with users from any
other organization.
5. Why use Azure Active Directory B2B?
-Gives Access to:
• Azure & Office 365 resources
• Custom Applications
• Third Party Applications
• Documents & data
6. Key Benefits
• Works with any user
• Azure AD not required
• Users can use their own
identities
• No external directories
• Simple & Secure
• Easy for admins and users
• Access to any app and data
• Enterprise-grade security for
apps and data
• No external account
management
7. Capabilities
• Invite guest users by email
• Conditional Access Policies
• Sharing Policies
• Azure AD Identity Protection
• Auditing and Reporting
• Customize onboarding using
PowerShell & Invitation APIs
• Licensing: 1:5 ratio
8. Flow of Adding Guest Users
Admin adds
guest user
to Azure
AD
Guest user
receives an
invitation
email
Guest user
clicks link in
the
invitation
Guest user
logs in with
own
account
Guest user
accepts the
privacy
statement
Guest user
is
redirected
to the App
landing
page
13. Demo
Summary • User receives invitation
• User accepts the invitation
• User logs in using own credentials
• User accepts the privacy terms
• User can access the applications
14. Add Guest Users Without Invitation
Guest
Invitor
Directory
Role
Sending
out a
direct
link
16. Invitation Customization
• With PowerShell / API Invitations you can:
• Customize email messages
• Add a display name for the user
• Add CCs to the messages
• Suppress invitation email messages altogether
• Set the invitation redirect URL
19. Demo
Summary • Download the latest Azure Active Directory
PowerShell for Graph
• https://www.powershellgallery.com/packages/
AzureADPreview/2.0.1.18
• Create a CSV file with email addresses
• Create accounts with PowerShell
20. Conditional Access
• Premium Azure AD
• At Tenant, app or user level
• Same policies as internal users
• Easy to set policies for guest users (Preview)
22. Demo
Summary • Create a new Conditional Access Policy
• Select “All Guest Users”
• Enable MFA for guest users
• Logged in as a guest user
• Used MFA to access the application
26. Demo
Summary • Add a guest user using Self Service Portal
• Approve or deny guest user
• Create custom email templates
• Set a different redirect URL
Technically this means that all external users are added to a subdirectory inside Azure AD.
External users can use their own credentials to login to all the Azure features and resources.
Enterprise Grade Security:
Azure AD Premium features are also available for B2B users.
Sharing Policies
User policies to delegate the invitation of guest users to other users inside your organization. Or turn off invitations.
Azure Active Directory Identity Protection:
Only in Azure AD Premium P2
Is a feature of Azure AD which helps you prevent and detect against identity attacks. It helps discovering compromised identities, support for investigating security events and more.
Auditing and Reporting
Provides information about which users are invitited, updated and deleted. When invitations are redeemed and more.
https://myapps.microsoft.com
Add Guest users to Azure AD
Add Guest users to a group
Add Guest users and groups to an application
- External users without a personal Microsoft account or Work / School account, need to provide an password when they log in to the site for the first time.
The subject of the email follows the following pattern: You're invited to the <tenantname> organization
Information workers can use the Application Access Panel to add B2B collaboration users to groups and applications that they administer.
Guest Invitor Directory Role
The admin can to add a user, internal or guest, to the Guest inviter directory role. Then this user can add guest users to Azure AD, Groups or applications using the UI or PowerShell without the need for invitations te be redeemed.
Sending out a direct link
https://myapps.microsoft.com
After a guest user has been added to the directory in Azure AD, an application owner can send the guest user a direct link to the app they want to share. The administrator needs to enable:
Self-Service Group Management for the tenant.
Create a group for the App and make the user an owner.
Configure the App for Self Service and add the group to the app
Open Azure Portal -> Azure AD
Groups -> General
Turn on Self Service Management
Go to Enterprise Applications -> Select the App
Left Menu: Self Service
Allow users to request access to this application – YES
Add the External AD Users group
Left Menu: Groups
Owners : User
Go to myapps.Microsoft.com
Click Groups
Add external user.
Azure Active Directory PowerShell for Graph - Public Preview Release 2.0.1.18
Azure Automation
Write runbooks graphically in PowerShell or Python to integrate Azure services and other public systems required for deploying, configuring, and managing your end-to-end processes. Orchestrate across on-premises environments using a hybrid runbook worker to deliver on-demand services.
Trigger automation from ITSM, DevOps, and monitoring systems to fulfill requests and ensure continuous delivery and management.
Azure Functions
Designed to be small and fast. You can build Serverless Functions that scale easily. Using multiple programming languages, without worrying worry about servers or infrastructure.
Azure functions
-
1. When MFA is turned on at the resource organization and at the partner organization, users might to perform MFA twice.
2. Azure AD B2B is subject to Azure AD service directory limits. For details about the number of directories a user can create and the number of directories to which a user or guest user can belong, see Azure AD service limits and restrictions.
3. Users are added to one directory instance and updated when the invitation is redeemed. When the call is made to retrieve the user object, it is possible that is retrieved from another instance. So replication latencies can occur…