View
256
Download
1
Category
Preview:
Citation preview
Agenda
• What Azure Active Directory is• What Azure Active Directory is not• Hybrid Identity• Features• Roadmap
of employees use personal devices for work purposes.*
of employees that typically work on employer premises, also frequently work away from their desks.***
of all software will be available on a SaaS delivery by 2020.**
66% 25% 33%
*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Mobility is the new normal
Protect your data
Enable your users Unify your environment
People-centric approach
Devices Apps Data
Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management serviceIt combines directory services, advanced identity governance, application access management and a rich standards-based platform for developersAvailable in 3 editions: Free, Basic and Premium
What is Azure Active Directory?
You host it, on-premises / CloudYou manage the infrastructure and the data
Core Services:
• Active Directory services• Kerberos authentication• NTLM authentication
• Active Directory Lightweight Directory Services (AD LDS)• Active Directory Federated Services (AD FS)• Active Directory Certificate Services (AD CS)• Active directory Rights Management Services (AD RMS)
Microsoft hosts it in their datacentersMicrosoft manages the infrastructureYou manage the data
Core Services:
• Windows Azure Active Directory services• Federated authentication
• WS-Federation• SAML • Oauth 2.0• More to come…
• Windows Azure Access Control Service (ACS)
Windows AzureActive Directory
Windows Azure Active Directory
• Runs from 28 datacenters spread across the globe with automated failover
• The directory behind Office 365
• On average 14 billion authentications every week
• 99.9% availability guarantee (Basic and Premium)
Azure Active Directory Connect*
Microsoft AzureActive Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services ( SOAP, JAVA, REST)
*
Windows Azure Conference 2014
Hybrid IdentityDelivering a seamless user authentication experience
=Same Sign-on
Users will be able to have a single set of credentials to access their cloud applications but will be prompted for username and password
Single Sign-on
Users will experience true single sign-on for cloud applications and on-premises applications alike
=
Microsoft Azure
Web Apps(Azure Active Directory
Application Proxy)
SaaS apps Integratedcustom apps
Other Directories
Azure Active Directory Cloud App Discovery
10xSource: Help Net Security 2014
as many Cloud apps are in use than IT estimates
• SaaS app category• Number of users• Utilization volume
Comprehensivereporting
Discover all SaaS apps in use within your organization
Azure Active Directory – Looking Forward
Business to Business
Business to Consumers Azure AD Directory
Domain Services
Administrative Units
Cloud Domain Joined
(Windows 10)
Conditional Access
Self-service Singlesign on
•••••••••••
Username
Identity as the control plane
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Common Features
Directory as a Service 500,000 Object Limit No Object Limit No Object Limit
User/Group Management (add/update/delete) Yes Yes Yes
SSO to pre-integrated SAAS Applications /Custom Apps 10 apps per user 10 apps per user No Limit
User-Based access management/provisioning Yes Yes Yes
Self-Service Password Change for cloud users Yes Yes YesConnect (Sync engine that extends on-premises directories to Azure Active Directory) * Yes Yes Yes
Security Reports/Audit 3 Basic Reports 3 Basic Reports Advanced Security Reports
Premium+ Basic Features
Group-based access management/provisioning Yes Yes
Self-Service Password Reset for cloud users Yes Yes
Company Branding (Logon Pages/Access Panel customization) Yes Yes
Application Proxy Yes Yes
SLA Yes Yes
Premium Features
Self-Service Group Management Yes
Self-Service Password Reset/Change with on-premises write-back Yes
Advanced Usage Reporting Yes
Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Yes
MIM CAL + MIM Server Yes
Administrative Units Yes
Cloud App Discovery Yes
Conditional Access : MFA per application (in Preview) YesAutomated password roll-over (in Preview) Yes
Connect health Yes
Windows Intune
Mobile device settings management
Mobile application management Selective wipe
Microsoft Azure Active Directory PremiumSecurity reports, audit reports and multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Information protection Connection to on-premises assets Bring your own key
Enterprise Mobility Suite
Microsoft Azure Rights Management
Advanced Threat Analytics
Detect threats fast with behavioral analytics
Adapt as fast as your enemies Reduce false positives
Recommended