Azure AD Identity

1.0x

Azure AD Identity

Created 2 years ago

Duration 0:00:00
lesson view count 828
Select the file type you wish to download
Slide Content
  1. Nicolas Lieutenant

    Slide 1 - Nicolas Lieutenant

    • Solution Architect
    • Microsoft France
    • Azure AD Identity
  2. Azure AD

    Slide 2 - Azure AD

    • Azure AD Overview
    • Architecture et fonctionnement
    • Synchronisation, authentification et fédération
    • SS0, Application proxy, MFA, Portail d’applications
    • Reporting, cloud App discovery …
    • Azure RMS Overview
  3. Protect your data

    Slide 3 - Protect your data

    • Enable your users
    • Empowering enterprise mobility
    • User
    • IT
    • Unify your environment
    • People-centric approach
    • Devices
    • Apps
    • Data
  4. Slide 4

    • Protect your data
    • Enable your users
    • User
    • IT
    • Desktop Virtualization
    • Information protection
    • Identity and access manageent
    • Mobile device & application management
    • Empowering enterprise mobility
  5. The current reality…

    Slide 5 - The current reality…

    • EC2
    • On-Premises
    • Private Cloud
    • Managed devices
  6. Self-service

    Slide 6 - Self-service

    • Single sign on
    • •••••••••••
    • Username
    • Identity as the control plane
    • Simple connection
    • Cloud
    • SaaS
    • Azure
    • Office 365
    • Public
    • cloud
    • Other Directories
    • Windows Server
    • Active Directory
    • On-premises
    • Microsoft Azure Active Directory
  7. Azure Active Directory GA features

    Slide 7 - Azure Active Directory GA features

    • Your directory in the cloud
    • Connect on-premises directories to Azure AD
    • Azure AD Sync Multi-Forest Support
    • Single Sign-on to thousands SaaS apps+ LoB and Custom application support
    • Application Proxy
    • Enterprise SLA of 99.9 percent
    • Empower users
    • Self-service password change
    • Self-Service password reset
    • Delegated group management
    • Self-Service security settings management
    • Single Sign-On to on-premises applications from the Access Panel (Azure AD Application Proxy)
    • Centrally managed identities and access
    • Group-based user assignment to SaaS apps
    • Group-based provisioning
    • Company branding
    • Password writeback
    • Monitor and protect access to applications
    • Advanced Security reporting and analytics
    • Application usage reports
    • Alerting/Notifications
    • Multi-factor authentication
  8. A comprehensive identity and access management cloud solution.

    Slide 8 - A comprehensive identity and access management cloud solution.

    • It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers
    • What is Azure Active Directory?
  9. Identity as the Access control point

    Slide 9 - Identity as the Access control point

    • PCs and devices
    • Microsoft apps
    • Non-MS cloud-based apps
    • Custom LOB apps
    • ISV/CSVapps
    • Active Directory
    • Other Directories
    • Active Directory
  10. EMS IT Manageability benefits for O365 customers

    Slide 10 - EMS IT Manageability benefits for O365 customers

    • Cloud and hybrid identity management
    • Mobile device management
    • Information
    • protection
    • Enterprise Mobility
    • Suite
    • RMS Protection via RMS for O365 (E3/E4 plan)
    • Protection for content stored in Office (on prem or O365)
    • Access to RMS SDK
    • Bring your own Key
    • RMS for O365 and:
    • Protection for on-premises Windows Server file shares
    • Departmental templates *
    • User tracking portal *
    • Remote kill *
    • Basic Mobile Device Management via MDM for O365
    • Device Settings Management
    • Selective Wipe
    • Built into O365 Mgmt Console
    • MDM for O365 +
    • PC Management
    • Mobile App Management (prevent cut/copy/past/save as from corporate apps to personal apps)
    • Secure content viewers
    • Certificate Provisioning
    • System Center integration
    • Basic Identity Mgmt via Azure AD for O365:
    • Single Sign on for O365
    • Basic Multifactor Authentication (MFA) for O365
    • Azure AD for O365 +
    • Single Sign on for all cloud apps
    • Advanced MFA for all workloads
    • Self Service group management and password reset with write back to on prem directory
    • Advanced security reports
    • FIM (Server + CAL)
    • *: available in preview December 2014
  11. Customers’ dream

