SlideShare a Scribd company logo

SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium

N
Nuno Árias Silva

Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium done on SPS Lisbon 2017 Edition

Technology
1 of 36
Office 365 Multi-Factor Authentication with Microsoft Azure Active Directory Premium by Nuno Árias Silva
GOLD SILVERLOCATION BRONZE MEDIA
MVP Office Servers and Services Nuno Árias Silva Blog: www.nuno-silva.net Email : email@nuno-silva.net Twitter : NunoAriasSilva Facebook : nunoarias LinkedIn : nunoarias I advise my clients to be proactive in adopting new Microsoft technologies that help them to reach business needs and to accomplish their goals. Has more than 19 years working on IT, with Master in Information Technologies, last projects have more focus in Office 365, Infrastructures and Security within Microsoft Infrastructure Products. GFI Manager - Infrastructure Services nuno.a.silva@gfi.pt
Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
Identity Management Unify your environment Enable users Protect your data
Identity for Microsoft cloud services User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Microsoft Azure Active Directory
Federated identitySynchronized identity Cloud identity On-premises directory Zero on-premises servers On-premises directory Directory sync with password sync On-premises identity Between zero and three additional on-premises servers depending on the number of users On-premises identity Between two and eight on-premises servers and networking configuration depending on the sign-in availability requirements Directory sync Federation Office 365 Identity Models
Hyper scale Infrastructure is the enabler 27 Regions Worldwide, 22 ONLINE…huge capacity around the world…growing every year  100+ datacenters  Top 3 networks in the world  2.5x AWS, 7x Google DC Regions  G Series – Largest VM in World, 32 cores, 448GB Ram, SSD… Operational Announced/ Central US Iowa West US California East US Virginia US Gov Virginia North Central US Illinois US Gov Iowa South Central US Texas Brazil South Sao Paulo State West Europe Netherlands China North * Beijing China South * Shanghai Japan East Tokyo, Saitama Japan West Osaka India South Chennai East Asia Hong Kong SE Asia Singapore Australia South East Victoria Australia East New South Wales * Operated by 21Vianet India Central Pune Canada East Quebec City Canada Central Toronto India West Mumbai Germany North East Magdeburg Germany Central Frankfurt United Kingdom Regions North Europe Ireland East US 2 Virginia New
Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
Multi-Factor Authentication for Office 365
What is Multi-Factor Authentication? Multiple factors are required for sign-In Familiar to consumer cloud service users such as the Microsoft Account Simple block to password compromise from another country Addresses regulatory compliance and high risk user scenarios AKA two-factor, 2FA, MFA, strong authentication Two or more of the following factors: Something you know – a password or PIN Something you have – a phone, credit card or hardware token Something you are – a fingerprint, hand geometry, retinal scan or other biometric Stronger when using two different channels (out-of-band) Types of multi-factor authentication: Hardware OTP Tokens Certificates Smart Cards Phone-Based Authentication: Phone Call, Text Message, and Push Software OTP Tokens
What is Multi-Factor Authentication? Powered by PhoneFactor, acquired by Microsoft in 2012 Trusted by thousands of enterprises to authenticate employee, customer, and partner access Secures applications and identities in the cloud and on-premises
Now Included with Office 365 Multi-Factor Authentication for Office 365 Announced on the Office Tech Blog http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/ Included in all Office 365 SKUs for Sign-In users at no additional cost Except Small Business SKUs and Dedicated SKUs Extends what is currently available for Office 365 tenant admins Admins can now enable all Sign-In users for Multi-Factor Authentication Does not replace Microsoft Azure Multi-Factor Authentication
Mobile Apps Enterprise authentication using any phone Text MessagesPhone Calls Push Notification One-Time-Passcode (OTP) Token Out-of-Band* Call Text One-Time Passcode (OTP) by Text *Out of band refers to completing the second factor through a different channel than the first factor.
Additional Security
• Provides Office rich client login as alternative to Multi-Factor Authentication • 16 characters randomly generated, viewed once • Up to 40. Use one on multiple applications or different one for each application App Passwords
Specific Scenarios Federated Users Office 365 resources just needs Multi-Factor Authentication for Office 365 Use Azure Multi-Factor Authentication Server for other ADFS connected applications Hybrid On-premises server applications require Azure Multi-Factor Authentication Server Example: MSIT Lync on-premises and Exchange Online PowerShell Create a service account which is an administrator and control access
Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
Office client futures with Multi-Factor Authentication
Office client Multi-Factor Authentication Futures Updated Office 2013 clients to support Multi-Factor Authentication No need for App Passwords in updated clients If you can authenticate in a web browser, then you can authenticate in Office clients Outlook, Lync, Word, Excel, PowerPoint, PowerShell, OneDrive for Business Clients will also support Federation Identity Providers using SAML/P protocol US DoD Common Access Card (CAC) US Federal Personal Identity Verification card (PIV)
• Build on top of Active Directory Authentication Library (ADAL) • ADAL implements simple OAuth protocol that AAD and ADFS 3.0 understand • Office does OAuth to those endpoints • Those endpoints implement a number of protocols with other IdPs (SAML-P 2.0, WS-Fed) • AAD and ADFS issue OAuth tokens based on the results that Office uses against its workloads Office client Multi-Factor Authentication
The MFA Flow Azure Active Directory 1 2 www-authenticate: Bearer authorization_uri: https://login.windows.ne t Federated tenant Secure Token Service 4 Do federated sign-in using SAML-P, WS-Fed, etc. SAML token 5 Validate assertions Hand back token for 365 JWT token 3 Auth against https://login.windows.net ... 6 JWT token Office 1. Office makes a request to a service which supports new MFA flow 2. Service instructs Office to visit an STS which speaks a simple standards based protocol (OAuth) 3. Office instructs AD library to launch web browser control 4. MFA and federation magic happens transparent to Office 5. Office gets back simple tokens that it caches for future communication with its services 6. Office sends token to service
Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
Microsoft Azure Multi- Factor Authentication
Azure MFA Requires a Microsoft Azure subscription Use of Office 365 with Azure MFA requires a link from the Microsoft Azure subscription to the Office 365 tenant Having MFA for Office 365 does not reduce Microsoft Azure MFA subscription costs Microsoft Azure Multi-Factor Authentication
Multi-Factor Authentication for Office 365 compared to Microsoft Azure MFA Multi-Factor Authentication for Office 365 Microsoft Azure Multi- Factor Authentication Administrators can Enable/Enforce MFA to end-users Yes Yes Use Mobile app (online and OTP) as second authentication factor Yes Yes Use Phone call as second authentication factor Yes Yes Use SMS as second authentication factor Yes Yes App passwords for non-browser clients (e.g., Outlook, Lync) Yes Yes Default Microsoft greetings during authentication phone calls Yes Yes Remember Me (Public Preview coming in June) Yes Yes IP Whitelist (currently in Public Preview) Yes Custom greetings during authentication phone calls Yes Fraud alert Yes Event Confirmation Yes Security Reports Yes Block/Unblock Users Yes One-Time Bypass Yes Customizable caller ID for authentication phone calls Yes MFA Server – MFA for on-premises applications Yes MFA SDK – MFA for custom apps Yes
Windows Server AD or Other LDAP On-Premises Apps RADIUS LDAP IIS RDS/VDI Multi-Factor Authentication Server Multi-Factor Authentication Service Cloud Apps Users must also authenticate using their phone or mobile device before access is granted.2 Microsoft Azure Active Directory Users sign in from any device using their existing username/password. 1 Authentication Process
How to Enable To create a Multi-Factor Auth Provider sign into the Windows Azure Management Portal and go to Active DirectoryMFA Server Providers. Create a new provider by providing a name, usage model for billing and link it to your directory unless being used for on-premises applications only.
Manage
• Office 365 SKUs include Multi-Factor Authentication • Users are Enabled and then Enforced • Users can create App Passwords for client apps • Updated Office 2013 clients • Office 365 tenants can be connected to Azure • Azure Multi-Factor Authentication has additional features Summary
The updated authentication are available now Introduction to ADAL based authentication The ADAL based authentication stack enables the Office 2013 clients to engage in browser-based authentication (also known as passive authentication) where the user is directed to a web page from the identity provider to authenticate. The above screenshot shows the default web page from Azure Active Directory (Azure AD), which is used by Office 365.
Azure Multi-Factor Authentication http://azure.microsoft.com/en-us/services/multi-factor-authentication/ Securing access to cloud services - Information for Administrators http://technet.microsoft.com/en-us/library/dn394289.aspx Azure Active Directory Editions http://msdn.microsoft.com/library/azure/dn532272.aspx How to Setup http://blogs.msdn.com/b/mvpawardprogram/archive/2015/03/23/office-365-multi- factor-authentication-with-microsoft-azure-active-directory.aspx Support Links
Q&A Nuno Árias Silva email@nuno-silva.net www.nuno-silva.net/blog @NunoAriasSilva
GOLD SILVERLOCATION BRONZE MEDIA
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium

