Azure Active Directory - Sovelto

3 downloads 220 Views 3MB Size Report
A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governa
Azure Active Directory Mika Seitsonen Vartti tunnista

Kouluttajanne Mika Seitsonen •

Faktat • • •



Sovelto • • • • •



M.Sc., University of Nottingham, U.K. DI, Lappeenrannan teknillinen yliopisto Co-author of "Inside Active Directory" Senior-konsultti, vt. osaamisaluevastaava: Teknologia-asiantuntijat Microsoft Certified Trainer (MCT) vuodesta 1997, Microsoft Certification ID 414xxx MCSE: Communications MCSA: Office 365, Windows 2008, Windows 7 MS: Implementing Microsoft Azure Infrastructure Solutions

Yhteystiedot • •

e-mail [email protected] Twitter @MikaSeitsonen



Moottoriurheil(ija)un innokas seuraaja •

Kuvattuna Päijänteen Ympäriajo:ssa 2009

Identity considerations: Cloud, Sync or Federated?





Cloud identity provides a solution where all identity resides in the cloud Identity sync enables customers to bridge their existing identity into the cloud Federated identity allows customers to retain all authentication on-premises





B2B federated identity allows customers to securely share and collaborate with each other

Identity as the control plane Simple connection Windows Server Active Directory Other Directories

Self-service

Single sign on Username

•••••••••••

SaaS

Azure Public cloud

On-premises

Microsoft Azure Active Directory

Office 365

Cloud

What is Azure Active Directory? A comprehensive identity and access management cloud solution.

It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium

No Object Limit

No Object Limit

No Limit

Advanced Security Reports Yes(Advanced)**

Premium + Basic Features

Group-based access management/provisioning

Yes

Yes

Self-Service Password Reset for cloud users

Yes

Yes

Company Branding (Logon Pages/Access Panel customization)

Yes

Yes

SLA

Yes

Yes

Kurantti informaatio osoitteessa https://msdn.microsoft.com/en-us/library/dn532272.aspx

*

* Azure Active Directory Connect PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST)

Other Directories

Microsoft Azure Active Directory

Azure Active Directory Connect

DirSync

Azure Active Directory Sync FIM+Azure Active Directory Connector

Sync Engine

Consolidated deployment assistant for your identity bridge components Progressive learning while configuring the components ADFS is optional

Microsoft Azure

Microsoft Azure

Other Directories

Microsoft Azure Active Directory

SaaS apps

Other Directories

Microsoft Azure Active Directory

SaaS apps

Identities and applications in one place.

Web Apps Integrated (Azure Active Directory custom apps Application Proxy)

A connector that auto connects to the cloud service

Microsoft Azure Active Directory https://app1contoso.msappproxy.net/

DMZ Corporate Network

http://app1

IT professional

alerts.

alerts.

How it works

http://myapps.microsoft.com

http://myapps.microsoft.com

Azure Active Directory 12-month investments Business to Business

Administrative Units

Device Registration

Business to Consumers

Conditional Access

Cloud Domain Joined (Windows 10)

Roles Based Access Control Assign roles to users and groups at subscription, resource group, or resource level

Today RBAC to Azure

Assignments inherit down the hierarchy

SasS SasS

Subscription

Use built-in roles with preconfigured permissions (at preview) Create custom roles (post preview)

Tomorrow RBAC to 3rd Party SASS apps

SasS

SasS

SasS

Sas S

Sas S

Reade r

Owne r

Contributor

Reade r

Owne r

SasS

Contributor

B2B: cross-organization collaboration “I need to let my partners access my company’s apps using their own credentials.”

Share without complex configuration or duplicate users. A user at a large partner may log into my company’s apps with their Active Directory usernames and passwords. A user at a smaller partner may log into my company’s apps with their Office 365 usernames and passwords.

Admin configures sharing for cloud apps. “I can’t email my 25 MB file and need to share it with a partner using Box.com.”

Seamlessly provide Azure Active Directory to customers & partners For example, a user at a partner can set up everyone in their company. Users can bring their own email-based or social identities.

Administrative Units: In private preview Global admins Support for distributed organizational models Autonomous mgmt. while keeping common identity and org boundary

North Am

Delegate administration to subsidiaries User management App procurement and mgmt.

Org-wide permissions Manage global settings Create structure and policy Delegate permissions and resources

Contoso Europe

Asia

Regional admins

Manage regional users, devices, and applications

US East

Germany

India

Set local policy Regional policy and app management

Scope policy

“Must login with MFA” “Have license/access to regional apps”

Azure Active Directory

Azure Active Directory B2C(Business-to-Consumer ) Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of thousands to millions) of individual customers, and whose business success depends upon consumer adoption of web applications for improving customer satisfaction and reducing operational costs. Azure Active Directory B2C will include : Self-Service User registration Login with Social IdP or create your own credentials Optional MFA Bulk user import tools SSO to multiple web sites User interface customization

Cloud Domain Join Cloud Domain Join makes it possible to connect work-owned Windows devices to your company’s Azure Active Directory tenancy in the cloud. Users can sign-in to Windows with their cloud-hosted work credentials and enjoy modern Windows experiences. Enterprise compliant Services Roaming Settings, Windows backup/Restore, Store access… Data stored in enterprise compliant backend services on Azure. No need to add a personal Microsoft account. SSO from the desktop to org resources SSO from desktop to Office 365 and 1,000’s of enterprise apps, websites and resources. Access enterprise-curated Store and install apps using a work account. Management Automatic MDM enrollment during first-run experience. Support for hybrid environments Traditional Domain Joined PCs also benefit from Cloud Domain Join functionality when the on-prem Active Directory is connected with an Azure Active Directory in the cloud.

Cloud Domain Joined Devices

Mitä sinun pitää tehdä (ellet ole jo tehnyt) •

Luo ja sen jälkeen kokeile maksutonta Office 365 -tilausta •



Luo ja sen jälkeen kokeile maksutonta Intune-tilausta • •



http://products.office.com/fi-FI/try

http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/try.aspx Muista kirjautua O365-tililläsi

Luo ja sen jälkeen kokeile maksutonta Azure-tilausta • •

http://azure.microsoft.com Huom: vaatii luottokortin numeron, luottokorttia ei laskuteta

26

Lisäinformaatiota •

EMS-testiympäristö minuuteissa käyttöön http://simon-may.com/get-started-enterprise-mobility-suite-minutes/



Oma labra pystyyn http://blogs.technet.com/b/mydigitalworkthoughts/

27

Sovelton kursseja aiheen tiimoilta •

Microsoft kumppaneille • •



Business Anywhere (vain Microsoft-kumppaneille) 26.1. tai 4.5. Partner Practice Enablement: Microsoft Enterprise Mobility Suite (EMS) 23.-24.2. tai 23.-24.3.

Kaikille asiantuntijoille • • • •

Microsoft Intune hallinta 22.-23.4. 55065 Microsoft Azure IT-asiantuntijoille 11.-13.3. 20533 Implementing Microsoft Azure Infrastructure Solutions 13.-15.4. 20532 Developing Microsoft Azure Solutions 10.-13.3.

28

KIITOS!

29