    Slide 11 - Customers’ dream

    • Help our customers to have a consistent synchronization approach
    • Federation Server
    • Active Directory
    • Front-Internet Reverse Proxy
    • Active Directory
    • Applications with local Identity Store
    • SalesForce
    • SQL
    • Microsoft Azure
    • LDAP
    • Ultimate Identity component (one to rule them all)
    • ServiceNow
    • Dropbox
    • Amazon
    • Office 365
    • But reach this dream is not realistic, cloud adoption and changes are going too fast
  12. What we often see

    Slide 12 - What we often see

    • Help our customers to have a consistent synchronization approach
    • Federation Server
    • Active Directory
    • Front-Internet Reverse Proxy
    • Active Directory
    • Applications with local Identity Store
    • SalesForce
    • SQL
    • Microsoft Azure
    • LDAP
    • Multiple identity tools
    • ServiceNow
    • Dropbox
    • Amazon
    • Office 365
    • Identities are everywhere and it is a pain for every new app project
    • Multiple cloud sync tools
  13. What we can offer today

    Slide 13 - What we can offer today

    • Help our customers to have a consistent synchronization approach
    • Federation Server
    • Active Directory
    • Front-Internet Reverse Proxy
    • Active Directory
    • Applications with local Identity Store
    • SalesForce
    • SQL
    • Microsoft Azure
    • LDAP
    • Onprem Identity manager
    • ServiceNow
    • Dropbox
    • Amazon
    • Office 365
    • One hybrid identity
    • Azure AD cloud sync fabric
    • Azure AD Sync
    • (Identity Bridge)
    • Single Sign On experience
  14. Slide 14

    • SaaS apps
    • Centralized access administration for preintegrated SaaS apps and other Cloud-based apps.
    • Secure business processes with advanced access management capabilities.
    • Comprehensive identity and access management console.
    • Your cloud apps ready when you are.
    • IT professional
    • Centrally managed identities and access
  15. Security reporting that tracks inconsistent access patterns, analytics and alerts.

    Slide 15 - Security reporting that tracks inconsistent access patterns, analytics and alerts.

    • Built-in security features.
    • http://blogs.technet.com/b/in_the_cloud/archive/2014/10/01/new-levels-of-security-via-machine-learning-amp-combined-data-sets.aspx?WT.mc_id=Social_TW_OutgoingPromotion_20141002_94972828_MSCloud&linkId=9856659
    • Monitor and protect access to enterprise apps
  16. Security reporting that tracks inconsistent access patterns, analytics and alerts.

    Slide 16 - Security reporting that tracks inconsistent access patterns, analytics and alerts.

    • Built-in security features.
    • Monitor and protect access to enterprise apps
    • Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.
    • Step up to Multi-Factor authentication.
    • XXXXX
    • XXXXX
    • XXXXX
  17. A stand-alone Azure Identity and Access management service also included in Azure Active Directory Premium

    Slide 17 - A stand-alone Azure Identity and Access management service also included in Azure Active Directory Premium

    • Prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication
    • Trusted by thousands of enterprises to authenticate employee, customer, and partner access.
    • What is Azure Multi-Factor Authentication?
  18. How It Works

    Slide 18 - How It Works

    • Mobile apps
    • Phone calls
    • Text messages
    • ALERT
    • 1 4 5 6 7 6
  19. Multi-Factor authentications options

    Slide 19 - Multi-Factor authentications options

    • Multi-Factor Authentication for Office 365
    • Windows Azure Multi-Factor Authentication
    • Administrators can Enable/Enforce MFA to end-users
    • Yes
    • Yes
    • Use Mobile app (online and OTP) as second authentication factor
    • Yes
    • Yes
    • Use Phone call as second authentication factor
    • Yes
    • Yes
    • Use SMS as second authentication factor
    • Yes
    • Yes
    • App passwords for non-browser clients (e.g. Outlook, Lync)
    • Yes
    • Yes
    • Default Microsoft greetings during authentication phone calls
    • Yes
    • Yes
    • Custom greetings during authentication phone calls
    • Yes
    • Fraud alert
    • Yes
    • Event Confirmation
    • Yes
    • Security Reports
    • Yes
    • Block/Unblock Users
    • Yes
    • One-Time Bypass
    • Yes
    • Customizable caller ID for authentication phone calls
    • Yes
    • MFA Server - MFA for on-premises applications
    • Yes
    • MFA SDK – MFA for custom apps
    • Yes
  20. Slide 20

