SlideShare une entreprise Scribd logo

Multi-Tenant Identity and Azure Resource Governance - Identity Days 2019

Marius Zaharia
Marius Zaharia

Today's complex enterprise environments involve the existence of multiple identity structures, especially in the case of cloud resource management. The management and governance of Azure Active Directory tenants, cloud & federated identities, and authorizations and roles on Azure subscriptions and resources, will be the purpose of this session.

Technologie
1  sur  41
24 octobre 2019 - PARIS Identity Days 2019 Multi-Tenant Governance with Azure Active Directory Marius Zaharia Identity Days 2019
24 octobre 2019 - PARIS Identity Days 2019 Marius Zaharia Azure Cloud Tech Lead, Société Générale Azure MVP and Advisor AZUG FR – Azure User Group France @lecampusazure www.linkedin.com/in/mzaharia DISCLAIMER : Below are my own opinions, not my employer’s ones. • Intro • Challenges at scale • Azure Active Directory. Single vs Multiple-Tenants • Multi-tenancy management • Directories • Azure resources • Conclusion AGENDA 24 octobre 2019 - PARIS Identity Days 2019
24 octobre 2019 - PARIS Identity Days 2019 Intro
24 octobre 2019 - PARIS Identity Days 2019 Beginning is good. Welcome to Azure! 1 subscription. Welcome to Office 365! 1-5 Office licences. 1 Azure Active Directory. Individuals, SMBs
24 octobre 2019 - PARIS Identity Days 2019 Moving further... Welcome back to Azure! 10 subscriptions. Welcome back to Office 365! 100 Office licences. 1 Azure Active Directory. Larger businesses…
24 octobre 2019 - PARIS Identity Days 2019 Moving beyond... GO Azure! 100+ subscriptions. GO Office! 10000+ Office licences. ?Azure Active Directory? To MUCH larger businesses -
24 octobre 2019 - PARIS Identity Days 2019 Challenges at Scale Identity Days 2019 24 octobre 2019 - PARIS
24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale • Azure • Many users and groups • Many, many Azure resources • …spread in subscriptions • Accounts / CSP / EA • Access rights management • Office 365 • Many users and groups • More Office apps • More complex licensing plans • Microsoft 365 • Dynamics 365 • Other Cloud services
24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale What a large enterprise may look like: (from an IT perspective) BU#1 BU#1 IT BU#2 IT BU#n IT BU#2 BU#n Corp IT µBU µBU µBU µBU P P P P P P P PP P P P
24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale Choosing multiple Azure subscriptions? • Subscription more easily isolated than a resource group • RBAC • Billing • Can be assigned completely to an app or project • Allow autonomy for the team But: • Agreement becomes more complex: Depts, Accounts, Subs • Create/disable subscriptions more often • Global security governance becomes more difficult
24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale That’s not all. • Large companies may have complicated structure • Single central governance may affect agility and reactivity • Some BUs want to move faster thant others So: BUs create separate Azure AD Tenants • A BU will be owner of an Azure AD tenant • A BU will have 1(+) account in Enterprise Agreement • Will be responsible of billing and security of its own Azure subscriptions. GREAT!
24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale But: • Security compliance and best practices must be audited and enforced across BUs • Some BUs not necessary involved in managing subscriptions So a transversal IT team may need to audit or manage: • Azure accounts and subscriptions across tenants • Azure AD tenants configuration • Other cloud related assets
24 octobre 2019 - PARIS Identity Days 2019 Azure Active Directory. Single vs Multiple Tenants
24 octobre 2019 - PARIS Identity Days 2019 • Azure AD tenant allows us manage • Users and groups • Service principals / applications • Access rights to Azure resources • Access rights to Office • Access to SaaS applications Azure AD: single vs multi-tenant Users and Groups Azure subscriptions SaaS applicationsOffice 365 Service Principals
24 octobre 2019 - PARIS Identity Days 2019 • Multi-tenant: Azure AD B2B Collaboration Azure AD: single vs multi-tenant Users and Groups Azure subscriptions SaaS applicationsOffice 365 Service Principals
24 octobre 2019 - PARIS Identity Days 2019 • A user (not admin!) can create (in 2 min) a Azure AD tenant • He will be Global Admin of the new tenant • Original user mapped as External AD User in the new tenant • If he is owner of an Azure subscription, then he can transfer the subscription management to the new tenant A (new) tenant into your place
24 octobre 2019 - PARIS Identity Days 2019 • From the portal Access a specific tenant • From the command line Login-AzAccount -Tenant xxxxxxxx- xxxx-xxxx-xxxx-xxxxxxxxxxxx Login-AzAccount -Tenant mydomain.onmicrosoft.com Login-AzAccount -Tenant mydomain.net az login –t xxxxxxxx-xxxx-xxxx-xxxx- xxxxxxxxxxxx … • From Libs / API
24 octobre 2019 - PARIS Identity Days 2019 Multi-tenancy management
