21-06-2018 aOS Aix 3 Seven ways identity enriches your Office 365 and Azure experience- English - Sander Berkouwer
0 likes66 views
The document presents a talk by Sander Berkouwer about enhancing Office 365 and Azure experiences through identity management features. Key topics include single sign-on, conditional access, self-service capabilities, and Azure Information Protection, all aimed at improving productivity and security. The speaker emphasizes the importance of Azure Active Directory in managing access to resources and ensuring compliance across devices.
21-06-2018 aOS Aix 3 Seven ways identity enriches your Office 365 and Azure experience- English - Sander Berkouwer
- 1. aOS Aix-en-Provence 21 Juin 201821 Juin 2018 aOS Aix-en-Provence n°3
- 2. aOS Aix-en-Provence 21 Juin 2018 Merci à nos sponsors
- 3. aOS Aix-en-Provence 21 Juin 2018 Seven ways Identity enriches your Office 365 and Azure experience Sander Berkouwer CTO at SCCT scct.nl Enterprise Mobility MVP
- 4. aOS Aix-en-Provence 21 Juin 2018 About me Sander Berkouwer I live in the Netherlands I work at SCCT scct.nl @SanderBerkouwer @aOSComm I have a passion for Active Directory and Azure Active Directory. I’ve been a Microsoft MVP for the last 9 years I’ve been a VEEAM Vanguard for 3 years
- 5. aOS Aix-en-Provence 21 Juin 2018 Agenda Single Sign-On Device-based Conditional Access Self-Service possibilities Information Protection Role-based Access Control … All with Azure AD
- 6. aOS Aix-en-Provence 21 Juin 2018 1. Single Sign-On
- 7. aOS Aix-en-Provence 21 Juin 2018 Single Sign-On Access to Applications Single Sign-On (SSO) Single Sign-On uses one identity in one identity store Allows people to be more productive, because: • They only have to remember one set of credentials • Most applications allow for silent SSO, so without prompts • Passwords can be easily changed, if needed Office 365 and Azure Active Directory 65% of organizations only use Azure AD for Office 365 access 3900+ more applications available in the Azure AD App Gallery
- 8. aOS Aix-en-Provence 21 Juin 2018 2. Azure AD Join and Microsoft Intune
- 9. aOS Aix-en-Provence 21 Juin 2018 Five ways to join a Microsoft environment Azure Active Directory Azure Active Directory Azure Active Directory Azure Active Directory Azure Active Directory AD DS AD DS AD DS AD DS Azure AD DS
- 10. aOS Aix-en-Provence 21 Juin 2018 Hybrid Azure AD Join Azure AD Join Bring-Your-Own scenarios for Windows 10 devices Hybrid Azure AD Join Single Sign-On and Windows Hello for domain-joined devices Hybrid Azure AD Join is enabled by default, when: • You run Azure AD Connect v1.1.486.0, or up • Computer objects are in scope for synchronization • You run Windows 10 1607, or up • Windows 10 RTM and 1511 need a group policy • Windows 7, etc. need WorkPlace Join for legacy clients link
- 11. aOS Aix-en-Provence 21 Juin 2018 Microsoft Intune Device Lifecycle Management Microsoft Intune keeps devices compliant
- 12. aOS Aix-en-Provence 21 Juin 2018 3. Conditional Access 4. Identity Protection
- 13. aOS Aix-en-Provence 21 Juin 2018 Conditional Access ***** Require MFA Allow access Deny access Force password reset Limit access Controls Users Devices Location Apps Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 10TB Effective policy
- 14. aOS Aix-en-Provence 6 septembre 2016 5. Self-Service
- 15. aOS Aix-en-Provence 21 Juin 2018 Azure AD Self-Service Possibilities Password Reset Colleagues can reset their password after initial registration Resets require Multi-Factor Authentication (MFA) http://aka.ms/sspr Group Management Colleagues can manage their own groups, delegated groups and group memberships Gain access to applications without IT Expiration and naming convention can be centrally configured
- 16. aOS Aix-en-Provence 21 Juin 2018 6. Azure Information Protection
- 17. aOS Aix-en-Provence 21 Juin 2018 Azure Information Protection Comprehensive protection Protection of sensitive data throughout the lifecycle Inside and outside the organization Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S
- 18. aOS Aix-en-Provence 21 Juin 2018 Lifecycle of a sensitive file Data is created, imported, & modified across various locations Data is detected Across devices, cloud services, on-prem environments Sensitive data is classified & labeled Based on sensitivity; used for either protection policies or retention policies Data is protected based on policy Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP action such as blocking sharing Data travels across various locations, shared Protection is persistent, travels with the data Data is monitored Reporting on data sharing, usage, potential abuse; take action & remediate Retain, expire, delete data Via data governance policies
- 19. aOS Aix-en-Provence 21 Juin 2018
- 20. aOS Aix-en-Provence 21 Juin 2018 Role-based Access Control Azure Active Directory Manage access to resources throughout Azure Azure KeyVault Manage certificate-based access to resources throughout Azure Azure AD Managed Service Identities (MSIs) Manages access to IaaS-based resources, like VMs Like Manage Service Accounts (MSAs) in Active Directory
- 21. aOS Aix-en-Provence 21 Juin 2018 ConcludingConcluding
- 22. aOS Aix-en-Provence 21 Juin 2018 Concluding Synchronize your objects And benefit from Single Sign-On with Azure Active Directory Enable your colleagues By allowing them conditional access By letting them reset their passwords, etc. Secure access By leveraging Azure AD-based Role-based Access Control
- 23. aOS Aix-en-Provence 21 Juin 2018 Thank you! Sander Berkouwer CTO at SCCT scct.nl Enterprise Mobility MVP @SanderBerkouwer
- 24. aOS Aix-en-Provence 21 Juin 2018