Recommended

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Comodo code signing certificates
Comodo code signing certificatesComodo code signing certificates
Comodo code signing certificates
Kayra Obrain
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
Diana Carolina Torres Viasus
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 

Recommended

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Comodo code signing certificates
Comodo code signing certificatesComodo code signing certificates
Comodo code signing certificates
Kayra Obrain
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
Diana Carolina Torres Viasus
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
Avtex
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
Vinu Gunasekaran
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
AWS User Group Kochi
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
Chris Phillips
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
Jacob Combs
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
Derek Binkley
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
Bixlabs
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Vinu Gunasekaran
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - Atidan
David J Rosenthal
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
Manoj Mittal
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
Nuno Árias Silva
 
AzureAAD
AzureAADAzureAAD
AzureAAD
TonyHotko
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
Motty Ben Atia
 

More Related Content

What's hot

Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
Avtex
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
Vinu Gunasekaran
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
AWS User Group Kochi
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
Chris Phillips
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
Jacob Combs
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
Derek Binkley
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
Bixlabs
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Vinu Gunasekaran
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - Atidan
David J Rosenthal
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
Manoj Mittal
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 

What's hot (18)

Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
 
Microsoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - AtidanMicrosoft Cloud Identity and Access Management Poster - Atidan
Microsoft Cloud Identity and Access Management Poster - Atidan
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 

Similar to SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium

TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
Nuno Árias Silva
 
AzureAAD
AzureAADAzureAAD
AzureAAD
TonyHotko
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
Motty Ben Atia
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
Vignesh Ganesan I Microsoft MVP
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
NCCOMMS
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Max Fritz
 
Introduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developersIntroduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developers
Christos Matskas
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
WinWire Technologies Inc
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Scott Hoag
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
Peter De Tender
 
Password less auth using Azure AD
Password less auth using Azure ADPassword less auth using Azure AD
Password less auth using Azure AD
CloudFronts Technologies LLP.
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
Jeremy Gray
 
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ..."Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
Fwdays
 

Similar to SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium (20)

TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?What's new in Azure Active Directory and what's coming new ?
What's new in Azure Active Directory and what's coming new ?
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Introduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developersIntroduction to the Microsoft identity platform for developers
Introduction to the Microsoft identity platform for developers
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?SYDSP - Office 365 and Cloud Identity - What does it mean for me?
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
Password less auth using Azure AD
Password less auth using Azure ADPassword less auth using Azure AD
Password less auth using Azure AD
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ..."Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
 

Recently uploaded

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 

Recently uploaded (20)

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 

SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Active Directory Premium

  • 1. Office 365 Multi-Factor Authentication with Microsoft Azure Active Directory Premium by Nuno Árias Silva
  • 3. MVP Office Servers and Services Nuno Árias Silva Blog: www.nuno-silva.net Email : email@nuno-silva.net Twitter : NunoAriasSilva Facebook : nunoarias LinkedIn : nunoarias I advise my clients to be proactive in adopting new Microsoft technologies that help them to reach business needs and to accomplish their goals. Has more than 19 years working on IT, with Master in Information Technologies, last projects have more focus in Office 365, Infrastructures and Security within Microsoft Infrastructure Products. GFI Manager - Infrastructure Services nuno.a.silva@gfi.pt
  • 4. Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
  • 5. Identity Management Unify your environment Enable users Protect your data
  • 6. Identity for Microsoft cloud services User Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com Microsoft Account Microsoft Azure Active Directory
  • 7. Federated identitySynchronized identity Cloud identity On-premises directory Zero on-premises servers On-premises directory Directory sync with password sync On-premises identity Between zero and three additional on-premises servers depending on the number of users On-premises identity Between two and eight on-premises servers and networking configuration depending on the sign-in availability requirements Directory sync Federation Office 365 Identity Models
  • 8. Hyper scale Infrastructure is the enabler 27 Regions Worldwide, 22 ONLINE…huge capacity around the world…growing every year  100+ datacenters  Top 3 networks in the world  2.5x AWS, 7x Google DC Regions  G Series – Largest VM in World, 32 cores, 448GB Ram, SSD… Operational Announced/ Central US Iowa West US California East US Virginia US Gov Virginia North Central US Illinois US Gov Iowa South Central US Texas Brazil South Sao Paulo State West Europe Netherlands China North * Beijing China South * Shanghai Japan East Tokyo, Saitama Japan West Osaka India South Chennai East Asia Hong Kong SE Asia Singapore Australia South East Victoria Australia East New South Wales * Operated by 21Vianet India Central Pune Canada East Quebec City Canada Central Toronto India West Mumbai Germany North East Magdeburg Germany Central Frankfurt United Kingdom Regions North Europe Ireland East US 2 Virginia New
  • 9. Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
  • 11. What is Multi-Factor Authentication? Multiple factors are required for sign-In Familiar to consumer cloud service users such as the Microsoft Account Simple block to password compromise from another country Addresses regulatory compliance and high risk user scenarios AKA two-factor, 2FA, MFA, strong authentication Two or more of the following factors: Something you know – a password or PIN Something you have – a phone, credit card or hardware token Something you are – a fingerprint, hand geometry, retinal scan or other biometric Stronger when using two different channels (out-of-band) Types of multi-factor authentication: Hardware OTP Tokens Certificates Smart Cards Phone-Based Authentication: Phone Call, Text Message, and Push Software OTP Tokens
  • 12. What is Multi-Factor Authentication? Powered by PhoneFactor, acquired by Microsoft in 2012 Trusted by thousands of enterprises to authenticate employee, customer, and partner access Secures applications and identities in the cloud and on-premises
  • 13. Now Included with Office 365 Multi-Factor Authentication for Office 365 Announced on the Office Tech Blog http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/ Included in all Office 365 SKUs for Sign-In users at no additional cost Except Small Business SKUs and Dedicated SKUs Extends what is currently available for Office 365 tenant admins Admins can now enable all Sign-In users for Multi-Factor Authentication Does not replace Microsoft Azure Multi-Factor Authentication
  • 14. Mobile Apps Enterprise authentication using any phone Text MessagesPhone Calls Push Notification One-Time-Passcode (OTP) Token Out-of-Band* Call Text One-Time Passcode (OTP) by Text *Out of band refers to completing the second factor through a different channel than the first factor.
  • 16. • Provides Office rich client login as alternative to Multi-Factor Authentication • 16 characters randomly generated, viewed once • Up to 40. Use one on multiple applications or different one for each application App Passwords
  • 17. Specific Scenarios Federated Users Office 365 resources just needs Multi-Factor Authentication for Office 365 Use Azure Multi-Factor Authentication Server for other ADFS connected applications Hybrid On-premises server applications require Azure Multi-Factor Authentication Server Example: MSIT Lync on-premises and Exchange Online PowerShell Create a service account which is an administrator and control access
  • 18. Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
  • 19. Office client futures with Multi-Factor Authentication
  • 20. Office client Multi-Factor Authentication Futures Updated Office 2013 clients to support Multi-Factor Authentication No need for App Passwords in updated clients If you can authenticate in a web browser, then you can authenticate in Office clients Outlook, Lync, Word, Excel, PowerPoint, PowerShell, OneDrive for Business Clients will also support Federation Identity Providers using SAML/P protocol US DoD Common Access Card (CAC) US Federal Personal Identity Verification card (PIV)
