Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web...
-
Upload
rudolf-hopkins -
Category
Documents
-
view
223 -
download
0
Transcript of Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web...
Accelerate your journey to the cloud with integrated identityEnterprise MobilityITPRO05
What we will discuss
Get identities to the cloud
Mix on-premises and cloud identity for improved PC, mobile, and web productivity
Cloud identities help you run your business better
The current reality…
EC2
Single sign-on
Self-service
Simple connection
•••••••••••
Username
Identity as the control plane
Cloud
SaaSAzure
Other directories
Windows ServerActive Directory
On-premises
Microsoft Azure Active Directory
Office 365Publiccloud
Managed: Microsoft System Center Configuration Manager
On-premises LOB applications, traditional productivity
iOS, Android, Windows Phone, BYOD
Mobile apps, shadow IT SaaS solutions
Managed: Microsoft Intune connected to System Center Configuration Manager
On-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation
Deployment of cloud-enabled rich clients
Managed cloud identities with Multi-Factor Authentication
Managed by EMS: combination of mobile clients (iOS, Android) and cloud-enabled clients (Windows 10)
Managed SaaS and Office 365 Enterprise, full Azure IAM
Identity and access management evolution
On-premises Event – Mobility Hybrid Event-Win 8.x/10 Cloud
Azure Active Directory
Azure Active Directory momentum
Copyright (c) 2015 Microsoft Corporation6
1 TrillionAzure AD authentications since the release of the service
>35kThird party applications used with Azure AD each month
>1 Billion authentications every day on Azure AD
More than
500 M
user accounts on Azure Active Directory
Azure AD manages identity data for
>7 M organizations
86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI)
• Microsoft’s “Identity Management as a Service (IDaas)” for organizations
• Azure Active Directory supports identity across Azure, Office 365 and 3rd party clouds
• Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B)
Scenario #1Get identities to the cloud
Customer story: British AirwaysChallenge• Employees operate in more than 75 countries• How do they encourage employees to connect?• Colleagues are not often behind PCs
Solution• Share identity with your directory in the cloud• Encourage collaboration with Yammer!• Focus on web-based productivity from anywhere
Approach• On-premises identity shared to the cloud
Federated identitySynchronized identity
On-premisesdirectory
On-premisesdirectory
Azure AD Connect
On-premisesidentity
On-premisesidentity
Azure AD ConnectFederation
Office 365 identity models
Zero on-premises servers
Cloud identity
Synchronized identity model
Password hashes
User accounts
User
Sign in
Azure AD Connect
On-premises directory
Synchronized identity
Azure AD
Hash
Extra securit
y
Password
On-premisesdirectory
Password hash sync securityPassword hash AD DSIt is not reversible to get the user’s password.
A hashHashes are mathematical functions that are nearly impossible to reverse.The result of the hash algorithm is called a digest.
Additional processingWe further process it with a one-way hash SHA256 algorithm.Connections are only to the Azure AD service and are SSL encrypted.
Enables Azure AD to validate the user’s password when they log on.
User
DemoTaskSynchronize cloud-ready identities with Azure AD Connect
Steps1) Install Azure AD Connect2) Review four-step Express settings3) Customize apps4) Customize attributes5) Customize writeback
ResultIdentities are in the cloud and ready for SSO to Office 365
Making the scenario successful
Tip #1Perform an Active Directory health check first to make sure your identities are cloud-ready
Tip #2For most organizations, Azure AD Connect’s Express settings work well
Tip #3Azure AD Connect offers write back of passwords, users, groups, and devices
Scenario #2Mix on-premises and cloud identity for improved PC, mobile, and web productivity
Customer story: Aston MartinChallenge• Need security and compliance for a global brand• 15-person IT department demands ease-of-use• Must protect intellectual property
Solution• Group policy on-premises, conditional-access cloud• MDM for Office 365 to enforce mobile security• Azure RMS for file encryption and policy
Approach• Hybrid identity, still evolving
Federated identity
Federated identity model
Password hashes
User accounts
Sign in
On-premises directory
Authentication
Authentication
User
Azure AD Connect
AD FS
AD FS
Password sync backup for federated sign on
Backup password hash sync
User accounts
On-premises directory
This new backup solution for Office 365 customers using federated sign on provides the option to manually switch their domain in a short amount of time during outages, such as on-premises power loss, internet connection interruption, and any other on-premises outages.
Azure AD Connect
Federated identity
AD FS is also easy
Use experienced deployment staff
Use Azure AD Connect
Read the TechNet Deployment Guidehttp://technet.microsoft.com/en-us/library/jj205462.aspx
Only implement the Office 365 requirementsThe only certificate required is the SSL certificate
Prepare with firewall update permissions
DemoTaskUse Azure AD Connect to sync username, etc., and AD FS for password authentication
Steps1) Modify Azure AD Connect installation2) Review optional AD FS configuration3) Deploy AD FS for password proxy authentication4) Enable Office 365 backup password hash5) Consider AD FS load balanced or high availability
ResultSSO to Office 365 optionally without password hash sync
Making the scenario successful
Tip #1Determine if security or compliance policies within your organization require this configuration
Tip #2AD FS requires additional servers to implement, so plan hardware and system requirements accordingly
Tip #3Windows Server 2012 R2 AD FS is currently required for use with Azure AD Connect
Scenario #3Cloud identity helps you run your business better
Customer story: GameStopChallenge• More than 6,000 locations worldwide• The gamer experience thrives on loyalty• Retail portal needed to ensure consistency
Solution• Focus on an excellent user experience• Superior level of security required• GameStop retail portal built in Microsoft’s cloud
Approach• Cloud identity managed in Azure AD
Cloud identity model
User accounts
User
http://portal.office.com
Azure Active Directory
Cloud identity
DemoTaskUse cloud identity with Office 365
Steps1) Log on to the Office 365 admin center2) Under “users and groups,” review configuration3) Create a user profile4) Edit profile5) Review “settings” and “licenses”
ResultVersatile, cloud-only identities, ready for Office 365
Making the scenario successful
Tip #1Cloud-only identities are well suited to a distributed, mobile workforce
Tip #2Rich profile information in Office 365 can provide useful identity information
Tip #3Make sure to assign an Office 365 license to your users
What we discussed
Get identities to the cloud
Mix on-premises and cloud identity for improved PC, mobile, and web productivity
Cloud identities help you run your business better
Next steps
To explore• Try Enterprise Mobility now• http://www.microsoft.com/ems• TechNet @
http://technet.microsoft.com/• MSDN @ http://www.msdn.com/• http://aka.ms/ITInnovation
To doRate the session
Q&AAccelerate your journey to the cloud with integrated identity
© 2015 Microsoft Corporation. All rights reserved.