Agenda
•
What Azure Active Directory is
•
What Azure Active Directory is not
•
Hybrid Identity
•
Features
of employees use personal
devices for work purposes.*
of employees that typically
work on employer premises,
also frequently work away
from their desks.***
of all software will be available
on a SaaS delivery by 2020.**
66%
25%
33%
*CEB The Future of Corporate ITL: 203-2017. 2013. **Forrester Application Adoption Trends: The Rise Of SaaS
***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Protect
your data
Enable
your users
Unify your environment
People-centric approach
Azure Active Directory (Azure AD) is
Microsoft’s multi-tenant cloud based
directory and identity management
service
It combines directory services, advanced
identity governance, application access
management and a rich standards-based
platform for developers
Available in 3 editions: Free, Basic and
Premium
You host it, on-premises / Cloud
You manage the infrastructure and the data
Core Services:
•
Active Directory services
•
Kerberos authentication
•
NTLM authentication
•
Active Directory Lightweight Directory Services (AD LDS)
•
Active Directory Federated Services (AD FS)
•
Active Directory Certificate Services (AD CS)
•
Active directory Rights Management Services (AD RMS)
Microsoft hosts it in their datacenters
Microsoft manages the infrastructure
You manage the data
Core Services:
•
Windows Azure Active Directory services
•
Federated authentication
•
WS-Federation
•
SAML
•
Oauth 2.0
•
More to come…
•
Windows Azure Access Control Service (ACS)
Windows Azure
Windows Azure Active Directory
•
Runs from 28 datacenters spread across the
globe with automated failover
•
The directory behind Office 365
•
On average 14 billion authentications every
week
Azure Active Directory Connect
*
Microsoft Azure
Active Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services
( SOAP, JAVA, REST)
Windows Azure Conference 2014
Hybrid Identity
Delivering a seamless user authentication experience
=
Same Sign-on
Users will be able to have a
single set of credentials to
access their cloud applications
but will be prompted for
username and password
Single Sign-on
Users will experience true
single sign-on for cloud
applications and on-premises
applications alike
SaaS apps
Microsoft Azure
Active Directory
Microsoft Azure
Web Apps
(Azure Active Directory
Application Proxy)
SaaS apps
Integrated
custom apps
Centrally managed identities and access
alerts.
alerts
.
Cloud App Discovery
AD Agent
Logs
Azure Active Directory
Cloud App Discovery
10
x
Source: Help Net Security 2014
as many Cloud apps are in use
than IT estimates
•
SaaS app category
•
Number of users
•
Utilization volume
Comprehensive
reporting
Azure Active Directory – Looking Forward
Business to
Business
Consumers
Business to
Azure AD Directory
Domain Services
Self-service
Single
sign on
•••••••••••
Username
Identity as the control plane
Simple
connection
Cloud
SaaS
Azure
Office 365
Public
cloud
Other
Directories
Windows Server
Active Directory
Common Features
Directory as a Service 500,000 Object Limit No Object Limit No Object Limit
User/Group Management (add/update/delete) Yes Yes Yes SSO to pre-integrated SAAS Applications /Custom Apps 10 apps per user 10 apps per user No Limit
User-Based access management/provisioning Yes Yes Yes Self-Service Password Change for cloud users Yes Yes Yes Connect (Sync engine that extends on-premises directories to Azure Active
Directory) * Yes Yes Yes
Security Reports/Audit 3 Basic Reports 3 Basic Reports Advanced Security Reports Premium
+ Basic Features
Group-based access management/provisioning Yes Yes Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes Application Proxy Yes Yes
SLA Yes Yes
Premium Features
