Azure Active Directory

+PremiumJan Ketil Skanke og Olav Tvedt

@olavtwitt olavtvedt.blogspot.com@janke75 jankesblog.com

The current reality…EC2

On-Premises

Private CloudManaged devices

Self-service Single sign on

•••••••••••Username

Identity as the control planeSimple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On-premises

Microsoft Azure Active Directory

What is Azure Active Directory?A comprehensive identity and access management cloud solution for your employees , partners and customers. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers.

B2EB2BB2C

Empower UsersManage everything from passwords to devices.

Monitor and protect access to cloud applications.

Your Directory on the cloud

Connect and Sync on-premises directories with Azure.

Your Directory on the cloud

SaaS appsMicrosoft AzureActive Directory

2500+ Preintegrated popular SaaS apps.

Other Directories

Azure AD Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory. Users can sign into Windows with their cloud-hosted work credentials and enjoy modern Windows experiences.

Enterprise-compliant services SSO from the desktop to cloud and

on-premises applications with no VPN

MDM auto enrollment Support for hybrid environments

Azure AD Join for Windows 10

Windows 10 Azure AD Joined Devices

MDMAuto-enrolment

On-premises apps

Demo – Jan Ketil Skanke Azure AD Join for Windows 10

A stand-alone Azure Identity and Access management service also included in Azure Active Directory PremiumPrevents unauthorized access to both on-premises and cloud applications by providing an additional level of authenticationTrusted by thousands of enterprises to authenticate employee, customer, and partner access.

What is Azure Multi-Factor Authentication?

Mobile apps Phone calls Text messages

ALERT

1 4 5 6 7 6

How it works

Empower Users

Manage your account

Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps

Manage your account

Self Service Password Reset and application access requests

Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps

Empower Users

Demo – Olav TvedtMyappsRegister for Password ResetSelf-service password reset with on-premises write-back

Self-service group management for cloud usersAdvanced anomaly security reports Multi-Factor Authentication service for cloud users (Azure Authenticator App)

Demo – Jan Ketil SkankeCompare Experience on Windows 10 AAD Joined and OnPrem AD Join

Azure Active Directory editions feature comparison + Office 365 IAM featuresAzure Active Directory

FreeAzure Active Directory

BasicAzure Active Directory

Premium Office 365 apps only

Common Features

Directory as a Service 500,000 Object Limit No Object Limit No Object Limit No Object limit for Office 365 user accounts

User/Group Management (add/update/delete) Yes Yes Yes Yes

SSO to pre-integrated SAAS Applications /Custom Apps 10 apps per user 10 apps per user No Limit 10 apps per user

User-Based access management/provisioning Yes Yes Yes Yes

Self-Service Password Change for cloud users Yes Yes Yes Yes

Connect (Sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes Yes

Security Reports/Audit 3 Basic Reports 3 Basic Reports Advanced Security Reports 3 Basic Reports

B2B collaboration Yes Yes Yes Yes

Premium+ Basic Features

Group-based access management/provisioning Yes Yes

Self-Service Password Reset for cloud users Yes Yes Yes

Company Branding (Logon Pages/Access Panel customization) Yes Yes Yes

Application Proxy Yes Yes

SLA Yes Yes Yes

Premium Features

Self-Service Group Management Yes

Self-Service Password Reset/Change with on-premises write-back Yes

Advanced Usage Reporting Yes

Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Yes Limited cloud only for Office 365 Apps

MIM CAL + MIM Server Yes

Cloud App Discovery Yes

Administrative Units (in Preview) Yes

Conditional Access : MFA per application (in Preview) Yes

Automated password roll-over (in Preview) Yes

Connect Health Yes

Privileged Identity Management (in Preview) Yes

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources:http://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/