Upload
robin-vermeirsch
View
80
Download
0
Embed Size (px)
Citation preview
IT Pro WebinarMicrosoft
Robin VermeirschSr. IT consultant | [email protected]@rovr_xylos
Hybrid Identity & Access ManagementAzure Active Directory (Premium)
Introduction
Azure Active Directory
Cloud security in a changing world
• Slow IT can drive business to cloud
• Rise of shadow IT through acquired cloud functionalities
• Securing data & identities end-to-end becomes a real challenge
• IT needs to adapt and we need tooling that can help us
Overview Azure AD IDaaS
Azure Active Directory
Azure AD Premium
Secure hybrid Identity Platform
Hybrid Application Integration
Self ServiceCapabilities
Next Gen Logging & Reporting
Azure AD
Azure AD Premium
Secure hybrid Identity Platform
Application Integration
Self ServiceCapabilities
Next Gen Logging & Reporting
Azure AD
Lab setup
²
CLT01 (BYOD)
Azure AD
Azure AD Connect
SYNC Identities (+passwords)Self Servicing (Groups + Passwords)
DC01
APP02(Inventory Application)
SaaS Applications
Web Server(WordPress)
APP03(Azure AD Proxy
Azure MFA)
Demo
Azure AD Premium
Secure hybrid Identity Platform
• Bring active directory identities to the cloud
• Provisioning of AD groups/devices/membership
• Extensive support for complex federation/synchronization• Multi forest• Mix Cloud & Synced Identities• Password Sync vs on premise authentication• Support for Exchange hybrid
Azure AD Premium
Secure hybrid Identity Platform
Application Integration
Self ServiceCapabilities
Next Gen Logging & Reporting
Azure AD
How does it work?²
BYOD
AAD JOIN
On Prem APPAD
Azure AD
SaaS Applications
Token based authentication
Azure AD Connect
SYNC Identities (+passwords)Self Servicing (Groups + Passwords) SSO (Azure)
SSO (Azure)
Company Laptop
SSO (Kerberos)
SSO (ADFS)
Win10 only
Demo
Azure AD Premium
Application Integration
• Quickly integrate SaaS applications
• Publish and secure on premise applications
• Unified platform for security and access policies
• Allow easy access for end users
• Context aware authentication policies
Azure AD Premium
Secure hybrid Identity Platform
Application Integration
Self ServiceCapabilities
Next Gen Logging & Reporting
Azure AD
Demo
Azure AD Premium
Self Service Capabilities
• Allow approval based group management• In the cloud• On premise (with sync back)
• Allow approval based application access (within portal)
• Allow self service passwords resets
Azure AD Premium
Secure hybrid Identity Platform
Application Integration
Self ServiceCapabilities
Next Gen Logging & Reporting
Azure AD
Demo
Azure AD Premium
Next Gen Logging & Reporting
• Reports about application access and usage
• Integration with on premise Microsoft Identity Manager
• Integration with ADFS (AAD Connect Health)
• Supports B2B and B2C
• Anomalous Activity Reporting using machine learning
Preview Features
• Support for other identities• B2B• B2C
• Azure AD Connect for Azure VM’s
• Azure AD Identity protection
• Privilege Identity Management
• Administrative Units
Some Extras
• Microsoft Identity Manager included for free
• Included in the Enterprise Mobility Suite
• Cloud App Discovery
Future
• More integration with hybrid deployments
• Release of Cloud App Security (Former Addalom) – 1st April
• More:• https://blogs.technet.microsoft.com/ad/• https://azure.microsoft.com/en-us/blog/topics/identity-access-management/• https://www.microsoft.com/en-us/server-cloud/roadmap/
Questions?
Azure AD
Thank you
Robin VermeirschConsultant
@rovr_xylos
https://be.linkedin.com/in/robinver
www.xylos.com