Connect your workforce to all the apps they

Connect your workforce to all the apps they need with Azure Active Directory

r ou : FO C C-Suite: are we s y ink Bu sin t! e dg u b ess r Sh : O nb oa rd my ap ps! nt! ecure? !? en u’r o Y : s tor Audi S: P O C SE Users: I need an admin lia p m o ot c to consent for this app ! Who is my admin? !? ! S 0 ev

Help me mitigate risk Address compliance Reduce my costs Improve user productivity

Apps are all around us

Azure Active Directory The control plane for all the apps you care about 1. 4 M + active apps Support standard-based protocols OData { JSON }

The control plane for all apps you care about

The control plane for all apps you care about

The control plane for all apps you care about

“Apps are people too!”

Securing applications and data access is an emerging priority 140 apps are used on average in an organization 87% of users can consent to applications 80% of employees use nonapproved apps for work

Securing your app ecosystem

Securing your app ecosystem

kelly@contoso. com This app would like to: Permissions requested App info Sign you in and read your profile Name Proseware Read. Tele all users’ basic profile Domain Access your data anytime unverified Proseware Tele unverified App info This app would like to: Date Read created one or more specific groups 7/19/2018 Accepting these permissions means that you allow this Reply URLs: to use your data as specified in their terms of service • app https: //treyresearch. net/replyurl/asdfasqr/2342341 esrawer and privacy statement. You can change these permissions a 3 r/234 ad/djslkdfjsouewjl at https: //myapps. microsoft. com. Show details Sign you in and read your profile Read all users’ basic profile Access your data anytime Read user mail Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https: //myapps. microsoft. com. Show details Cancel Accept

kelly@contoso. com This app would like to: Permissions requested App info Sign you in and read your profile Name Proseware Read. Tele all users’ basic profile Domain Access your data anytime treyresearch. net Proseware Tele treyresearch. net App info This app would like to: Date Read created one or more specific groups 7/19/2018 Accepting these permissions means that you allow this Reply URLs: to use your data as specified in their terms of service • app https: //treyresearch. net/replyurl/asdfasqr/2342341 esrawer and privacy statement. You can change these permissions a 3 r/234 ad/djslkdfjsouewjl at https: //myapps. microsoft. com. Show details Sign you in and read your profile Read all users’ basic profile Access your data anytime Read user mail Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https: //myapps. microsoft. com. Show details Cancel Accept

kelly@contoso. com This app would like to: App info Permissions requested Sign you in and read your profile Name Proseware Read. Tele all users’ basic profile Publisher Access data anytime Proseware Incyour. Verified Proseware Tele treyresearch. net Proseware Inc Domain Read one or more specific groups treyresearch. net Accepting these permissions means that you allow this Verified Date app to use 7/19/2018 your data as specified in their terms of service and privacy statement. You can change these permissions at https: //myapps. microsoft. com. Show details Reply URLs: • https: //treyresearch. net/replyurl/asdfasqr/2342341 esrawer a 3 r/234 ad/djslkdfjsouewjl This app would like to: Sign you in and read your profile Read all users’ basic profile Access your data anytime Cancel Read user mail Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https: //myapps. microsoft. com. Show details Cancel Accept

Securing your app ecosystem

Azure AD ADFS Conditions MSA Controls 40 TB Google ID Android i. OS Mac. OS Employee & Partner Users and Roles Trusted & Compliant Devices Machine learning Allow/block access Session Risk 3 Limited access Windows Defender ATP Require MFA Real time Evaluation Engine Geo-location Corporate Network Browser apps Client apps Physical & Virtual Location * Policies Client apps & Auth Method Effective policy ***** Force password reset Block legacy authentication Microsoft Cloud App Security

Securing your app ecosystem

Securing your app ecosystem

Securing your app ecosystem

How we are helping you address your challenges Help me mitigate risk • One entry point for managing authentication policies and securing all apps and data Address compliance • Control and understand app access from one place • One source of truth for auditors Reduce my costs • Decommission expensive onpremises infrastructure • Reduce support costs with selfservice • Monitor usage, reduce waste on unused licenses Improve user productivity • Get users the apps they need on any device, fast • Efficiently delegate user requests to the business

What to do next

Useful docs Topic Link For how to get off ADFS and into Azure AD aka. ms/getauthright For how to build a strong identity foundation with Azure AD aka. ms/strongidentity For guidance and tools to move apps to the cloud aka. ms/migrateapps For building modern cloud apps aka. ms/developapps For building and integrating apps securely aka. ms/Identity. Platform. Checklist For securing your identity infrastructure aka. ms/securitysteps For deployment guidance on My. Apps, provisioning, SSO aka. ms/deploymentplans For enabling admin consent requests aka. ms/adminconsentworkflow

More Identity Sessions See all breakouts, theaters, and labs http: //aka. ms/Azure. ADIgnite 2019 BRK 3110 Winning strategies for identity security and governance Tue 10: 15 BRK 3113 New frontiers in identity standards Tue 11: 30 BRK 3114 Building trust into digital experiences with decentralized identities Tue 3: 15 BRK 2232 Zero Hype – Taking practical steps to Zero Trust Tue 4: 30 SECI 10 Identity and access management best practices from around the world Wed 9: 00 SECI 20 Shut the door to cybercrime with identity-driven security Wed 10: 15 BRK 4007 Simplify sign in and authorization with the Microsoft identity platform Wed 10: 45 BRK 3105 Connect your workforce to all the apps they need with Azure Active Directory Wed 11: 30 BRK 3106 Eliminate your weakest link with passwordless authentication Wed 3: 15 BRK 3109 Govern your workforce and guest user access with Azure Active Directory Wed 4: 30 BRK 3108 Modernize your on-premises application security with Azure Active Directory Thu 9: 00 BRK 3154 Integrating CASB into IAM for a comprehensive identity security strategy Thu 10: 15 BRK 2261 Empower firstline worker productivity from day one Thu 11: 30 BRK 4017 The science behind Azure Active Directory Identity Protection Thu 11: 30 BRK 3112 Love all your identities – Building digital relationships with your customers and partners Thu 2: 00 BRK 2132 How Microsoft uses Azure Active Directory Identity Protection and Conditional Access to protect its assets Thu 4: 30 BRK 2080 Microsoft identity platform best practices for developers Fri 9: 00 BRK 3257 Leverage the cloud to strengthen your on-premises Active Directory security Fri 10: 45 BRK 3267 Bridge the gap between HR, IT and business with the Azure Active Directory identity provisioning platform Fri 11: 30

Please evaluate this session Your feedback is important to us! https: //aka. ms/ignite. mobileapp https: //myignite. techcommunity. microsoft. com/evaluations

Find this session in Microsoft Tech Community

Thank you. Follow Microsoft Azure AD @Azure. AD aka. ms/enable. MFA …it’s free!