24 octobre 2019 - PARIS Identity Days 2019 Multi-tenancy management means… • Managing multiple Azure AD tenants and/or • Managing (Azure) resources « spread » over multiple Azure AD tenants Multi-tenancy management
24 octobre 2019 - PARIS Identity Days 2019 Responsibilities cross-tenant
24 octobre 2019 - PARIS Identity Days 2019 Managing multiple AAD tenants
24 octobre 2019 - PARIS Identity Days 2019 • Requires having configured, in the « remote » tenant, either: 1. Dedicated AAD user 2. Guest (invited) user (B2B Collaboration) Managing multiple AAD tenants
24 octobre 2019 - PARIS Identity Days 2019 1. Whitelist invitation domains 2. Add users without invitation New-AzureADMSInvitation -InvitedUserEmailAddress "user@example.com" ` -InviteRedirectUrl "https://example.com" ` -SendInvitationMessage $false ` -InvitedUserType "Member“ • Go directly to https://portal.azure.com/*yourtenantid* and accept terms Securing invited identities
24 octobre 2019 - PARIS Identity Days 2019 • Fact: Service Principals cannot be invited as users in other tenants • Enterprise Application => multi-tenant • App registration (Service Principal): mono-tenant https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service- principals What about SPNs ?
24 octobre 2019 - PARIS Identity Days 2019 • A SaaS application registered in Azure AD can be configured to work (accept signins) with/from multiple tenants • Configure Authentication / Supported account types / Accounts in any organizational directory • App ID URI must be globally unique SaaS applications as multi-tenant
24 octobre 2019 - PARIS Identity Days 2019 Limit perimeter to only the set of trusted tenants, by domains • From inside : « Only My Tenant » feature • From outside : Direct AAD federation with AD FS or t.p. STS provider https://docs.microsoft.com/en-us/azure/active-directory/b2b/direct-federation Securing « only » our tenants
24 octobre 2019 - PARIS Identity Days 2019 Managing Azure over multiple AAD tenants
24 octobre 2019 - PARIS Identity Days 2019 • Manage Azure over multiple AAD tenants via: • « Classical » way: see previous section • New way: Azure Lighthouse Managing Azure over multiple AAD tenants
24 octobre 2019 - PARIS Identity Days 2019 Azure Lighthouse Single control plane to view and manage Azure across all customers
24 octobre 2019 - PARIS Identity Days 2019 • Azure delegated resource management • Works for users and service principals • Azure portal experience • Azure Resource Manager templates • Managed Services offers in Azure Marketplace • Azure managed applications Capabilities
24 octobre 2019 - PARIS Identity Days 2019 • Through Azure Marketplace • Perfect for MS Partners and Service Providers • Not suitable for internal use in companies • Or through Delegated Resource Management • Customer deploys an ARM template into his Azure subscription(s) Onboarding Customer
24 octobre 2019 - PARIS Identity Days 2019 • Define roles and permissions to be used on Customer’s assets • Build-in RBACs as of today • What you need for setup • Tenants • Service provider's tenant ID (yours) • Customer's tenant ID • Group / User(s) • Azure Subscription(s) • (Azure) Role Definitions Delegated RM - Setup
24 octobre 2019 - PARIS Identity Days 2019 • Create ARM Template – and pass it to the Customer • mspOfferName • mspOfferDescription • managedByTenantId • authorizations • Group ID & display name • Role ID Get it by PS/CLI: Get-AzRoleDefinition -Name "Reader" • Customer deploys the ARM Template on his subscription(s) • One deployment per subscription New-AzDeployment Delegated RM - Setup
24 octobre 2019 - PARIS Identity Days 2019 • Customer view • Service Provider View Lighthouse in Use
24 octobre 2019 - PARIS Identity Days 2019 DEMO Delegated Deployment and Management with Azure Lighthouse
24 octobre 2019 - PARIS Identity Days 2019 •Azure Security Center! • Cross-tenant visibility on Azure resources • Cross-tenant security posture management • Cross-tenant threat detection and protection •Azure Policy! • Can create definitions and apply/assign them • Enforcement w/ deployIfNotExists Cross Tenant Security w/ Az Lighthouse
24 octobre 2019 - PARIS Identity Days 2019 • Specific set of supported services • Azure Databricks blocking • Resource specific URIs (ex. blob.core.windows.net) not supported • Build-in RBACs only • Many évolutions and features planned to come (Current) Az Lighthouse Limitations
24 octobre 2019 - PARIS Identity Days 2019 Conclusion
24 octobre 2019 - PARIS Identity Days 2019 • Govern Azure resources : w/ Azure Lighthouse Great solution for simplifying onboarding & experience • For Partners & SPs, but also for large enterprises • Govern AAD tenants: • Users • With dedicated users in target tenant w/ strong governance rules • With restricted invitations (by domain) • Service Principals • « Multi-tenant enterprise application » • ALL: minimum privilege principle Conclusion
24 octobre 2019 - PARIS Identity Days 2019 Thank you.
24 octobre 2019 - PARIS Identity Days 2019 Merci à tous nos partenaires ! 24 octobre 2019 - PARIS @IdentityDays #identitydays2019

