Monday, May 4, 2015

Microsoft Ignite - Identity and Access Management Everywhere

On my first day the most important session was BRK3863 - Identity and Access Management Everywhere.
The video on Channel9 is not yet available, but it might will when you read this. So check out http://channel9.msdn.com/Events/Ignite/2015/BRK3863

Here in short the highlights:
- Dynamic groups for app access - Yuppie, finally. E.g. groups for managers get automatically updated if someone works now for that manager or not any longer; or anyone in sales based on the user description field
- Group of people have access to a application with a single user, e.g. Twitter Enterprise account, and with password rollover only Azure AD internally knows the password, not an admin
- Azure AD detects and tracks inconsistent access patterns, e.g.g log on s from the US and China at the same time. (Note: They will catch me a lot because I am accessing the system for several reasons from different places on the planet through proxies or VPN connections all the time)
- End user and social identity identities can be added to Azure AD soon
- Workday is the first HR cloud app allowing user to be added in Azure AD
- Approval for app access requests
- Adding B2B capabilities soon
- Windows 10 Workspace AD Join will work directly with Azure AD, that gives you now options of enrolling machines for your workforce

You might know that you can access thousands SaaS applications through Azure AD and all is configured in Azure AD and not on a onpremise federation server. Azure AD can also provision user accounts in SaaS applications, so that minimizes the lead time for connecting a SaaS application to your Azure or onpremise Active Directory.

No comments: