AAP 302 The Four Pillars of Identity A

AAP 302 The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD i. X Solutions Group Microsoft Corporation

66% run 14% 20% grow transform EXPLOSIVE DATA GROWTH PROLIFERATION OF DEVICES BUDGET REDUCTIONS IT CONSTRAINTS Companies are under pressure to do more with less

ENABLING DEVICES AVAILABILITY ROLE & DEVICE DRIVEN PRIVILEGES ALLOW CUSTOMERS & PARTNERS Companies must facilitate productivity without impacting security

ADAPTING TO CLOUD RAPID ON-BOARDING OF SERVICES MERGERS & ACQUISITIONS PROLIFERATION OF GROUPS & USERS Management must adapt rapidly to changing business needs

f RAPID RESPONSE PROTECT WHILE EXTENDING CENTRALIZE & STANDARDIZE REPORT & AUDIT Companies need an integrated security strategy

EMPOWER USERS TAKE CONTROL PLAN FOR THE FUTURE Incorporating Identity into your environment can transform your business

Identity Spans Environment USERS & DEVICES INFRASTRUCTURE APPS & SERVICES IDENTITY

USERS & DEVICES INFRASTRUCTURE PUBLIC PRIVATE APPS & SERVICES TRADITIONAL IT IDENTITY HYBRID CLOUD

o Single View Mgmt. o Application of Business Rules o Automated Requests, Approvals, and Access Assignment ADMINISTRATION o User Sign-on Experience o Trusted Source o Standard and Secure Protocols o Level of Assurance AUTHENTICATION o How and where authorizations handled o Can a user access the resource and what can they do when they access it? AUTHORIZATION o Track who does what, when, where and how o Focused Alerting o In-Depth Collated Reporting o Governance AUDITING

ADMINISTRATION Provision & De-provision AUTHENTICATION Identity Updates Identity Proliferation AUTHORIZATION Synchronization Interface Selection Change Control AUDIT Group Management Administration Provides

ADMINISTRATION AUTHENTICATION AUTHORIZATION Flexible Sign-on Methods Supported Sources Security Protocols AUDIT Assurance Methods Authentication Provides

ADMINISTRATION Entitlement Type AUTHENTICATION Access Policies AUTHORIZATION AUDIT Enforcement Strategy Authorization Provides

ADMINISTRATION Reporting AUTHENTICATION Alerting AUTHORIZATION Governance methods AUDIT Collection of data Audit Provides

http: //aka. ms/io

IO Level Basic IO Level Description • • • Most IT resources are used to keep IT functioning with reactive management Systems are complex, incompatible, and expensive and do not provide services throughout the organization Organizations use few IT policies and automated processes. Standardized • • • Organizations run somewhat effective, centralized IT departments IT systems remain complex, incompatible, and expensive and are run as standalone operations Basic automation is provided by a centralized IT group; pockets of automated services exist at business units Rationalized • • Long-term IT strategy is developed jointly by business and IT groups IT policies are defined with business criteria and enforced with IT processes and technology Complexity is engineered out of IT processes, and application compatibility issues are minimal This is the most cost-effective infrastructure optimization state Dynamic • Cost savings are secondary to maximizing business agility, which is a source of competitive advantage Some decision making is decentralized to bring decisions closer to business processes IT systems are highly automated, flexible, and respond quickly to changing business conditions Organizations may choose not to implement certain IT best practices because they reduce business agility • • •