Recommandé

Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure stack all you need to know
Azure stack all you need to knowAzure stack all you need to know
Azure stack all you need to knowSusantha Silva
 
Aws route 53
Aws route 53Aws route 53
Aws route 53Rafael Salerno de Oliveira
 
Databricks for Dummies
Databricks for DummiesDatabricks for Dummies
Databricks for DummiesRodney Joyce
 
IT Certification Roadmap
IT Certification RoadmapIT Certification Roadmap
IT Certification RoadmapLeslie A. George
 
Introducing DocumentDB
Introducing DocumentDB Introducing DocumentDB
Introducing DocumentDB James Serra
 

Recommandé

Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure stack all you need to know
Azure stack all you need to knowAzure stack all you need to know
Azure stack all you need to knowSusantha Silva
 
Aws route 53
Aws route 53Aws route 53
Aws route 53Rafael Salerno de Oliveira
 
Databricks for Dummies
Databricks for DummiesDatabricks for Dummies
Databricks for DummiesRodney Joyce
 
IT Certification Roadmap
IT Certification RoadmapIT Certification Roadmap
IT Certification RoadmapLeslie A. George
 
Introducing DocumentDB
Introducing DocumentDB Introducing DocumentDB
Introducing DocumentDB James Serra
 
Microsoft Azure Traffic Manager
Microsoft Azure Traffic ManagerMicrosoft Azure Traffic Manager
Microsoft Azure Traffic ManagerIdo Katz
 
Microsoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with AzureMicrosoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with AzureAIMDek Technologies
 
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Marius Zaharia
 
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021Alphorm
 
Azure 900
Azure 900Azure 900
Azure 900Yogesh Yadav
 
Cloud computing pricing models
Cloud computing pricing modelsCloud computing pricing models
Cloud computing pricing modelsHadi Fadlallah
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointconfluent
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMsScaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMsMatei Zaharia
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingDatabricks
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityDevyani Vaidya
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
My presentation
My presentationMy presentation
My presentationPetraVukmirovic
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to AzureKaren Lopez
 
Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Aaron Walker
 
IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud MicrosoftIdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud MicrosoftIdentity Days
 

Contenu connexe

Tendances

Microsoft Azure Traffic Manager
Microsoft Azure Traffic ManagerMicrosoft Azure Traffic Manager
Microsoft Azure Traffic ManagerIdo Katz
 
Microsoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with AzureMicrosoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with AzureAIMDek Technologies
 
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Marius Zaharia
 
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021Alphorm
 
Cloud computing pricing models
Cloud computing pricing modelsCloud computing pricing models
Cloud computing pricing modelsHadi Fadlallah
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointconfluent
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMsScaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMsMatei Zaharia
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingDatabricks
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to AzureKaren Lopez
 

Tendances (20)

Microsoft Azure Traffic Manager
Microsoft Azure Traffic ManagerMicrosoft Azure Traffic Manager
Microsoft Azure Traffic Manager
 
Microsoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with AzureMicrosoft: Multi-tenant SaaS with Azure
Microsoft: Multi-tenant SaaS with Azure
 
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
Multi-Tenant Identity and Azure Resource Governance - ReBUILD 2019
 
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
Alphorm.com Formation Microsoft Azure : Azure Active Directory 2021
 
Azure 900
Azure 900Azure 900
Azure 900
 
Cloud computing pricing models
Cloud computing pricing modelsCloud computing pricing models
Cloud computing pricing models
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPoint
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
 
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMsScaling Databricks to Run Data and ML Workloads on Millions of VMs
Scaling Databricks to Run Data and ML Workloads on Millions of VMs
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks Streaming
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 
My presentation
My presentationMy presentation
My presentation
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to Azure
 

Similaire à Multi-Tenant Identity and Azure Resource Governance - Identity Days 2019

Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Aaron Walker
 
IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud MicrosoftIdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud MicrosoftIdentity Days
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
The Path to Broker Cloud Services
The Path to Broker Cloud ServicesThe Path to Broker Cloud Services
The Path to Broker Cloud ServicesRightScale
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....Peter Selch Dahl
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Kublr for cloud and managed service providers
Kublr for cloud and managed service providersKublr for cloud and managed service providers
Kublr for cloud and managed service providersScott Clinton
 
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...Club Cloud des Partenaires
 
SmartCLIDE presented during the HORIZON CLOUD Community event
SmartCLIDE presented during the HORIZON CLOUD Community event SmartCLIDE presented during the HORIZON CLOUD Community event
SmartCLIDE presented during the HORIZON CLOUD Community event H2020 SmartCLIDE Project
 
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCheryl Hung
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Amazon Web Services
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:Amazon Web Services
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 

Similaire à Multi-Tenant Identity and Azure Resource Governance - Identity Days 2019 (20)

Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?Do you REALLY know what is going on in your AWS Accounts?
Do you REALLY know what is going on in your AWS Accounts?
 
IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud MicrosoftIdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
AWS
AWSAWS
AWS
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
 
The Path to Broker Cloud Services
The Path to Broker Cloud ServicesThe Path to Broker Cloud Services
The Path to Broker Cloud Services
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....EWUG 2018 February the journey continues.....
EWUG 2018 February the journey continues.....
 
Cloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-CommerceCloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-Commerce
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Kublr for cloud and managed service providers
Kublr for cloud and managed service providersKublr for cloud and managed service providers
Kublr for cloud and managed service providers
 
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
 
SmartCLIDE presented during the HORIZON CLOUD Community event
SmartCLIDE presented during the HORIZON CLOUD Community event SmartCLIDE presented during the HORIZON CLOUD Community event
SmartCLIDE presented during the HORIZON CLOUD Community event
 
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, TokyoCNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
CNCF in Japan: Keynote, Open Source Summit Japan, Tokyo
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 

Plus de Marius Zaharia

Onboard a Historical Company on the Cloud Journey
Onboard a Historical Company on the Cloud JourneyOnboard a Historical Company on the Cloud Journey
Onboard a Historical Company on the Cloud JourneyMarius Zaharia
 
Azure Firewall (Meetup Société Générale - dec 2018)
Azure Firewall (Meetup Société Générale - dec 2018)Azure Firewall (Meetup Société Générale - dec 2018)
Azure Firewall (Meetup Société Générale - dec 2018)Marius Zaharia
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Marius Zaharia
 
