SlideShare a Scribd company logo

Identity And Access Management Presented by Microsoft and Atidan

David J Rosenthal
David J Rosenthal

There are a couple of mega trends that have been changing the world of work as we know it. The place where people actually get their work done is no longer exclusively a traditional office or workplace. People now work from home, cafes, customer sites, on the road, in the air. In fact, people can—and do—work from just about anywhere. Even when they’re in the office, people don’t expect to be sitting at their desk in order to be productive. We are in an era where mobility really is the new normal. The cloud-first, mobile-first world is here. People expect to have the ability to work where, when, and how they choose—using the devices they love and the apps they are familiar with. Just look at the story told by some of these stats: 52% of information workers across 17 countries report using three or more devices for work. 90% of enterprises will have two or more mobile operating systems to support in 2017. More than 80% of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs.

Technology
1 of 52
Download to read offline
David J. Rosenthal CEO, Atidan October 4, 2016 Microsoft MTC New York City
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report *** Verizon 2013 data breach investigation report 61 percent of workers mix personal and work tasks in their devices* 61% >70% >70 percent of network intrusions exploited weak or stolen credentials *** >80 percent of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs** >80% Mobile and cloud: challenging security paradigms
Is it possible to keep up? Is it possible to stay secure? Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
Is it possible to keep up? Microsoft’s vision Employees Business partners Customers Access everything from everywhere Manage and secure productivity Integrate with what you have Apps Devices Data Users
Enterprise Mobility Suite Microsoft Azure Active Directory Premium Microsoft Azure Rights Management Premium Advanced Threat Analytics Single sign-on to 1000s of cloud and on-premises applications. Identity protection with notifications, analysis, recommended remediation, & risk-based conditional access. Leverage PC management, MDM, and MAM to protect corporate apps and data on almost any device. Encryption, identity, and authorization to secure corporate files and email across phones, tablets, and PCs. Identify suspicious activities and advanced threats in near real time with simple, actionable reporting. Behavior-based threat analytics Information protection Identity and access management Device and app management Microsoft Intune System Center Configuration Manager
The current reality
Single sign-on Microsoft Azure Active Directory Self-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud Cloud Identity as the core of enterprise mobility
1 trillion Azure AD authentications since the release of the service >80k third-party applications used with Azure AD each month >1.3 billion authentications every dayonAzureAD More than 600 M user accounts on Azure AD Azure AD Directories >9 M 86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory Azure Active Directory Microsoft’s “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
Azure Active Directory. Identity at the core of your business Identity and access management in the cloud 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) 1000s of apps, 1 identity Connect and sync on-premises directories with Azure
1000s of apps, 1 identity Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2500+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure
Microsoft Authenticator A mobile authenticator application for all platforms 1000s OF APPS, 1 IDENTITY Converges the existing Azure Authenticator and all consumer Authenticator applications. MFA for any account, enterprise or consumer and 3rd party : Push Notifications/OTP Device Registration (workplace join) SSO to native mobile apps - Certificate-based SSO Sign in to a device (Windows Hello), app, or website without a password
Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure Azure Active Directory Domain Services 1000s OF APPS, 1 IDENTITY Your domain controller as a service Kerberos NTLM LDAP Group Policy
Manage your account, apps and groups Company branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps Self-service password reset Application access requests Integrated Office 365 app launching Making the lives of users (and IT) easier ENABLE BUSINESS WITHOUT BORDERS
“We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.” 3000+ partners Collaborate with partners: B2B collaboration Share without complex configuration or duplicate users Partners use their own credentials to access your org Users lose access when leaving the partner org No external directories No per partner federation You manage access You control partner access in your directory: • app assignment • group membership • custom attributes Partners of all sizes Bulk invite 1000s at a time Partners with Azure Active Directory sign in to accept invite Other partners simply sign up to accept invite ENABLE BUSINESS WITHOUT BORDERS
Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices Enabling anytime, anywhere productivity: Azure Active Directory Join for Windows 10 ENABLE BUSINESS WITHOUT BORDERS
Superior economics Identity experience engine Connecting with consumers: Azure Active Directory B2C Consumer identity and access management in the cloud Cross-platform Identity management for consumers “By using Azure Active Directory B2C we were able to build a fully customized login page without having to build custom code. Additionally, with a Microsoft solution in place, we alleviated all our concerns about security, data breaches, and scalability." - Rafael de los Santos, Head of Digital, Real Madrid ENABLE BUSINESS WITHOUT BORDERS
Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console IT professional Managing identities MANAGE ACCESS AT SCALE
Connect Health MANAGE ACCESS AT SCALE Monitor and gain insights into the identity infrastructure used to extend on-premises identities to Azure Active Directory and Office 365. Monitor: The Azure AD Connect sync engine health ADFS infrastructure health On-premises AD DS health
Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk Identity-driven security CLOUD-POWERED PROTECTION
Azure Active Directory Identity Protection CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
Azure Active Directory Identity Protection CLOUD-POWERED PROTECTION Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Security/Monitoring/Reporting SolutionsNotifications Data Extracts/Downloads Reporting APIs Apply Microsoft learnings to your existing security tools Microsoft machine - learning engine Leaked credentials Infected devices Configuration vulnerabilities Brute force attacks Suspicious sign- in activities
Privileged Identity Management CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand,just-in-timeadministrativeaccess when needed Use Alert, Audit Reports and Access Review Global Administrator Billing Administrator Service Administrator User Administrator Password Administrator
Privileged Identity Management CLOUD-POWERED PROTECTION How time-limited activation of privileged roles works MFA is enforced during the activation process Alerts inform administrators about out-of-band changes Users need to activate their privileges to perform a task Users will retain their privileges for a pre- configured amount of time Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews Audit SECURITY ADMIN Configure Privileged Identity Management USER PRIVILEGED IDENTITY MANAGEMENT Identity verification Monitor Access reports MFA ALERT Read only ADMIN PROFILES Billing Admin Global Admin Service Admin
CLOUD-POWERED PROTECTION Removes unneeded permanent admin role assignments Limits the time a user has admin privileges Ensures MFA validation prior to admin role activation Reduces exposure to attacks targeting admins Separates role administration from other tasks Adds roles for read-only views of reports and history Asks users to review and justify continued need for admin role Simplifies delegation Enables least privilege role assignments Alerts on users who haven’t used their role assignments Simplifies reporting on admin activity Increases visibility and finer-grained control Benefits: Privileged Identity Management
Detect threats fast with behavioral analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps. Alerts only happen once suspicious activities are contextually aggregated; not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. Microsoft Advanced Threat Analytics CLOUD-POWERED PROTECTION
Introducing Microsoft Cloud App Security CLOUD-POWERED PROTECTION Extending visibility and control to cloud apps Create policies for access, activities, and data sharing Automatically identify risky activities, abnormal behaviors, and threats Prevent data leakage (DLP) Minimize risk and automated threat prevention and policy enforcement
Intune Azure Rights Management and Secure Islands Protect your users, devices, and apps Detect problems early with visibility and threat analytics Protect your data, everywhere Extend enterprise-grade security to your cloud and SaaS apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise mobility + security Advanced Threat Analytics Microsoft Cloud App Security Azure Active Directory Identity Protection
Customer Stories TRANSPORTATION, LOGISTICS, OIL-GAS RETAIL, HOSPITALITY AND TRAVEL GOVERNMENT, BANKING, INSURANCE CONSTRUCTION, PROFESSIONAL SERVICES EDUCATION – NONPROFIT HEALTH
Identity and access management in the cloud • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
FastTrack will: Retain control of sensitive documents locally and over email Automatically protect mail containing privileged information Ensure files stored in SharePoint are rights protected Microsoft FastTrack for Enterprise Mobility Suite provides remote deployment assistance for Azure Active Directory Premium, Intune, and Azure Rights Management Premium. Azure Rights Management Premium FastTrack will: Set up users and groups Enable management of test devices Optionally connect on-premises Microsoft System Center Configuration Manager to Intune for a single pane management experience FastTrack will: Get organizational identities to the cloud Set up single sign-on for test apps (including Azure Active Directory Application Proxy apps) Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site Azure Active Directory Premium Microsoft Intune FastTrack for EMS: Deploy it Right Now included with all EMS services
Top ISV solutions in Identity & Access Management Soha Cloud Soha’s security service ensures that you can continue to develop, test and deploy applications on public clouds with maximum agility – while giving management the assurance they need. It provides the security missing in public cloud infrastructures. Key Use Cases/ Benefits • Eliminate VPNs, Whitelists, Access Lists and Security Groups • Enable micro-granular access to only the applications users are authorized to use – and nothing else • Simple to use – Easy and fast to deploy • Lower operating cost and no hardware or network changes required Availability: Global Average Deal Revenue: $5K/Quarter Link to AppCatalog Link to Marketplace Enterprise Random Password Manager Lieberman Software proactively mitigates cyber threats that bypass traditional enterprise defenses by delivering automated intrusion remediation in real time. Controls privilege access across data center and cloud assets by continuously changing privileged credentials and SSH keys. Deploy on-premises or as Azure Certified VMs (hybrid or cloud only). Key Use Cases/ Benefits • Proactive Cyber Defense • Simplified Compliance • Next Generation Privilege Management • Enhanced IT Ops. Security and Efficiency Availability: Global Average Deal Revenue: $45K Link to AppCatalog Link to Marketplace
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Contact us for demonstration, briefing and deployment planning: microsoft@atidan.com 1-215-825-5045 x5001
Appendix
