EXPERTS LIVE

SUMMER NIGHT

Close your datacenter and

give your users-wings

Stefan van der Wiele TSP EMS Blackbelt

Robbert van der Zwan TSP EMS Netherlands

EXPERTS LIVE

SUMMER NIGHT

Stefan van der Wiele

Stefan works as an Enterprise Mobility and

Security (EM+S) Technical Solution

Professional (TSP) for Microsoft Blackbelt

team. His expertise is centered around Azure

Infrastructure and EM+S with a core focus on

Identity management/security in hybrid

environments.

EXPERTS LIVE

SUMMER NIGHT

Robbert van der Zwan

Robbert works as an Enterprise Mobility and

Security (EM+S) Technical Solution

Professional (TSP) for Microsoft in the

Netherlands. His expertise is centered around

Azure Infrastructure and EM+S with a core

focus on Identity management/security in

hybrid environments.

Identity

Devices

Data

Applications

What is important for the company?

Active Directory

GPO/SCCM

File Shares

Win Integrated Auth

How do they handle that today?

VPN

BYO

SaaS

Azure

Customers

Partners

<< Demo 1>>

<< Demo 2 >>

Identity

Devices

Data

Applications

Security/Conditions/Health

How things are done with modern management?

Azure

Active

Directory

Identity

Protection

Conditional

Access

Business to

Business

(B2B)

RBAC

RBAC / Identity & Access ManagementMicrosoft Azure Active Directory

Consumer and business identity providers

Encrypted Synchronization

Azure AD

On-premises

Windows ServerActive Directory

Azure

Public Cloud, Your Apps, 2800+ popular SaaS apps

Publiccloud

Standards Bases Integration:

• OAuth2 & OpenID Connect

• SAML

• WS-Federation

• REST based Graph API

• SCIM

• FIDO

Cloud HR

ConditionsAllow access

Block access

ACTIONS

Enforce MFA per

user/per app

Location (IP range)

Device state

User groupUser

Risk

Identity Driven Security

Multi Factor

Authentication

NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

CLOUD APP DISCOVERY

PRIVILEGED IDENTITY MANAGEMENT

Azure Active Directory Identity Protection(Preview)

• Consolidated view to examine suspicious user activities and configuration vulnerabilities

• Remediation recommendations

Brute force attacks

Leaked credentials

Infected devices

Suspicious sign-in

activities

Configuration

vulnerabilities

Azure

Active

Directory

Domain

Join

Intune BYOD CYODCompany

owned

Intune/MDM

auto-enrollment

Azure Active Directory Join makes it possible

to connect work-owned Windows 10 devices

to your company’s Azure Active Directory

Enterprise-compliant services

SSO from the desktop to cloud and

on-premises applications with no VPN

Support for hybrid environments

MDM auto-enrollment

Enabling anytime,anywhere productivity: Azure Active Directory Join for Windows 10

Windows 10 Azure AD joined devices

Enterprise State Roaming

Classified as Microsoft Confidential

Click to edit Master title style

Azure

Information

Protection

Location Classification Protection Track/Monitor

DOCUMENT

TRACKING

DOCUMENT

REVOCATION

Monitor &

respond

LABELINGCLASSIFICATION

Classification

& labeling

ENCRYPTION

Protect

ACCESS

CONTROLPOLICY

ENFORCEMENT

Azure InformationProtection DOCUMENT

TRACKING

DOCUMENT

REVOCATION

Monitor &

respond

LABELINGCLASSIFICATION

Classification

& labeling

ENCRYPTION

Protect

ACCESS

CONTROLPOLICY

ENFORCEMENT

Full Data

Lifecycle

Azure AD

Domain

Services

Azure AD

Application

Proxy

SaaS

Application

Store

Active Directory

GPO/SCCM

File Shares

Win Integrated Auth

Looking back

VPN

BYO

SaaS

Azure

Customers

Partners

Microsoft Azure Active Directory

Lift-and-shift on-premises apps to Azure IaaS

Your Azure IaaS workloads/apps

Azure AD

Domain Services

Your virtual network

Azure

Cloud Only

SaaSAzure

Publiccloud

Cloud

CustomersPartners

Kerberos

NTLM

LDAP

Group PolicyIntune/MDM

auto-enrollment

Windows 10 Azure AD joined devices

Enterprise

State Roaming

OAuth2/OpenID

SAML

WS-Federation

SCIM

Simple deployment

Single managed domain per Azure AD directory

High availability with fault tolerance

Automatic health detection & remediation

Auto-sync from Azure AD – use same users, groups & passwords

On-premises SIDs are synced to SIDHistory in your managed domain

Domain join

Windows Integrated Authentication (Kerberos, NTLM)

LDAP bind and LDAP read

Secure LDAP (including over internet)

Create custom Organizational Units (OUs)

Administer DNS

Group Policy.

<< Demo 1>>

<< Demo 2 >>

EXPERTS LIVE

SUMMER NIGHT

Next session 16:00 - 16:45 uur

Windows 10 Creators Update

Samantha Kilkens