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Marius Zaharia
 
Modern Architecture in the Cloud of 2018
Modern Architecture in the Cloud of 2018Modern Architecture in the Cloud of 2018
Modern Architecture in the Cloud of 2018Marius Zaharia
 
Architecture Moderne dans le Cloud en 2018
Architecture Moderne dans le Cloud en 2018Architecture Moderne dans le Cloud en 2018
Architecture Moderne dans le Cloud en 2018Marius Zaharia
 
Onboarding a Historical Company on the Cloud Journey
Onboarding a Historical Company on the Cloud JourneyOnboarding a Historical Company on the Cloud Journey
Onboarding a Historical Company on the Cloud JourneyMarius Zaharia
 
APIs dans Azure : serverless ou pas serverless?
APIs dans Azure : serverless ou pas serverless?APIs dans Azure : serverless ou pas serverless?
APIs dans Azure : serverless ou pas serverless?Marius Zaharia
 
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)Marius Zaharia
 
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...Marius Zaharia
 
Ro IT Webinar - Masina Virtuala, calatorie catre cloud
Ro IT Webinar - Masina Virtuala, calatorie catre cloudRo IT Webinar - Masina Virtuala, calatorie catre cloud
Ro IT Webinar - Masina Virtuala, calatorie catre cloudMarius Zaharia
 
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017Marius Zaharia
 
Soyez le maître du PRA - MS Cloud Summit Paris 2017
Soyez le maître du PRA - MS Cloud Summit Paris 2017Soyez le maître du PRA - MS Cloud Summit Paris 2017
Soyez le maître du PRA - MS Cloud Summit Paris 2017Marius Zaharia
 
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...Marius Zaharia
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesMarius Zaharia
 
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics Marius Zaharia
 
Automati(sati)on de votre application Azure
Automati(sati)on de votre application AzureAutomati(sati)on de votre application Azure
Automati(sati)on de votre application AzureMarius Zaharia
 
Session iot gwab 2014 paris
Session iot gwab 2014 parisSession iot gwab 2014 paris
Session iot gwab 2014 parisMarius Zaharia
 
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)Marius Zaharia
 

Plus de Marius Zaharia (20)

Onboard a Historical Company on the Cloud Journey
Onboard a Historical Company on the Cloud JourneyOnboard a Historical Company on the Cloud Journey
Onboard a Historical Company on the Cloud Journey
 
Azure Firewall (Meetup Société Générale - dec 2018)
Azure Firewall (Meetup Société Générale - dec 2018)Azure Firewall (Meetup Société Générale - dec 2018)
Azure Firewall (Meetup Société Générale - dec 2018)
 
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
Onboarding a Historical Company on the Cloud Journey (IT Camp 2018)
 
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
 
Modern Architecture in the Cloud of 2018
Modern Architecture in the Cloud of 2018Modern Architecture in the Cloud of 2018
Modern Architecture in the Cloud of 2018
 
Architecture Moderne dans le Cloud en 2018
Architecture Moderne dans le Cloud en 2018Architecture Moderne dans le Cloud en 2018
Architecture Moderne dans le Cloud en 2018
 
Onboarding a Historical Company on the Cloud Journey
Onboarding a Historical Company on the Cloud JourneyOnboarding a Historical Company on the Cloud Journey
Onboarding a Historical Company on the Cloud Journey
 
APIs dans Azure : serverless ou pas serverless?
APIs dans Azure : serverless ou pas serverless?APIs dans Azure : serverless ou pas serverless?
APIs dans Azure : serverless ou pas serverless?
 
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)
One Azure Monitor to Rule Them All? (IT Camp 2017, Cluj, RO)
 
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...
La santé de votre environnement Azure, entre Monitor, AppInsights et Log Anal...
 
