1 / 36

Pass4sure 70-346 Braindumps Questions

New pass4sure Microsoft Office 365 70-346 questions available to download. Go ahead and download for http://www.pass4sureexam.co/70-346.html and pass your Microsoft Office 365 .

pass4sureexams
Télécharger la présentation

Pass4sure 70-346 Braindumps Questions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office 365 Identity Management Complete Study Guide

  2. Agenda Identity Management Overview Recently Announced… Identity Integration Options 3 1 2

  3. Identity management overview

  4. Identity management deals with identifying individuals in a system and controlling access to the resources in that system Identity management Integral components of identity and access management Authentication Authorization Verifying that a user, device, or service such as an application provided on a network server is the entity that it claims to be. Determining which actions an authenticated entity is authorized to perform on the network http://www.pass4sureexam.co/70-346.html

  5. Single Sign On (SSO) is the ability for two disjoint Identity Providers (IDP) to trust each other such that a user logged into one does not need to log in again for the second. YAUP is what you get if you don’t have SSO. More identity terms • The Relying Party (RP) is the system that relies on the Identity Provider to authenticate a user. Security Assertion Markup Language WS-Federation / WS-Trust SAML is a public standard managed by OASIS. SAML is the identity token and also the protocol. SAML 2.0 is built on SAML 1.1, ID-FF and Shibboleth. WS-Federation is used for web browser based authentication with an IDP. WS-Trust is used by Office rich client apps to authenticate. http://www.pass4sureexam.co/70-346.html

  6. Microsoft cloud services Microsoft Account Windows Azure Active Directory Organizational Account : Microsoft Account User User http://www.pass4sureexam.co/70-346.html

  7. Common identity platform for organizational accounts Windows Azure Active Directory is the underlying identity platform for various cloud services that use Organizational Accounts Windows Azure Active Directory Authentication platform Directorystore Your App http://www.pass4sureexam.co/70-346.html

  8. Directory Synchronization  Federated Identity CloudIdentity Office 365 Identity Windows Azure Active Directory Windows Azure Active Directory Windows Azure Active Directory Directory Sync Federation Directory Sync On-Premises Identity On-Premises Identity Single identitysuitable for medium and large organizations without federation Single federated identity and credentials suitable for medium and large organizations • Single identity in the cloud Suitable for small organizations with no integration to on-premises directories

  9. Recent Additions http://www.pass4sureexam.co/70-346.html

  10. Windows Azure Active Directory Sync ToolUpdate The tool is downloaded from the Office 365 admin portal. Only a one way hash of the password will be synchronized to WAAD such that the original password cannot be reconstructed from it. Synchronizes user passwords from on-premises AD to Azure AD (Office 365). Respects on-premises password policies. Can’t sync passwords for Federated Users, but can co-exist. SAML2 Identity Provider More Details on TechNet:http://aka.ms/sync http://www.pass4sureexam.co/70-346.html

  11. Directory Sync Tool or Active Directory Federation Services * Azure AD offers some 2FA features that are available with ADFS deployment on-premises.

  12. Active Authentication: Why Multi-Factor Your data and applications are under attack Passwords are easily compromised Consumerization of IT has only increased the scope of vulnerability Strengthening regulatory requirements call for strongly authenticating access http://www.pass4sureexam.co/70-346.html

  13. Enterprise authentication using any phone Mobile Apps Phone Calls Text Messages  Out-of-Band Text One-Time Passcode Out-of-Band Push One-Time-Passcode Out-of-Band Call http://www.pass4sureexam.co/70-346.html

  14. Architecture Users sign in from any device using their existing username/password. 1 Custom LOB Apps Microsoft Apps Windows Azure Active Directory Credentials are checkedin Windows Azure AD. Then Active Authentication is triggered for additional verification. ISV/CSV Apps Active Authentication Custom LOB Apps Users must also authenticate using their phone or mobile device before access is granted. 2

  15. App Passwords Provides rich client login as alternative to Multi Factor Auth Not for administrators 16 characters randomly generated Currently in preview http://www.pass4sureexam.co/70-346.html

  16. Windows Azure Active Directory Provisioning Updates Azure Active Directory GRAPH API REST API for programmatic access to data in Azure AD Can build multi-tenant applications, or custom LOB Apps Azure Active Directory Connector for FIM 2010 R2 Can be used for multi-forest synchronization and non-AD sources Public Beta starts on Connect soon http://www.pass4sureexam.co/70-346.html

  17. Identity integration options

  18. 1 2 3 4 5 6 Identity integration options

  19. 1 Cloud identity Windows Azure Active Directory Rich experience with Office Apps Ease of deployment, management and support Lower cost as no additional servers are required On-Premises High availability and reliability as all Identities and Services are managed in the cloud Cloud Identity Ex: alice@contoso.com User

  20. 2 Directory Synchronization Windows Azure Active Directory Directory Synchronization Rich experience with Office Apps Directory synchronization between on-premises and online Identities are created and managed on-premises and synchronized to the cloud Single identity and credentials but no single Sign-On for on-premises and office 365 services Reuse existing directory implementation on-premises AD On-Premises Identity Ex: Domain\Alice Cloud Identity Ex: alice@contoso.com User

  21. 3 Password Synchronization Windows Azure Active Directory Directory Synchronization with one way Password Hash Rich experience with Office Apps Directory synchronization between on-premises and online Identities are created and managed on-premises and synchronized to the cloud Single identity and password credentials but no single Sign-On for on-premises and office 365 services Reuse existing directory implementation on-premises AD On-Premises Identity Ex: Domain\Alice Cloud Identity Ex: alice@contoso.com User

