windows azure conference 2014 windows azure ad – all about waad & integration with on-...
TRANSCRIPT
Windows Azure Conference 2014
Windows Azure Conference 2014
M.S.AnandMTC – Technical Architect
Windows Azure AD – All about WAAD & integration with on-premises AD
Windows Azure Conference 2014
Objectives
• By the end of this session, you will understand:– what Windows Azure AD is and what it is not– where you can use Windows Azure AD– how to integrate with on-premises AD– why you may still need on-prem AD
Windows Azure Conference 2014
Identities everywhere, accessing everything
Consumer identity providersPCs and devices
AD
Microsoft apps
Non-MS cloud-based apps
ISV/CSV apps
Custom LOB apps
Windows Azure Conference 2014
A comprehensive identity and access management cloud solution.
It combines directory services, advanced identity governance, application access management and a developer’s identity management platform
It offers a large set of free capabilities and an advanced paid offering:
Windows Azure Active Directory Premium
Windows Azure Active Directory
Windows Azure Conference 2014
Many applications, one identity repository.
Manage identities and access to cloud applications.
Monitor and protect access to enterprise applications.
Personalized access and Self-Service capabilities.
Windows Azure Active Directory usage scenarios
SaaS apps
Windows Azure Conference 2014
Many applications, one identity repository.
Manage identities and access to cloud applications.
Monitor and protect access to enterprise applications.
Personalized access and Self-Service capabilities.
SaaS apps
Windows Azure Conference 2014
Preintegrated popular SaaS apps.
Easily add custom cloud-based apps. Facilitate developers with identity management.
Connect and Sync Windows Server Active Directory with Windows Azure.
Identities and applications in one place.
Consumer identity providersLOB and custom apps
Active Directory
Many applications, one identity repository
SaaS apps
Windows Azure Conference 2014
Preintegrated SaaS apps in the application gallery
Windows Azure Conference 2014Windows Azure Conference 2014
DemoWindows Azure Active Directory
Windows Azure Conference 2014
Federated Authentication
DirSync
AD FS
User attributes are synchronized using DirSync, Authentication is passed back through federation and completed against Windows Server Active Directory
Active Directory
Cloud Authentication
User attributes are synchronized using DirSync including a password hash, Authentication is completed against Windows Azure Active Directory
Active Directory
DirSync with password hash sync
Delivering a seamless user authentication experience
Windows Azure Conference 2014
SaaS apps
Centralized access administration for preintegrated SaaS apps and other Cloud-based apps.
Secure business processes with advanced access management capabilities.
Comprehensive identity and access management console.
Manage identities and access to cloud applications
Your cloud apps ready when you are.
IT professional
SaaS apps
Windows Azure Conference 2014
Security reporting that tracks inconsistent access patterns.
Built-in security features.
Monitor and protect access to enterprise apps
Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.
Step up to Multi-Factor authentication.
X X X X X
X X X X X
X X X X X
Windows Azure Conference 2014
Access Panel Customization
Self Service Password Reset for cloud users
All assigned SaaS apps in one web page for Single Sign On:The Access Panel
Personalized access and Self-Service capabilities.
Users can easily access the SaaS apps they need, using their existing Active Directory credentials.
Windows Azure Conference 2014Windows Azure Conference 2014
DemoIntegration with on-premises ADDirsyncADFS
Windows Azure Conference 2014
Many applications, one identity repository
Manage identities and access to cloud applications
Monitor and protect access to enterprise applications
Personalized access and self-service capabilities
Windows Azure Active Directory free offering
• Single screen with assigned SaaS apps for every user: Access Panel
• Single sign on for SaaS apps from Access Panel
• Change password for cloud users
• Build-in security• Secure tools for synchronization (DirSync)• Block user access
• Security reports
• Multi-factor authentication (paid)*
• Manage users accounts• Add cloud-based applications for SSO• Group management (Preview)
• Add SaaS apps from the application gallery for SSO
• Assign app access to users• Provision users to featured SaaS apps
• Directory as a service on Windows Azure• Create multiple directories• Extend Windows Server AD with
Windows Azure
• Provide identity and access management to new apps (ACS, Graph API, SDKs)
• Pre-integrated popular SaaS applications for SSO
Windows Azure Conference 2014
Windows Azure Active Directory Premium
Built on top of the free offering, provides a robust set of capabilities to empower enterprises with more demanding needs on identity and access management• Currently in Public Preview • Paid offering• Free during the first period of the
public preview
Windows Azure Conference 2014
Many applications, one identity repository
Manage identities and access to cloud applications
Monitor and protect access to enterprise applications
Personalized access and self-service capabilities
Windows Azure Active Directory Premium1st wave of features in preview
• Single screen with assigned SaaS apps for every user: Access Panel
• Single sign on for SaaS apps from Access Panel• Change password for cloud users
• Self-service password reset for cloud users• Customized Access Panel
• Build-in security• Secure tools for synchronization (DirSync)• Block user access
• Security reports• Machine learning-based security reports• Multi-factor authentication*
• Manage users accounts• Add cloud-based applications for SSO• Add SaaS apps from the application gallery for SSO• Group management
• Assign app access to users• Provision users to featured pre-integrated SaaS apps• Use groups to control access to SaaS apps• Group-based provisioning
• Directory as a service on Windows Azure• Create multiple directories• Extend Windows Server AD with Windows Azure
• Pre-integrated popular SaaS applications for SSO• SLA*• No object number limitation**
Windows Azure Conference 2014Windows Azure Conference 2014
DemoWindows Azure Active Directory:Group Based ProvisioningSelf-service password resetCustom Access Panel & Reports
Windows Azure Conference 2014
Putting it all together
Consumer identity providersPCs and devices
AD
Microsoft apps
Non-MS cloud-based apps
ISV/CSV apps
Custom LOB apps
Windows Azure Conference 2014Windows Azure Conference 2014
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.