4. Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
5. Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaS
Azure
Public
cloud
CloudMicrosoft Azure Active Directory
7. Shadow
IT
Data breach
Security landscape has changed
Employees
Partners
Customers
Cloud apps
Identity Devices Apps & Data
Transition to
cloud & mobility
New attack
landscape
Current defenses
not sufficient
Identity breach On-premises apps
SaaS
Azure
13. Protect at the front door
• IDENTITY – DRIVEN SECURITY
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
About the presenter:
Please do not hesitate to ask questions during the presentation, we will have a Q&A at the end of the presentation but I prefer a open dialog and see where it will take us
About me:
Microsoft MVP - Enterprise Mobility, Solution Architect, Technical Lead Microsoft Enterprise Mobility Suite (EMS) and Microsoft Partner Technology Solutions Professional (P-TSP)
Co-Owner of Everything Windows User Group Denmark
Find me:
E-mail: per.larsen@atea.dk
Phone: +45 3078 1828
Follow me:
Twitter: https://twitter.com/perlarsen1975/
LinkedIn: https://www.linkedin.com/in/perlarsen1975/
Join me:
Everything User Group Denmark: http://ewug.dk
Windows 10 is born for Modern Management
https://blogs.technet.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/
Users might think that their personal Microsoft account is business-compliant and that they’re in compliance when they save business document to their OneDrive
Users who leave an organization generally lose access to their work email address. When they do, they may not be able to back into their personal Microsoft account if they forget their password. The flip side is that their IT department could reset their password and get into the personal account of former employees.
IT departments have a false sense of account ownership and security. But users only need to roundtrip a code to their work email address once, and can rename their account at any time in the future.
Microsoft has a solution for this
[Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world.
[Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud.
[Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way.
[Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD.
[Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises
[Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need.
in the cloud but on-premises too (Application Proxy)