Transcript How People Spend their Time Activities How People Really Spend their Time Moments Devices & Services that Help People Make the Most of any Moment.

How People
Spend their Time
Activities
How People
Really Spend
their Time
Moments
Devices & Services
that Help People
Make the Most
of any Moment
Windows-based devices
that people love
Security and management to
support flexible workstyles
Best productivity experiences
Modern application
development
Users
Devices
Apps
Data
A centralized and consistent corporate identity
givenName
surname
Samantha
Dearing
employeeID
007
Database
title
Coordinator
Exchange
e-mail
[email protected]
LDAP
telephone
555-123-4567
HR
System
Identity attributes are often located in
multiple repositories
SQL Web Services PowerShell
(ODBC) (SOAP, JAVA, REST) LDAP v3
Identity Manager creates a compilation of
these attributes with validation and keeps this
in sync with all identity realms
givenName Samantha
surname
Dearing
title
Coordinator
E-mail
[email protected]
employeeID 007
telephone 555-123-4567
Common Identity with Sync and Federation
*Coming Soon
Synchronization
*Write back of attributes to support
cloud first and co-existence
User attributes are synchronized including the password
hash, Authentication can be completed against either
Azure or Windows Server Active Directory
Federation
AD FS provides conditional access to
resources, Work Place Join for device
registration and integrated Multi-Factor
Authentication
User attributes are synchronized, Authentication is
passed back through federation and completed
against Windows Server Active Directory
*Direct to cloud identity sync
Web Services
*Coming Soon
LDAP v3
(SOAP, JAVA, REST)
Azure Active Directory Sync provides
the ability to sync disparate on-premises
identity repositories directly to Azure
Active Directory
PowerShell
SQL
(ODBC)
Identity Federation
Organizations can connect to SaaS
applications running in Azure, Office 365 and
3rd party providers
Enhancements to AD FS include simplified
deployment and management
Published
applications
Organizations can federate
with partners and other
organizations for seamless
access to shared resources
Conditional access with multi-factor
authentication is provided on a perapplication basis, leveraging user identity,
device registration & network location
Azure Active Directory
PowerShell LDAP v3
SQL Web Services
(ODBC) (SOAP, JAVA, REST)
Easily add custom cloud-based apps.
Facilitate developers with identity
management.
Sync identity or provide federated
identity for single sign-on
Choose among hundreds of popular
SaaS apps from a pre-populated
application gallery.
Add multi-factor authentication for
additional user identity verification
Comprehensive cloud based identity and access
management combining directory services, identity
governance, application access management and a
developer’s identity management platform
Administrators have access to security
reporting that tracks inconsistent access
patterns and view users who signed in from
unknown sources
Helping IT to empower users
Users can enroll devices for access
to the Company Portal for easy
access to corporate applications
IT can publish Desktop
Virtualization (VDI) for
access to centralized
resources
Users can work from
anywhere on their device
with access to their
corporate resources.
IT can publish access to
resources with the Web
Application Proxy based on
device awareness and the
users identity
Users can register
devices for single sign-on
and access to corporate
data with Workplace Join
IT can provide seamless
corporate access with
DirectAccess and automatic
VPN connections.
Registering and Enrolling Devices
Users can enroll devices which configure the
device for management with Windows Intune.
The user can then use the Company Portal for
easy access to corporate applications
Users can register BYO devices
for single sign-on and access
to corporate data with
Workplace Join. As part of this,
a certificate is installed on the
device
IT can publish access to corporate resources with the
Web Application Proxy based on device awareness
and the users identity. Multi-factor authentication can
be used through Azure Multi-Factor Authentication.
Data from Windows Intune is sync
with Configuration Manager which
provides unified management across
both on-premises and in the cloud
As part of the registration process,
a new device object is created in
Active Directory, establishing a link
between the user and their device
Publish access to resources with the Web Application Proxy
Developers can leverage Azure Mobile
Services to integrate and enhance their
apps
AD Integrated
Use conditional access for
granular control over how and
where the application can be
accessed
Published
applications
Devices
Users can access corporate
applications and data
wherever they are
Apps & Data
IT can use the Web Application Proxy
to authenticate users and devices
with multi-factor authentication
Active Directory provides the
central repository of user
identity as well as the device
registration information
Make corporate data available to users with Work Folders
IT can selectively wipe the
corporate data
Devices
IT can configure a File Server to
provide Work Folder sync shares for
each user to store data that syncs to
their devices, including integration
with Rights Management
Apps & Data
Users can sync their
work data to their
devices.