    • Empower Users
    • Manage you account
    • Company branded, personalized application Access Panel :
    • http://myapps.microsoft.com
    • + Mobile Apps
  21. Slide 21

    • Manage your account
    • Self Service Password Reset and delegated group management for cloud users
    • Company branded, personalized application Access Panel :
    • http://myapps.microsoft.com
    • + Mobile Apps
    • Empower Users
  22. Cloud App Discovery (Prevent Cloud Shadow)

    Slide 22 - Cloud App Discovery (Prevent Cloud Shadow)

    • AD Agent
    • Logs
    • Active Directory
    • Cloud App Discovery
  23. Microsoft Azure

    Slide 23 - Microsoft Azure

    • Active Directory
    • Corporate Network
    • DMZ
    • Connector
    • https://app1-contoso.msappproxy.net/
    • Connectors are deployed usually on corpnet next to resources
    • Multiple connectors can be deployed for redundancy, scale, multiple sites and different resources
    • Users connect to the cloud service that routs their traffic to the resources via the connectors
    • A connector that auto connects to the cloud service
    • Azure Active Directory Application Proxy
    • Resource
    • Resource
    • Resource
    • Connector
    • Application Proxy
    • http://app1
  24. Azure AD Application Proxy

    Slide 24 - Azure AD Application Proxy

    • 0
  25. Preintegrated SaaS apps in the application galleryhttp://azure.microsoft.com/en-us/gallery/active-directory/?fb=fr-fr#featured

    Slide 25 - Preintegrated SaaS apps in the application galleryhttp://azure.microsoft.com/en-us/gallery/active-directory/?fb=fr-fr#featured

  26. Terms used

    Slide 26 - Terms used

    • Metaverse
    • (source)connector space
    • (target)connector space
    • Sync rule
    • connected
    • directory
  27. Synchronized identity model

    Slide 27 - Synchronized identity model

    • Password hashes
    • User accounts
    • User
    • Sign-on
    • Synchronized identity
    • AAD Sync
    • On-premises
    • directory
  28. Active Directory remediation

    Slide 28 - Active Directory remediation

    • Run IdFix
    • Verify DNS domains with Office 365
    • Add these prior to syncing to preserve UPN
    • Directories other than Active Directory
    • Works with Office 365 – Identity program
    • Will be added soon to AAD Sync
    • One server is most common
    • Domain controller is Okay
    • Separate SQL Server is Okay up to 100,000 directory objects
    • You can install to Azure IAAS
    • Migrating from DirSync or FIM 2010
    • Uninstall / Reinstall
    • Side by side install with object review
    • Forest functional level
    • Windows Server 2003
    • Before installing AAD Synchttp://aka.ms/aadsync
  29. IdFix – DirSync AD Remediation

    Slide 29 - IdFix – DirSync AD Remediation

    • Identifies and remediates AD object issues that will fail Office 365 DirSync
    • Queries all domains in the authenticated forest via LDAP
    • Provides a list and can export/import values (CSV)
    • Confirmation of each edit with undo/rollback functionality and logging
    • Critical system objects are skipped where editing could cause issues
  30. What errors does IdFix look for?

    Slide 30 - What errors does IdFix look for?

    • Duplicate proxyAddresses
    • Invalid characters in attributes
    • Over length attributes
    • Format errors in attributes
    • Use of non-routable domains
    • Blank attribute that requires a value
    • mailNickName
    • proxyAddresses
    • sAMAccountName
    • targetAddress
    • userPrincipalName
    • Errors Validated
    • Attributes
  31. Slide 31

    • User (and contact) matching
    • 1
    • 2
    • 1
    • 2
    • 1
    • 2
    • Metaverse
    • Connector Space
  32. Attributes synchronized to Azure AD

    Slide 32 - Attributes synchronized to Azure AD

    • Attribute Name
    • User
    • Comment
    • accountEnabled
    • X
    • Derived from userAccountControl
    • cn
    • X
    • displayName
    • X
    • objectSID
    • X
    • pwdLastSet
    • X
    • sourceAnchor
    • X
    • The attribute used for users is configured in the installation guide.
    • usageLocation
    • X
    • msExchUsageLocation in AD DS
    • userPrincipalName
    • X
    • Sample : Office 365 Pro Plus
    • http://msdn.microsoft.com/en-us/library/azure/dn764938.aspx
  33. Password hash AD DS

    Slide 33 - Password hash AD DS

    • It is not reversible toget the users password
    • A Hash
    • Hashes are mathematicalfunctions that are nearly impossibleto reverse
    • The result of the hash algorithm iscalled a digest
    • Additional Processing
    • We further process it with a one way hash SHA256 algorithm
    • Connections are only to the Azure AD service
    • Connections are SSL encrypted
    • Enables Azure AD to validate the users password when they log in
    • Password hash sync security
    • Azure AD
    • Hash
    • Extra Security
    • User
    • Password
    • On-premises
    • directory
  34. New AD FS Scenarios

    Slide 34 - New AD FS Scenarios

    • Firewall
    • ADFS
    • Active Directory
    • Claims & Kerberos web apps
    • Restful OAuth apps
    • Office Forms Based Access
    • Published applications
    • Web Application Proxy
    • (includes ADFS Proxy)
    • ADFS
    • Resources in other businesses or identity realms
    • SaaS Apps
    • Users can register their devices to gain access to corporate data and apps and single sign-on through device authentication
    • Conditional access with multi-factor authentication is provided on a per-application basis, leveraging user identity, device registration & network location
    • Organizations can federate with partners and other organizations for seamless access to shared resources
    • Organizations can connect to SaaS applications running in Windows Azure, Office 365 and 3rd party providers
  35. New AD FS Capabilities

    Slide 35 - New AD FS Capabilities

    • AD Workplace Join
    • Users join their device to their workplace (Lite domain join), making the device known to the company’s Active Directory
    • Multi-factor Authentication
    • Businesses require additional factors of authentication when business critical resources are accessed or when there is perceived risk
    • Multi-factor Access Control
    • Businesses set conditional access control to resources based on four core pivots: the user, the device used, the user’s network location and use of additional auth factors
    • Work From Anywhere
    • Businesses enable users to work from anywhere while adhering to their IT governance policies around risk management
    • OAuth support
    • Developers build Modern apps using the web authentication broker and allow access based on AD FS policies for BYOD and conditional access
  36. New AD FS v3 Components

    Slide 36 - New AD FS v3 Components

    • Proxy Machine
    • FS Machine
    • FS Proxy
    • Web App Proxy
    • Federation Service
    • Device Registration Service
    • Client
    • Domain Controller
    • Registered devices
    • DRS configuration
    • DKM
    • FS keys
    • LOB application host
    • LOB application
    • Web Application Proxy policy
    • DRS keys
    • No IIS by default
    • WIF subsumed into AD FS
    • RP trust for Device Registration Service
    • Web App Proxy RP trust
  37. Device Registration in the Enterprise

    Slide 37 - Device Registration in the Enterprise

    • Active Directory
    • contoso.com
    • Contoso Forest
    • Configuration
    • &
    • Registered Devices
    • Containers
    • https://fs.contoso.com
    • ADFS Farm
    • https://enterpriseregistration.contoso.com
    • Client discovery of enterpriseregistration endpoint is based on the user’s UPN suffix, not the AD FS farm name
    • https://enterpriseregistration.fabrikam.com
    • https://enterpriseregistration.contoso.de
    • https://fs.fabrikam.com
    • ADFS Farm
    • https://enterpriseregistration.fabrikam.com
    • Farm deployed in trusted forest will use the same device registration service configuration and registered devices container in AD
    • Fabrikam Forest
    • user.contoso.com
    • user.contoso.de
    • user.fabrikam.com
    • 2-way AD Forest Trust
    • Active Directory
    • fabrikam.com
    • For device registration on second farm, DNS cutover
  38. AD FS with PhoneFactor MFA

    Slide 38 - AD FS with PhoneFactor MFA

    • Active Directory
    • Contoso.com
    • ADFS Server
    • PhoneFactor User Portal
    • User Proof Data (master)
    • PhoneFactor Agent (primary)
    • PhoneFactor Agent (secondary)
    • User Proof Data
    • PhoneFactor Agent (secondary)
    • User Proof Data
    • ADFS database
    • ADFS adapter
    • Federation service
    • PhoneFactor back end cloud service
    • Agent runs on STS for MP
    • Plan to decouple for RTM
    • Provision users via portal or self service
  39. Core identity scenarios with Office 365

    Slide 39 - Core identity scenarios with Office 365

    • Cloud identity
    • Single identity in the cloud Suitable for small organizations with no integration to on-premises directories
    • Windows Azure Active Directory
    • On-Premises Identity
    • Dirsync (Password Hash Sync)
    • Cloud identity with directory & password Hash synchronization 
    • Single identitysuitable for medium and large organizations without federation*
    • Windows Azure Active Directory
    • Federated identity
    • On-Premises Identity
    • Federation
    • Single federated identity and credentials suitable for medium and large organizations
    • Windows Azure Active Directory
    • Directory Sync
  40. High-level architecture

    Slide 40 - High-level architecture

    • Cloud identity + directory synchronization
    • Single sign on + directory synchronization
    • Contoso customer premises
    • AD
    • Azure AD Directory Sync
    • Provisioning
    • platform
    • Lync
    • Online
    • SharePoint
    • Online
    • Exchange
    • Online
    • Active Directory Federation Server
    • Trust
    • IdP
    • Directory
    • Store
    • Admin Portal/
    • PowerShell
    • Authentication platform
    • IdP
  41. Slide 41

    • Authentication flow (passive/web profile)
    • Identity federation
    • Customer
    • Microsoft Online Services
    • User
    • Source ID
    • Logon (SAML 1.1) Token
    • UPN:user@contoso.com
    • Source User ID: ABC123
    • Auth Token
    • UPN:user@contoso.com
    • Unique ID: 254729
  42. Authentication flow (MEX/rich client profile)

    Slide 42 - Authentication flow (MEX/rich client profile)

    • Identity federation
    • Customer
    • Microsoft Online Services
    • User
    • Source ID
    • Logon (SAML 1.1) Token
    • UPN:user@contoso.com
    • Source User ID: ABC123
    • Auth Token
    • UPN:user@contoso.com
    • Unique ID: 254729
  43. Slide 43

    • Customer
    • Microsoft Online Services
    • Active flow (Outlook/Active Sync) always external
    • Identity federation
    • User
    • Source ID
    • Logon (SAML 1.1) Token
    • UPN:user@contoso.com
    • Source User ID: ABC123
    • Auth Token
    • UPN:user@contoso.com
    • Unique ID: 254729
    • Basic Auth Credentials
    • Username/Password
  44. Federation options

    Slide 44 - Federation options

    • Suitable for educational organizations j
    • Recommended where customers may use existing non-ADFS Identity systems
    • Single sign-on
    • Secure token based authentication
    • Support for web clients and outlook only
    • Microsoft supported for integration only, no shibboleth deployment support
    • Requires on-premises servers & support
    • Works with AD and other directories on-premises
    • Shibboleth (future: SAML)
    • Works with AD & Non-AD
    • Suitable for medium, large enterprises including educational organizations
    • Recommended option for Active Directory (AD) based customers
    • Single sign-on
    • Secure token based authentication
    • Support for web and rich clients
    • Microsoft supported
    • Phonefactor can be used for two factor auth
    • Works for Office 365 Hybrid Scenarios
    • Requires on-premises servers, licenses & support
    • ADFS
    • Works with AD
    • Suitable for medium, large enterprises including educational organizations
    • Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD
    • Single sign-on
    • Secure token based authentication
    • Support for web and rich clients
    • Third-party supported
    • Phonefactor can be used for two factor auth
    • Works for Office 365 Hybrid Scenarios
    • Requires on-premises servers, licenses & support
    • Verified through ‘works with Office 365’ program
    • Works for Office 365 Hybrid Scenarios
    • Third-party STS
    • Works with AD & Non-AD
  45. Partners in the Program

