#ChiTechTues Empowering people-centric IT Unified device management Desktop Virtualization Hybrid Identity Access and information protection Users Devices Apps Data Hybrid Identity √ Unify your environment Enable users Protect your data Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Provide users with self-service experiences to keep them productive Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting Enable single sign-on for users across all the resources they need access to A centralized and consistent corporate identity givenName surname Samantha Dearing employeeID 007 Database title Coordinator Exchange e-mail samd@contoso.com LDAP telephone 555-123-4567 HR System Identity attributes are often located in multiple repositories SQL Web Services PowerShell (ODBC) (SOAP, JAVA, REST) LDAP v3 Identity Manager creates a compilation of these attributes with validation and keeps this in sync with all identity realms givenName Samantha surname Dearing title Coordinator E-mail samd@contoso.com employeeID 007 telephone 555-123-4567 Common Identity with Sync and Federation *Coming Soon Synchronization *Write back of attributes to support cloud first and co-existence User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory Federation AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory *Direct to cloud identity sync Web Services *Coming Soon LDAP v3 (SOAP, JAVA, REST) Azure Active Directory Sync provides the ability to sync disparate on-premises identity repositories directly to Azure Active Directory PowerShell SQL (ODBC) Identity Federation Organizations can connect to SaaS applications running in Azure, Office 365 and 3rd party providers Enhancements to AD FS include simplified deployment and management Published applications Organizations can federate with partners and other organizations for seamless access to shared resources Conditional access with multi-factor authentication is provided on a perapplication basis, leveraging user identity, device registration & network location Office 365 & Windows Intune Identity Models Cloud Identity Single identity in the cloud suitable for small organizations with no integration to onpremises directories Directory Sync Single identity suitable for medium and large organizations with passwords stored both on-premises and in the cloud without federation Federated Identity Single federated identity and credentials suitable for medium and large organizations, passwords stored only on-premises Provide users with self-service experiences Users can edit their profile details to update and add missing information Users can reset their passwords significantly reducing help desk burden and costs. Users can onboard new users and contractors into their teams and provide access to required resources Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the user’s attributes. All changes and updates are workflow and policy driven with approval routing as appropriate *Cloud based self-service experiences *In Preview Users can manage access requests through self-service group management Users can edit their profile details to update and add missing information Users can easily access the SaaS apps they need, using their existing Active Directory credentials. Self Service Password change and reset for cloud users Leverage existing investments in Active Directory for a single set of user credentials Provide users with single sign-on experiences Users gain seamless access to Office 365, Windows Intune and other Microsoft cloud apps Users can sign onto 3rd party SaaS apps with their company credentials Sync or federate users to Azure Active Directory for single sign-on to cloud apps Users can access all their company resources with a single set of credentials Leverage existing investments in Active Directory for a single set of user credentials SQL Web Services PowerShell (ODBC) (SOAP, JAVA, REST) LDAP v3 Single sign-on to Office 365 and Windows Intune Directory Sync When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Cloud Identity A user with a cloud only identity can sign in to Office 365 and Windows Intune using their Azure Active Directory credentials Federated Identity When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory Active Directory for the cloud Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises. Manage Active Directory using Windows PowerShell, use the improved deployment experience and leverage the Active Directory Administrative Center for centralized management Run Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning. Developers can integrate applications for single sign-on across onpremises and cloudbased applications. Activate clients running Office on at least Windows 8 or Windows Server 2012 automatically using existing Active Directory infrastructure. Azure Active Directory PowerShell LDAP v3 SQL Web Services (ODBC) (SOAP, JAVA, REST) Easily add custom cloud-based apps. Facilitate developers with identity management. Sync identity or provide federated identity for single sign-on Choose among hundreds of popular SaaS apps from a pre-populated application gallery. Add multi-factor authentication for additional user identity verification Comprehensive cloud based identity and access management combining directory services, identity governance, application access management and a developer’s identity management platform Administrators have access to security reporting that tracks inconsistent access patterns and view users who signed in from unknown sources 1. Users attempts to login or perform an action that is subject to MFA 2. When the user authenticates, the application or service performs a MFA call 3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a mobile app Devices User Apps & Data 4. The response is returned to the app which then allows the user to proceed Protect Data with Rights Management Integration with SharePoint and Exchange Automatically identify and classify data based on content with automatic encryption Securely share documents with colleagues and business partners Hybrid options across Windows Server and Azure Rights Management Easy to use with integration with Office 2010/13, Windows Shell Extensions and cross platform clients Maintain governance and compliance Enable users with self-service access request and approval Enforce segregation of duties by defining incompatible permissions and roles Perform attestation by regularly ensuring access rights are maintained and allow managers to review and approve existing access rights of users Easily define and manage access based on user roles Demonstrate that access rights comply with organizational policies and industry regulations Workload: SharePoint with conditional access & MFA Users can connect to a published on-premises SharePoint server that has been integrated with AD FS. Through conditional access policies we can enforce additional authentication and authorization requirements, such as device registration. With integrated MFA, AD FS facilitates the device registration process and allows the user to continue and gain access to the SharePoint site. Hybrid Identity Review √ Unify your environment Enable users Protect your data Create a centralized identity across on-premises and cloud Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses Provide users with self-service experiences to keep them productive Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation and reporting Enable single sign-on for users across all the resources they need access to
© Copyright 2024