Post on 17-Jan-2017
PREMIUM MANAGEMENT AND PROTECTION OF IDENTITY AND ACCESS WITH AZURE ADSpeaker: Jan Vidar ElvenCompany: Skill ASPosition: Enterprise Mobility MVPCloud and Datacenter Architect
Who Am I?I am Jan Vidar Elven – Cloud and Datacenter Architect @ Skill ASI am from Sarpsborg, Norway I’m a Microsoft Most Valued ProfessionalEnterprise Mobility
I tweet from @skillriverI blog at systemcenterpoint.wordpress.comEmail me jve@skill.noWhen not tweeting/blogging I like football!
AGENDA – KEY TAKEAWAYS
Why Azure AD Identity Management, Protection and Health Monitoring?
Azure AD Privileged Identity Management Azure AD Identity Protection Azure AD Connect Health Azure Multi-Factor Authentication
WHY AZURE AD MANAGEMENT AND PROTECTION?
Manage Azure AD administrator role access On-demand admin access Real-time risk event & vulnerability detection Monitor and gain insights Second layer of security
REQUIREMENTS
For Privileged Identity Management + Identity Protection + Connect Health:
Azure AD Premium P2/EMS E5 Global Administrator Access to Configure
End Users: Azure AD Premium/EMS and Password Writeback for Policy Mitigation
ENTERPRISE MOBILITY + SECURITY
AZURE AD PRIVILEGED IDENTITY MANAGEMENT (PIM)
Key Features: Access Review Enable on-demand, "just in time" administrative access Reports on access history and administrator assignments Alerts about access and configurations to a privileged role
CONFIGURE AZURE AD PIM
1. Sign in Azure Portal with Global Administrator2. Select New > Security + Identity > Azure AD Privileged
Identity Management for your Azure AD tenant3. First admin will be:
a. Security administratorb. Privileged role administrator
DEMO - AZURE AD PRIVILEGED IDENTITY MANAGEMENT
AZURE AD IDENTITY PROTECTION
Key Features: Risk event detection and risk accounts Investigate risk events Risk-based conditional access policies:
Sign-in risk policy User risk policy (not for federated users in preview) MFA registration policy
CONFIGURE AZURE AD IDENTITY PROTECTION
1. Sign in Azure Portal with Global Administrator2. Select New > Security + Identity > Azure AD Identity
Protection for your Azure AD tenant
DEMO - AZURE AD IDENTITY PROTECTION
AZURE AD CONNECT HEALTH
Features: Azure AD Connect Health for Sync Azure AD Connect Health for ADFS/WAP Azure AD Connect Health for AD DS
(Preview)
AZURE AD CONNECT HEALTH – HOW DOES IT WORK?
CONFIGURE AZURE AD CONNECT HEALTH
1. Get Azure AD Premium2. Download, Install & Register Connect Health Agent:
a. AD FS/Proxy/WAP Health Agentb. AD DS Health Agentc. Azure AD Connect Server (>=version 1.0.9125.0)
3. Go to https://aka.ms/aadconnecthealth
DEMO - AZURE AD CONNECT HEALTH
AZURE MULTI-FACTOR AUTHENTICATION (MFA)
MFA Versions: MFA for Office 365 MFA for Azure Admins Azure MFA
Features: Selected Authentication Methods Admin Control
DEMO - AZURE MULTI-FACTOR AUTHENTICATION
SUMMARY AND QUESTIONS?
Contact: E-mail: jve@skill.no Twitter: @skillriver Blog: http://systemcenterpoint.wordpress.com
Silver Sponsors
Gold Sponsors
Bronze Sponsors