Directory as a service 500,000 object limit No object limit No object limit No object limit for Office 365 user accounts User/group management (add/update/delete)/user-based provisioning, device registration Yes Yes Yes Yes Singe Sign On 10 apps per user (pre- integrated SaaS and developer-integrated apps) 10 apps per user(free tier + Application proxy apps) No limit (free, Basic tiers +Self-Service App Integration templates 1) 10 apps per user (pre- integrated SaaS and developer-integrated apps) User-based access management/provisioning Yes Yes Yes Self-service password change for cloud users Yes Yes Yes Connect (sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes Security reports/audit 3 basic reports 3 basic reports Advanced security reports 3 basic reports Premium + basic features Group-based access management/provisioning Yes Yes Self-service password reset for cloud users Yes Yes Yes Company branding (logon pages/access panel customization) Yes Yes Yes Application Proxy Yes Yes SLA Yes Yes Yes Premium features Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups Yes Self-service password reset/change/account unlock with on-premises write-back Yes Advanced usage reporting Yes Multi-factor authentication (cloud and on-premises (MFA server)) Yes Limited cloud only for Office 365 apps MIM CAL + MIM server Yes Cloud app discovery Yes Automated password rollover Yes Connect Health Yes Azure Active Directory editions GA feature comparison + Office 365 IAM features Yes Yes Yes Yes MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join Yes
Microsoft Intune Mobile device settings management Mobile application management Selective wipe Microsoft Azure Active Directory Premium + Microsoft Identity Manager Security reports, audit reports, Multi-Factor Authentication Self-service password reset and group management Connection between Active Directory and Azure Active Directory Microsoft Azure Rights Management Service Information protection Connection to on-premises assets Bring your own key Microsoft enterprise mobility management
Challenge: identities live in too many places HR system LDAP Oracle DB Finance Web apps Windows Server Active Directory Hybrid identity User identities from multiple repositories LDAP v3 Windows PowerShell Web services (SOAP, Java, REST) Generic SQL via ODBC Windows Server Active Directory Microsoft Azure Active Directory VS.
Microsoft’s IAM solution Apps in Azure Third-party apps & cloudsMicrosoft Cloud Microsoft Identity Manager Apps on- premises AAD App Proxy Spans cloud and on-premises Provides full spectrum of services • Federation • Identity management • Device registration • User provisioning • Application access control • Data protection Modern identity management system The combination of Windows Server Active Directory, Microsoft Identity Manager, and Microsoft Azure Active Directory enables better security for today’s hybrid enterprise. Microsoft Azure Active Directory
Introducing Microsoft Identity Manager 2016 MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
Microsoft Identity Manager 2016 features MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management
IAM evolution MANAGE EVERYTHING ON-PREMISES HYBRID CLOUD Managed: Microsoft System Center Configuration Manager On-premises LOB applications, traditional productivity iOS, Android, Windows Phone, BYOD Mobile apps, shadow IT SaaS solutions Managed: Microsoft Intune connected to System Center Configuration Manager On-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation Deployment of cloud-enabled rich clients Managed cloud identities with Multi-Factor Authentication Managed by EMS: Combination of mobile clients (iOS, Android) and cloud- enabled clients (Windows 10) Managed SaaS and Office 365 Enterprise, full Azure IAM Event - Mobility Event-Win 8.x/10 Microsoft Identity Manager 2016
Architecture: hybrid identity with MIM MANAGE EVERYTHING MIM Microsoft Identity Manager 2016 Azure AD App Proxy Azure AD Connect IAM On-premises applications Microsoft Azure Active Directory Microsoft Azure
Scenario: self-service password reset Username ? Forgot your password? User Cloud On-premises applications ••••••••••••• IT User’s identity Self-service experiences
Scenario: Collapse multi-forest Active Directory into one Active Directory Microsoft Identity Manager 2016 Collapse directories Map multiple identities Transform usernames and other attributes
Scenario: Implement privileged access management UserExisting apps Existing FIM Existing AD forests WS 2003 or later User: PRIVJenAdmin Groups: CORPResource Admins Refresh after: 60 minutes Group “Resource Admins” Privileged access management AD DS Microsoft Identity Manager Configured for PAM Group: Resource Admins Domain: CORP Candidate: Jen Time-based memberships User “JenAdmin” Access requests Existing trust Trust for admin access Access requests
Deep dive: DirSync, Azure AD, and MIM Sync DirSync Azure Active Directory Sync FIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect MIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect
Deep dive: migrate to Azure Active Directory Connect and sync on- premises directories with Azure Azure Active Directory Connect Microsoft Azure Active Directory Other directories PowerShell LDAP v3 SQL (ODBC) Web services (SOAP, Java, REST)
Azure Active Directory Microsoft Identity Manager Password reset/management YES YES Group management YES, not dynamic YES Provisioning, deprovisioning NO YES Certificate management NO YES Role-based access control NO YES Deep dive: IAM in MIM vs. Azure Active Directory
Microsoft Identity Manager 2016 is also included with Azure Active Directory Premium, which is part of the Enterprise Mobility Suite. Microsoft Enterprise Mobility Suite is the most cost-effective way to acquire all included cloud services: Azure Active Directory Premium, Azure Rights Management, and Intune. Purchasing Microsoft Identity Manager 2016 Licensed on a per-user basis Client Access License (CAL) Required for each user whose identity is managed Windows Server license with active Software Assurance Required to use the Microsoft Identity Manager 2016 server software as a Windows Server add-on
Introducing Microsoft Identity Manager 2016 Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
Microsoft Identity Manager 2016 features Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management

