Tech Conference 28.-29.5.2015 Enterprise Mobility Suite Mika Seitsonen ja Roope Seppälä Sovelto #TechConfFI
# TechConfFI Sisältö Lyhyet terveiset Microsoft Ignitestä Enterprise Mobility Suite Microsoft Identity Manager Datan suojaaminen Azure Rights Management:in avulla 2
Yleistä Aiemmin TechEd ja tuote/aluespesifiä konferenssejä (Microsoft Management Summit, Lync Conference, Microsoft Exchange Conference, Sharepoint) 23 000 osallistujaa Chicagossa toimiva julkinen liikenne Tapahtumapaikka McCormick Place Convention Center, johon linja-autoille oma tie kaupungin keskustasta 4
# TechConfFI Microsoft Azure and its Competitors: The Big Picture - David Chappell http://channel9.msdn.com/events/ignite/2015/brk1455 5
A summary Amazon Google Salesforce.com Microsoft HP VMware IBM
# TechConfFI Enterprise Mobility Suite Tech Conference 2015
Käyttäjät Käyttäjät odottavat pääsevänsä kaikkiin palveluihin ajasta, paikasta ja päätelaitteesta riippumatta Identiteetinhallinta Itsepalvelu Laitteet Erilaisten laitteiden ja käyttöjärjestelmien määrä kasvaa. Standardointi hankalaa. Sovellukset Standardien puuttuessa sovelluksien hallinta haasteellista. IT:n Tarpeita tukemaan kuluttajistumista Heterogeeninen laitehallinta Sovellusten käyttöönotto ja federaatiot Data Käyttäjien tiedostot ja asetukset tulee olla saatavilla kontrolloidusti ja turvallisesti. Sisällönsuojaus
Desktop Virtualization Information protection Identity and Access Management Enable your users Mobile device & application management Protect your data
Enterprise Mobility Suite Hybridi identiteetinhallinta Valmiiksi määritetyt federaatiot yli tuhanteen SaaS sovellukseen Ryhmien hallinta ja sanasanan resetointi itsepalveluna Sisältää FIM Identiteetinhallintaratkaisun käyttöoikeudet MFA Vahvan tunnistuksen ratkaisu pilveen ja omaan ympäristöön Laitehallinta Heterogeeninen laitehallinta tunnetuimmille alustoille Sovellusten ja asetusten hallinta Selektiivinen päätelaitteen tyhjennys Sisällönsuojaus Sisällön salaus joka seuraa tiedoston mukana, riippumatta tallennusmediasta Hallintakäytännöt tuetuille tiedostoille.
Identity considerations: Cloud, Sync or Federated? Cloud identity provides a solution where all identity resides in the cloud Identity sync enables customers to bridge their existing identity into the cloud Federated identity allows customers to retain all authentication on-premises B2B federated identity allows customers to securely share and collaborate with each other
Identity as the control plane Simple connection Self-service Single sign on Windows Server Active Directory Other Directories Username Azure Public cloud SaaS Office 365 On-premises Microsoft Azure Active Directory Cloud
What is Azure Active Directory? A comprehensive identity and access management cloud solution. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers It is available in 3 editions: free, Basic and Premium
No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Group-based access management/provisioning Yes Yes Premium + Basic Features Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes SLA Yes Yes Kurantti informaatio osoitteessa https://msdn.microsoft.com/en-us/library/dn532272.aspx
* Azure Active Directory Connect * PowerShell SQL (ODBC) Microsoft Azure Active Directory LDAP v3 Web Services ( SOAP, JAVA, REST) Other Directories
DirSync Azure Active Directory Sync FIM+Azure Active Directory Connector Sync Engine Azure Active Directory Connect Consolidated deployment assistant for your identity bridge components Progressive learning while configuring the components ADFS is optional
Microsoft Azure Microsoft Azure
Other Directories Microsoft Azure Active Directory SaaS apps
A connector that auto connects to the cloud service Microsoft Azure Active Directory https://app1- contoso.msappproxy.net/ DMZ http://app1 Corporate Network
IT professional
alerts.
