310 likes | 318 Views
Protect your business and empower your users, partners, and consumers with cloud identity and access management solutions. Learn about the latest statistics on security challenges and the importance of managing identities across on-premises and the cloud. Discover how Microsoft Azure Active Directory Premium offers advanced threat analytics, single sign-on, and mobile device management for enhanced security.
E N D
Protect your business and empower your users, partners and consumers with cloud identity and access management Nasos Kladakis@AkladakisSr. Product Marketing Manager WIN231
Mobile & Cloud- challenging security paradigms 61% of workers mix personal and work tasks in their devices* >70% percent of network intrusions exploited weak or stolen credentials *** >80% of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs** * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report *** Verizon 2013 data breach investigation report
What's driving change? Users Data Devices Apps IT Employees Business Partners Customers
Enterprise Mobility Suite Behavior based threat analytics Mobile Device & App Management Information Protection Identity & Access Management Microsoft Azure Rights Management Premium Microsoft Azure Active Directory Premium Advanced Threat Analytics Microsoft Intune Easily manage identities across on-premises and cloud. Single sign-on & self-service for corporate resources. Leverage MDM & MAM to protect corporate apps & data on almost any device with Encryption, identity, and authorization to secure corporate files and email across phones, tablets, and PCs Identify suspicious activities and advanced threats in near real time, with simple, actionable reporting
Identity as the control plane Windows Server Active Directory On-premises
Identity as the control plane Cloud SaaS Azure Windows Server Active Directory BYO Public cloud Customers Partners On-premises VPN
Identity as the control plane Windows Server Active Directory Cloud Azure BYO Public cloud Customers Partners On-premises Microsoft Azure Active Directory VPN
Azure AD as the control plane Microsoft Azure Active Directory Cloud Azure Windows Server Active Directory Public cloud Partners Customers A modern identity management system spanning cloud and on-premises, providing SSO, access management, device registration, user provisioning, collaboration, conditional access & data protection for your employees, partners and customers On-premises
Azure Active Directory Microsoft’s “Identity Management as a Service (IDaas)” for organizations Millions of independent identity systems controlled by enterprise and government “tenants” Information is owned and usable by the controlling organization - not by Microsoft Born as an cloud directory for Office 365. Has been extended to managing across many clouds Has evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B) More than 520 Muser accounts on Azure Active Directory 86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI) Azure AD Directories >7 M 1 Trillion Azure AD authentications since the release of the service >1 Billion authentications every day on Azure AD >35kThird party applications used with Azure AD each month Every Office 365 and Microsoft Azure customeruses Azure Active directory
Azure Active Directory scenarios • 1000s of apps, 1 Identity • Making the life of users (and IT) easier • Managing Identities • Collaborating with Partners • Enabling anytime/anywhere productivity • Identity driven security • Connecting with Consumers • Your Domain Controller as a Service • Follow @AzureAD to learn first every new scenario
1000s of Apps, 1 Identity HR Apps Connect and Sync on-premises directories with Azure. Azure Active Directory Connect and Connect Health * * MIM PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Microsoft Azure Active Directory Other Directories
1000s of Apps, 1 Identity Connect and Sync on-premises directories with Azure. 2500+ Preintegrated popular SaaS apps. Microsoft Azure Easily publish on-prem web apps via Application Proxy + Custom apps through a rich standards-based platform. SaaS apps Web Apps (Azure Active Directory Application Proxy) Integrated custom apps Other Directories
Making the life of users (and IT) easier Company branded, personalized application Access Panel : http://myapps.microsoft.com + Mobile Apps Manage your account and groups • Self Service Password Reset • Application access requests 160K employees Cut help desk costs by eliminating top volume driver ->“Forgot my password” Result: 400 – 500 help desk calls per week eliminated
Making the life of users (and IT) easier Launch your apps from your Office 365 portal.
Managing identities Comprehensive identity and access management console. Centralized access administration for preintegrated SaaS apps and other Cloud-based and on-premises apps. SaaS apps Dynamic Groups, Device Registration, Provisioning Secure business processes with advanced access management capabilities. IT professional • Synchronize provisioning group assignments in Workday with security group memberships in Azure Active Directory.
Collaborating with partners : B2B collaboration “We needed to quickly and cost effectively stand up new IT infrastructure including extranet applications for thousands of business partners. Azure AD B2B collaboration provides a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems.” 3000+ partners Share without complex configuration or duplicate users. Partners use their own creds to access your org. Users lose access when leave the partner org. No external directories. No per partner federation You manage access You control partner access in your directory: • app assignment • group membership • custom attributes Partners of all sizes Bulk invite 1000s at a time. Partners with Azure AD sign in to accept invite. Other partners simply sign up to accept invite.
Enabling anytime/anywhere productivity: Azure AD Join for Windows 10 Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory. • Enterprise-compliant services • SSO from the desktop to cloud and on-premises applications with no VPN • MDM auto enrollment • Support for hybrid environments Azure AD & Intune 3rd party apps & clouds Apps in Azure MDM Auto-enrolment On-premises apps Windows 10 Azure AD Joined Devices • 7500+ Pilots replacing in-flight manuals! “Windows 10 on Surface 3 provides the security and management we need in a highly regulated environment.” - Jim Jensen, Vice President of Information Technology
Identity Driven Security: Conditional access User attributes User identity Group memberships Authentication strength Devices Is Domain Joined Is Compliant Platform type (Windows, iOS, Android) • Allow • Enforce MFA • Block Application Per app policy Type of client (Web Rich, mobile) Other Location (IP Range) More coming… On-Premises applications
Identity driven security Cloud App Discovery Conditional access Privileged Identity Management Advanced security reporting SSO + MFA
Microsoft Advanced Threat Analytics Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.
How Microsoft Advanced Threat Analytics works Security issues and risks • Broken trust • Weak protocols • Known protocol vulnerabilities Malicious attacks • Pass-the-Ticket (PtT) • Pass-the-Hash (PtH) • Overpass-the-Hash • Forged PAC (MS14-068) • Golden Ticket • Skeleton key malware • Reconnaissance • BruteForce Abnormal Behavior • Anomalous logins • Remote execution • Suspicious activity • Unknown threats • Password sharing • Lateral movement
Connecting with Consumers: Azure Active Directory B2C Consumer identity and access management in the cloud • Cross-platform • Identity management for consumers • Superior economics • Identity Experience Engine “By using Azure Active Directory B2C we were able to build a fully customized login page without having to build custom code. Additionally, with a Microsoft solution in place, we alleviated all our concerns about security, data breaches, and scalability." - Rafael de los Santos, Head of Digital, Real Madrid
Azure Active Directory Domain ServicesYour Domain Controller as a Service Azure Kerberos NTLM Your virtual network LDAP Azure AD Domain Services Group Policy Your Azure IaaS workloads/apps On premises Azure Active Directory Azure AD Connect Windows Server Active Directory Lift-and-shift’ on-premises apps to Azure IaaS
Adallom: A Proven Cloud Security Platform Cross-platform SaaS policy control, security, and analytics Visibility Into Sanctioned& Unsanctioned Apps Threat Prevention&Anomaly Detection Data Protectionand Compliance Access andSession Controls ! DLP for sensitive data Data sharing controls Encryption/IRM for files Discover unsanctioned apps Categorize and block apps Onboard sanctioned apps Monitor 3rd party apps SmartEngine Heuristics Adallom Labs Anomaly detection APT/Malware scanning Device, users, roles, IP Device compliance Step-up authentication Encryption/IRM for files
Identity as the control plane Single sign on Simple connection Self-service Windows Server Active Directory SaaS Other Directories Azure Username ••••••••••• Office 365 Public cloud On-premises Cloud Microsoft Azure Active Directory
Complete your session evaluation on My Ignite for your chance to win one of many daily prizes.
Continue your Ignite learning path Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com Visit Channel 9 to access a wide range of Azure Active Directory Videos https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos • Head to the EMS site to enable a trial for Azure Active Directory, Intune, Azure RMhttp://www.microsoft.com/server-cloud/enterprise-mobility/ems-trial.aspx