Recommended

Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 
Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva IntroductionDavid J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva LearningDavid J Rosenthal
 

Recommended

Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 
Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva IntroductionDavid J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva LearningDavid J Rosenthal
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva TopicsDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow OverviewDavid J Rosenthal
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI OverviewDavid J Rosenthal
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsDavid J Rosenthal
 
What is Microsoft Teams
What is Microsoft TeamsWhat is Microsoft Teams
What is Microsoft TeamsDavid J Rosenthal
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Knowledge and Insights from Microsoft
Knowledge and Insights from MicrosoftKnowledge and Insights from Microsoft
Knowledge and Insights from MicrosoftDavid J Rosenthal
 
Microsoft SharePoint Syntex
Microsoft SharePoint SyntexMicrosoft SharePoint Syntex
Microsoft SharePoint SyntexDavid J Rosenthal
 
Microsoft Viva
Microsoft VivaMicrosoft Viva
Microsoft VivaDavid J Rosenthal
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

More Related Content

More from David J Rosenthal

A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsDavid J Rosenthal
 
Knowledge and Insights from Microsoft
Knowledge and Insights from MicrosoftKnowledge and Insights from Microsoft
Knowledge and Insights from MicrosoftDavid J Rosenthal
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 

More from David J Rosenthal (20)

Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft Teams
 
What is Microsoft Teams
What is Microsoft TeamsWhat is Microsoft Teams
What is Microsoft Teams
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Knowledge and Insights from Microsoft
Knowledge and Insights from MicrosoftKnowledge and Insights from Microsoft
Knowledge and Insights from Microsoft
 
Microsoft SharePoint Syntex
Microsoft SharePoint SyntexMicrosoft SharePoint Syntex
Microsoft SharePoint Syntex
 
