Azure Active Directory - D3bql97l1ytoxn.cloudfront

1m ago
1 Views
0 Downloads
3.41 MB
30 Pages
Last View : 1m ago
Last Download : n/a
Upload by : Farrah Jaffe
Transcription

Azure Active DirectoryYour Cloud IdentityBrian MansureAzure Specialistbmansure@enpointe.com

Agenda What Azure Active Directory isWhat Azure Active Directory is notHybrid IdentityFeaturesRoadmap

Mobility is the new normal66%of employees use personaldevices for work purposes.*25%of all software will be availableon a SaaS delivery by 2020.***CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.33%of employees that typicallywork on employer premises,also frequently work awayfrom their desks.***

DevicesAppsData

The current reality

People-centric approachDevicesEnableyour usersAppsUnify your environmentDataProtectyour data

What is Azure Active Directory?Azure Active Directory (Azure AD) isMicrosoft’s multi-tenant cloud baseddirectory and identity managementserviceIt combines directory services, advancedidentity governance, application accessmanagement and a rich standards-basedplatform for developersAvailable in 3 editions: Free, Basic andPremium

Windows AzureActive DirectoryYou host it, on-premises / CloudYou manage the infrastructure and the dataCore Services: Active Directory services Kerberos authentication NTLM authenticationActive Directory Lightweight Directory Services (AD LDS)Active Directory Federated Services (AD FS)Active Directory Certificate Services (AD CS)Active directory Rights Management Services (AD RMS)Microsoft hosts it in their datacentersMicrosoft manages the infrastructureYou manage the dataCore Services: Windows Azure Active Directory services Federated authentication WS-Federation SAML Oauth 2.0 More to come Windows Azure Access Control Service (ACS)

Windows Azure Active Directory Runs from 28 datacenters spread across theglobe with automated failover The directory behind Office 365 On average 14 billion authentications everyweek 99.9% availability guarantee (Basic andPremium)

** Azure Active Directory ConnectPowerShellSQL (ODBC)LDAP v3Web Services( SOAP, JAVA, REST)Other DirectoriesMicrosoft AzureActive Directory

Hybrid IdentityDelivering a seamless user authentication experienceSame Sign-on Windows Azure Conference 2014Users will be able to have asingle set of credentials toaccess their cloud applicationsbut will be prompted forusername and passwordSingle Sign-onUsers will experience truesingle sign-on for cloudapplications and on-premisesapplications alike

Other DirectoriesMicrosoft AzureActive DirectorySaaS apps

Other DirectoriesSaaS appsMicrosoft AzureWeb AppsIntegrated(Azure Active Directory custom appsApplication Proxy)

Centrally managed identities and accessIT professional

Monitor and protect access to enterprise appsalerts.

Monitor and protect access to enterprise appsalerts.

How Azure Multi Factor Authentication works

http://myapps.microsoft.com

http://myapps.microsoft.com

Cloud App DiscoverySSO with SaaSAD AgentLogsActive DirectoryCloud App Discovery

Discover all SaaS apps in use within your organization10xas many Cloud apps are in usethan IT estimatesSource: Help Net Security 2014Azure Active DirectoryCloud App DiscoveryComprehensivereporting SaaS app category Number of users Utilization volume

Rich standards-based platform for developers

Azure Active Directory – Looking ForwardBusiness toBusinessAdministrativeUnitsBusiness toConsumersConditionalAccessAzure AD DirectoryDomain ServicesCloud DomainJoined(Windows 10)

Identity as the control planeSimpleconnectionWindows ServerActive DirectoryOtherDirectoriesSelf-serviceSinglesign onUsername SaaSAzurePubliccloudOn-premisesMicrosoft Azure Active DirectoryOffice 365Cloud

Directory as a Service500,000 Object LimitNo Object LimitYesYesYes10 apps per user10 apps per userNo LimitUser-Based access management/provisioningYesYesYesSelf-Service Password Change for cloud usersYesYesYesConnect (Sync engine that extends on-premises directories to Azure ActiveDirectory) *YesYesYes3 Basic Reports3 Basic ReportsAdvanced Security ReportsGroup-based access management/provisioningYesYesSelf-Service Password Reset for cloud usersYesYesCompany Branding (Logon Pages/Access Panel customization)YesYesApplication ProxyYesYesSLAYesYesUser/Group Management (add/update/delete)CommonFeaturesSSO to pre-integrated SAAS Applications /Custom AppsSecurity Reports/AuditPremium BasicFeaturesPremiumFeaturesNo Object LimitSelf-Service Group ManagementYesSelf-Service Password Reset/Change with on-premises write-backYesAdvanced Usage ReportingYesMulti-Factor Authentication (Cloud and On-premises (MFA Server))YesMIM CAL MIM ServerYesAdministrative UnitsYesCloud App DiscoveryYesConditional Access : MFA per application (in Preview)YesAutomated password roll-over (in Preview)YesConnect healthYes

Enterprise Mobility SuiteMicrosoft Azure Active Directory PremiumSecurity reports, audit reportsand multi-factor authenticationSelf-service password reset andgroup managementConnection between ActiveDirectory and Azure ActiveDirectoryWindows IntuneMobile device settingsmanagementMobile applicationmanagementSelective wipeMicrosoft Azure Rights ManagementInformation protectionConnection to onpremises assetsBring your own keyAdvanced Threat AnalyticsDetect threats fast withbehavioral analyticsAdapt as fast as yourenemiesReduce false positives

THANK YOUQUESTIONS?Brian MansureAzure Specialistbmansure@enpointe.com

Active directory Rights Management Services (AD RMS) Microsoft hosts it in their datacenters. Microsoft manages the infrastructure. You manage the data. Core Services: Windows Azure Active Directory services Federated authentication WS-Federation SAML Oauth 2.0 More to come Windows Azure Access Control Service .

