20150924 xylos technology day - stay in control of your identity with azure ad premium
TRANSCRIPT
Technology Day 2015Xylos
Robin VermeirschSr. IT consultant [email protected]
Stay in control of your identity withAzure Active Directory (Premium)
Introduction
Azure Active Directory
Competence Center Messaging (CCM) Mission
Become the long term partner for Archiving, Messaging and Identity & Access Management
solutions and services
Identity and access
management
Application proxying and
load balancing
Messaging Archiving
Overview AAD IDaaS
Azure Active Directory
Questions
•Do your users use SaaS applications today?
•Are you able to control and audit access to these applications?
Identity and access management challenges
• How to protect and manage SaaS identities and map them to existing identities?• How to extend governance to these
cloud applications?• How to secure cloud services
shared identities (eg: Facebook, Twitter)?• How to publish SaaS and on
premise applications to your users, partners and customers?
Image: http://pharmastrategies.net/true-data-security/
What is Azure AD
A comprehensive identity and access management cloud solution. (=IdaaS)
It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers
It is available in 3 editions: free, Basic and Premium
What does Azure AD provide?
• Cloud based Identities & Authentication• Self service password reset
• Cloud based access management• Application portal + SSO• Self service access management
• Integration with on premise solutions• Active Directory Sync with sync back/Federation• MFA for on premise solutions• Hybrid Governance• Reverse Proxy: Publishing on premise applications
• Extensive API’s for integrating applications and managing identities• Graph API• SAML/OAUTH/WS Federation/OpenID/… Can be used with CASB (Cloud Access Security Broker) like Adallom, Netskope, Bettercloud
Azure
https://azure.microsoft.com/files/leadership-compass.pdf
Why is that?
• Adoption driven by O365• They are huge as a service• +1 billion auth’s /day• 5 million tenants• 500 million users• 86% of F500 use MS Cloud (Azure,
O365, CRM, PowerBI, EOP)
• Good understanding of MS AD• It includes MIM 2016
Image: http://cloudmmunity.blogspot.be/2014/04/office-365-sso-adfs-ad-on-premise.html
Let’s take a look
Azure Active Directory
Demo: SSO²
BYOD
AAD JOIN
On Prem APPAD
Azure AD
SaaS Applications
Token based authentication
Azure AD Connect
SYNC Identities (+passwords)Self Servicing (Groups + Passwords) SSO (Azure)
SSO (Azure)
Company Laptop
SSO (Kerberos)
SSO (ADFS)
Win10 only
Demo: Securing identities• Add MFA to SaaS authentications
• O365 (Free)• Twitter, Salesforce, …
• Add MFA to AzureAD itself• Device Join• Portal
• Add MFA to on premise applications• ADFS• Radius• LDAP• …
• Secure SaaS Identities• Twitter• Facebook• Custom applications
Demo: Self Servicing
• Allow approval based group management• In the cloud• On premise (with sync back)
• Allow approval based application access (within portal)
• Allow self service passwords resets
Demo: Identity governance
• Reports about application access
• Integration with on premise Microsoft Identity Manager
• Location based policy enforcement• On Premise no MFA• In the cloud MFA
• Supports B2B and B2C (See future)
Some Extras
• Microsoft Identity Manager included for free
• Included in the EMS (=Enterprise Mobility Suite)
• AAD has extensive support for complex federation/synchronization• Multi Forest organizations (without need for Trusts)• Different federation possibilities per domain (or UPN)• Password hash synchronization
What will the future bring
Azure Active Directory
Future of Azure AD
• Support for other identities• B2B
• Azure AD• B2C
• Social Login (FB, LinkedIn, …)• Self Service identity registration
• Future versions of MIM (FIM) will be cloud based• “AD as a Service” for Azure VM’s*• …
* Based on information from Gartner Catalyst
Competence Center Messaging - Solutions and services
• Identity and Access Management• Identity providers (Microsoft Active
Directory, Azure Active Directory)• Identity bridges (ADFS, Okta, Imprivata)• Access Management (Azure AD
Premium, MIM/FIM, Okta, Imprivata, NPS)
• SSO, pre-authentication, (Azure AD Premium, Kemp)
• Multi Factor Authentication (Azure AD Premium, Okta, Certificates)
• Remote Access Technologies (Direct Access, Windows RAS)
• Load Balancing and application proxies• WAF and Reverse Proxies (Azure AD, Kemp, MS
WAP)• Load Balancing (Kemp)
• Messaging• Exchange Server implementations• 3th party (Notes, Zarafa, GroupWise,…) to
Exchange/Office365 migrations and coexistence• Office 365 Migrations• GAL synchronization and federation• Automated signatures
• Archiving• File, SharePoint, e-mail Archiving (Enterprise
Vault, Exchange Archiving, Office 365 Archiving)
Questions?
Azure AD
Thank you
Robin VermeirschConsultant CC Messaging
@rovr_xylos
https://be.linkedin.com/in/robinver
www.xylos.com