Microsoft Viva
Microsoft VivaMicrosoft Viva
Microsoft Viva
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your Enterprise
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Identity And Access Management Presented by Microsoft and Atidan

  • 1. David J. Rosenthal CEO, Atidan October 4, 2016 Microsoft MTC New York City
  • 2. * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report *** Verizon 2013 data breach investigation report 61 percent of workers mix personal and work tasks in their devices* 61% >70% >70 percent of network intrusions exploited weak or stolen credentials *** >80 percent of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs** >80% Mobile and cloud: challenging security paradigms
  • 3. Is it possible to keep up? Is it possible to stay secure? Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
  • 4. Is it possible to keep up? Microsoft’s vision Employees Business partners Customers Access everything from everywhere Manage and secure productivity Integrate with what you have Apps Devices Data Users
  • 5. Enterprise Mobility Suite Microsoft Azure Active Directory Premium Microsoft Azure Rights Management Premium Advanced Threat Analytics Single sign-on to 1000s of cloud and on-premises applications. Identity protection with notifications, analysis, recommended remediation, & risk-based conditional access. Leverage PC management, MDM, and MAM to protect corporate apps and data on almost any device. Encryption, identity, and authorization to secure corporate files and email across phones, tablets, and PCs. Identify suspicious activities and advanced threats in near real time with simple, actionable reporting. Behavior-based threat analytics Information protection Identity and access management Device and app management Microsoft Intune System Center Configuration Manager
  • 7. Single sign-on Microsoft Azure Active Directory Self-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud Cloud Identity as the core of enterprise mobility
  • 8. 1 trillion Azure AD authentications since the release of the service >80k third-party applications used with Azure AD each month >1.3 billion authentications every dayonAzureAD More than 600 M user accounts on Azure AD Azure AD Directories >9 M 86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory Azure Active Directory Microsoft’s “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
  • 9. Azure Active Directory. Identity at the core of your business Identity and access management in the cloud 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
  • 10. Azure Active Directory Connect and Connect Health * MIM * Microsoft Azure Active Directory HR apps OTHER DIRECTORIES PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) 1000s of apps, 1 identity Connect and sync on-premises directories with Azure
  • 11. 1000s of apps, 1 identity Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2500+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure
  • 12. Microsoft Authenticator A mobile authenticator application for all platforms 1000s OF APPS, 1 IDENTITY Converges the existing Azure Authenticator and all consumer Authenticator applications. MFA for any account, enterprise or consumer and 3rd party : Push Notifications/OTP Device Registration (workplace join) SSO to native mobile apps - Certificate-based SSO Sign in to a device (Windows Hello), app, or website without a password
  • 13. Azure Active Directory Lift-and-shift on-premises apps to Azure IaaS On-premises Azure AD Connect Windows Server Active Directory Your Azure IaaS workloads/apps Azure AD Domain Services Your virtual network Azure Azure Active Directory Domain Services 1000s OF APPS, 1 IDENTITY Your domain controller as a service Kerberos NTLM LDAP Group Policy
  • 14. Manage your account, apps and groups Company branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps Self-service password reset Application access requests Integrated Office 365 app launching Making the lives of users (and IT) easier ENABLE BUSINESS WITHOUT BORDERS
  • 15. “We needed to quickly and cost effectively stand up new IT infrastructure, including extranet applications for thousands of business partners. Azure Active Directory B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.” 3000+ partners Collaborate with partners: B2B collaboration Share without complex configuration or duplicate users Partners use their own credentials to access your org Users lose access when leaving the partner org No external directories No per partner federation You manage access You control partner access in your directory: • app assignment • group membership • custom attributes Partners of all sizes Bulk invite 1000s at a time Partners with Azure Active Directory sign in to accept invite Other partners simply sign up to accept invite ENABLE BUSINESS WITHOUT BORDERS
