access control solutions claims-based applications and other resources located across organizational boundaries

•

Access resources in a federation partner organization

Empowering People-centric IT

Users Devices Apps

Management. Access. Protection.

Data

Hybrid Identity

Unify your environment

Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses

Enable users

Provide users with self-service experiences to keep them productive Enable single sign-on for users across all the resources they need access to

Protect your data

Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with

governance, attestation and reporting

Providing Users with a Common Identity

IT can provide users with a common identity across on-premises or cloud based services, leveraging Windows Server Active Directory and Azure Active Directory.

Users are more productive by having a single sign-on to all their resources.

Users get access through accounts in Azure Active Directory to Azure, Office 365, and third-party applications.

Developers can build applications that leverage the common identity model.

Common Identity with Sync

Synchronization

*Write back of attributes to support cloud first and co-existence User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active

Directory

Common Identity with Federation

Federation

AD FS provides conditional access to resources, Work Place Join for device registration and integrated

Multi-Factor Authentication

User attributes are synchronized,

Authentication is passed back through

federation and completed against

Windows Server Active Directory

Common Identity with Federation

Identity Federation

Organizations can connect to SaaS applications running in Azure, Office 365 and 3

rd party providers

Organizations can federate with partners and other organizations for seamless access to

shared resources

Enhancements to AD FS include simplified

deployment and management

Conditional access with multi factor authentication is provided on a per-application basis, leveraging user identity, device registration & network location

Published applications

•

Active Directory Federation Services Overview http://technet.microsoft.com/en-us/library/hh831502.aspx

Setup Geographic Redundancy with SQL Server Replication http://technet.microsoft.com/en-us/library/dn632406.aspx

AD FS Certificate Requirements http://technet.microsoft.com/en-us/library/dn554247.aspx#BKMK_1 Configuring AD FS Extranet Lockout http://technet.microsoft.com/en-us/library/dn486806.aspx

Configuring Alternate Login ID http://technet.microsoft.com/en-us/library/dn659436.aspx

Walkthrough Guide: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications http://technet.microsoft.com/en-us/library/dn280946.aspx

Configuring Authentication Policies http://technet.microsoft.com/en-us/library/dn486781.aspx

Developing Modern Applications using OAuth and AD FS http://msdn.microsoft.com/en-us/library/dn633593.aspx

Directory integration AD FS on Curah BYOD on Curah http://msdn.microsoft.com/en-us/library/azure/jj573653.aspx

http://curah.microsoft.com/51820/ad-fs-technet-content-map http://curah.microsoft.com/37111/bring-your-own-device-byod

http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn