IT Pro WebinarMicrosoft

Robin VermeirschSr. IT consultant | XYLOSrovr@xylos.com@rovr_xylos

Hybrid Identity & Access ManagementAzure Active Directory (Premium)

Introduction

Azure Active Directory

Cloud security in a changing world

• Slow IT can drive business to cloud

• Rise of shadow IT through acquired cloud functionalities

• Securing data & identities end-to-end becomes a real challenge

• IT needs to adapt and we need tooling that can help us

Overview Azure AD IDaaS

Azure Active Directory

Azure AD Premium

Secure hybrid Identity Platform

Hybrid Application Integration

Self ServiceCapabilities

Next Gen Logging & Reporting

Azure AD

Azure AD Premium

Secure hybrid Identity Platform

Application Integration

Self ServiceCapabilities

Next Gen Logging & Reporting

Azure AD

Lab setup

²

CLT01 (BYOD)

Azure AD

Azure AD Connect

SYNC Identities (+passwords)Self Servicing (Groups + Passwords)

DC01

APP02(Inventory Application)

SaaS Applications

Web Server(WordPress)

APP03(Azure AD Proxy

Azure MFA)

Demo

Azure AD Premium

Secure hybrid Identity Platform

• Bring active directory identities to the cloud

• Provisioning of AD groups/devices/membership

• Extensive support for complex federation/synchronization• Multi forest• Mix Cloud & Synced Identities• Password Sync vs on premise authentication• Support for Exchange hybrid

Azure AD Premium

Secure hybrid Identity Platform

Application Integration

Self ServiceCapabilities

Next Gen Logging & Reporting

Azure AD

How does it work?²

BYOD

AAD JOIN

On Prem APPAD

Azure AD

SaaS Applications

Token based authentication

Azure AD Connect

SYNC Identities (+passwords)Self Servicing (Groups + Passwords) SSO (Azure)

SSO (Azure)

Company Laptop

SSO (Kerberos)

SSO (ADFS)

Win10 only

Demo

Azure AD Premium

Application Integration

• Quickly integrate SaaS applications

• Publish and secure on premise applications

• Unified platform for security and access policies

• Allow easy access for end users

• Context aware authentication policies

Azure AD Premium

Secure hybrid Identity Platform

Application Integration

Self ServiceCapabilities

Next Gen Logging & Reporting

Azure AD

Demo

Azure AD Premium

Self Service Capabilities

• Allow approval based group management• In the cloud• On premise (with sync back)

• Allow approval based application access (within portal)

• Allow self service passwords resets

Azure AD Premium

Secure hybrid Identity Platform

Application Integration

Self ServiceCapabilities

Next Gen Logging & Reporting

Azure AD

Demo

Azure AD Premium

Next Gen Logging & Reporting

• Reports about application access and usage

• Integration with on premise Microsoft Identity Manager

• Integration with ADFS (AAD Connect Health)

• Supports B2B and B2C

• Anomalous Activity Reporting using machine learning

Preview Features

• Support for other identities• B2B• B2C

• Azure AD Connect for Azure VM’s

• Azure AD Identity protection

• Privilege Identity Management

• Administrative Units

Some Extras

• Microsoft Identity Manager included for free

• Included in the Enterprise Mobility Suite

• Cloud App Discovery

Future

• More integration with hybrid deployments

• Release of Cloud App Security (Former Addalom) – 1st April

• More:• https://blogs.technet.microsoft.com/ad/• https://azure.microsoft.com/en-us/blog/topics/identity-access-management/• https://www.microsoft.com/en-us/server-cloud/roadmap/

Questions?

Azure AD

Thank you

Robin VermeirschConsultant

rovr@xylos.com

@rovr_xylos

https://be.linkedin.com/in/robinver

www.xylos.com