  • 16. Intune/MDM auto-enrollment Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise-compliant services SSO from the desktop to cloud and on-premises applications with no VPN Support for hybrid environments MDM auto-enrollment Windows 10 Azure AD joined devices Enabling anytime, anywhere productivity: Azure Active Directory Join for Windows 10 ENABLE BUSINESS WITHOUT BORDERS
  • 17. Superior economics Identity experience engine Connecting with consumers: Azure Active Directory B2C Consumer identity and access management in the cloud Cross-platform Identity management for consumers “By using Azure Active Directory B2C we were able to build a fully customized login page without having to build custom code. Additionally, with a Microsoft solution in place, we alleviated all our concerns about security, data breaches, and scalability." - Rafael de los Santos, Head of Digital, Real Madrid ENABLE BUSINESS WITHOUT BORDERS
  • 18. Centralized access administration for pre-integrated SaaS apps and other cloud-based apps Dynamic groups, device registration, secure business processes with advanced access management capabilities Comprehensive identity and access management console IT professional Managing identities MANAGE ACCESS AT SCALE
  • 19. Connect Health MANAGE ACCESS AT SCALE Monitor and gain insights into the identity infrastructure used to extend on-premises identities to Azure Active Directory and Office 365. Monitor: The Azure AD Connect sync engine health ADFS infrastructure health On-premises AD DS health
  • 20. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk Identity-driven security CLOUD-POWERED PROTECTION
  • 21. Azure Active Directory Identity Protection CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
  • 22. Azure Active Directory Identity Protection CLOUD-POWERED PROTECTION Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Security/Monitoring/Reporting SolutionsNotifications Data Extracts/Downloads Reporting APIs Apply Microsoft learnings to your existing security tools Microsoft machine - learning engine Leaked credentials Infected devices Configuration vulnerabilities Brute force attacks Suspicious sign- in activities
  • 23. Privileged Identity Management CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand,just-in-timeadministrativeaccess when needed Use Alert, Audit Reports and Access Review Global Administrator Billing Administrator Service Administrator User Administrator Password Administrator
  • 24. Privileged Identity Management CLOUD-POWERED PROTECTION How time-limited activation of privileged roles works MFA is enforced during the activation process Alerts inform administrators about out-of-band changes Users need to activate their privileges to perform a task Users will retain their privileges for a pre- configured amount of time Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews Audit SECURITY ADMIN Configure Privileged Identity Management USER PRIVILEGED IDENTITY MANAGEMENT Identity verification Monitor Access reports MFA ALERT Read only ADMIN PROFILES Billing Admin Global Admin Service Admin
  • 25. CLOUD-POWERED PROTECTION Removes unneeded permanent admin role assignments Limits the time a user has admin privileges Ensures MFA validation prior to admin role activation Reduces exposure to attacks targeting admins Separates role administration from other tasks Adds roles for read-only views of reports and history Asks users to review and justify continued need for admin role Simplifies delegation Enables least privilege role assignments Alerts on users who haven’t used their role assignments Simplifies reporting on admin activity Increases visibility and finer-grained control Benefits: Privileged Identity Management
  • 26. Detect threats fast with behavioral analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps. Alerts only happen once suspicious activities are contextually aggregated; not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. Microsoft Advanced Threat Analytics CLOUD-POWERED PROTECTION
  • 27. Introducing Microsoft Cloud App Security CLOUD-POWERED PROTECTION Extending visibility and control to cloud apps Create policies for access, activities, and data sharing Automatically identify risky activities, abnormal behaviors, and threats Prevent data leakage (DLP) Minimize risk and automated threat prevention and policy enforcement
  • 28. Intune Azure Rights Management and Secure Islands Protect your users, devices, and apps Detect problems early with visibility and threat analytics Protect your data, everywhere Extend enterprise-grade security to your cloud and SaaS apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise mobility + security Advanced Threat Analytics Microsoft Cloud App Security Azure Active Directory Identity Protection
  • 29. Customer Stories TRANSPORTATION, LOGISTICS, OIL-GAS RETAIL, HOSPITALITY AND TRAVEL GOVERNMENT, BANKING, INSURANCE CONSTRUCTION, PROFESSIONAL SERVICES EDUCATION – NONPROFIT HEALTH
  • 30. Identity and access management in the cloud • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
  • 31. Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
