Petr Vlk KPCS CZ WUG Days 2016 8. října 2016
Jednoduchá správa Windows Server Active Directory
Zařízení
Jednotné přihlašování Uživatelské jméno
••••••••••• Další systémy a aplikace
SaaS
Azure Veřejný Cloud
On Premise
Microsoft Azure Active Directory
Office 365
Cloud
Azure Active Directory On-premises infrastructure integration Synchronization or federation of identities
Self-service password reset with write back to on-premises directories
Web App Proxy for authentication against on-premises web-based applications
User accounts
Devices
MyApps Panel
Mobile device management with Intune
Multi-factor authentication (MFA)
Windows 10 Azure AD Join and SSO
Conditional access to resources and applications
Device registration and management for non-Windows devices (iOS, Android, Mac)
Behavior and riskbased access control with Azure AD Identity Protection
Partner collaboration
Customer account management
Secure collaboration with your business partners using Azure AD B2B collaboration
Self-registration for your customers using a unique identity or an existing social identity with Azure AD B2C
Application integration
Administration
Pre-integrated with thousands of SaaS applications
Reporting
Deep integration with Office 365 features
Global telemetry and machine learning
Cloud App Discovery
Enterprise scale
PaaS application integration
Worldwide availability
Domain Services
Connect Health
Integration with other cloud providers, such as Amazon Web Services
Cloud
+ Rychlé nasazení, žádné nároky na infrastrukturu - Žádné SSO či životný cyklus identit
Password Hash Sync
Federated
3rd Party Federated
+ Rychlé nasazení, stejné heslo jako v lokálním prostředí, životní cyklus identit, podmíněný přístup, MFA
+ Téměř plné SSO, integrované přihlašování, životní cyklus identit, MFA a podmíněný přístup
+ Řešení třetích stran mohou být flexibilnější a umožnit napojení na jiné systémy
- Ne zcela nativní SSO
- Složité lokální nasazení, při výpadku problém
- Složitější nastavení, dražší cena
Directory and password synchronization Traffic flow
Your on-premises or private cloud datacenter Active Directory
AD Connect tool syncs to Office 365
Azure AD Connect Tool
AD Connect tool requests Windows Server AD changes
Azure IaaS
On-premises network
Virtual network Federation
Proxy server
Site-to-site VPN
Your on-premises or private cloud datacenter Web Application Proxy
AD FS Server
Windows Server AD Domain Controller
Azure AD Connect Tool
ExpressRoute
Windows Server AD
Virtual machine running the Azure AD Connect tool
User attributes are synchronized using Azure AD Connect, including a password hash; authentication is completed against Azure Active Directory Identity synchronization with password (hash) sync
*Preview: Single Sign On for synchronized AD users
End User Experience
IT Pro / Admin Experience
Sign on to AD and Azure AD required. Same password.
Azure AD Connect is all you need
* SSO for synchronized users provides seamless auth to Azure AD from domain joined PC Self Service Password Reset of AD password with Azure AD Premium
* See session BRK3107
User attributes are synchronized using Azure AD Connect; authentication is passed back through federation and completed against Windows Server Active Directory
Identity synchronization
AD FS
End User Experience
IT Pro / Admin Experience
All authentication to on premises AD
Azure AD Connect
Seamless single sign on from domain joined PC’s
AD FS and AD FS Proxy installed on premises
Self Service Password Reset of AD password with Azure AD Premium
Credentials not stored in Azure AD
User attributes are synchronized using identity synchronization tools; authentication passed on to on premises and completed against Windows Server Active Directory
Identity synchronization
Authentication Agent
End User Experience
IT Pro / Admin Experience
All authentication to on premises AD
Azure AD Connect
Seamless single sign on from domain joined PC’s
Authentication agent connects to Azure AD to handle auth to AD
Self Service Password Reset of AD password with Azure AD Premium
Credentials not stored in Azure AD * See session BRK3107
Připojení k AD v DC přes VPN
Připojení k AD ve VM
…
Synchronizace na základě pravidel ze strany IT
…
Automatická synchronizace
Start
Další kroky
[email protected] • Ptejte se… • Vyzkoušejte si…
Zkušební verze k dispozici zdarma!
• Naplánujte implementaci…