alerts.
http://myapps.microsoft.com
http://myapps.microsoft.com
Haittaohjelmien torjunta Päivitysten ja ohjelmistojen hallinta Työasemien valvonta ios, Android ja Windows Phone Rauta ja softaraportit Intune käytännöt ( ei GPO) Ylläpitäjille ja loppukäyttäjille riittää nettiyhteys
# TechConfFI Microsoft Identity Manager http://channel9.msdn.com/events/ignite/2015/brk3857 Tech Conference 2015
Desktop Virtualization Common identity Single sign-on Information protection Identity and Access Management Self-service experiences Comprehensive security and governance Mobile device & application management Breadth of applications
Active Directory: the vision
A comprehensive IAM solution Microsoft Identity Manager Windows Server Active Directory is the primary authentication source today across enterprises Active Directory Federation Services integrates with Azure AD and MFA Web Application Proxy provides at the edge preauthentication Enforce conditional access to resources Identity Manager Delivers self-service identity management Automates lifecycle management across heterogeneous platforms Provides a rich policy framework for enforcing corporate security policies for identity and access Azure Active Directory Cloud directory Cloud authentication Application integration Azure AD Premium includes Multi-Factor Authentication, selfservice features, and user CALs for Identity Manager
Windows Server Active Directory Azure AD Sync Microsoft Azure Active Directory HR system Exchange Online LDAP SharePoint Online MIM Oracle DB Azure Manager Finance SaaS app
Today Next Roadmap
AD DS Azure AD AD DS Azure AD Exchange Exchange Azure AD Sync Oracle DB Oracle DB Finance FIM Sync Finance MIM Sync
Windows Server 2012 R2 ADFS Windows Store application Contacts AD FS for authentication Installs virtual smartcard into Windows Contacts MIM CM via REST API (OAuth 2.0 protected) MIM CM Server
Monitor Add'l auditing, alerts & reports Prepare Which users have privileged access rights? Operate Users can request elevation Protect Lifecycle and AuthN protection
User Existing Apps existing trust Existing AD Forest(s) Group Resource Admins
existing trust Existing Apps User access requests Privileged Access Management Microsoft Identity Manager Configured for PAM Existing AD Forest(s) trust for admin access AD DS User: PRIV\JenAdmin Group memberships: CORP\Resource Admins Refresh after: 60 minutes
Modernization Updated platform support Certificate Management updated Self-service account unlock added Privileged Access Mgmt. Improved protection of admins Just In Time (JIT) admin access Auditing for alerts and reports Hybrid IAM Self-service password reset with Azure MFA as a gate Hybrid reporting Azure AD and Office365 integration
Tech Conference 28.-29.5.2015 Kiitos! # TechConfFI
Information (documents) need to be uniquely identifiable Information needs to be protected from illicit access Access and usage policies must be enforced Information and its access needs to be traceable
Only if it works in the real world Users Devices Apps Data Real-world IT environment
Authentication and collaboration Integration Client integration Client integration User Authentication BYO Key
https://technet.microsoft.com/enus/library/dn375964.aspx
RMS Sharing Application Native Applications and Generic protection using Protected File (PFILE) Custom administrator defined policies I can protect and share information securely across device types
Sharing documents securely Use Microsoft Azure RMS to securely share documents with colleagues and business partners
Brad uses Share Protected
The document is sent with instant revocation
Bob receives an email with the document
Brad wants to track the document
Brad reaches the Document Tracking site Looks like Bob shared the documen with Mary, but she couldn t open it. Brad sends the document to Mary h Brad wants to track a document he sends to his staff
Brad tracks a document he sends to his staff
Summary View
Timeline View 21
http://aka.ms/rmsnews http://aka.ms/rmsblog http://aka.ms/rmsdeck http://aka.ms/rmsdemodeck http://aka.ms/rmsvideo http://aka.ms/rmshome http://aka.ms/rmsgetstarted