  • 32. FastTrack will: Retain control of sensitive documents locally and over email Automatically protect mail containing privileged information Ensure files stored in SharePoint are rights protected Microsoft FastTrack for Enterprise Mobility Suite provides remote deployment assistance for Azure Active Directory Premium, Intune, and Azure Rights Management Premium. Azure Rights Management Premium FastTrack will: Set up users and groups Enable management of test devices Optionally connect on-premises Microsoft System Center Configuration Manager to Intune for a single pane management experience FastTrack will: Get organizational identities to the cloud Set up single sign-on for test apps (including Azure Active Directory Application Proxy apps) Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site Azure Active Directory Premium Microsoft Intune FastTrack for EMS: Deploy it Right Now included with all EMS services
  • 33. Top ISV solutions in Identity & Access Management Soha Cloud Soha’s security service ensures that you can continue to develop, test and deploy applications on public clouds with maximum agility – while giving management the assurance they need. It provides the security missing in public cloud infrastructures. Key Use Cases/ Benefits • Eliminate VPNs, Whitelists, Access Lists and Security Groups • Enable micro-granular access to only the applications users are authorized to use – and nothing else • Simple to use – Easy and fast to deploy • Lower operating cost and no hardware or network changes required Availability: Global Average Deal Revenue: $5K/Quarter Link to AppCatalog Link to Marketplace Enterprise Random Password Manager Lieberman Software proactively mitigates cyber threats that bypass traditional enterprise defenses by delivering automated intrusion remediation in real time. Controls privilege access across data center and cloud assets by continuously changing privileged credentials and SSH keys. Deploy on-premises or as Azure Certified VMs (hybrid or cloud only). Key Use Cases/ Benefits • Proactive Cyber Defense • Simplified Compliance • Next Generation Privilege Management • Enhanced IT Ops. Security and Efficiency Availability: Global Average Deal Revenue: $45K Link to AppCatalog Link to Marketplace
  • 34. © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Contact us for demonstration, briefing and deployment planning: microsoft@atidan.com 1-215-825-5045 x5001
  • 36. Directory as a service 500,000 object limit No object limit No object limit No object limit for Office 365 user accounts User/group management (add/update/delete)/user-based provisioning, device registration Yes Yes Yes Yes Singe Sign On 10 apps per user (pre- integrated SaaS and developer-integrated apps) 10 apps per user(free tier + Application proxy apps) No limit (free, Basic tiers +Self-Service App Integration templates 1) 10 apps per user (pre- integrated SaaS and developer-integrated apps) User-based access management/provisioning Yes Yes Yes Self-service password change for cloud users Yes Yes Yes Connect (sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes Security reports/audit 3 basic reports 3 basic reports Advanced security reports 3 basic reports Premium + basic features Group-based access management/provisioning Yes Yes Self-service password reset for cloud users Yes Yes Yes Company branding (logon pages/access panel customization) Yes Yes Yes Application Proxy Yes Yes SLA Yes Yes Yes Premium features Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups Yes Self-service password reset/change/account unlock with on-premises write-back Yes Advanced usage reporting Yes Multi-factor authentication (cloud and on-premises (MFA server)) Yes Limited cloud only for Office 365 apps MIM CAL + MIM server Yes Cloud app discovery Yes Automated password rollover Yes Connect Health Yes Azure Active Directory editions GA feature comparison + Office 365 IAM features Yes Yes Yes Yes MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join Yes
  • 37. Microsoft Intune Mobile device settings management Mobile application management Selective wipe Microsoft Azure Active Directory Premium + Microsoft Identity Manager Security reports, audit reports, Multi-Factor Authentication Self-service password reset and group management Connection between Active Directory and Azure Active Directory Microsoft Azure Rights Management Service Information protection Connection to on-premises assets Bring your own key Microsoft enterprise mobility management
  • 38. Challenge: identities live in too many places HR system LDAP Oracle DB Finance Web apps Windows Server Active Directory Hybrid identity User identities from multiple repositories LDAP v3 Windows PowerShell Web services (SOAP, Java, REST) Generic SQL via ODBC Windows Server Active Directory Microsoft Azure Active Directory VS.