    Slide 45 - Partners in the Program

    • Work in Progress
    • Partners verified to date
  46. Additional rules can be applied (ex: deny based on IP)

    Slide 46 - Additional rules can be applied (ex: deny based on IP)

    • 2 factor authentication can be set up
    • Required for SSO
    • Forest Level (2003)
    • Public Domain
    • ADFS
    • 46
  47. Understanding client authentication path

    Slide 47 - Understanding client authentication path

  48. Slide 48

    • Sign On Experiences for O365
    • Web Clients
    • Office 2010, Office 2007 SP2 with SharePoint Online
    • Outlook Web Application
    • Remember last user
    • Mail Clients
    • Office 2010, Office 2007 SP2
    • Active Sync/POP/IMAP
    • Entourage
    • Can save credentials
    • Rich Applications (SIA)
    • Lync Online
    • Office Subscriptions
    • CRM Rich Client
    • Office 2013
    • Can save credentials
    • SSO IDs
    • (from domain joined machines)
    • Cloud IDs
    • No Prompt
    • Username and Password
    • Online ID
    • AD credentials
    • Password Sync
    • (SSO from
    • non-domain
    • Joined machines)
    • Username and Password
    • AD credentials
    • Username
    • Username and Password
    • Online ID
    • AD credentials
    • Username and Password
    • AD credentials
    • Username and Password
    • Username and Password
    • Online ID
    • AD credentials
    • Username and Password
    • AD credentials
  49. Data protection realities

    Slide 49 - Data protection realities

    • 87% of senior managers admit to regularly uploading work files to a personal email or cloud account.*
    • 87%
    • 58% have accidentally sent sensitive information to the wrong person.*
    • 58%
    • Focus on data leak prevention for personal devices, but ignore the issue on corporate owned devices where the risks are the same
    • ? %
  50. Key learnings from our customers

    Slide 50 - Key learnings from our customers

    • Data privacy is importantand is often mandated
    • Regulatory requirementsare on the rise
    • IT must ‘reason over data’ as do their high value services
    • Point to point encryption fails them today
    • P2P federation is not practical or scalable
    • There has to be a better way
    • The perimeter is fading…
    • Mobile workforces, BYOD, outsourcing, virtual orgs
    • Many models of data protection policies are more reactive
    • We need data to be born encrypted and to maintain a persistent protection
    • Waiting for the “ultimate data protection solution” is tempting
    • … yet data is leaking now
  51. Our approach

    Slide 51 - Our approach

    • Protect any file type
    • Delight with Office docs, PDF, Text, and Images.
    • Important applications and services are enlightened
    • Delight with Office docs, PDF, Text, and Images.
    • CSOs and Services can ‘reason over data’
    • Delegated access to data
    • with bring-your-own-key
    • Protect in place, and in flight
    • Data is protected all the time
    • Share with anyone
    • B2B sharing is most important with B2C on the rise
    • Meet the varied organizational needs
    • Protection enforced in the cloud, or on-premises; with data in both places.
  52. Rights Management 101

    Slide 52 - Rights Management 101

    • Important: RMS never sees your DATA,
    • only your keys
  53. Key Management

    Slide 53 - Key Management

    • Rights Management Services
    • Cloud Ready
    • Integration
    • BYO Key
    • Active Directory
    • Authentication
    • and collaboration
    • Sync
    • Rights management service provided in Azure cloud
    • Complete Sync of AD info to Azure AD
    • End users access Azure RMS from desktops and mobile
    • Simple, secure collaboration to external organizations for Azure AD Trust Fabric
  54. Key Management

    Slide 54 - Key Management

    • Rights Management Services
    • Cloud Accepting
    • Integration
    • BYO Key
    • Active Directory
    • Authentication
    • and collaboration
    • Sync
    • Azure RMS Connector
    • Authorization Requests
    • Optional
    • Rights management service provided in Azure cloud
    • Minimal sync of AD info to Azure AD (~13 properties)
    • End users access Azure RMS from desktops and mobile; IT workloads connect via Azure RMS Connector (proxy)
    • Simple, secure collaboration to external organizations for Azure AD Trust Fabric
  55. DEMO: RMS Applications

    Slide 55 - DEMO: RMS Applications

    • Integration with Office 2010/13
    • Across devices – Windows, iOS, Android
    • Windows Shell Extensions
    • Native Applications and Generic protection using Protected File (PFILE)
    • Custom administrator defined policies
    • I can protect and share information securely across device types
  56. Sharing documents securely

    Slide 56 - Sharing documents securely

    • Sharing files using Azure RMS
    • Use Microsoft Azure RMS to securely share documents with colleagues and business partners
    • Rights Management Services
    • Consuming Azure RMS protected files
    • Consuming RMS protected documents in Office 2013
  57. email@microsoft.com

    Slide 57 - email@microsoft.com

    • Email Receiver
    • Quartely_Sales_Report.xslx
    • Quartely_Sales_Report.ppdf
    • Sharing protected files with anyone
    • A protected PDF copy is sent for easy access on all platforms
  58. Getting email notifications for document use

    Slide 58 - Getting email notifications for document use

    • Choosing to get email notifications
    • Notification about unauthorized user
    • alice@contoso.com;
    • Notification about authorized user
    • alice@contoso.com opened RMS blog post – Aug2014.docx.pdf
    • alice@contoso.com opened RMS blog post – Aug2014.docx.pdf
    • alice@contoso.com opened RMS blog post – Aug2014.docx.pdf
    • alice@contoso.com was denied access to BudgetWithCharts.xlsx.pdf
    • alice@contoso.com was denied access to BudgetWithCharts.xlsx.pdf
    • alice@contoso.com was denied access to BudgetwithCharts.xlsx.pdf
  59. Application Integration: Right Management Services

    Slide 59 - Application Integration: Right Management Services

    • Apply access control
    • Require authentication
    • Protect in transit
    • Protect at rest
    • Read/write/
    • edit
    • Scenario
    • Integrated Native Apps
    • Read only experience, but still secure
    • Sharing with Protected PDF
  60. Slide 60

    • Get started quickly with data protection and governance
  61. Get started quickly with Azure RMS

    Slide 61 - Get started quickly with Azure RMS

    • 1
    • Get started quickly with a single click
    • 3
    • Simple wizard driven template definition
    • 2
    • Manage templates and create with ease
  62. Working with Azure RMS templates

    Slide 62 - Working with Azure RMS templates

    • 3
    • Expire content based on a specified date
    • 4
    • Enforce online connection or allow offline access
    • 5
    • Manage template lifecycle
  63. Policy driven information protection with Office 365

    Slide 63 - Policy driven information protection with Office 365

    • A simple yet powerful rules generation experience with pre-canned templates makes it easy to quickly implement and provision data protection policies
    • Rights Management Services
    • Active Directory
    • Office 365 and Exchange data loss prevention rules
  64. Data governance

    Slide 64 - Data governance

    • Automated enforcement and user notification
    • Rights Management Services
    • Active Directory
    • File Services
    • Rights Management
    • Automated RMS in File Classification policies
    • Powerful rules based policies can enforce the automatic application of RMS to email and documents that include sensitive information.
    • Enforce Data Loss Protection policies in e-mail with content scanning including attachments
    • Protect SharePoint document libraries with on-exit protection of documents
  65. Other new capabilities

    Slide 65 - Other new capabilities

    • AD RMS to Azure RMS Migration toolkit
    • Deployment controls for end user rollout
    • Mac Outlook 2015 with Azure RMS support
    • Windows 10 EDP with Azure RMS support
    • Departmental Templates
  66. Coming Soon

    Slide 66 - Coming Soon

    • CY15
    • Q1
    • Q2
    • Doc tracking experience (see who accessed my protected docs)*
    • Preview
    • Document revocation – expire a doc after sharing*
    • Preview
    • Azure RMS Hub (deployable w/on-premises key management)*
    • Preview
    • Secure sharing to consumer email (Outlook, Gmail, Yahoo)
    • Preview
    • * Indicated an EMS/Azure RMS premium feature not in O365/RMS
  67. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

    Slide 67 - © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

    • The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.