• No results found

Azure Active Directory

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Azure Active Directory"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Vartti tunnista

Azure Active Directory

Mika Seitsonen

(2)

Kouluttajanne Mika Seitsonen

Faktat

M.Sc., University of Nottingham, U.K.

DI, Lappeenrannan teknillinen yliopisto

Co-author of "

Inside Active Directory

"

Sovelto

Senior-konsultti, vt. osaamisaluevastaava:

Teknologia-asiantuntijat

Microsoft Certified Trainer (MCT) vuodesta

1997, Microsoft Certification ID 414xxx

MCSE: Communications

MCSA: Office 365, Windows 2008, Windows 7

MS: Implementing Microsoft Azure

Infrastructure Solutions

Yhteystiedot

e-mail

[email protected]

Twitter @MikaSeitsonen

Moottoriurheil(ija)un innokas seuraaja

(3)

Identity considerations: Cloud, Sync or Federated?

Cloud identity

solution where all identity

provides a

resides in the cloud

Federated identity

allows

customers to retain all

authentication on-premises

Identity sync

enables

customers to bridge their

existing identity into the cloud

B2B federated identity

allows

customers to securely share and

collaborate with each other

(4)

Self-service

Single

sign on

•••••••••••

Username

Identity as the control plane

Simple

connection

Cloud

SaaS

Azure

Office 365

Public

cloud

Other Directories Windows Server Active Directory
(5)

A comprehensive identity and access

management cloud solution.

It combines directory services,

advanced identity governance,

application access management and

a rich standards-based platform for

developers

It is available in 3 editions: free, Basic

and Premium

(6)

No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Premium + Basic Features

Group-based access management/provisioning Yes Yes

Self-Service Password Reset for cloud users Yes Yes

Company Branding (Logon Pages/Access Panel customization) Yes Yes

SLA Yes Yes

Kurantti informaatio osoitteessa

(7)
(8)

Azure Active Directory Connect

*

Microsoft Azure

Active Directory

Other Directories

PowerShell LDAP v3 SQL (ODBC) Web Services ( SOAP, JAVA, REST)

*

(9)

Azure Active Directory Connect

Consolidated deployment assistant for your

identity bridge components

Progressive learning while configuring the

components

ADFS is optional

DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector Sync Engine
(10)

Microsoft Azure

(11)

SaaS apps

Microsoft Azure

Active Directory

Other Directories
(12)

Microsoft Azure Active Directory

Identities and applications in one place.

Web Apps

(Azure Active Directory

Application Proxy)

SaaS apps

Integrated

custom apps

Other Directories
(13)

Microsoft Azure

Active Directory

Corpo rate Ne twor k DMZ https://app1-contoso.msappproxy.net/

A connector that auto connects to the cloud service

(14)
(15)
(16)
(17)
(18)
(19)
(20)

Azure Active Directory 12-month investments

Business to

Business

Business to

Consumers

Device

Registration

Administrative

Units

Cloud Domain

Joined

(Windows 10)

Conditional

(21)

Roles Based Access Control

Today RBAC to Azure

Subscription

Tomorrow RBAC to 3

rd

Party SASS apps

Reade r SasS SasS Contributor SasS Owne r SasS SasS SasS Sas S Sas S Reade r Owner Contributor

Assign roles to users and groups

at subscription, resource group, or

resource level

Assignments inherit

down the

hierarchy

Use built-in roles with

pre-configured permissions

(at

preview)

Create custom

roles (post

preview)

(22)

B2B: cross-organization collaboration

“I need to let my partners access my company’s apps using their own credentials.”

Share without complex

configuration or duplicate

users.

A user at a large partner may log into my company’s apps with their Active Directory usernames and passwords. A user at a smaller partner may log into my company’s apps with their Office 365 usernames and passwords.

Admin configures sharing for

cloud apps.

“I can’t email my 25 MB file and need to share it with a partner using Box.com.”

Seamlessly provide Azure

Active Directory to customers

& partners

For example, a user at a partner can set up everyone in their company. Users can bring their own email-based or social identities.

(23)

Contoso

Azure Active Directory

Global admins

Org-wide permissions Manage global settings Create structure and policy

Delegate permissions and resources

Regional admins

Manage regional users, devices, and applications Set local policy

Regional policy and app management

“Must login with MFA”

“Have license/access to regional apps”

Support for distributed organizational models

Autonomous mgmt. while keeping common identity and org boundary

Delegate administration to subsidiaries

User management

App procurement and mgmt. Scope policy

US East

Germany

India

Asia

Europe

North Am

(24)

Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of

thousands to millions) of individual customers, and whose business success depends upon consumer

adoption of web applications for improving customer satisfaction and reducing operational costs.

