Azure AD Webinar 1 Azure AD Azure Active
Azure AD Webinar シリーズ #1 適切な Azure AD 認証方式 選択の決め手 Azure Active Directory Customer Success Team
適切な Azure AD 認証方式の選択の決め手 1. 2. 3. 4. Why is this choice important? What are your options in Azure AD? Decision tree walkthrough with case studies Recommendations
Why is this choice important? It is the first important decision It is your foundation of your infrastructure It is hard to change
What are your authentication options with Azure AD? 多くの場合、以下 ①~③ の 3 つが検討対象となる クラウド専用 ID Cloud Only Cloud Authentication パスワードハッシュ同期 (PHS) Password Hash Sync + Seamless SSO パススルー認証 (PTA) Pass-through authentication + Seamless SSO Federated Authentication Active Directory 同期なし フェデレーション認証 Federated Authentication (ADFS or 3 rd Party) Active Directory 同期あり
Microsoft の認証方式に関する推奨事項 パスワードハッシュ同期を第一選択とすることを推奨 Cloud Authentication パスワードハッシュ同期 (PHS) Password Hash Sync + Seamless SSO パススルー認証 (PTA) Pass-through authentication + Seamless SSO Federated Authentication フェデレーション認証 Federated Authentication (ADFS or 3 rd Party) このオプションが第一選択
Seamless Single Sign On Saa. S Public Cloud Azure User Azure AD Connect Azure AD Active Directory Cloud On-premises
パススルー認証 (Pass-through authentication) Azure AD Connect Saa. S Public Cloud Azure PTA Agent User Active Directory Azure AD PTA Agent Cloud On-premises
フェデレーション認証 (Federated Authentication) Saa. S Public Cloud Azure AD Connect User Azure AD Active Directory Federation Proxy Cloud Perimeter Federation Server On-premises
Azure AD Authentication decision tree Start Do you need Active Directory integration? No Yes Do you want cloud authentication & password protection? Yes Do you have an authentication requirement not natively supported by Azure AD*? No Cloud only No Password Hash Sync + Seamless SSO Do you have an existing federation provider? Yes No Yes Do you have an authentication Yes requirement not natively supported by Azure AD*? No Pass-through authentication + Seamless SSO Yes Do you want cloud authentication instead of integrating with your federation provider? No Federation
Fabrikam Inc – Widget manufacturing business 30 years Many factories around the world 7000 factory workers Workday Office 365
Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? Yes
Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? Yes Do you have an authentication requirement not natively supported by Azure AD*? Yes • Sign-on using smartcards or certificates • Sign-on using on-premises MFA Server • Sign-on using 3 rd party authentication solution • An Enterprise PKI supporting Windows Hello for Business No Password Hash Sync + Seamless SSO Federation
Woodgrove Bank – A national financial institution Strong regulatory operation Present in almost every region 100’ 000 employees Office 365 Saa. S apps LOB apps
Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? No Do you have an existing federation provider? Yes No Do you have an authentication Yes requirement not natively supported by Azure AD*? No Pass-through authentication with + SSO Yes Do you want cloud authentication instead of integrating with your federation provider?
Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? No • Sign-on using smartcards or certificates • Sign-on using on-premises MFA Server • Sign-on using 3 rd party authentication solution • An Enterprise PKI supporting Windows Hello for Business Do you have an existing federation provider? Yes No Do you have an authentication Yes requirement not natively supported by Azure AD*? No Do you want cloud authentication instead of integrating with your federation provider? Yes Federation
Resources Choosing the right authentication method article Migration Guides Coming soon! Deployment wizard http: //aka. ms/aadwebinars
Resources Coming topics aka. ms/Azure. ADWebinar 日程 (仮) トピック 6/7(木) 13: 30 -14: 00 Azure AD の Saa. S アプリケーション認証への活用 Utilize Azure AD for 3 rp Party app authentication 6/21(木) 13: 30 -14: 00 Office 365 および Azure AD 管理者が必ずやっておくべきセキュリティ対策 Key things O 365 administrators must do for securing corporate identity 7/5(木) 13: 30 -14: 00 Azure AD で実現するスムーズな外部パートナー協業 Accelerate partner collaboration through Azure AD 7/19(木) 13: 30 -14: 00 Azure AD セルフサービス機能を用いてコスト削減 How to use full Azure AD self-service capabilities
Resources ID-BASED SECURITY Initiative のご紹介 • ID-BASED Security Initiative https: //id-bsi. connpass. com/ • 次回 Meeting のご案内 https: //id-bsi. connpass. com/event/87081/
Thank you!
- Slides: 26