Empowering people-centric IT Unified device management Desktop Virtualization Hybrid Identity Access and information protection

Users Devices Apps Data

Hybrid Identity

Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses √ Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting

A centralized and consistent corporate identity

HR System

givenName surname employeeID Samantha Dearing 007

Database

title Coordinator Identity Manager creates a compilation of these attributes with validation and keeps this in sync with all identity realms

givenName surname title E-mail Coordinator [email protected]

employeeID 007 telephone Samantha Dearing 555-123-4567 Exchange

e-mail [email protected]

LDAP

telephone 555-123-4567 Identity attributes are often located in multiple repositories SQL (ODBC) Web Services (SOAP, JAVA, REST) PowerShell LDAP v3

Common Identity with Sync and Federation

Synchronization Write back of attributes to support cloud first and co-existence Federation User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory

Direct to cloud identity sync Web Services

(SOAP, JAVA, REST)

LDAP v3 PowerShell SQL

(ODBC) Azure Active Directory Sync provides the ability to sync disparate on-premises identity repositories directly to Azure Active Directory

Identity Federation

Organizations can connect to SaaS applications running in Azure, Office 365 and 3 rd party providers Organizations can federate with partners and other organizations for seamless access to shared resources Enhancements to AD FS include simplified deployment and management Conditional access with multi-factor authentication is provided on a per application basis, leveraging user identity, device registration & network location Published applications

Office 365 & Windows Intune Identity Models

Cloud Identity Single identity in the cloud suitable for small organizations with no integration to on premises directories Directory Sync Single identity suitable for medium and large organizations with passwords stored both on-premises and in the cloud without federation Federated Identity Single federated identity and credentials suitable for medium and large organizations, passwords stored only on-premises

Provide users with self-service experiences

Users can reset their passwords significantly reducing help desk burden and costs.

Users can edit their profile details to update and add missing information Users can onboard new users and contractors into their teams and provide access to required resources Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the user’s attributes.

All changes and updates are workflow and policy driven with approval routing as appropriate

Cloud based self-service experiences

Users can manage access requests through self-service group management Users can edit their profile details to update and add missing information Users can easily access the SaaS apps they need, using their existing Active Directory credentials.

Self Service Password change and reset for cloud users Leverage existing investments in Active Directory for a single set of user credentials

Provide users with single sign-on experiences

Users gain seamless access to Office 365, Windows Intune and other Microsoft cloud apps Users can sign onto 3 apps with their company credentials rd party SaaS Sync or federate users to Azure Active Directory for single sign-on to cloud apps Users can access all their company resources with a single set of credentials Leverage existing investments in Active Directory for a single set of user credentials SQL (ODBC) Web Services (SOAP, JAVA, REST) PowerShell LDAP v3

Single sign-on to Office 365 and Windows Intune

Directory Sync When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Cloud Identity A user with a cloud only identity can sign in to Office 365 and Windows Intune using their Azure Active Directory credentials Federated Identity When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory

Active Directory for the cloud

Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises.

Manage Active Directory using Windows PowerShell, use the improved deployment experience and leverage the Active Directory Administrative Center for centralized management Run Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning.

Developers can integrate applications for single sign-on across on premises and cloud based applications.

Activate clients running Office on at least Windows 8 or Windows Server 2012 automatically using existing Active Directory infrastructure.

Azure Active Directory

Easily add custom cloud-based apps. Facilitate developers with identity management.

PowerShell SQL (ODBC) LDAP v3 Web Services (SOAP, JAVA, REST) Sync identity or provide federated identity for single sign-on Choose among hundreds of popular SaaS apps from a pre-populated application gallery.

Add multi-factor authentication for additional user identity verification Comprehensive cloud based identity and access management combining directory services, identity governance, application access management and a developer’s identity management platform Administrators have access to security reporting that tracks inconsistent access patterns and view users who signed in from unknown sources

User

Devices Apps & Data

1. Users attempts to login or perform an action that is subject to MFA 2. When the user authenticates, the application or service performs a MFA call 3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a mobile app 4. The response is returned to the app which then allows the user to proceed

Protect Data with Rights Management

Automatically identify and classify data based on content with automatic encryption Integration with SharePoint and Exchange Securely share documents with colleagues and business partners Hybrid options across Windows Server and Azure Rights Management Easy to use with integration with Office 2010/13, Windows Shell Extensions and cross platform clients

Maintain governance and compliance

Enable users with self-service access request and approval Enforce segregation of duties by defining incompatible permissions and roles Perform attestation by regularly ensuring access rights are maintained and allow managers to review and approve existing access rights of users Easily define and manage access based on user roles Demonstrate that access rights comply with organizational policies and industry regulations

Workload: SharePoint with conditional access & MFA

Users can connect to a published on-premises SharePoint server that has been integrated with AD FS. Through conditional access policies we can enforce additional authentication and authorization requirements, such as device registration.

With integrated MFA, AD FS facilitates the device registration process and allows the user to continue and gain access to the SharePoint site.

Hybrid Identity Review

Unify your environment Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses √ Enable users Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting

http://aka.ms/enterprise mobilitysuite http://aka.ms/microsoftintune http://aka.ms/configmgr http://aka.ms/hi http://aka.ms/aip http://aka.ms/virtualdesktop

http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com