Azure Active Directory
+PremiumJan Ketil Skanke og Olav Tvedt
@olavtwitt olavtvedt.blogspot.com@janke75 jankesblog.com
The current reality…EC2
On-Premises
Private CloudManaged devices
Self-service Single sign on
•••••••••••Username
Identity as the control planeSimple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises
Microsoft Azure Active Directory
What is Azure Active Directory?A comprehensive identity and access management cloud solution for your employees , partners and customers. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers.
B2EB2BB2C
Empower UsersManage everything from passwords to devices.
Monitor and protect access to cloud applications.
Your Directory on the cloud
Connect and Sync on-premises directories with Azure.
Your Directory on the cloud
SaaS appsMicrosoft AzureActive Directory
2500+ Preintegrated popular SaaS apps.
Other Directories
Azure AD Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory. Users can sign into Windows with their cloud-hosted work credentials and enjoy modern Windows experiences.
Enterprise-compliant services SSO from the desktop to cloud and
on-premises applications with no VPN
MDM auto enrollment Support for hybrid environments
Azure AD Join for Windows 10
Windows 10 Azure AD Joined Devices
MDMAuto-enrolment
On-premises apps
Demo – Jan Ketil Skanke Azure AD Join for Windows 10
A stand-alone Azure Identity and Access management service also included in Azure Active Directory PremiumPrevents unauthorized access to both on-premises and cloud applications by providing an additional level of authenticationTrusted by thousands of enterprises to authenticate employee, customer, and partner access.
What is Azure Multi-Factor Authentication?
Mobile apps Phone calls Text messages
ALERT
1 4 5 6 7 6
How it works
Empower Users
Manage your account
Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps
Manage your account
Self Service Password Reset and application access requests
Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps
Empower Users
Demo – Olav TvedtMyappsRegister for Password ResetSelf-service password reset with on-premises write-back
Self-service group management for cloud usersAdvanced anomaly security reports Multi-Factor Authentication service for cloud users (Azure Authenticator App)
Demo – Jan Ketil SkankeCompare Experience on Windows 10 AAD Joined and OnPrem AD Join
Azure Active Directory editions feature comparison + Office 365 IAM featuresAzure Active Directory
FreeAzure Active Directory
BasicAzure Active Directory
Premium Office 365 apps only
Common Features
Directory as a Service 500,000 Object Limit No Object Limit No Object Limit No Object limit for Office 365 user accounts
User/Group Management (add/update/delete) Yes Yes Yes Yes
SSO to pre-integrated SAAS Applications /Custom Apps 10 apps per user 10 apps per user No Limit 10 apps per user
User-Based access management/provisioning Yes Yes Yes Yes
Self-Service Password Change for cloud users Yes Yes Yes Yes
Connect (Sync engine that extends on-premises directories to Azure Active Directory) Yes Yes Yes Yes
Security Reports/Audit 3 Basic Reports 3 Basic Reports Advanced Security Reports 3 Basic Reports
B2B collaboration Yes Yes Yes Yes
Premium+ Basic Features
Group-based access management/provisioning Yes Yes
Self-Service Password Reset for cloud users Yes Yes Yes
Company Branding (Logon Pages/Access Panel customization) Yes Yes Yes
Application Proxy Yes Yes
SLA Yes Yes Yes
Premium Features
Self-Service Group Management Yes
Self-Service Password Reset/Change with on-premises write-back Yes
Advanced Usage Reporting Yes
Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Yes Limited cloud only for Office 365 Apps
MIM CAL + MIM Server Yes
Cloud App Discovery Yes
Administrative Units (in Preview) Yes
Conditional Access : MFA per application (in Preview) Yes
Automated password roll-over (in Preview) Yes
Connect Health Yes
Privileged Identity Management (in Preview) Yes
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Resources:http://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/