Post on 12-Apr-2017
MANAGING IDENTITIES IN THE MICROSOFT CLOUD
Wim Buysse
Click icon to add picture
ENABLEYOURUSERS
USER
PROTECTYOURDATA
IT
WHY AZURE ACTIVE DIRECTORY?
AM
YE OLDEN DAYS
I
FILESERVERDATABAS
E
AM
YE OLDEN DAYS
I
DIRECTORY SERVICES
AM
YE OLDEN DAYS
I
DIRECTORY SERVICES
TODAY’S MESH (MESS?)
EC2
ON-PREMISES PRIVATE CLOUDMANAGED DEVICES
SELFSERVICE
SINGLESIGN-ON
•••••••••••Username
ADRESSING THE MESH (MESS?)SINGLESYNCH
CLOUD
SaaSAzure
Office 365Publiccloud
ACTIVE DIRECTORY
ON-PREMISES AZURE ACTIVE DIRECTORY
TIP: CLOUD APP DISCOVERY
EMPOWER YOURUSERS
CENTRALLY MANAGED IDENTITY & ACCESS
MONITOR & PROTECT CLOUD APP ACCESS
YOUR DIRECTORY IN THE CLOUD
WHAT IS IAM ALL ABOUT?
AADCONNECT password hash sync
AADCONNECT
AD FS
AZURE ACTIVE DIRECTORY
AZURE ACTIVE DIRECTORY
YOUR DIRECTORY IN THE CLOUD
AZURE ACTIVE DIRECTORY
CLOUDIDENTITY
SYNCHEDIDENTITY
FEDERATEDIDENTITY
DIRSYNC SHORTCOMINGS ADDRESSEDAADCONNECT REPLACES DIRSYNC
SYNCHRONIZE MULTIPLE FORESTS TO SINGLE TENANT
EXTENDING AZURE AD SCHEMA
IMPROVED RULES EDITOR
APPLICATION INTEGRATION
SaaS APPS
OWN APPS
CENTRALLY MANAGED IDENTITIES & ACCESS
SaaS APPS
AZURE ACTIVE DIRECTORY
CENTRALLY MANAGED IDENTITIES & ACCESS
SaaS APPSAZURE
ACTIVE DIRECTORY
USER ATTRIBUTE
DEVICE
LOCATION
ALLOWBLOCK
MFA
MONITOR & PROTECT CLOUD APP ACCESS
ULTIMATE SECURITY VS.
ULTIMATE USABILITY
EMPOWER YOUR USERS
APPLICATION PORTAL
EMPOWER YOUR USERSPASSWORD SELF-SERVICE
(Writeback)
TAKE IT FURTHER: B2B COLLABORATION
I NEED MY PARTNERS TO ACCESS MY ENTERPRISE APPLICATIONS USING THEIR OWN CREDENTIALS
› PARTNER MANAGED IDENTITIES
› SHARING INVITATION MODEL› CONTROL APPLICATION
ACCESS
TAKE IT FURTHER: B2CI HAVE AN ONLINE APPLICATION AND I NEED INDIVIDUAL CUSTOMERS TO SIGN-UP AND ENROLL FOR IT
› SELF SERVICE REGISTRATION› SUPPORT SOCIAL ACCOUNTS› MFA (OPTIONAL)
KEY TAKEAWAYS
EC2
ON-PREMISES PRIVATE CLOUDMANAGED DEVICES
SIMPLICITYIS THE
ULTIMATE SOPHISTICATION