Identity and Access Management

Business Ready Security Solutions

Agenda

Business and Information Technology (IT) Challenges

Core Infrastructure Optimization

Identity and Access Management Scenarios

Next Steps

Identity and Access Management End State

Current Identity and Access Situation

Extend business resources, especially to the cloud

Secure multiple devices and locations

Manage complex identity lifecycles

Business and IT Challenges

Agility and Flexibility

ControlBUSINESS

NeedsIT Needs

Simplify user experience for collaboration across

networks

Provide seamless movement between applications

Reduce cost of identity management

Provide secure access to applications from anywhere

Manage disparate systems

Managing partner accounts

Multiple identities and limited sign-on help

Different sign-on requirements, password reset

handled through help desk

Remote access solution with separate identities

Current Identity and Access SituationTime and Labor Intensive

Core Infrastructure Optimization (Core IO)

Standardized Rationalized DynamicBasic

Efficient Cost Center Business Enabler Strategic AssetCost Center

Identity and Security Services

Identity and Access

No standard policy framework for identity and access

No password policy for authentication and authorization

Manual identity provisioning and de-provisioning

Directory services are isolated due to a lack of integration

Limited control over access and identity processes

User profile management is centralized

Cross-organization collaboration is manual for partner accounts

Multiple directory services exist with point-to-point synchronization

Control is automated and role-based

User profile provisioning and de-provisioning is automated and centralized

There is a standard federation and trust-management infrastructure Automated identity synchronization and provisioning

Identity management is fully automated and supported by policy

Resource provisioning and de-provisioning is automated, with self-service access management

Federation and trust management infrastructure is centrally managed

Centralized directory that synchronizes automatically

Secure Endpoint

Secure Datacenter

Secure Collaboratio

n

Business Ready Security Solutions

Secure Messaging

Information Protection

Enable more secure, well-managed, identity-centric access to applications hosted on premises and in the cloud from virtually any location or device.

Identity and Access Management

Identity and Access Management Scenarios

Secure Remote Access

Well-managed Identity

Access across Networks

Provide well-managed, common identity

infrastructure

Enable interoperable access across networks

Secure remote access to business resources

Integrated with proven Microsoft® technologies and heterogeneous environments

Well-managed Identity

Identity Management

• Simplifies compliance across heterogeneous environments

• Enhances data quality with delegated user-profile management

Group Management

• Increases efficiency with attribute-basedresource access

• Enhances user productivity with self-service group management

Credential Management

• Lowers helpdesk costs with end-user self-service password features

• Improves security through strong authentication and certificates

“With Forefront® Identity Manager, we are able to streamline tactical processes, while at the same time provide strategic business value through a cohesive Identity and Access Management solution.”

Scott Weir, IT Manager, Desktop Architecture, First American Title Insurance Company

First American Reduces Costs with Streamlined Identity and Access Management

Extend Access Across Networks

On Premises

• Increases end-user productivity due to a single identity

• Provides additional agility as developers build applications with common authentications

Partners

• Facilitates easier and more effective collaboration setup

• Increases compliance by avoiding external accounts

Cloud

• Adds flexibility with common identity and single sign on

• Creates easier cloud integration with standards-based federation

“We will have more granular control over identity and access, so we can start providing users with self-service capabilities and extend secure collaboration to our partners.“

Armand Martin, Enterprise Architect, Security, Dow Corning

Manufacturer to Enhance Efficiency with Improved Identity Management

Secure Remote Access

Always-on DirectAccess

• Improves productivity through seamless, always-on access

• Reduces risk with more secure sign-on and policy-based access

Remote Application Access

• Increases flexibility by accessing network from virtually any device

• Enhances IT agility due to the ability to manage machines anywhere

“With Unified Access Gateway (UAG) and Network Access Protection (NAP), Sporton can enforce its security policies for employees who connect remotely to the network. We could use other products to make sure that remote clients are fully compliant with our environment before we allow them access, but our IT staff would need to spend a lot of time monitoring the process; with UAG and NAP, we can do all this automatically.”

David Feng, IT Director,

Sporton International/

Integrated Across Microsoft and Heterogeneous Environments

Heterogeneous EnvironmentsCore

Infrastructure

Server and Domain Isolation

Common Identity

Interoperable standards for federation

Identity management across platforms

Integrated Solutions

Secure Remote Access

Well-managed Identity Access Across Networks

Virtualization and

Management

Common, well-managed identity across resources

Identity and Access Management End StateSimple and Easy

Common identity is used

in the cloud

More secure, simplified access for partners

Always-on access built into platform

Solution

Banque de Luxembourg decided to implement Microsoft Forefront Identity Manager 2010, which delivers policy-based identity and credential management across heterogeneous environments.

Customer Results and Benefits

• Increased employee productivity

• Simplified IT management

• Improved compliance

Customer Business Challenge

Banque de Luxembourg sought a centralized solution for identity and access management, one that would work with its heterogeneous systems. It wanted to eliminate manual processes for provisioning user accounts in an effort to improve IT efficiency and internal compliance.

“With Forefront Identity Manager and Active Directory, we have the comprehensive identity and access management solution that we need to support our banking operations.”

René Chevremont, Head of Access Management, Banque de Luxembourg

Financial Institution Gains Efficiency with Automated Identity and Access Management

The Security, Identity, and

Access Management

(SIAM) offering portfolio

from Microsoft Services

supports the Business

Ready Security approach

by providing the planning

and deployment guidance

for Microsoft security and

identity products and

technologies.

Experienced – Broad perspective covering industry, segment, and organization size

Knowledgeable - Worked with hundreds of pre-release, early-adoption projects

Connected - Connected to Microsoft product teams

Accountable - Accountable for your success

Why Microsoft Services

http://www.microsoft.com/services

Working with Microsoft Services

Try the solutions at: Microsoft.com/forefront/trial

Speak with a Microsoft representative about

your needs

Deploy solutions that empower your

business needs

Overall Resources and Next StepsForefront Deployment Resourceshttp://www.microsoft.com/forefront/en/us/deployment.aspx

Microsoft Assessment and Planning (MAP) Toolkithttp://technet.microsoft.com/en-us/library/bb977556.aspx

Microsoft Forefront Case Studieshttp://www.microsoft.com/forefront/en/us/case-studies.aspx

Antivirus Defense-in-depth Guide Solution Acceleratorshttp://www.microsoft.com/downloads/details.aspx?FamilyID=f24a8ce3-63a4-45a1-97b6-3fef52f63abb&displaylang=en

Microsoft Serviceshttp://www.microsoft.com/services

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Virtualization andManagement

Integrated Across Microsoft and Heterogeneous Environments

Heterogeneous EnvironmentsCore Infrastructure

Server and Domain Isolation

Common Identity

Interoperable standards for

federation

Identity management across platforms

Integrated Solutions

Business Ready SecurityHelp securely enable business by managing risk and empowering people

Block

FROM:Enable

CostValue

Siloed Seamless

TO:

Highly Secure & Interoperable Platform

IdentityProtect everywhere,access anywhere

Integrate and extend security across the

enterprise

Simplify the security experience,manage compliance

Across on-premises and cloud scenarios

Information Protection

Identity and Access Management

Secure Desktop

Secure Collaboration

Secure Messaging

Secure Datacenter

Business Ready Security Solutions