This document provides information about an instructor named Mika Seitsonen. It includes his qualifications such as degrees from the University of Nottingham and Lappeenranta University of Technology. It also lists his certifications and experience as a senior consultant specializing in technology experts at Sovelto. The rest of the document discusses topics around Azure Active Directory including what it is, its editions, features, and how it can be used to manage user identities and applications in the cloud and on-premises.

1. Vartti tunnista
Azure Active Directory
Mika Seitsonen

2. Kouluttajanne Mika Seitsonen
• Faktat
• M.Sc., University of Nottingham, U.K.
• DI, Lappeenrannan teknillinen yliopisto
• Co-author of "Inside Active Directory"
• Sovelto
• Senior-konsultti, vt. osaamisaluevastaava:
Teknologia-asiantuntijat
• Microsoft Certified Trainer (MCT) vuodesta
1997, Microsoft Certification ID 414xxx
• MCSE: Communications
• MCSA: Office 365, Windows 2008, Windows 7
• MS: Implementing Microsoft Azure
Infrastructure Solutions
• Yhteystiedot
• e-mail mika.seitsonen@sovelto.fi
• Twitter @MikaSeitsonen
• Moottoriurheil(ija)un innokas seuraaja
• Kuvattuna Päijänteen Ympäriajo:ssa 2009

3. Identity considerations: Cloud, Sync or Federated?

 

Cloud identity provides a
solution where all identity
resides in the cloud
Federated identity allows
customers to retain all
authentication on-premises
Identity sync enables
customers to bridge their
existing identity into the cloud
B2B federated identity allows
customers to securely share and
collaborate with each other

4. Self-service Single
sign on
•••••••••••
Username
Identity as the control plane
Simple
connection
Cloud
SaaS
Azure
Office 365Public
cloud
Other
Directories
Windows Server
Active Directory
On-premises Microsoft Azure Active Directory

5. A comprehensive identity and access
management cloud solution.
It combines directory services,
advanced identity governance,
application access management and
a rich standards-based platform for
developers
It is available in 3 editions: free, Basic
and Premium
What is Azure Active Directory?

6. No Object Limit No Object Limit
No Limit
Advanced Security
Reports
Yes(Advanced)**
Premium
+ Basic
Features
Group-based access management/provisioning Yes Yes
Self-Service Password Reset for cloud users Yes Yes
Company Branding (Logon Pages/Access Panel customization) Yes Yes
SLA Yes Yes
Kurantti informaatio osoitteessa
https://msdn.microsoft.com/en-us/library/dn532272.aspx

8. Azure Active Directory Connect*
Microsoft Azure
Active Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services
( SOAP, JAVA,
REST)
*

9. Azure Active Directory Connect
Consolidated deployment assistant for your
identity bridge components
Progressive learning while configuring the
components
ADFS is optional
DirSync
Azure Active
Directory Sync
FIM+Azure Active
Directory Connector
Sync Engine

10. Microsoft Azure
Microsoft Azure

11. SaaS appsMicrosoft Azure
Active DirectoryOther Directories

12. Microsoft Azure Active Directory
Identities and applications in one place.
Web Apps
(Azure Active Directory
Application Proxy)
SaaS apps Integrated
custom apps
Other Directories

13. Microsoft Azure
Active Directory
Corporate
Network
DMZ
https://app1-
contoso.msappproxy.net/
A connector that auto connects to the cloud service
http://app1

14. IT professional

15. alerts.

16. alerts.

17. How it works

18. http://myapps.microsoft.com

19. http://myapps.microsoft.com

20. Azure Active Directory 12-month investments
Business to
Business Business to
Consumers
Device
Registration
Administrative
Units
Cloud Domain
Joined
(Windows 10)
Conditional
Access

21. Roles Based Access Control
Today RBAC to Azure
Subscription
Tomorrow RBAC to 3rd Party SASS apps
Reade
r
SasS
SasS
Contributor
SasS
Owne
r
SasS
SasS
SasS
Sas
S
Sas
S
Reade
r
ContributorOwne
r
Assign roles to users and groups
at subscription, resource group, or
resource level
Assignments inherit down the
hierarchy
Use built-in roles with pre-
configured permissions (at
preview)
Create custom roles (post
preview)

22. B2B: cross-organization collaboration
“I need to let my partners access my company’s apps using their own credentials.”
Share without complex
configuration or duplicate
users.
A user at a large partner may log into
my company’s apps with their Active
Directory usernames and passwords.
A user at a smaller partner may log
into my company’s apps with their
Office 365 usernames and passwords.
Admin configures sharing for
cloud apps.
“I can’t email my 25 MB file and need
to share it with a partner using
Box.com.”
Seamlessly provide Azure
Active Directory to customers
& partners
For example, a user at a partner can
set up everyone in their company.
Users can bring their own email-based
or social identities.

23. Contoso
Azure Active Directory
Global admins
Org-wide permissions
Manage global settings
Create structure and policy
Delegate permissions and resources
Regional admins
Manage regional users,
devices, and applications
Set local policy
Regional policy and app
management
“Must login with MFA”
“Have license/access to regional
apps”
Support for distributed
organizational models
Autonomous mgmt. while
keeping common identity and
org boundary
Delegate administration to
subsidiaries
User management
App procurement and mgmt.
Scope policy
US East Germany India
AsiaEuropeNorth Am
Administrative Units: In private preview

24. Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of
thousands to millions) of individual customers, and whose business success depends upon consumer
adoption of web applications for improving customer satisfaction and reducing operational costs.
Azure Active Directory B2C(Business-to-Consumer )
Azure Active Directory B2Cwill include :
Self-Service User registration
Login with Social IdP or create your own credentials
Optional MFA
Bulk user import tools
SSO to multiple web sites
User interface customization

25. Cloud Domain Join makes it possible to connect work-owned
Windows devices to your company’s Azure Active Directory
tenancy in the cloud. Users can sign-in to Windows with their
cloud-hosted work credentials and enjoy modern Windows
experiences.
Cloud Domain
Joined Devices
Enterprise compliant Services
Roaming Settings, Windows backup/Restore, Store access…
Data stored in enterprise compliant backend services onAzure.
Noneedto addapersonal Microsoft account.
SSO from the desktop to org resources
SSO from desktop toOffice365 and1,000’s ofenterprise apps,
websites andresources.
Access enterprise-curated Store andinstall apps using awork account.
Management
Automatic MDMenrollment during first-run experience.
Support for hybrid environments
Traditional Domain Joined PCs also benefit from CloudDomain Join
functionality whenthe on-prem Active Directory is connectedwith an
Azure Active Directory in thecloud.
Cloud Domain Join

26. Mitä sinun pitää tehdä (ellet ole jo tehnyt)
• Luo ja sen jälkeen kokeile maksutonta Office 365 -tilausta
• http://products.office.com/fi-FI/try
• Luo ja sen jälkeen kokeile maksutonta Intune-tilausta
• http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/try.aspx
• Muista kirjautua O365-tililläsi
• Luo ja sen jälkeen kokeile maksutonta Azure-tilausta
• http://azure.microsoft.com
• Huom: vaatii luottokortin numeron, luottokorttia ei laskuteta
26

27. Lisäinformaatiota
• EMS-testiympäristö minuuteissa käyttöön
http://simon-may.com/get-started-enterprise-mobility-suite-minutes/
• Oma labra pystyyn
http://blogs.technet.com/b/mydigitalworkthoughts/
27

28. Sovelton kursseja aiheen tiimoilta
• Microsoft kumppaneille
• Business Anywhere (vain Microsoft-kumppaneille) 26.1. tai 4.5.
• Partner Practice Enablement: Microsoft Enterprise Mobility Suite (EMS) 23.-24.2. tai 23.-24.3.
• Kaikille asiantuntijoille
• Microsoft Intune hallinta 22.-23.4.
• 55065 Microsoft Azure IT-asiantuntijoille 11.-13.3.
• 20533 Implementing Microsoft Azure Infrastructure Solutions 13.-15.4.
• 20532 Developing Microsoft Azure Solutions 10.-13.3.
28

29. KIITOS!
29