Saa S Apps Active Directory Users are more

Saa. S Apps Active Directory Users are more productive by having a single sign-on to all their resources. IT can provide users with a common identity across on-premises or cloudbased services, leveraging Windows Server Active Directory and Azure Active Directory. Users get access through accounts in Azure Active Directory to Azure, Office 365, and third-party applications. Files Active Directory Web Apps LOB Apps Developers can build applications that leverage the common identity model.

On-premises Active Directory Identity Bridge Azure AD Connect Sync, Sign-In AD DS Microsoft Azure Active Directory Your apps FIM/MIM Sync LOB Office 365 and Saa. S Providers Salesforce Box Drop. Box Google Concur ….

Ø Ø Tight AD integration • Desktop SSO from domain joined machines • Honor AD login policies (e. g. work hours) • Integration with AD lockout with support for independent ‘soft’ lockout for extranet • Alternate login ID Strong Authentication Conditional Access Security Policy • Policy prevents any AD credential to be synced to public cloud • Client Access Policies to control extranet access to applications • Conditional access based on devices (workplace join) • Inbox support for AD cert authentication (e. g. Smart. Cards) • Support for Azure MFA server or 3 rd party MFA vendors (RSA, Safe. Net, Login. People, In. Webo, Gemalto…) that a customer already has

Active Directory ADFS Start Firewall Azure Active Directory Web Application Proxy

Active Directory ADFS Firewall Azure Active Directory Web Application Proxy Start

Deployment Security • Use Windows 2012 R 2 • Co-locate ADFS on domain controllers (no IIS needed) • You don’t need SQL unless you are greater than 90 K users! • Use self-signed token signing certificates. • Enable extranet soft account lockout • Enable MFA with smartcards, Azure MFA or 3 rd party MFA (Safe. Net, RSA, Gemalto, Login. People …) • Enable client access policies in the prescribed manner. Network • Deploy Web Application Proxy. Current Outlook/EAS need this to work. • AAD uses federation metadata endpoint that is internet accessible to keep token signing cert information up to date. • Don’t use sticky sessions on your Load Balancer • Configure SNI on load balancer or use HTTP health probes (MS 14 -08) Sign-In Experience • Ensure that SPN (HOST/adfs. contoso. com) is set on ADFS service account • Customize illustration & logo to have a great end user experience • Enable ‘Keep Me Signed In’ option for better SSO

Tue, Oct 28 3: 15 PM-4: 30 PM EM-B 214 Privileged Access Management for Active Directory Wed, Oct 29 8: 30 AM-9: 45 AM EM-B 316 Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3: 15 PM-4: 30 PM EM-B 319 Microsoft Identity Manager v. Next Overview Wed, Oct 29 3: 15 PM-4: 30 PM CDP-B 210 Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5: 00 PM-6: 15 PM EM-B 318 Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10: 15 AM-11: 30 AM CDP-B 312 Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2: 45 PM-4: 00 PM EM-B 313 Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12: 00 PM-1: 15 PM EM-B 310 Active Directory + BYOD = Peace of Mind Thu, Oct 30 5: 00 PM-6: 15 PM DEV-B 322 Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8: 30 AM-9: 45 AM CDP-B 207 Securing Organizations: Azure Active Directory Intelligence as a Differentiator

http: //aka. ms/enterprise mobilitysuite http: //aka. ms/microsoftintune http: //aka. ms/configmgr http: //aka. ms/hi http: //aka. ms/aip http: //aka. ms/virtualdesktop

http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //developer. microsoft. com