Ro IT Webinar - Masina Virtuala, calatorie catre cloud
Ro IT Webinar - Masina Virtuala, calatorie catre cloudRo IT Webinar - Masina Virtuala, calatorie catre cloud
Ro IT Webinar - Masina Virtuala, calatorie catre cloud
 
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017
Identite-as-a-service pour vos applications B2C - MS Cloud Summit Paris 2017
 
Soyez le maître du PRA - MS Cloud Summit Paris 2017
Soyez le maître du PRA - MS Cloud Summit Paris 2017Soyez le maître du PRA - MS Cloud Summit Paris 2017
Soyez le maître du PRA - MS Cloud Summit Paris 2017
 
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...
Gouvernance et sécurisation de vos ressources cloud avec Azure Active Directo...
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet Topologies
 
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics
Sql Saturday Paris 2016 - De StreamInsight à Azure Stream Analytics
 
Automati(sati)on de votre application Azure
Automati(sati)on de votre application AzureAutomati(sati)on de votre application Azure
Automati(sati)on de votre application Azure
 
Session iot gwab 2014 paris
Session iot gwab 2014 parisSession iot gwab 2014 paris
Session iot gwab 2014 paris
 
Patterns azure cloud
Patterns azure cloudPatterns azure cloud
Patterns azure cloud
 
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)
Azure Integration Services : les concepts de BizTalk dans le cloud (ARC303)
 

Dernier

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Dernier (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Multi-Tenant Identity and Azure Resource Governance - Identity Days 2019

  • 1. 24 octobre 2019 - PARIS Identity Days 2019 Multi-Tenant Governance with Azure Active Directory Marius Zaharia Identity Days 2019
  • 2. 24 octobre 2019 - PARIS Identity Days 2019 Marius Zaharia Azure Cloud Tech Lead, Société Générale Azure MVP and Advisor AZUG FR – Azure User Group France @lecampusazure www.linkedin.com/in/mzaharia DISCLAIMER : Below are my own opinions, not my employer’s ones. • Intro • Challenges at scale • Azure Active Directory. Single vs Multiple-Tenants • Multi-tenancy management • Directories • Azure resources • Conclusion AGENDA 24 octobre 2019 - PARIS Identity Days 2019
  • 3. 24 octobre 2019 - PARIS Identity Days 2019 Intro
  • 4. 24 octobre 2019 - PARIS Identity Days 2019 Beginning is good. Welcome to Azure! 1 subscription. Welcome to Office 365! 1-5 Office licences. 1 Azure Active Directory. Individuals, SMBs
  • 5. 24 octobre 2019 - PARIS Identity Days 2019 Moving further... Welcome back to Azure! 10 subscriptions. Welcome back to Office 365! 100 Office licences. 1 Azure Active Directory. Larger businesses…
  • 6. 24 octobre 2019 - PARIS Identity Days 2019 Moving beyond... GO Azure! 100+ subscriptions. GO Office! 10000+ Office licences. ?Azure Active Directory? To MUCH larger businesses -
  • 7. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at Scale Identity Days 2019 24 octobre 2019 - PARIS
  • 8. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale • Azure • Many users and groups • Many, many Azure resources • …spread in subscriptions • Accounts / CSP / EA • Access rights management • Office 365 • Many users and groups • More Office apps • More complex licensing plans • Microsoft 365 • Dynamics 365 • Other Cloud services
  • 9. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale What a large enterprise may look like: (from an IT perspective) BU#1 BU#1 IT BU#2 IT BU#n IT BU#2 BU#n Corp IT µBU µBU µBU µBU P P P P P P P PP P P P
  • 10. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale Choosing multiple Azure subscriptions? • Subscription more easily isolated than a resource group • RBAC • Billing • Can be assigned completely to an app or project • Allow autonomy for the team But: • Agreement becomes more complex: Depts, Accounts, Subs • Create/disable subscriptions more often • Global security governance becomes more difficult
  • 11. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale That’s not all. • Large companies may have complicated structure • Single central governance may affect agility and reactivity • Some BUs want to move faster thant others So: BUs create separate Azure AD Tenants • A BU will be owner of an Azure AD tenant • A BU will have 1(+) account in Enterprise Agreement • Will be responsible of billing and security of its own Azure subscriptions. GREAT!
  • 12. 24 octobre 2019 - PARIS Identity Days 2019 Challenges at scale But: • Security compliance and best practices must be audited and enforced across BUs • Some BUs not necessary involved in managing subscriptions So a transversal IT team may need to audit or manage: • Azure accounts and subscriptions across tenants • Azure AD tenants configuration • Other cloud related assets
  • 13. 24 octobre 2019 - PARIS Identity Days 2019 Azure Active Directory. Single vs Multiple Tenants
  • 14. 24 octobre 2019 - PARIS Identity Days 2019 • Azure AD tenant allows us manage • Users and groups • Service principals / applications • Access rights to Azure resources • Access rights to Office • Access to SaaS applications Azure AD: single vs multi-tenant Users and Groups Azure subscriptions SaaS applicationsOffice 365 Service Principals
  • 15. 24 octobre 2019 - PARIS Identity Days 2019 • Multi-tenant: Azure AD B2B Collaboration Azure AD: single vs multi-tenant Users and Groups Azure subscriptions SaaS applicationsOffice 365 Service Principals
  • 16. 24 octobre 2019 - PARIS Identity Days 2019 • A user (not admin!) can create (in 2 min) a Azure AD tenant • He will be Global Admin of the new tenant • Original user mapped as External AD User in the new tenant • If he is owner of an Azure subscription, then he can transfer the subscription management to the new tenant A (new) tenant into your place
  • 17. 24 octobre 2019 - PARIS Identity Days 2019 • From the portal Access a specific tenant • From the command line Login-AzAccount -Tenant xxxxxxxx- xxxx-xxxx-xxxx-xxxxxxxxxxxx Login-AzAccount -Tenant mydomain.onmicrosoft.com Login-AzAccount -Tenant mydomain.net az login –t xxxxxxxx-xxxx-xxxx-xxxx- xxxxxxxxxxxx … • From Libs / API
  • 18. 24 octobre 2019 - PARIS Identity Days 2019 Multi-tenancy management
  • 19. 24 octobre 2019 - PARIS Identity Days 2019 Multi-tenancy management means… • Managing multiple Azure AD tenants and/or • Managing (Azure) resources « spread » over multiple Azure AD tenants Multi-tenancy management
  • 20. 24 octobre 2019 - PARIS Identity Days 2019 Responsibilities cross-tenant
  • 21. 24 octobre 2019 - PARIS Identity Days 2019 Managing multiple AAD tenants
  • 22. 24 octobre 2019 - PARIS Identity Days 2019 • Requires having configured, in the « remote » tenant, either: 1. Dedicated AAD user 2. Guest (invited) user (B2B Collaboration) Managing multiple AAD tenants
  • 23. 24 octobre 2019 - PARIS Identity Days 2019 1. Whitelist invitation domains 2. Add users without invitation New-AzureADMSInvitation -InvitedUserEmailAddress "user@example.com" ` -InviteRedirectUrl "https://example.com" ` -SendInvitationMessage $false ` -InvitedUserType "Member“ • Go directly to https://portal.azure.com/*yourtenantid* and accept terms Securing invited identities
  • 24. 24 octobre 2019 - PARIS Identity Days 2019 • Fact: Service Principals cannot be invited as users in other tenants • Enterprise Application => multi-tenant • App registration (Service Principal): mono-tenant https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service- principals What about SPNs ?
