Hybrid Identity de paraplu in de cloud

Similar documents
News and Updates June 1, 2017

Identity as the core of enterprise mobility

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Use EMS to protect your mobile data and mobile app

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

Azure Active Directory from Zero to Hero

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Single Sign-On Showdown

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Identity as the Entrée to the Microsoft Cloud

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Go mobile. Stay in control.

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Tech Dive: Microsoft Azure Identity Management and Office 365

Crash course in Azure Active Directory

Office 365: Modern Workplace

Securing Your Identities with Azure AD

CONDITIONAL ACCESS FROM A TO Z

A tale of Modern Management Part 1

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

User Directories. Overview, Pros and Cons

Conditional Access Policies

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

[ Sean TrimarcSecurity.com ]

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

SAP Security in a Hybrid World. Kiran Kola

Office 365 and Azure Active Directory Identities In-depth

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation

Enterprise Mobility + Security

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Google Identity Services for work

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Securing Office 365 with Okta

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

MD-101: Modern Desktop Administrator Part 2

O365 Solutions. Three Phase Approach. Page 1 34

Secure access to your enterprise. Enforce risk-based conditional access in real time

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

HOW TO UNLOCK EMS. 3 Things You Need to Know to Capitalize on Enterprise Mobility Suite

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

Six steps to control the uncontrollable

Universal Windows Applications

Identity & Access Management

Managing Microsoft 365 Identity and Access

Simplify Application Access with Azure Active Directory

CAN MICROSOFT HELP MEET THE GDPR

Secure Access for Microsoft Office 365 & SaaS Applications

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

THE SECURITY LEADER S GUIDE TO SSO

At Course Completion After completing this course, students will be able to:

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

WW emergencies/ malware infections: CODE RED, NIMDA, BLASTER, SLAMMER. Billg s. Trustworthy Computing Beyond

Symantec Endpoint Protection Family Feature Comparison

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Windows 10 Azure AD / EMS

Microsoft Security Management

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Integrating AirWatch and VMware Identity Manager

Microsoft: What s new and cool FY16

Exam : Implementing Microsoft Azure Infrastructure Solutions

VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Our broad and deep array of solutions enables you to use the cloud in your own way, at your own pace.

Object of this document

Phil Schwan Technical

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

Securing Office 365 with MobileIron

Securing Office 365 with Conditional Access #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Partner Center: Secure application model

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Augmenting security and management of. Office 365 with Citrix XenMobile

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

Secure your Infrastructure with Azure Multi-Factor Authentication Server

Trusted Login Connector (Hosted SSO)

Enterprise-ready Unified communications platform

Introduction. The Safe-T Solution

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Secure Access - Update

WELCOME! Using Microsoft Office 365 for a Robust Mail and Conferencing System

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In

Your Guide to EMS. Applied Tech: Your Guide to EMS. Contents

Transcription:

EXPERTS LIVE SUMMER NIGHT Hybrid Identity de paraplu in de cloud Robbert van der Zwan TSP EM+S Netherlands

EXPERTS LIVE SUMMER NIGHT Robbert van der Zwan Robbert works as an Enterprise Mobility and Security (EM+S) Technical Solution Professional (TSP) for Microsoft in the Netherlands.

Identity and access management User and entity behavioral analytics Mobile device and app management Information protection Cloud and SaaS app security Azure Active Directory Premium Advanced Threat Analytics Intune Azure Information Protection Cloud App Security Enterprise Mobility + Security (EMS)

Identity as the control plane Windows Server Active Directory On-premises

Identity as the control plane Customers Partners Azure SaaS Windows Server Active Directory Public cloud Cloud BYO On-premises VPN

Identity as the control plane Customers Partners Azure SaaS Azure Windows Server Active Directory Public cloud Cloud Public cloud Cloud BYO On-premises VPN

Azure AD as the control plane Customers Partners Azure Windows Server Active Directory Microsoft Azure Active Directory Public cloud Cloud On-premises A modern identity management system spanning cloud and on-premises, providing federation, identity management, device registration, user provisioning, application access control & data protection.

