Premier Webcast - Identity Management with Windows Azure AD

Attention

The following webcast session was developed to provide an

expedient method of relaying information to Premier

customers. We would like to ask your help in ensuring that only

registered attendees view this information. Please do not share

the content of this delivery with peers who are not

registered. Thank you.

AGENDA

1. Factors driving cloud identity

2. What is claim based authentication?

3. Azure Active Directory features

4. Demos

Devices Apps Data

The current reality…

Self-service Singlesign on

•••••••••••

Username

Identity as the control plane

Simple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On-premises Microsoft Azure Active Directory

Claims-Based Identity

Applications

Need

Identities

10

Identities 5

Years Ago

11

•Authentication was integrated Auth (Kerberos/NTLM)

•Authorization : Active Directory Security Groups

•User Data: LDAP and ADSI

•Kerberos was not a problem, application servers were joined to domain and port 88 was open in the internal network

•Kerberos tickets included group SIDs for access decisions

Application

Had Free

Access to

Corporate

Identities

Applications

Ran Almost

Entirely On-

Premises

•RPC to a DC was not a problem

?

!

A comprehensive identity and access management cloud solution.

It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers

It is available in 3 editions: free, Basic and Premium

What is Azure Active Directory?

Microsoft Confidential

Standalone

Microsoft Confidential

Directory Sync

17

Microsoft Confidential

Directory Sync with

Password Sync

18

Microsoft Confidential

Directory Sync with

Single Sign-on

19

Azure Active Directory Connect

DirSync

Azure Active Directory Sync

FIM+Azure Active Directory Connector

Sync Engine

Microsoft Azure

Microsoft Azure

Microsoft Azure

Identities and applications in one place.

Web Apps

(Azure Active Directory Application Proxy)

SaaS apps Integrated

custom apps

Other Directories

Cloud App Discovery

AD Agent

Logs

A world of SaaS applications and services

Microsoft AzureActive Directory

Co

rpo

rate

N

etw

ork

DM

Z

https://app1-

contoso.msappproxy.net/

http://app1

IT professional

alerts.

alerts.

Users sign in from any device using their existing username/password.1

On-Premises Apps

Windows Server Active Directory or

Other LDAP

Users must also authenticate using their phone or mobile device before access is granted.2

Microsoft AzureActive Directory

Multi-Factor

AuthenticationServer

Multi-Factor

AuthenticationServer

User

How it works

Allow Access

Block Access

Cloud Apps

On-premises

Application Access policies

Enforce MFA per

user/per app

Location (IP Range)

Device State

User Group

http://myapps.microsoft.com

Rich standards-based platform for developers

Azure AD Join makes it possible to connect

work-owned Windows 10 devices to your

company’s Azure Active Directory.

Users can sign into Windows with their cloud-

hosted work credentials and enjoy modern

Windows experiences.

Enterprise-compliant services

SSO from the desktop to cloud and on-premises applications with no VPN

MDM auto enrollment

Support for hybrid environments

Azure AD Join for Windows 10

Windows 10 Azure AD Joined Devices

MDM

Auto-enrolment

No Object Limit No Object Limit

No Limit

Advanced Security Reports

Premium+ Basic Features

Group-based access management/provisioning Yes Yes

Self-Service Password Reset for cloud users Yes Yes

Company Branding (Logon Pages/Access Panel customization) Yes Yes

Application Proxy Yes Yes

SLA Yes Yes

Yes

Yes

Yes

Yes

Yes

Windows Intune

Mobile device settings

management

Mobile application

management

Selective wipe

Microsoft Azure Active Directory Premium

security reports, and

audit reports, multi-

factor authentication

Self-service password

reset and group

management

Connection between

Active Directory and

Azure Active Directory

Microsoft Azure Rights Management service

Information protection Connection to on-

premises assets

Bring your own key

Enterprise Mobility Suite

Demo: Provisioning and

Application Integration

37

Microsoft Confidential

Reference links

http://msdn.microsoft.com/library/azure/jj673460.aspx

http://social.technet.microsoft.com/wiki/contents/articles/14133.windows-azure-ad-

content-map.aspx

http://blogs.technet.com/b/ad/

https://azure.microsoft.com/en-us/documentation/services/active-directory/

http://azure.microsoft.com/en-us/documentation/infographics/cloud-identity-and-

access/

https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos?page=2

38

We Want Your Feedback

You will receive a survey via email following this session. Please let

us know how we did. Thank you!