  • 39. Microsoft’s IAM solution Apps in Azure Third-party apps & cloudsMicrosoft Cloud Microsoft Identity Manager Apps on- premises AAD App Proxy Spans cloud and on-premises Provides full spectrum of services • Federation • Identity management • Device registration • User provisioning • Application access control • Data protection Modern identity management system The combination of Windows Server Active Directory, Microsoft Identity Manager, and Microsoft Azure Active Directory enables better security for today’s hybrid enterprise. Microsoft Azure Active Directory
  • 40. Introducing Microsoft Identity Manager 2016 MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
  • 41. Microsoft Identity Manager 2016 features MANAGE EVERYTHING Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management
  • 42. IAM evolution MANAGE EVERYTHING ON-PREMISES HYBRID CLOUD Managed: Microsoft System Center Configuration Manager On-premises LOB applications, traditional productivity iOS, Android, Windows Phone, BYOD Mobile apps, shadow IT SaaS solutions Managed: Microsoft Intune connected to System Center Configuration Manager On-premises LOB applications, managed SaaS, Office 365 hybrid deployment, Azure Active Directory implementation Deployment of cloud-enabled rich clients Managed cloud identities with Multi-Factor Authentication Managed by EMS: Combination of mobile clients (iOS, Android) and cloud- enabled clients (Windows 10) Managed SaaS and Office 365 Enterprise, full Azure IAM Event - Mobility Event-Win 8.x/10 Microsoft Identity Manager 2016
  • 43. Architecture: hybrid identity with MIM MANAGE EVERYTHING MIM Microsoft Identity Manager 2016 Azure AD App Proxy Azure AD Connect IAM On-premises applications Microsoft Azure Active Directory Microsoft Azure
  • 44. Scenario: self-service password reset Username ? Forgot your password? User Cloud On-premises applications ••••••••••••• IT User’s identity Self-service experiences
  • 45. Scenario: Collapse multi-forest Active Directory into one Active Directory Microsoft Identity Manager 2016 Collapse directories Map multiple identities Transform usernames and other attributes
  • 46. Scenario: Implement privileged access management UserExisting apps Existing FIM Existing AD forests WS 2003 or later User: PRIVJenAdmin Groups: CORPResource Admins Refresh after: 60 minutes Group “Resource Admins” Privileged access management AD DS Microsoft Identity Manager Configured for PAM Group: Resource Admins Domain: CORP Candidate: Jen Time-based memberships User “JenAdmin” Access requests Existing trust Trust for admin access Access requests
  • 47. Deep dive: DirSync, Azure AD, and MIM Sync DirSync Azure Active Directory Sync FIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect MIM Sync (+ Azure Active Directory Connector) Azure Active Directory Connect
  • 48. Deep dive: migrate to Azure Active Directory Connect and sync on- premises directories with Azure Azure Active Directory Connect Microsoft Azure Active Directory Other directories PowerShell LDAP v3 SQL (ODBC) Web services (SOAP, Java, REST)
  • 49. Azure Active Directory Microsoft Identity Manager Password reset/management YES YES Group management YES, not dynamic YES Provisioning, deprovisioning NO YES Certificate management NO YES Role-based access control NO YES Deep dive: IAM in MIM vs. Azure Active Directory
  • 50. Microsoft Identity Manager 2016 is also included with Azure Active Directory Premium, which is part of the Enterprise Mobility Suite. Microsoft Enterprise Mobility Suite is the most cost-effective way to acquire all included cloud services: Azure Active Directory Premium, Azure Rights Management, and Intune. Purchasing Microsoft Identity Manager 2016 Licensed on a per-user basis Client Access License (CAL) Required for each user whose identity is managed Windows Server license with active Software Assurance Required to use the Microsoft Identity Manager 2016 server software as a Windows Server add-on
  • 51. Introducing Microsoft Identity Manager 2016 Cloud-ready identities Powerful user self-service Enhanced security Automatic preparation of Active Directory identities for synchronization with Azure Active Directory Password reset with Azure Multi- Factor Authentication Dynamic groups with approvals and redesigned certificate management Hybrid reporting and privileged access management to protect administrator accounts Support for new security protocols
  • 52. Microsoft Identity Manager 2016 features Cloud-ready identities Powerful user self-service Enhanced security • Standardized Active Directory attributes and values • Partitioned identities for synchronization to the cloud • Easier-to-deploy reporting connected to Azure Active Directory • Preparation of user profiles for Microsoft Office 365 • Self-service password reset with Multi- Factor Authentication • New REST-based APIs for AuthN/AuthZ • Self-service account unlock • Certificate management support for multi- forest and modern apps • Privileged user and account discovery • New Windows PowerShell support and REST-based API • Workflow management: elevated just-in- time administrator access • Reporting and auditing specific to privileged access management