  • 21. • Build on top of Active Directory Authentication Library (ADAL) • ADAL implements simple OAuth protocol that AAD and ADFS 3.0 understand • Office does OAuth to those endpoints • Those endpoints implement a number of protocols with other IdPs (SAML-P 2.0, WS-Fed) • AAD and ADFS issue OAuth tokens based on the results that Office uses against its workloads Office client Multi-Factor Authentication
  • 22. The MFA Flow Azure Active Directory 1 2 www-authenticate: Bearer authorization_uri: https://login.windows.ne t Federated tenant Secure Token Service 4 Do federated sign-in using SAML-P, WS-Fed, etc. SAML token 5 Validate assertions Hand back token for 365 JWT token 3 Auth against https://login.windows.net ... 6 JWT token Office 1. Office makes a request to a service which supports new MFA flow 2. Service instructs Office to visit an STS which speaks a simple standards based protocol (OAuth) 3. Office instructs AD library to launch web browser control 4. MFA and federation magic happens transparent to Office 5. Office gets back simple tokens that it caches for future communication with its services 6. Office sends token to service
  • 23. Agenda Multi-Factor Authentication for Office 365 Office client futures with Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication
  • 25. Azure MFA Requires a Microsoft Azure subscription Use of Office 365 with Azure MFA requires a link from the Microsoft Azure subscription to the Office 365 tenant Having MFA for Office 365 does not reduce Microsoft Azure MFA subscription costs Microsoft Azure Multi-Factor Authentication
  • 26. Multi-Factor Authentication for Office 365 compared to Microsoft Azure MFA Multi-Factor Authentication for Office 365 Microsoft Azure Multi- Factor Authentication Administrators can Enable/Enforce MFA to end-users Yes Yes Use Mobile app (online and OTP) as second authentication factor Yes Yes Use Phone call as second authentication factor Yes Yes Use SMS as second authentication factor Yes Yes App passwords for non-browser clients (e.g., Outlook, Lync) Yes Yes Default Microsoft greetings during authentication phone calls Yes Yes Remember Me (Public Preview coming in June) Yes Yes IP Whitelist (currently in Public Preview) Yes Custom greetings during authentication phone calls Yes Fraud alert Yes Event Confirmation Yes Security Reports Yes Block/Unblock Users Yes One-Time Bypass Yes Customizable caller ID for authentication phone calls Yes MFA Server – MFA for on-premises applications Yes MFA SDK – MFA for custom apps Yes
  • 27. Windows Server AD or Other LDAP On-Premises Apps RADIUS LDAP IIS RDS/VDI Multi-Factor Authentication Server Multi-Factor Authentication Service Cloud Apps Users must also authenticate using their phone or mobile device before access is granted.2 Microsoft Azure Active Directory Users sign in from any device using their existing username/password. 1 Authentication Process
  • 28. How to Enable To create a Multi-Factor Auth Provider sign into the Windows Azure Management Portal and go to Active DirectoryMFA Server Providers. Create a new provider by providing a name, usage model for billing and link it to your directory unless being used for on-premises applications only.
  • 30. • Office 365 SKUs include Multi-Factor Authentication • Users are Enabled and then Enforced • Users can create App Passwords for client apps • Updated Office 2013 clients • Office 365 tenants can be connected to Azure • Azure Multi-Factor Authentication has additional features Summary
  • 31. The updated authentication are available now Introduction to ADAL based authentication The ADAL based authentication stack enables the Office 2013 clients to engage in browser-based authentication (also known as passive authentication) where the user is directed to a web page from the identity provider to authenticate. The above screenshot shows the default web page from Azure Active Directory (Azure AD), which is used by Office 365.
  • 32. Azure Multi-Factor Authentication http://azure.microsoft.com/en-us/services/multi-factor-authentication/ Securing access to cloud services - Information for Administrators http://technet.microsoft.com/en-us/library/dn394289.aspx Azure Active Directory Editions http://msdn.microsoft.com/library/azure/dn532272.aspx How to Setup http://blogs.msdn.com/b/mvpawardprogram/archive/2015/03/23/office-365-multi- factor-authentication-with-microsoft-azure-active-directory.aspx Support Links
  • 33.

Editor's Notes

  1. Why this Slide: This is SUCH a big investment – it’s a game for only very few. It’s not new for us – we have been doing this for our own services and our consumer/web properties for 20+ years Key Points: Where are we – EVERYWHERE…! How big is this - $15+ B and counting – this is serious, we continue to bet big and you can count on us Talk about DC innovation – DC Efficiency and Gen 5 data centers. Scale – at this scale you do get efficiencies – the main one being POWER Remember our “strategy” – we will be in the major places, but not everywhere – we have Azure Stack/Hosters for that. Transition to NEXT Slide: This is the physical infrastructure that Azure sits on, now lets talk about Azure the PLATFORM