  22. Scoping and Filtering for Synchronization Customers can exclude objects from synchronizing to Office 365. Scoping can be done at the following levels: AD Domain-based Organizational Unit-based User Attribute based Additional filtering capabilities will become available with the O365 Connector. Preventing the synchronization of specific attributes is not supported. http://www.pass4sureexam.co/70-346.html

  23. Multi-forest AD Windows Azure Active Directory DirSync on FIM Federation using ADFS AD AD AD On-Premises Identity Ex: Domain\Alice User http://www.pass4sureexam.co/70-346.html

  24. Multi-forest decision flowchart Start Number Active Directory forests Single (1) Need on-premises org consolidation After consolidation Multiple (>1) Want to consolidate single forest? Use Single Forest DirSync Yes See consolidation whitepaper After consolidation No “Disjoint” Account Forests? Number Exchange Orgs Multiple (>1) None (0) No Single (1) Yes “Disjoint” account forests and exchange org accessed by accounts in the same forest? Yes Use Office 365 Connector Use Multi Forest DirSync No

  25. 4 Powershell / Graph REST API Suitable for small/medium size organizations with AD or Non-AD Performance limitations apply with PowerShell and Graph API provisioning PowerShell requires scripting experience PowerShell option can be used where the customer/partner may have wrappers around PowerShell scripts (eg: Self Service Provisioning) http://www.pass4sureexam.co/70-346.html

  26. 5 Office 365 Connector for Forefront Identity Manager Suitable for large organizations with certain AD and Non-AD scenarios Complex multi-forest AD scenarios Non-AD synchronization through Microsoft premier deployment support Requires Forefront Identity Manager and additional software licenses http://www.pass4sureexam.co/70-346.html

  27. 6 Federated identity Windows Azure Active Directory Directory Synchronization Federation Single identity and sign-on for on-premises and office 365 services Identities mastered on-premises with single point of management Directory synchronization to synchronize directory objects into Office 365 Secure Token based authentication Client access control based on IP address with ADFS Strong factor authentication optionsfor additional security with ADFS AD or Non-AD On-Premises Identity Ex: Domain\Alice User

  28. ADFS Works with AD Third-party STS Works with Office 365 - Identity Shibboleth (SAML) Works with AD & Non-AD Federation options Suitable for medium, large enterprises including educational organizations Recommended option for Active Directory (AD) based customers Single sign-on Secure token based authentication Support for web and rich clients Microsoft supported Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Suitable for medium, large enterprises including educational organizations Recommended where customers may use existing non-ADFS Identity systems with AD or Non-AD Single sign-on Secure token based authentication Support for web and rich clients Third-party supported Works for Office 365 Hybrid Scenarios Requires on-premises servers, licenses & support Verified through ‘works with Office 365’ program Works for Office 365 Hybrid Scenarios Suitable for educational organizations Recommended where customers may use existing non-ADFS Identity systems Single sign-on Secure token based authentication Support for web clients and outlook (ECP) only Microsoft supported for integration only, no shibboleth deployment support Requires on-premises servers & support Works with AD and other directories on-premises

  29. ‘Works with Office 365 – Identity’ Coordinated Support Flexibility Confidence Program for third party on premises identity providers to interoperate with Office 365 Objective is to help customers that currently use Non-Microsoft identity solutions to adopt Office 365 On TechNet: http://aka.ms/SSOProviders Reuse Investments Qualified by Microsoft Partner + http://www.pass4sureexam.co/70-346.html

  30. WS-Trust & WS-Federation Active Directory with ADFS ‘Works with Office 365 – Identity’ On Premises Security Token Services http://bit.ly/17D5Dq0 WS-Federation SAML-P

  31. Client access control Part of ADFS Limit access to Office 365 based on network connectivity (internet versus intranet) Block all external access to Office 365 based on the IP address of the external client Block all external access to Office 365 except Exchange Active Sync; all other clients such as Outlook are blocked. Block all external access to Office 365 except for passive browser based applications such as Outlook Web Access or SharePoint Online http://www.pass4sureexam.co/70-346.html

  32. WAAD Identity with other cloud services Windows Azure Active Directory Cloud Identity Ex: alice@contoso.com Identity managed in Windows Azure AD single sign-on for Office 365 and other cloud services federated with single cloud identity ISV Applications or SAAS providers can integrate using APIs on Windows Azure AD ISV apps or SAAS providers orYour App Cloud Identity Ex: alice@contoso.com User

  33. Summary Cloud Identities – Windows Azure Active Directory Directory Sync from On-Premises Directory Sync from On-Premises (with Password Sync) Graph API and Powershell Forefront Identity Manager Federation (or Single Sign-On) ADFS WS-Federation and WS-Trust Shibboleth SAML-P Active Authentication for multifactor Works with Office 365 – Identity

  34. Resources Learning • Sessions on Demand • Virtual Academy http://channel9.msdn.com/Events/TechEd/Australia/2013 http://www.microsoftvirtualacademy.com/ Developer Network TechNet • Resources for IT Professionals • Resources for Developers http://technet.microsoft.com/en-au/ http://msdn.microsoft.com/en-au/

  35. Keep Learning • Keep up to date with all the latest Office 365 information at http://ignite.office.com • Get on top of your pilot using the FastTrack deployment process http://fastTrack.office.com • Trial Office 365 http://office.microsoft.com

  36. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related