Identity synchronization with password (hash) sync Microsoft Azure Active Directory User attributes are synchronized using identity synchronization services, including a password hash; authentication is completed against Azure Active Directory Identity synchronization Microsoft Azure User attributes are synchronized using identity synchronization tools; authentication is passed back through federation and completed against Windows Server Active Directory ADFS

1000s OF APPS, 1 IDENTITY Identity + Password (Hash) synchronization Microsoft Azure Active Directory User Azure Active Directory authenticates user Identity + Password Hash synchronization

1000s OF APPS, 1 IDENTITY Identity synchronization + ADFS Microsoft Azure Active Directory User Identity synchronization Authentication passed to Windows Server Active Directory via ADFS ADFS

1000s OF APPS, 1 IDENTITY Identity synchronization + Pass-through authentication with Seamless SSO Microsoft Azure Active Directory User Identity synchronization Authentication passed to Windows Server Active Directory via Pass-through authentication Pass-through authentication Seamless SSO Pass-through authentication agent

1000s OF APPS, 1 IDENTITY How it works User Microsoft Azure Active Directory Security Token 61 Service Token User Name returned to the 25 user and or further proofs (MFA) password are initiated Connector notified returns of result request Contoso Corpnet 34 Connector DC returns validates result the credentials against AD Connector

1000s OF APPS, 1 IDENTITY How seamless SSO works with Pass-through authentication and Password hash synchronization Microsoft Azure Active Directory Security Token Service Contoso Corpnet 15 26 User Token 401 response sends enters returned ticket their to to get username to the Azure a Kerberos AD or further STS ticketproofs (MFA) are initiated User 34 User AD returns requests Kerberos a Kerberos ticket ticket

1000s OF APPS, 1 IDENTITY More options than ever! Identity Synchronization + Password Hash Synchronization+ Seamless SSO Microsoft Azure Active Directory Identity Synchronization + ADFS Identity Synchronization + Pass-through Authentication + Seamless SSO User Seamless SSO ADFS Seamless SSO Identity synchronization Identity + Password Hash synchronization Identity synchronization Pass-through Authentication

1000s OF APPS, 1 IDENTITY Azure Active Directory Connect DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector ADFS Azure Active Directory Connect Sync engine ADFS Consolidated deployment assistant for your identity bridge components. All currently available sync engines will be replaced by the sync engine included in the Connect tool. Assisted deployment of ADFS will be available through Azure Active Directory Connect. ADFS is an optional component for authentication in hybrid implementation. Password sync can replace ADFS for more scenarios.

Identity as the core of enterprise mobility Azure Active Directory as the control plane Windows Server Active Directory Customers Partners Other directories Self-service Single sign-on Azure SaaS Simple connection Public cloud On-premises Microsoft Azure Active Directory Cloud

Your Directory on the cloud Other Directories Microsoft Azure Active Directory SaaS apps

Access even more on-premises web applications https://appx-contoso.msappproxy.net/ Microsoft Azure Active Directory Application Proxy connect or Azure or 3 rd Party IaaS DMZ User connector connector connector app app app app Other LoB apps

ENABLE BUSINESS WITHOUT BORDERS Other organization Add B2B users with accounts in other Azure AD organizations 3 rd party apps Microsoft Azure Active Directory SharePoint Online and Office 365 apps Add B2B users with MSA, Google, or other Identity Provider accounts Assign B2B users access to any app or service your organization owns Azure AD and Office 365 groups Google ID Microsoft Account Other Identity Providers LOB apps Legend dashed silhouette: user account in the resource tenancy uses an external identity for authentication

Multi-factor authentication Data encryption User accounts Device log-ins Malware Unauthorized data access Attacks User log-ins Phishing Denial of service Enterprise security System updates

CLOUD-POWERED PROTECTION Identity Protection at its best Gain insights from a consolidated view of machine learning based threat detection Infected devices Brute force attacks Configuration vulnerabilities Leaked credentials Suspicious signin activities Riskbased policies Remediation recommendations MFA Challenge Risky Logins Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials Machine-Learning Engine Change bad credentials Block attacks

CLOUD-POWERED PROTECTION Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Infected devices Brute force attacks Configuration vulnerabilities Leaked credentials Suspicious signin activities Notifications Security/Monitoring/Reporting Solutions Data Extracts/Downloads Reporting APIs Microsoft machine - learning engine Apply Microsoft learnings to your existing security tools

Click to edit Master title style Control access to data based on real-time context Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels. As conditions change, natural user prompts ensure that only the right users on compliant devices can access sensitive data. Conditions Location (IP range) Device compliancy state Actions Allow Enforce MFA Remediate Cloud applications On premises applications User User group Risk Block access Wipe device Azure Active Directory Premium Microsoft Intune Microsoft Intelligent Security Graph

Demo - PTA & Conditional Access Policy Conditions User Group membership User Risk Session Risk Device OS Type: ios, Android, Windows, Mac Device Compliance state, Domain join status Device Risk Application App Type: Mobile app, Browser or Desktop app Application identity Location IP Range Security Signals Microsoft Digital Crimes Unit Microsoft Cybercrime Center Machine Learning AI-based on billions of Azure AD authentications/day Device state Microsoft Intune

EXPERTS LIVE SUMMER NIGHT Next session 18:00-18:45uur Azure Information Protection Lisanne Brons & Raymond van t Hag

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback