This will give you an overview of how Microsoft Forefront can help you deliver Business Ready Security, while helping to reduce ongoing IT costs and enable new capabilities across your organization.
2. Agenda
• Business and IT Challenges
• Business Ready Security
• Identity and Access Management
• Customer Testimonial
• The Road Ahead
• Solution Resources and Tools
• Summary
3. Business Needs and IT Challenges
Provide secure access to
Multiple locations and devices
applications from anywhere
Simplify user experience for Difficulty in extending
collaboration business resources
Provide seamless movement
Disparate systems to manage
between applications
Reduce cost of account Complex account lifecycle
management management
BUSINESS Needs IT Needs
Agility and Flexibility Control
4. Business Ready Security
Help securely enable business by managing risk and empowering people
Protect everywhere, Identity Simplify the security
access anywhere experience,
manage compliance
Highly Secure & Interoperable Platform
Integrate and extend
security across the enterprise
from: to:
Block Enable
Cost Value
Siloed Seamless
5. Business Ready Security Solutions
Secure Messaging Secure Collaboration Secure Endpoint
Information Protection
Identity and Access Management
Active Directory Federation Services
®
6. Identity and Access Management
Enable more secure, identity-based access to applications on-premises and
in the cloud from virtually any location or device
PROTECT everywhere INTEGRATE and SIMPLIFY security,
ACCESS anywhere EXTEND security MANAGE compliance
• Provide more secure, • Control access across • Extend powerful self-
always-on access organizations service capabilities to
users
• Enable access from • Provide standards-
virtually any device based interoperability • Automate and simplify
management tasks
7. Provide More Secure, Anywhere Access
EMPOWER BUSINESS
• Seamless and more secure access
• Simplified, always-on access
EMPOWER IT
• Policy-based network access
DIRECT ACCESS
• Ability to manage machines anywhere
EMPOWER BUSINESS
• Consolidated secure portal to simplify remote
access to resources
• Simplified sign-on
EMPOWER IT
• Policy-based resource access
EMPOWER BUSINESS
• Access from virtually any device
EMPOWER IT
• Policy-based restricted access
8. Extend Access Across Organizations
EMPOWER BUSINESS
• Ability to move seamlessly between
applications using a single identity
• Collaboration across organizations
EMPOWER IT
• No need to manage external accounts
• Simplified and flexible claims-based federation
• Common authentication controls for building
custom applications
“
Source: Awards for Outstanding Identity Management Projects. Kuppinger Cole, May 2009. http://www.id-conf.com/blog/2009/05/07/awards-for-outstanding-identity-management-projects/
9. Simplify Identity Management
EMPOWER BUSINESS GOVERNED SELF-SERVICE AND
AUTOMATION
• Self-service profile, credential, and group
management
• Password and PIN reset from Windows login
• Group management from within Microsoft
Office
• Single identity across heterogeneous
applications
EMPOWER IT
• End-to-end, workflow-driven user
provisioning
• Policy-controlled self-service capabilities
• Automatic, attribute-based group
membership for simplified resource access
“
Source: Windows identity management tools move closer to completion. Tech Target, November 2008. http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html
10. Current Situation
Time and labor intensive process
Password reset and access Multiple identities and
Different sign–on requirements
requests handled through limited sign-on help
for applications
help desk
Contoso managing
Remote access solution w/ Fabrikam accounts
separate identities
Fabrikam managing
Contoso accounts
11. Identity and Access Management
Simple and easy
Single identity across Contoso ID is used in the
resources cloud
Always-on access built into More secure, simplified
platform access for partners
12. Customer Testimonial
Identity and access management for school districts
Lake Washington School District , No 414
• Sixth largest school district in Washington state
• 24,000+ students across 50 schools, plans to equip students with
Netbooks
BUSINESS SITUATION SOLUTION BENEFITS PROVIDED
• Active Directory used for • Reuses trust that is created
managing roles during school registration
process
• Dozens of hosted
Intand’s Calendar
applications for e-learning • Uses claims-based model
application (PHP)
and administration to shape roles,
authorization, and policy
• Must contain cost of for application access
deployment and custom
development
13. Business Ready Security: The Road Ahead
Management
Access Solutions
Protection &
Active Directory® Domain Services Active Directory® Domain Services
DirectAccess
Platform
Subject to Change
14. Solution Resources and Tools
Hands-on Labs and VMs
Architecture, Planning and
Evaluation Guides
Design Guides
Infrastructure Planning
Proof of Concepts
Guide
Design and Implementation
Operations Guides
for Active Directory
Identity Management with
Administrator Guides Forefront Identity
Manager 2010
Troubleshooting Guides Secure Remote Application
Publishing
DirectAccess
15. Summary
Enable more secure, identity-based access to applications on-premises and
in the cloud from virtually any location or device
PROTECT everywhere INTEGRATE and SIMPLIFY security,
ACCESS anywhere EXTEND security MANAGE compliance
• Provide more secure, • Control access across • Extend powerful self-
always-on access organizations service capabilities to
users
• Enable access from • Provide standards-
virtually any device based interoperability • Automate and simplify
management tasks
Learn more at: www.microsoft.com/forefront