Related Documents:

Azure Active Directory (AD) can be configured as the identity provider for GitHub 8. GitHub Commit tracked by Azure Board 9. Azure Pipelines integrates with the Terraform tool which can managing cloud infrastructure as code 10. Azure Pipelines enable Continuous Delivery (CD) to Azure Kubernetes Service

AZURE TAGGING BEST PRACTICES Adding tags to your Azure resources is very simple and can be done using Azure Portal, Azure PowerShell, CLI, or ARM JSON templates. You can tag any resources in Azure, and using this service is free. The tagging is done on the Azure platform level and does not impact the performance of the resource in any way.

DE LAS UNIDADES PROGRAMA CURRICULAR UNIDAD 2 - Introduccion a los servicios de azure - Los servicios de Azure - Cómo crear un App Service en Azure - Administrar App Service con Azure Cloud Shell Azure UNIDAD 3 - Introduccion al Modulo - Regiones y centros de datos en azure - Zonas Geograficas en

resources via OAuth scopes and Azure roles - Azure and Office 365 web APIs have AAD scopes - Scopes can be combined into roles which can be used by Azure policies - Developers can create AAD application objects These are OAuth clients Custom scopes and roles can be defined on them Intro -What is Azure AD (part 3) A licensing store

5.1 Managing Azure Active Directory (AD) 5.2 Managing Azure AD objects 5.3 Creating users and groups 5.4 Implementing and managing hybrid identities 5.5 Installing and configuring Azure AD Connect and managing Azure AD Connect 5.6 Performing bulk user updates and managing guest accounts 5.7 Including password hash and pass-through synchronization

I hope you enjoy this Microsoft Azure Essentials series from Microsoft Press. The first three ebooks cover fundamentals of Azure, Azure Automation, and Azure Machine Learning. And I hope you enjoy living and working with Microsoft Azure as much as we do. Scott Guthrie Executive Vice President Cloud and Enterprise group, Microsoft Corporation

Microsoft Azure Shared Responsibility Model Like most cloud providers, Microsoft Azure operates under a shared responsibility model. Azure takes care of the security ‘of’ the cloud while Azure customers are responsible for security ‘in’ the cloud. Microsoft Azure

Licensing, Packaging, & Pricing Guide Microsoft Azure Stack Hub Microsoft Azure Stack Hub brings the agility and fast paced innovation of cloud computing to on-premises environments. Working together, Azure and Azure Stack Hub deliver a hybrid cloud . (e.g., patch and update) and onboarding tenants to the Azure Stack Hub. As an indirect .

Introducing Active Directory Countless books, articles, and presentations have been written on the subject of Active Directory, and it is not the intention of this book to repeat them. However, it is important to review a few basic terms and concepts inherent in Active Directory. Figure 3-1 illustrates the concepts that make up an Active Directory.

What is Active Directory? Microsofts answer to directory services Active directory is a hierarchical structure to store objects to: » Access and manage resources of an enterprise » Resources like: Users, Groups, Computers, Policies etc. 95% percent of Fortune 1000 companies use Active Directory

databases from Microsoft SQL Server to Azure SQL Database, the Database-as-a-Service (DBaaS) offering within the Azure environment. It might also mean moving email to Office 365 or identity management to Azure Active Directory. This evolutionary method allows for a phased approach to adopting

2.2.2 Azure SQL Database Hyperscale and Managed Instance . ACR tasks multi-step capability, public preview 4.3.7 Azure Container Registry: Docker content trust model support, public preview . additional controls from Microsoft Cloud App Security, Azure Active Directory and Azure Security Center to

To monitor the ongoing deployment login to the Azure portal, search for Azure AD Domain Services, click on your Azure AD Domain Services The status of the Domain Services will be Deploying Wait until the status of the Domain Services changes to Running, this can take up to 30 minutes Once the new service is Running move to step 6.

Azure Active Directory Services or local AD Controller (for failover purposes) An Azure local SQL Server VM Instance (for reporting) Corporate network and Azure must be connected via Site-to-Site VPN. NOTE: All roles are supported in Azure, and the final architecture may vary depen

For more information, see Single Sign-on SAML protocol. Prerequisites A Microsoft Azure account is required to configure Single Sign-on using Azure AD. Usernames are required to match the NameID of the corresponding user account in Azure AD, which is typically the email address of the user.

User(s) Group(s) API(s) Rate limits & quotas. DEMO Create a product Subscribe to a product. Azure Active Directory, FB, Google, using Azure AD to sign up/in API Management Azure API Management

Oracle Directory (fka. SunOne) Oracle Internet Directory Microsoft Active Directory Application Mode (ADAM) Siemens DirX OpenLDAP eB2Bcom View500 Directory Server CA eTrust Directory SAP IDM Virtual Directory Server Any LDAP v3 compliant directory server SAP Busines

Azure The first step in migrating SQL Server workloads to Azure is to Deploy the Mobility Services Agent and start replicating the workload using ASR. Once the initial replication process is complete, ASR constantly monitors the application in the source and replicates the changes (deltas) to Azure as well.

Overview NetScaler in Microsoft Azure The NetScaler VPX virtual appliance is available as an image in the Microsoft Azure Marketplace. NetScaler VPX on Microsoft Azure Resource Manager (ARM) enables customers to leverage Azure cloud computing capabilities and use NetScaler load balancing

WiFi, with all of the basic details of the authentication (user, venue and device details). This can be useful if you want to trigger real-time events or load data to your CRM without making repeated requests to BT Wi-Fi’s RESTful company API. To use Webhooks, you will need to create your own listener that receives and parses JSON in the format specified in the instructions below. The .