Azure Active Directory B2C(Business-to-Consumer )

Azure Active Directory B2C will include : Self-Service User registration

Login with Social IdP or create your own credentials Optional MFA

Bulk user import tools SSO to multiple web sites User interface customization

(25)

Cloud Domain Join makes it possible to connect work-owned

Windows devices to your company’s Azure Active Directory

tenancy in the cloud. Users can sign-in to Windows with their

cloud-hosted work credentials and enjoy modern Windows

experiences.

Cloud Domain

Joined Devices

Enterprise compliant Services

Roaming Settings, Windows backup/Restore, Store access… Data stored in enterprise compliant backend services on Azure. No need to add a personal Microsoft account.

SSO from the desktop to org resources

SSO from desktop to Office 365 and 1,000’s of enterprise apps, websites and resources.

Access enterprise-curated Store and install apps using a work account. Management

Automatic MDM enrollment during first-run experience. Support for hybrid environments

Traditional Domain Joined PCs also benefit from Cloud Domain Join functionality when the on-prem Active Directory is connected with an Azure Active Directory in the cloud.

(26)

Mitä sinun pitää tehdä (ellet ole jo tehnyt)

Luo ja sen jälkeen kokeile maksutonta Office 365 -tilausta

http://products.office.com/fi-FI/try

Luo ja sen jälkeen kokeile maksutonta Intune-tilausta

http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/try.aspx

Muista kirjautua O365-tililläsi

Luo ja sen jälkeen kokeile maksutonta Azure-tilausta

http://azure.microsoft.com

Huom: vaatii luottokortin numeron, luottokorttia ei laskuteta

(27)

Lisäinformaatiota

EMS-testiympäristö minuuteissa käyttöön

http://simon-may.com/get-started-enterprise-mobility-suite-minutes/

Oma labra pystyyn

http://blogs.technet.com/b/mydigitalworkthoughts/

(28)

Sovelton kursseja aiheen tiimoilta

Microsoft kumppaneille

Business Anywhere (vain Microsoft-kumppaneille) 26.1. tai 4.5.

Partner Practice Enablement: Microsoft Enterprise Mobility Suite (EMS) 23.-24.2. tai 23.-24.3.

Kaikille asiantuntijoille

Microsoft Intune hallinta 22.-23.4.

55065 Microsoft Azure IT-asiantuntijoille 11.-13.3.

20533 Implementing Microsoft Azure Infrastructure Solutions 13.-15.4.

20532 Developing Microsoft Azure Solutions 10.-13.3.

(29)

KIITOS!

Inside Active Directory Päijänteen Ympäriajo •http://products.office.com/fi-FI/try •http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/try.aspx •http://azure.microsoft.com http://simon-may.com/get-started-enterprise-mobility-suite-minutes/ http://blogs.technet.com/b/mydigitalworkthoughts/

References

Download now ( PDF - 29 Page - 3.08 MB )

Related documents

Single Sign On for Office 365 with NetScaler. Deployment Guide

Complete the configuration for federation/establishing trust between Azure AD (Azure Active Directory) and NetScaler using the Azure AD Module for Windows Powershell.. Setup

IT Exam Training online / Bootcamp

You need to provide information to Contoso on the similarities and differences between Azure Active Directory and the Windows Server Active Directory family of servicesA. Which

Ad Domain Controller Operating System Recommendation

Create and Configure Active Directory Domain Controller in Azure Windows Server.. Log wizard to conquer

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Active Directory Single Sign-On service is an authentication method which allows users to authenticate only once when logging into a Windows Active Directory domain.. When a user

Identity and Access Management for the Hybrid Enterprise

Windows Azure Active Directory and the Hybrid Enterprise - Today Windows Azure Active Directory On‐premises and private cloud Other apps Other Directories Self‐Service

Identity + Mobile Management + Security = Enterprise Mobility Suite

Integrated / Hybrid Identity as the control plane Simple connection Cloud SaaS Azure Office 365 Public cloud Other Directories Windows Server Active Directory. On-premises

Azure Active Directory

Self-Service Group Management Yes Self-Service Password Reset/Change with on-premises write-back Yes Advanced Usage Reporting Yes Multi-Factor Authentication (Cloud and On-premises

Bridging the gap between local IT and Cloud services, keeping you in control

Resilient SSO Redundant Active Directory in a Virtual Private Cloud (Azure based), with integration to Microsoft Active Directory Federation Services (AD FS).. The latter enables