Basic Provisioning Deprovisioning Administration Audit No Deprovisioning, Adhoc Dynamic Automated Creation in all ID Stores Automated Deprovisioning in one Manual Deprovisioning in All ID Automated deprovisioning in all or more ID Stores Email Notifications to Others Manual by Help Desk Owner Managed w/o Approvals Dynamic/Attribute Based Owner Managed with Approvals Identity Updates Manual by Help Desk Self-Service w/o verification Self-Service with Approvals Password Reset Performed by Help Desk Synchronization None No Enterprise ID Store Self-Service Password Reset Synchronization among some ID Synchronization amongst all ID Stores Enterprise ID Store + Application Specific Stores User Interface Help Desk Change Control Call Help Desk / Manual Workflow Single Enterprise ID Store Internal User Portal Internal/External User Portal Call Help Desk / Some Electronic None Workflow Multiple Passwords, Multiple One Password, One Logon to One Password, Multiple Logons Company Resources Self-Service Request with Electronic Workflow One Password, One Logon to all Resources Source No central source Central + Application Centric Central, Multiple External ID's Central + Federation Protocols Multiple Week Protocols Multiple Strong Protocols, No Transition Multiple Protocols with Transition Single Protocol Assurance No Assurance, Shared ID's Password-Based Soft Certificates Entitlement Type Application Centric Sign-On Method Authorization Manual Creation Rationalized Automated Creation in one or more ID stores Group Management Identity Proliferation Authentication Standardized Access Policies Enforcement Strategy Reporting None Alerting No Alerting AD Integrated (Group based) + Role or Attribute Based Some Application Centric None Written Manual Collation and Report Generation of Log Data Governance No Governance Collection of Data Disjoint, Manual Collection of Log Data Multifactor Centralized Policy Based Centrally Enforced Agent, API, Proxy based Automated Report Generation on Automated Attestation Report Some Systems Creation Proactive Alerting + Event Based Reactive/Event Driven Alerting No DLP, Manual Enforcement of Centralized DLP in Use Governance Disjoint, Automated Collection of Log Data Logs

Innovate Build a Plan Assess

One Day Workshop Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Workshops are designed to introduce Identity and help customers understand how an identity solution could help their enterprise. Customer Benefits Include: • Introduction to core tenants of Identity • Discussion around recommended practices • Detailed explanation of Microsoft identity solutions • Business Value modeling Traditional IT TECHNOLOGIES Private Public Hybrid DESIRED END STATES Partners

One Day 1 -3 Day Workshops Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Assessment designed to help the you understand your current state within identity and to provide a roadmap towards maturity based upon business needs and goals. Customer Benefits Include: • Detailed assessment report and recommended path forward • Logical roadmap based on assessment, experience and recommended practices Traditional IT TECHNOLOGIES Private Public Hybrid DESIRED END STATES Partners

One Day 1 -3 Day Workshops Education 2 Week Assessment and Roadmap Assess Business Assess Infrastructure Identity Solutions Planning Define Roadmap Deployment Microsoft Services Identity Offerings Include: • • Traditional IT TECHNOLOGIES Enterprise Identity Management using Forefront Identity Manager 2010 Enterprise Identity Federation using Active Directory Federation Services Access Enablement Gateway and Identity Service Solution Application Identity Assessment for Windows Azure Private Public Hybrid DESIRED END STATES Partners

Simplify, Streamline, and Secure AEGIS Solution Application Owners Application Users

AAP 201 Hybrid Computing is the New Net Norm SIA 202 Microsoft Trustworthy Computing Cloud Security, Privacy and Reliability in a Nutshell SIA 204 Cloudy Weather: How Secure is the Cloud? SIA 207 Windows Server 2012 Dynamic Access Control Overview SIA 312 What's New in Active Directory in Windows Server 2012 SIA 313 Self-Service Password Reset for Active Directory with Microsoft Forefront Identity Manager 2010 R 2 SIA 316 Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA 318 Managing and Extending Active Directory Federation Services SIA 321 What's New in Windows Identity Foundation in Microsoft. NET Framework 4. 5 SIA 341 Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA 21 -HOL Using Dynamic Access Control to Automatically and Centrally Secure Data in Windows Server 2012 SIA 01 -TLC Microsoft Identity and Access SIA 02 -TLC Windows Server 2012 Active Directory Dynamic Access Control

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn

Evaluations Submit your evals online http: //europe. msteched. com/sessions