Technology Day 2015Xylos

Robin VermeirschSr. IT consultant CCMrovr@xylos.com

Stay in control of your identity withAzure Active Directory (Premium)

Introduction

Azure Active Directory

Competence Center Messaging (CCM) Mission

Become the long term partner for Archiving, Messaging and Identity & Access Management

solutions and services

Identity and access

management

Application proxying and

load balancing

Messaging Archiving

Overview AAD IDaaS

Azure Active Directory

Questions

•Do your users use SaaS applications today?

•Are you able to control and audit access to these applications?

Identity and access management challenges

• How to protect and manage SaaS identities and map them to existing identities?• How to extend governance to these

cloud applications?• How to secure cloud services

shared identities (eg: Facebook, Twitter)?• How to publish SaaS and on

premise applications to your users, partners and customers?

Image: http://pharmastrategies.net/true-data-security/

What is Azure AD

A comprehensive identity and access management cloud solution. (=IdaaS)

It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers

It is available in 3 editions: free, Basic and Premium

What does Azure AD provide?

• Cloud based Identities & Authentication• Self service password reset

• Cloud based access management• Application portal + SSO• Self service access management

• Integration with on premise solutions• Active Directory Sync with sync back/Federation• MFA for on premise solutions• Hybrid Governance• Reverse Proxy: Publishing on premise applications

• Extensive API’s for integrating applications and managing identities• Graph API• SAML/OAUTH/WS Federation/OpenID/… Can be used with CASB (Cloud Access Security Broker) like Adallom, Netskope, Bettercloud

Azure

https://azure.microsoft.com/files/leadership-compass.pdf

Why is that?

• Adoption driven by O365• They are huge as a service• +1 billion auth’s /day• 5 million tenants• 500 million users• 86% of F500 use MS Cloud (Azure,

O365, CRM, PowerBI, EOP)

• Good understanding of MS AD• It includes MIM 2016

Image: http://cloudmmunity.blogspot.be/2014/04/office-365-sso-adfs-ad-on-premise.html

Let’s take a look

Azure Active Directory

Demo: SSO²

BYOD

AAD JOIN

On Prem APPAD

Azure AD

SaaS Applications

Token based authentication

Azure AD Connect

SYNC Identities (+passwords)Self Servicing (Groups + Passwords) SSO (Azure)

SSO (Azure)

Company Laptop

SSO (Kerberos)

SSO (ADFS)

Win10 only

Demo: Securing identities• Add MFA to SaaS authentications

• O365 (Free)• Twitter, Salesforce, …

• Add MFA to AzureAD itself• Device Join• Portal

• Add MFA to on premise applications• ADFS• Radius• LDAP• …

• Secure SaaS Identities• Twitter• Facebook• Custom applications

Demo: Self Servicing

• Allow approval based group management• In the cloud• On premise (with sync back)

• Allow approval based application access (within portal)

• Allow self service passwords resets

Demo: Identity governance

• Reports about application access

• Integration with on premise Microsoft Identity Manager

• Location based policy enforcement• On Premise no MFA• In the cloud MFA

• Supports B2B and B2C (See future)

Some Extras

• Microsoft Identity Manager included for free

• Included in the EMS (=Enterprise Mobility Suite)

• AAD has extensive support for complex federation/synchronization• Multi Forest organizations (without need for Trusts)• Different federation possibilities per domain (or UPN)• Password hash synchronization

What will the future bring

Azure Active Directory

Future of Azure AD

• Support for other identities• B2B

• Azure AD• B2C

• Social Login (FB, LinkedIn, …)• Self Service identity registration

• Future versions of MIM (FIM) will be cloud based• “AD as a Service” for Azure VM’s*• …

* Based on information from Gartner Catalyst

Competence Center Messaging - Solutions and services

• Identity and Access Management• Identity providers (Microsoft Active

Directory, Azure Active Directory)• Identity bridges (ADFS, Okta, Imprivata)• Access Management (Azure AD

Premium, MIM/FIM, Okta, Imprivata, NPS)

• SSO, pre-authentication, (Azure AD Premium, Kemp)

• Multi Factor Authentication (Azure AD Premium, Okta, Certificates)

• Remote Access Technologies (Direct Access, Windows RAS)

• Load Balancing and application proxies• WAF and Reverse Proxies (Azure AD, Kemp, MS

WAP)• Load Balancing (Kemp)

• Messaging• Exchange Server implementations• 3th party (Notes, Zarafa, GroupWise,…) to

Exchange/Office365 migrations and coexistence• Office 365 Migrations• GAL synchronization and federation• Automated signatures

• Archiving• File, SharePoint, e-mail Archiving (Enterprise

Vault, Exchange Archiving, Office 365 Archiving)

Questions?

Azure AD

Thank you

Robin VermeirschConsultant CC Messaging

rovr@xylos.com

@rovr_xylos

https://be.linkedin.com/in/robinver

www.xylos.com