Azure AD Webinar 1 Azure AD Azure Active

Azure AD Webinar シリーズ #1 適切な Azure AD 認証方式 選択の決め手 Azure Active Directory Customer Success Team

適切な Azure AD 認証方式の選択の決め手 1. 2. 3. 4. Why is this choice important? What are your options in Azure AD? Decision tree walkthrough with case studies Recommendations

Why is this choice important? It is the first important decision It is your foundation of your infrastructure It is hard to change

What are your authentication options with Azure AD? 多くの場合、以下 ①～③ の 3 つが検討対象となる クラウド専用 ID Cloud Only Cloud Authentication パスワードハッシュ同期 (PHS) Password Hash Sync + Seamless SSO パススルー認証 (PTA) Pass-through authentication + Seamless SSO Federated Authentication Active Directory 同期なし フェデレーション認証 Federated Authentication (ADFS or 3 rd Party) Active Directory 同期あり

Microsoft の認証方式に関する推奨事項 パスワードハッシュ同期を第一選択とすることを推奨 Cloud Authentication パスワードハッシュ同期 (PHS) Password Hash Sync + Seamless SSO パススルー認証 (PTA) Pass-through authentication + Seamless SSO Federated Authentication フェデレーション認証 Federated Authentication (ADFS or 3 rd Party) このオプションが第一選択

Seamless Single Sign On Saa. S Public Cloud Azure User Azure AD Connect Azure AD Active Directory Cloud On-premises

パススルー認証 (Pass-through authentication) Azure AD Connect Saa. S Public Cloud Azure PTA Agent User Active Directory Azure AD PTA Agent Cloud On-premises

フェデレーション認証 (Federated Authentication) Saa. S Public Cloud Azure AD Connect User Azure AD Active Directory Federation Proxy Cloud Perimeter Federation Server On-premises

Azure AD Authentication decision tree Start Do you need Active Directory integration? No Yes Do you want cloud authentication & password protection? Yes Do you have an authentication requirement not natively supported by Azure AD*? No Cloud only No Password Hash Sync + Seamless SSO Do you have an existing federation provider? Yes No Yes Do you have an authentication Yes requirement not natively supported by Azure AD*? No Pass-through authentication + Seamless SSO Yes Do you want cloud authentication instead of integrating with your federation provider? No Federation

Fabrikam Inc – Widget manufacturing business 30 years Many factories around the world 7000 factory workers Workday Office 365

Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? Yes

Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? Yes Do you have an authentication requirement not natively supported by Azure AD*? Yes • Sign-on using smartcards or certificates • Sign-on using on-premises MFA Server • Sign-on using 3 rd party authentication solution • An Enterprise PKI supporting Windows Hello for Business No Password Hash Sync + Seamless SSO Federation

Woodgrove Bank – A national financial institution Strong regulatory operation Present in almost every region 100’ 000 employees Office 365 Saa. S apps LOB apps

Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? No Do you have an existing federation provider? Yes No Do you have an authentication Yes requirement not natively supported by Azure AD*? No Pass-through authentication with + SSO Yes Do you want cloud authentication instead of integrating with your federation provider?

Azure AD Authentication decision tree Start Do you need Active Directory integration? Yes Do you want cloud authentication & password protection? No • Sign-on using smartcards or certificates • Sign-on using on-premises MFA Server • Sign-on using 3 rd party authentication solution • An Enterprise PKI supporting Windows Hello for Business Do you have an existing federation provider? Yes No Do you have an authentication Yes requirement not natively supported by Azure AD*? No Do you want cloud authentication instead of integrating with your federation provider? Yes Federation

Resources Choosing the right authentication method article Migration Guides Coming soon! Deployment wizard http: //aka. ms/aadwebinars

Resources Coming topics aka. ms/Azure. ADWebinar 日程 (仮) トピック 6/7(木) 13: 30 -14: 00 Azure AD の Saa. S アプリケーション認証への活用 Utilize Azure AD for 3 rp Party app authentication 6/21(木) 13: 30 -14: 00 Office 365 および Azure AD 管理者が必ずやっておくべきセキュリティ対策 Key things O 365 administrators must do for securing corporate identity 7/5(木) 13: 30 -14: 00 Azure AD で実現するスムーズな外部パートナー協業 Accelerate partner collaboration through Azure AD 7/19(木) 13: 30 -14: 00 Azure AD セルフサービス機能を用いてコスト削減 How to use full Azure AD self-service capabilities

Resources ID-BASED SECURITY Initiative のご紹介 • ID-BASED Security Initiative https: //id-bsi. connpass. com/ • 次回 Meeting のご案内 https: //id-bsi. connpass. com/event/87081/

Thank you!