Users can register their
devices to be able to
sync data when IT
enforces conditional
access
IT can publish access directly
through a reverse proxy, or
conditional access can be enforced
via device registration through the
Web Application Proxy
Active Directory
discoverability provides
users Work Folders
location
Desktop
Virtualization
IT can provide a secure and familiar
solution for users to access sensitive
corporate data from anywhere with VDI
and RemoteApp technologies.
Centralized Data
Devices
Users can access corporate
data regardless of device or
location with Work Folders for
data sync and desktop
virtualization for centralized
applications.
Distributed Data
IT can publish resources using the web
application proxy and create businessdriven access policies with multi-factor
authentication based on the content
being accessed.
IT can audit user access to
information based on central
audit policies.
1. Users attempts to login or
perform an action that is subject
to MFA
2. When the user authenticates,
the application or service
performs a MFA call
3. The user must respond to the
challenge, which can be
configured as a txt, a phone call
or using a mobile app
Devices
User
Apps & Data
4. The response is returned to the
app which then allows the user to
proceed
Session
Title
Timeslot
FDN02
Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server
Monday, May 12 11:00 AM - 12:00 PM
PCIT-B212
Design Considerations for BYOD
Tuesday, May 13 10:15 AM - 11:30 AM
PCIT-B213
Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure
Wednesday, May 14 3:15 PM - 4:30 PM
PCIT-B310
Empowering Your Users and Protecting Your Corporate Data
Monday, May 12 1:15 PM - 2:30 PM
PCIT-B313
Hybrid Identity: Extending Active Directory to the Cloud
Monday, May 12 4:45 PM - 6:00 PM
PCIT-B314
Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in
Windows Server 2012 R2
Tuesday, May 13 8:30 AM - 9:45 AM
PCIT-B321
Deploying the New RMS for Cloud-Friendly and Cloud-Reluctant Customers
Tuesday, May 13 5:00 PM - 6:15 PM
PCIT-B322
Deploying and Managing Work Folders
Wednesday, May 14 10:15 AM - 11:30 AM
PCIT-B324
How to Rapidly Design and Deploy an Active Directory Federation Services Farm: The Do's
and the Don'ts
Wednesday, May 14 8:30 AM - 9:45 AM
PCIT-B326
Providing SaaS Single Sign-on with Microsoft Azure Active Directory
Thursday, May 15 10:15 AM - 11:30 AM
PCIT-B327
Introducing Web Application Proxy in Windows Server 2012 R2: Enable Work from
Anywhere
Wednesday, May 14 3:15 PM - 4:30 PM
PCIT-B328
Microsoft Identity Manager vNext Overview
Wednesday, May 14 5:00 PM - 6:15 PM
PCIT-B330
Active Directory + BYOD = Peace of Mind
Thursday, May 15 8:30 AM - 9:45 AM
Hybrid Identity
http://aka.ms/hybrididentity
Access & Information Protection
http://aka.ms/aip
Windows Server 2012 R2
http://aka.ms/ws2012r2
Azure Active Directory
http://aka.ms/azureactivedirectory
Identity Manager
http://aka.ms/identitymanager
Hybrid Identity Whitepaper
http://aka.ms/hybrididentitywp
Hybrid Identity Datasheet
http://aka.ms/hybrididentityds
Active Directory Deployment and Management Enhancements
http://go.microsoft.com/?linkid=9838440
Enabling Secure Remote Users with RemoteApp, DirectAccess and DAC
http://go.microsoft.com/?linkid=9838462
Migrating Active Directory to Windows Server 2012 R2
http://go.microsoft.com/?linkid=9842894
Implementing a Basic PKI in Windows Server 2012 R2
http://go.microsoft.com/?linkid=9842895
Windows Server 2012 R2: New Features in AD FS
http://go.microsoft.com/?linkid=9842896
Workplace Join
http://go.microsoft.com/?linkid=9836553
Work Folders
http://go.microsoft.com/?linkid=9839828
AD FS and Claims apps
http://go.microsoft.com/?linkid=9836552
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn