gwavacon 2015: mvp - benutzerverzeichnisstandardisierung, so wird's gemacht!
TRANSCRIPT
Windows Server 2012+ &
Azure AD
Windows Server 2012+ &
Azure AD / Azure Services
On-Premises Outsourcing Hybrid Cloud
On-Premises Outsourcing Hybrid Cloud
http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.htmlhttp://markparris.co.uk/2011/03/08/active-directory-local-domain-design-and-office-365/https://technet.microsoft.com/en-us/library/cc738121(WS.10).aspx
www.microsoft.com/ipd
http://www.icann.org/de/groups/ssac/documents/sac-045-en.pdf
https://cabforum.org/internal-names/
https://cabforum.org/wp-content/uploads/Guidance-Deprecated-Internal-Names.pdf
https://technet.microsoft.com/en-us/library/dn765472.aspx
http://de.slideshare.net/digicomp/oliver-ryf-windows-day-active-directory-best-practices
https://support.office.com/de-de/article/Vorbereiten-von-Benutzern-auf-die-Bereitstellung-in-Office-365-%c3%bcber-die-Verzeichnissynchronisierung-01920974-9e6f-4331-a370-13aea4e82b3e?ui=de-DE&rs=de-DE&ad=DE
Self-service Singlesign on
•••••••••••
Username
Identity as the foundation
Azure ADConnect
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Azure AD ConnectConsolidated deployment assistant for your identity bridge components• Express Settings
• Multi-forest support
• Password # Sync
• Streamlined fed setup with ADFS
• Configurable Sync settings
DirSync
Azure AD Sync
FIM+Azure AD Connector
Sync Engine
On-boarding to Azure AD & Office 365
ADFS
http://blogs.technet.com/b/ad/archive/2014/12/15/azure-ad-connect-one-simple-fast-lightweight-tool-to-connect-active-directory-and-azure-active-directory.aspx
ADFS
ADFS is optional, can addresses complex
enterprise deploymentsDomain Join SSO, Enforcement of AD login policy,
Smart Card or 3rd party MFA
Enable login to Azure AD/Office 365 or other ADFS apps for users stored in LDAP directories
Consolidate app authentication and authorization across different account stores
Supports any LDAP v3 directory
Support across sync and sign-in coming to Azure AD Connect at a later date
ADFS
ADDSLDAP Directories
Azure AD
LOB Apps
Cloud
SaaSAzure
Office 365
Partner Resources
• Monitor ADFS service for reliable & highly available authentication
• Email notification for critical alerts
• Analyze ADFS logins for usage & capacity planning based on app, authentication, network location & failures
• Perform forensic analysis on top users with bad passwords
• Troubleshoot with easy access to critical performance counters
On-Premises
applications
Introducing ‘Conditional Access Control’
Application
Business sensitivity
Other
Inside corp. network
Outside corp. network
Risk profile
Devices
Authenticated
MDM Managed (Intune)
Compliant with policies
Not lost/stolen
User attributes
User identity
Group memberships
Auth strength (MFA)
Conditional access
control
Discover & Authenticate
Device Registration with the Azure AD Device Registration Service
user @ device
Contoso
Contoso
•
•
•
•
•
•
•
Pull replication using HTTP
ANK Business ServiceshCloud Portfolio
Migration
Services- Active Directory
- Exchange
- SharePoint
- Archive
- Fileshare
Business &
Strategy- Workshops
- Concepts
- Network
Azure IaaS &
Hybrid Cloud
Solutions- VM Hosting &
Management
- Backup / HA
- ADFS, AAD
Connect
- Managed
Services
Project
Support- “as Is” on-Site
- Architecture
- Kick-Off
- Workshops
- Standardizing
__
__