  • 25. 24 octobre 2019 - PARIS Identity Days 2019 • A SaaS application registered in Azure AD can be configured to work (accept signins) with/from multiple tenants • Configure Authentication / Supported account types / Accounts in any organizational directory • App ID URI must be globally unique SaaS applications as multi-tenant
  • 26. 24 octobre 2019 - PARIS Identity Days 2019 Limit perimeter to only the set of trusted tenants, by domains • From inside : « Only My Tenant » feature • From outside : Direct AAD federation with AD FS or t.p. STS provider https://docs.microsoft.com/en-us/azure/active-directory/b2b/direct-federation Securing « only » our tenants
  • 27. 24 octobre 2019 - PARIS Identity Days 2019 Managing Azure over multiple AAD tenants
  • 28. 24 octobre 2019 - PARIS Identity Days 2019 • Manage Azure over multiple AAD tenants via: • « Classical » way: see previous section • New way: Azure Lighthouse Managing Azure over multiple AAD tenants
  • 29. 24 octobre 2019 - PARIS Identity Days 2019 Azure Lighthouse Single control plane to view and manage Azure across all customers
  • 30. 24 octobre 2019 - PARIS Identity Days 2019 • Azure delegated resource management • Works for users and service principals • Azure portal experience • Azure Resource Manager templates • Managed Services offers in Azure Marketplace • Azure managed applications Capabilities
  • 31. 24 octobre 2019 - PARIS Identity Days 2019 • Through Azure Marketplace • Perfect for MS Partners and Service Providers • Not suitable for internal use in companies • Or through Delegated Resource Management • Customer deploys an ARM template into his Azure subscription(s) Onboarding Customer
  • 32. 24 octobre 2019 - PARIS Identity Days 2019 • Define roles and permissions to be used on Customer’s assets • Build-in RBACs as of today • What you need for setup • Tenants • Service provider's tenant ID (yours) • Customer's tenant ID • Group / User(s) • Azure Subscription(s) • (Azure) Role Definitions Delegated RM - Setup
  • 33. 24 octobre 2019 - PARIS Identity Days 2019 • Create ARM Template – and pass it to the Customer • mspOfferName • mspOfferDescription • managedByTenantId • authorizations • Group ID & display name • Role ID Get it by PS/CLI: Get-AzRoleDefinition -Name "Reader" • Customer deploys the ARM Template on his subscription(s) • One deployment per subscription New-AzDeployment Delegated RM - Setup
  • 34. 24 octobre 2019 - PARIS Identity Days 2019 • Customer view • Service Provider View Lighthouse in Use
  • 35. 24 octobre 2019 - PARIS Identity Days 2019 DEMO Delegated Deployment and Management with Azure Lighthouse
  • 36. 24 octobre 2019 - PARIS Identity Days 2019 •Azure Security Center! • Cross-tenant visibility on Azure resources • Cross-tenant security posture management • Cross-tenant threat detection and protection •Azure Policy! • Can create definitions and apply/assign them • Enforcement w/ deployIfNotExists Cross Tenant Security w/ Az Lighthouse
  • 37. 24 octobre 2019 - PARIS Identity Days 2019 • Specific set of supported services • Azure Databricks blocking • Resource specific URIs (ex. blob.core.windows.net) not supported • Build-in RBACs only • Many évolutions and features planned to come (Current) Az Lighthouse Limitations
  • 38. 24 octobre 2019 - PARIS Identity Days 2019 Conclusion
  • 39. 24 octobre 2019 - PARIS Identity Days 2019 • Govern Azure resources : w/ Azure Lighthouse Great solution for simplifying onboarding & experience • For Partners & SPs, but also for large enterprises • Govern AAD tenants: • Users • With dedicated users in target tenant w/ strong governance rules • With restricted invitations (by domain) • Service Principals • « Multi-tenant enterprise application » • ALL: minimum privilege principle Conclusion
  • 40. 24 octobre 2019 - PARIS Identity Days 2019 Thank you.
  • 41. 24 octobre 2019 - PARIS Identity Days 2019 Merci à tous nos partenaires ! 24 octobre 2019 - PARIS @IdentityDays #identitydays2019

Notes de l'éditeur

  1. * P2
  2. https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-user-without-invite
  3. https://docs.microsoft.com/en-us/azure/lighthouse/overview
  4. https://docs.microsoft.com/en-us/azure/lighthouse/overview
  5. https://docs.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
  6. https://docs.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
  7. https://docs.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
  8. Cross-tenant visibility Monitor compliance to security policies and ensure security coverage across all tenants’ resources Continuous regulatory compliance monitoring across multiple customers in a single view Monitor, triage, and prioritize actionable security recommendations with secure score calculation Cross-tenant security posture management Manage security policies Take action on resources that are out of compliance with actionable security recommendations Collect and store security-related data Cross-tenant threat detection and protection Detect threats across tenants’ resources Apply advanced threat protection controls such as just-in-time (JIT) VM access Harden network security group configuration with Adaptive Network Hardening Ensure servers are running only the applications and processes they should be with adaptive application controls Monitor changes to important files and registry entries with File Integrity Monitoring (FIM) https://docs.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience
  9. Custom RBAC Tags JIT permissions https://docs.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience