Morgan Simonsen, profile picture
Uploaded byMorgan Simonsen
PPTX, PDF1,575 views

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Microsoft cloud to protect your corporate identities and applications

The document discusses the use of Azure Active Directory (AD) for enhancing security and identity management in cloud environments, emphasizing its features such as identity protection and conditional access. It highlights the evolution of cloud identity management and the importance of protecting corporate identities against cyber threats, citing the increasing frequency of cybersecurity attacks. Additionally, it outlines the comprehensive solutions offered by Microsoft to secure user data, applications, and devices through advanced analytics and risk mitigation strategies.

Technology
Related topics:
Microsoft Azure
Downloaded 82 times
Azure AD Identity Protection and Conditional Access Using the Microsoft cloud to protect your corporate identities and applications
About Your Speaker: Morgan Simonsen • Cloud Evangelist@Lumagate • P-TSP@Microsoft • MCSE, MCSA, MCT • MVP • Twitter: @msimonsen • Email: morgan.simonsen@lumagate.com • Blog: morgansimonsen.com
Agenda • Why are we in this room? - We are all going to the cloud and becoming mobile • The Story so far - Cloud Identity with Azure Active Directory 101 • But I’m worried… - How to protect ourselves in this brave new world • Skynet to the rescue - Azure AD Identity Protection • IFTTTATAT - Azure AD Conditional Access
Why are we in this room? We are all going to the cloud and becoming mobile
Easy access 24x7 connectivity Flexibility Global reach Seamless collaboration Agility Reduced friction 23% greater productivity, 100% higher employee satisfaction Is mobility the answer to better employee productivity?, Forbes Magazine, 29.3.2016 But what about Auditing? Security? Compliance & Assurance?
Enterprise Mobility+Security The Microsoft vision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility+Security The Microsoft solution Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
The Story so far Cloud Identity with Azure Active Directory 101
• Microsoft “Identity Management as a Service (IDaaS)” for organizations. • Millions of independent identity systems controlled by enterprise and government “tenants.” • Information is owned and used by the controlling organization—not by Microsoft. • Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. • Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B). Azure Active Directory 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authenticationsevery dayonAzureAD More than 750 M user accounts on Azure AD Azure AD Directories >10 M 90% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Azure AD Trust Fabric Contoso AD Contoso Azure AD Fabrikam AD Fabrikam Azure AD …and trust extends to all Azure AD enabled organizations Business-2-Business (B2B) lets all identities in Azure AD collaborate We are all in the same boat forest
Hybrid identity components AD DS FIM/MIM Sync • Sync engine • Password Sync • Health (Sync, ADFS, ADDS) • AD FS (optional) • Pass-Through AuthN Salesforce Box DropBox Google … Azure AD Connect Azure AD
But I’m worried… How to protect ourselves in this brave new world
The frequency and sophistication of cybersecurity attacks are escalating $500B total potential cost of cybercrime to the global economy $3.5M average cost of a data breach to a company 200+ median # days attackers reside within a victim’s network before detection network intrusions due to compromised user credentials 75%+
Azure Active Directory Identity Protection & Conditional Access Cloud-powered protection
WE DRIVE BUSINESS EVOLUTION FORWARD Adopt Cloud for Better Security • Past: Cloud was security concern • Now: Cloud is security peace of mind • Economies of Scale  Security of Scale • Division of responsibilities • Compliance and Certifications • PCI, HIPAA etc. • Security Talent
Why use Azure AD to protect our users and apps? • Cloud Cadence release schedule for new features • Insights of scale • World Class Protection • Price • Frankly; what are your other options…?
Mission: Protect our users • World class signal due to massive amount of relevant data • One of the world’s largest consumer identity services (the Microsoft Account service) • One of the world’s large enterprise identity services (the Azure AD service) • One of the world’s largest consumer email services (Outlook.com) • One of the world’s largest enterprise email services (Office 365) • One of the world’s largest online gaming services (Xbox Live) • Signals from services like SharePoint Online, Skype and OneDrive to strengthen our analysis • Feeds from Microsoft Digital Crime Unit and Microsoft Security Response Center • Partnering with Law Enforcement, Security Researchers, Industry further enhances signal Microsoft Daily Statistics Source: https://www.microsoft.com/sir
Machine Learning for security
Credentials Azure Active Directory
Azure Active Directory Credentials Schrödinger's User ?
Seems Good Seems Bad Coder Azure Active DirectorySchrödinger's User ? Credentials Classifier
Azure Active Directory Analysis Seems Good Seems Bad Classifier Schrödinger's User ? Credentials Self-reporting ThreatdataRelying parties Behavior10+ TB Logs
Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior10+ TB Logs Schrödinger's User ? Credentials
Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were right! Credentials 10+ TB Logs
Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were wrong! Credentials 10+ TB Logs We were right!
Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data We were wrong! Credentials 10+ TB Logs We were right!
Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data Code updates to Classifier We were wrong! Credentials 10+ TB Logs We were right!
Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data Deploy new Classifier Code updates to Classifier We were wrong! 10+ TB Logs We were right!
Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? We were wrong! Analyze Label Data Update Deploy 10+ TB Logs We were right!
Learner Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reporting ThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were right! We were wrong! Analyze Update Deploy 10+ TB Logs
How Identity Protection detects and mitigates cyber attacks • Sign in Risk • Invoked on each login, evaluating that particular login • 100 data points (signals) • Result sent as input to Conditional Access • User Risk • Invoked on each login, evaluating accumulated data • Background process • Collects data over time
Identity Protection in Action: EDU Attack
We noticed a sharp increase in password lockouts Large elevation in user lockouts. Inspection show lockout increase from single org. Users Locked Out Per Day
Suspicious IP activity very different from in-country IPs Generally lower user volume Generally successful In- Country Traffic Suspect IP Mostly failure traffic Single UserAgent
Detailed suspicious IP view showed automated attacks Initial bad guy test run Large scale account failures/minuteAccounts Accessed Per-Minute, Suspect IP
The Bad Guys are getting smarter too • Botnets are bigger, cheaper and more available • Bad guys are effectively defeating 2nd factor authentication • Bad guys are feeding our machine learning systems bad data • The bad guys have machine learning too
Risks Identified by AAD Identity Protection • Leaked credentials (High) • Impossible travel to atypical locations (Medium) • Sign-ins from infected devices (Low) • Sign-ins from anonymous IP addresses (Medium) • Sign-ins from IP addresses with suspicious activity (Medium) • Signs in from unfamiliar locations (Medium) • Lockout events
Identity Protection APIs • Microsoft Graph API • https://graph.microsoft.io • IdentityRiskEvents • Sign-ins and other events that have been analyzed and found to be “risky” by Identity Protection’s machine learning and algorithms
Enable AAD Identity Protection • EMS E5/AAD P2 required • Identity Protection works for any sign-in to Azure AD
Demo: Identity Protection in the Azure Portal
Multi-Factor Authentication (MFA) Registration Policy • Pre-Canned Conditional Access Policy • Edit: Users • Access: Allow • Access Controls: MFA registration • Monitor Current Registration Status • You should enforce this!
Sign-in risk remediation policy • Pre-Canned Conditional Access Policy • Edit: Users and Conditions • Access: Allow or Block • Access Controls: MFA Authentication • Monitor Number of Sign-ins impacted • Do not enforce this unless you have high number of users registered with MFA!
User risk remediation policy • Pre-Canned Conditional Access Policy • Edit: Users and Conditions • Access: Allow or Block • Access Controls: Require Password Change • Monitor Number of users impacted • Should probably be enabled for High immediately • AADP SSPR is a nice add-on feature to have enabled
User Experience – Suspicious Sing-In • Sign-in Risk Policy enforced
User Experience – User at Risk • User Risk Policy enforced
Licensing • Azure Active Directory Premium P2 required • Enterprise Mobility+Security E5 • If users don’t have it they cannot self-remediate! Plan features Enterprise Mobility + Security E3 Enterprise Mobility + Security E5 Identity and access management •Microsoft Azure Active Directory Premium P1 •Secure single sign-on to cloud and on-premises apps •Multi-factor authentication •Conditional access •Advanced security reporting •Azure Active Directory Premium P2 •Risk-based conditional access •Privileged identity management •Includes all P1 capabilities
Using Identity Protection with Conditional Access for Applications
Wide range of Enterprise Mobility Scenarios Locked Down Device Managed Device Personal Device Unknown Device Example Point-of-sale or maintenance tablet or PC Company provided phone, tablet or PC Personal phone, tablet or PC Kiosk at a hotel Type of user Task Worker Information Worker Information Worker Information Worker Level of Access Desired by Organization varies across the spectrumLevel of Access Desired by Organization varies across the spectrum  MDM Enabled ꭕ Won’t Enable MDM ꭕ Can’t Enable MDM
Conditional Access Building Blocks • "When this happens" is called condition statement • "Then do this" is called controls • The combination of a condition statement with your controls represents a conditional access policy
Conditional Access Application Per app policy Type of client (Web, Rich, mobile) Cloud and On-premises applications User attributes Group membership Devices Domain Joined compliant Platform type (Windows, iOS, Android) Location IP Range ENFORCE MFA ALLOW BLOCK Risk Session risk User risk
Demo: Conditional Access for Applications in the Azure Portal
Devices Controls in Conditional Access • Compliant Device: • Intune Compliance Policy • SCCM • Domain Joined Device: • Azure AD Registered Device (DRS) • Windows 10 Domain Joined: Creates object in AD which is synced to cloud by AAD Connect • (Windows 10 Azure AD Joined: Registers at join) • Windows 7, 8, 8.1 domain joined: ADFS claims configured for DRS • Windows 8.1 could potentially also enroll in MDM manually and become compliant that way
Azure AD Device Registration Prerequisites • Device Registration Allowed • USERS MAY WORKPLACE JOIN DEVICES:ALL • DNS Records: • Internet Explorer Settings (these are defaults) • Don’t prompt for client certificate selection when only one certificate exists: Enable • Allow scripting: Enable • Automatic logon only in Intranet zone: Checked • Group Policy to enforce registration Entry Type Address enterpriseregistration.contoso.com CNAME enterpriseregistration.windows.net enterpriseregistration.region.contoso.com CNAME enterpriseregistration.windows.net
ADFS Claims for DRS • Additional Claims: • http://schemas.microsoft.com/ws/2012/01/accounttype • http://schemas.microsoft.com/identity/claims/onpremobjectguid • http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid • http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid
Questions?
Please evaluate the session on your way out… Hated It! Meh… Best session ever!

More Related Content

PPTX
Mct summit 2021
byKushantha Gunawardana
 
PDF
Secure Your Cloud Environment with Azure Active Directory (AD)
byWinWire Technologies Inc
 
PPTX
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
PDF
Secure Productive Enterprise from Microsoft and Atidan
byDavid J Rosenthal
 
PDF
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
byDavid J Rosenthal
 
PDF
Taking conditional access to the next level
byRonny de Jong
 
PDF
Microsoft EMS Enterprise Mobility and Security Architecture Poster
byAmmar Hasayen
 
PPTX
Enterprise Mobility+Security Overview
byChris Genazzio
 
Mct summit 2021
byKushantha Gunawardana
 
Secure Your Cloud Environment with Azure Active Directory (AD)
byWinWire Technologies Inc
 
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
Secure Productive Enterprise from Microsoft and Atidan
byDavid J Rosenthal
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
byDavid J Rosenthal
 
Taking conditional access to the next level
byRonny de Jong
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
byAmmar Hasayen
 
Enterprise Mobility+Security Overview
byChris Genazzio
 

What's hot

PDF
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
byPatrick Guimonet
 
PPTX
Azure multi factor authentication - Global Azure bootcamp 2018 security
byJoTechies
 
PDF
Microsoft Azure Rights Management
byDavid J Rosenthal
 
PDF
Protect your data in / with the Cloud
byGWAVA
 
PPTX
Azure AD - Password attacks - logging and protections
byAndres Canello
 
PDF
Security As A Service
byOlav Tvedt
 
PPTX
EMS Diagram Click Through Web
byEric Inch
 
PDF
EveryCloud_Company_Intro_Piece
byPaul Richards
 
PPTX
Overview of Microsoft Enterprise Mobility & Security(EMS)
byRadhakrishnan Govindan
 
PDF
Introduction to Microsoft Enterprise Mobility + Security
byAntonioMaio2
 
PPTX
Office 365 Security - Its 2am do you know whos in your office 365
byJack Nichelson
 
PPTX
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
PDF
From classification to protection of your data, secure your business with azu...
byJoris Faure
 
PPTX
Azure information protection
byKjetil Lund-Paulsen
 
PPTX
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
byPrime Infoserv
 
PDF
Microsoft Enterprise Mobility and Security EMS
byDavid J Rosenthal
 
PDF
Azure Sentinel Tips
byMario Worwell
 
PDF
IT Security As A Service
byMichael Davis
 
PPTX
Maximize your cloud app control with Microsoft MCAS and Zscaler
byAnkit Dua
 
PDF
SCOM 2007 & Audit Collection Services
byOlivierMichot
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
byPatrick Guimonet
 
Azure multi factor authentication - Global Azure bootcamp 2018 security
byJoTechies
 
Microsoft Azure Rights Management
byDavid J Rosenthal
 
Protect your data in / with the Cloud
byGWAVA
 
Azure AD - Password attacks - logging and protections
byAndres Canello
 
Security As A Service
byOlav Tvedt
 
EMS Diagram Click Through Web
byEric Inch
 
EveryCloud_Company_Intro_Piece
byPaul Richards
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
byRadhakrishnan Govindan
 
Introduction to Microsoft Enterprise Mobility + Security
byAntonioMaio2
 
Office 365 Security - Its 2am do you know whos in your office 365
byJack Nichelson
 
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
From classification to protection of your data, secure your business with azu...
byJoris Faure
 
Azure information protection
byKjetil Lund-Paulsen
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
byPrime Infoserv
 
Microsoft Enterprise Mobility and Security EMS
byDavid J Rosenthal
 
Azure Sentinel Tips
byMario Worwell
 
IT Security As A Service
byMichael Davis
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
byAnkit Dua
 
SCOM 2007 & Audit Collection Services
byOlivierMichot
 

Similar to NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Microsoft cloud to protect your corporate identities and applications

PPTX
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
byForsyte I.T. Solutions
 
PPTX
20181213 - wazug protecting your data with azure ad
byArjan Cornelissen
 
PPTX
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
PPTX
Azure Fundamentals Part 3
byCCG
 
PDF
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
byDavid J Rosenthal
 
PPTX
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
PPTX
Get ahead of cybersecurity with MS Enterprise Mobility + Security
byKjetil Lund-Paulsen
 
PDF
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
byJürgen Ambrosi
 
PDF
do you want to know about what is Microsoft Sentinel.pdf
byamilsaifi5
 
PDF
Information protection & classification
byDavid De Vos
 
PDF
Thr30117 - Securely logging to Microsoft 365
byRobert Crane
 
PPTX
[PU&D] - Securing IT Against Modern Threats with Microsoft Cloud Security Tools
byTomasz Poszytek
 
PDF
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PPTX
5 steps to securing your identity infrastructure.pptx
byMCont1
 
PPTX
Azure security and Compliance
byKarina Matos
 
PPTX
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
byRencore
 
PPTX
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
bySPS Paris
 
PDF
Azure Security Overview
byDavid J Rosenthal
 
PPTX
3_Microsoft Security Overview.pptx revisiones
byjoffrefonseca80
 
PPTX
20171207 we are moving to the cloud what about security
byArjan Cornelissen
 
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
byForsyte I.T. Solutions
 
20181213 - wazug protecting your data with azure ad
byArjan Cornelissen
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
Azure Fundamentals Part 3
byCCG
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
byDavid J Rosenthal
 
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
byKjetil Lund-Paulsen
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
byJürgen Ambrosi
 
do you want to know about what is Microsoft Sentinel.pdf
byamilsaifi5
 
Information protection & classification
byDavid De Vos
 
Thr30117 - Securely logging to Microsoft 365
byRobert Crane
 
[PU&D] - Securing IT Against Modern Threats with Microsoft Cloud Security Tools
byTomasz Poszytek
 
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
5 steps to securing your identity infrastructure.pptx
byMCont1
 
Azure security and Compliance
byKarina Matos
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
byRencore
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
bySPS Paris
 
Azure Security Overview
byDavid J Rosenthal
 
3_Microsoft Security Overview.pptx revisiones
byjoffrefonseca80
 
20171207 we are moving to the cloud what about security
byArjan Cornelissen
 

More from Morgan Simonsen

PPTX
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
byMorgan Simonsen
 
PDF
How to create awesome customer experiences
byMorgan Simonsen
 
PPTX
Azure Introduction for IT Pros #1 Mobility
byMorgan Simonsen
 
PPTX
Azure intoduksjon for it pro 02 data protection public
byMorgan Simonsen
 
PPTX
Turning off the lights - Going all in with the Public Cloud (Lumagate Nordic ...
byMorgan Simonsen
 
PPTX
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
byMorgan Simonsen
 
PPTX
Cloud Based Rights Management with Azure RMS
byMorgan Simonsen
 
PPTX
Building Azure RemoteApp - Microsoft Campus Days 2014
byMorgan Simonsen
 
PPTX
Microsoft EMS Mixtape
byMorgan Simonsen
 
PPTX
Lumagate Microsoft Azure RemoteApp Webinar
byMorgan Simonsen
 
PPTX
Microsoft Azure Introduction
byMorgan Simonsen
 
PPTX
Azure seminar mai 2014 01 hvorfor er azure riktig for din bedrift
byMorgan Simonsen
 
PPTX
Integrating your network with windows azure
byMorgan Simonsen
 
PPTX
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
byMorgan Simonsen
 
PPTX
NIC 2014 Modern Authentication for the Cloud Era
byMorgan Simonsen
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
byMorgan Simonsen
 
How to create awesome customer experiences
byMorgan Simonsen
 
Azure Introduction for IT Pros #1 Mobility
byMorgan Simonsen
 
Azure intoduksjon for it pro 02 data protection public
byMorgan Simonsen
 
Turning off the lights - Going all in with the Public Cloud (Lumagate Nordic ...
byMorgan Simonsen
 
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
byMorgan Simonsen
 
Cloud Based Rights Management with Azure RMS
byMorgan Simonsen
 
Building Azure RemoteApp - Microsoft Campus Days 2014
byMorgan Simonsen
 
Microsoft EMS Mixtape
byMorgan Simonsen
 
Lumagate Microsoft Azure RemoteApp Webinar
byMorgan Simonsen
 
Microsoft Azure Introduction
byMorgan Simonsen
 
Azure seminar mai 2014 01 hvorfor er azure riktig for din bedrift
byMorgan Simonsen
 
Integrating your network with windows azure
byMorgan Simonsen
 
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
byMorgan Simonsen
 
NIC 2014 Modern Authentication for the Cloud Era
byMorgan Simonsen
 

Recently uploaded

PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
WebXR in Android and Linux with OpenXR
byIgalia
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Microsoft cloud to protect your corporate identities and applications

  • 2.
    Azure AD IdentityProtection and Conditional Access Using the Microsoft cloud to protect your corporate identities and applications
  • 3.
    About Your Speaker:Morgan Simonsen • Cloud Evangelist@Lumagate • P-TSP@Microsoft • MCSE, MCSA, MCT • MVP • Twitter: @msimonsen • Email: [email protected] • Blog: morgansimonsen.com
  • 4.
    Agenda • Why arewe in this room? - We are all going to the cloud and becoming mobile • The Story so far - Cloud Identity with Azure Active Directory 101 • But I’m worried… - How to protect ourselves in this brave new world • Skynet to the rescue - Azure AD Identity Protection • IFTTTATAT - Azure AD Conditional Access
  • 5.
    Why are wein this room? We are all going to the cloud and becoming mobile
  • 6.
    Easy access 24x7 connectivity Flexibility Global reach Seamless collaboration Agility Reducedfriction 23% greater productivity, 100% higher employee satisfaction Is mobility the answer to better employee productivity?, Forbes Magazine, 29.3.2016 But what about Auditing? Security? Compliance & Assurance?
  • 7.
    Enterprise Mobility+Security The Microsoftvision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
  • 8.
    Azure Information Protection Protect yourdata, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility+Security The Microsoft solution Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
  • 9.
    The Story sofar Cloud Identity with Azure Active Directory 101
  • 10.
    • Microsoft “IdentityManagement as a Service (IDaaS)” for organizations. • Millions of independent identity systems controlled by enterprise and government “tenants.” • Information is owned and used by the controlling organization—not by Microsoft. • Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. • Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B). Azure Active Directory 33,000 Enterprise Mobility + Security | Azure AD Premium enterprise customers >110k third-party applications used with Azure AD each month >1.3 billion authenticationsevery dayonAzureAD More than 750 M user accounts on Azure AD Azure AD Directories >10 M 90% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Every Office 365 and Microsoft Azure customer uses Azure Active Directory
  • 11.
    Azure AD TrustFabric Contoso AD Contoso Azure AD Fabrikam AD Fabrikam Azure AD …and trust extends to all Azure AD enabled organizations Business-2-Business (B2B) lets all identities in Azure AD collaborate We are all in the same boat forest
  • 12.
    Hybrid identity components ADDS FIM/MIM Sync • Sync engine • Password Sync • Health (Sync, ADFS, ADDS) • AD FS (optional) • Pass-Through AuthN Salesforce Box DropBox Google … Azure AD Connect Azure AD
  • 13.
    But I’m worried… Howto protect ourselves in this brave new world
  • 14.
    The frequency andsophistication of cybersecurity attacks are escalating $500B total potential cost of cybercrime to the global economy $3.5M average cost of a data breach to a company 200+ median # days attackers reside within a victim’s network before detection network intrusions due to compromised user credentials 75%+
  • 16.
    Azure Active Directory IdentityProtection & Conditional Access Cloud-powered protection
  • 17.
    WE DRIVE BUSINESSEVOLUTION FORWARD Adopt Cloud for Better Security • Past: Cloud was security concern • Now: Cloud is security peace of mind • Economies of Scale  Security of Scale • Division of responsibilities • Compliance and Certifications • PCI, HIPAA etc. • Security Talent
  • 18.
    Why use AzureAD to protect our users and apps? • Cloud Cadence release schedule for new features • Insights of scale • World Class Protection • Price • Frankly; what are your other options…?
  • 19.
    Mission: Protect ourusers • World class signal due to massive amount of relevant data • One of the world’s largest consumer identity services (the Microsoft Account service) • One of the world’s large enterprise identity services (the Azure AD service) • One of the world’s largest consumer email services (Outlook.com) • One of the world’s largest enterprise email services (Office 365) • One of the world’s largest online gaming services (Xbox Live) • Signals from services like SharePoint Online, Skype and OneDrive to strengthen our analysis • Feeds from Microsoft Digital Crime Unit and Microsoft Security Response Center • Partnering with Law Enforcement, Security Researchers, Industry further enhances signal Microsoft Daily Statistics Source: https://www.microsoft.com/sir
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
    Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior10+ TB Logs Schrödinger's User ? Credentials
  • 26.
    Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were right! Credentials 10+ TB Logs
  • 27.
    Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were wrong! Credentials 10+ TB Logs We were right!
  • 28.
    Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data We were wrong! Credentials 10+ TB Logs We were right!
  • 29.
    Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data Code updates to Classifier We were wrong! Credentials 10+ TB Logs We were right!
  • 30.
    Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Security Analyst Label Data Deploy new Classifier Code updates to Classifier We were wrong! 10+ TB Logs We were right!
  • 31.
    Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? We were wrong! Analyze Label Data Update Deploy 10+ TB Logs We were right!
  • 32.
    Learner Credentials Azure Active Directory Analysis Seems Good Seems Bad Classifier Self-reportingThreatdataRelying parties Behavior Schrödinger's User ? Label Data We were right! We were wrong! Analyze Update Deploy 10+ TB Logs
  • 33.
    How Identity Protectiondetects and mitigates cyber attacks • Sign in Risk • Invoked on each login, evaluating that particular login • 100 data points (signals) • Result sent as input to Conditional Access • User Risk • Invoked on each login, evaluating accumulated data • Background process • Collects data over time
  • 34.
    Identity Protection inAction: EDU Attack
  • 35.
    We noticed asharp increase in password lockouts Large elevation in user lockouts. Inspection show lockout increase from single org. Users Locked Out Per Day
  • 36.
    Suspicious IP activityvery different from in-country IPs Generally lower user volume Generally successful In- Country Traffic Suspect IP Mostly failure traffic Single UserAgent
  • 37.
    Detailed suspicious IPview showed automated attacks Initial bad guy test run Large scale account failures/minuteAccounts Accessed Per-Minute, Suspect IP
  • 38.
    The Bad Guysare getting smarter too • Botnets are bigger, cheaper and more available • Bad guys are effectively defeating 2nd factor authentication • Bad guys are feeding our machine learning systems bad data • The bad guys have machine learning too
  • 39.
    Risks Identified byAAD Identity Protection • Leaked credentials (High) • Impossible travel to atypical locations (Medium) • Sign-ins from infected devices (Low) • Sign-ins from anonymous IP addresses (Medium) • Sign-ins from IP addresses with suspicious activity (Medium) • Signs in from unfamiliar locations (Medium) • Lockout events
  • 40.
    Identity Protection APIs •Microsoft Graph API • https://graph.microsoft.io • IdentityRiskEvents • Sign-ins and other events that have been analyzed and found to be “risky” by Identity Protection’s machine learning and algorithms
  • 41.
    Enable AAD Identity Protection •EMS E5/AAD P2 required • Identity Protection works for any sign-in to Azure AD
  • 42.
    Demo: Identity Protectionin the Azure Portal
  • 43.
    Multi-Factor Authentication (MFA)Registration Policy • Pre-Canned Conditional Access Policy • Edit: Users • Access: Allow • Access Controls: MFA registration • Monitor Current Registration Status • You should enforce this!
  • 44.
    Sign-in risk remediationpolicy • Pre-Canned Conditional Access Policy • Edit: Users and Conditions • Access: Allow or Block • Access Controls: MFA Authentication • Monitor Number of Sign-ins impacted • Do not enforce this unless you have high number of users registered with MFA!
  • 45.
    User risk remediationpolicy • Pre-Canned Conditional Access Policy • Edit: Users and Conditions • Access: Allow or Block • Access Controls: Require Password Change • Monitor Number of users impacted • Should probably be enabled for High immediately • AADP SSPR is a nice add-on feature to have enabled
  • 46.
    User Experience –Suspicious Sing-In • Sign-in Risk Policy enforced
  • 47.
    User Experience –User at Risk • User Risk Policy enforced
  • 48.
    Licensing • Azure ActiveDirectory Premium P2 required • Enterprise Mobility+Security E5 • If users don’t have it they cannot self-remediate! Plan features Enterprise Mobility + Security E3 Enterprise Mobility + Security E5 Identity and access management •Microsoft Azure Active Directory Premium P1 •Secure single sign-on to cloud and on-premises apps •Multi-factor authentication •Conditional access •Advanced security reporting •Azure Active Directory Premium P2 •Risk-based conditional access •Privileged identity management •Includes all P1 capabilities
  • 49.
    Using Identity Protectionwith Conditional Access for Applications
  • 50.
    Wide range ofEnterprise Mobility Scenarios Locked Down Device Managed Device Personal Device Unknown Device Example Point-of-sale or maintenance tablet or PC Company provided phone, tablet or PC Personal phone, tablet or PC Kiosk at a hotel Type of user Task Worker Information Worker Information Worker Information Worker Level of Access Desired by Organization varies across the spectrumLevel of Access Desired by Organization varies across the spectrum  MDM Enabled ꭕ Won’t Enable MDM ꭕ Can’t Enable MDM
  • 51.
    Conditional Access BuildingBlocks • "When this happens" is called condition statement • "Then do this" is called controls • The combination of a condition statement with your controls represents a conditional access policy
  • 52.
    Conditional Access Application Per apppolicy Type of client (Web, Rich, mobile) Cloud and On-premises applications User attributes Group membership Devices Domain Joined compliant Platform type (Windows, iOS, Android) Location IP Range ENFORCE MFA ALLOW BLOCK Risk Session risk User risk
  • 53.
    Demo: Conditional Accessfor Applications in the Azure Portal
  • 54.
    Devices Controls inConditional Access • Compliant Device: • Intune Compliance Policy • SCCM • Domain Joined Device: • Azure AD Registered Device (DRS) • Windows 10 Domain Joined: Creates object in AD which is synced to cloud by AAD Connect • (Windows 10 Azure AD Joined: Registers at join) • Windows 7, 8, 8.1 domain joined: ADFS claims configured for DRS • Windows 8.1 could potentially also enroll in MDM manually and become compliant that way
  • 55.
    Azure AD DeviceRegistration Prerequisites • Device Registration Allowed • USERS MAY WORKPLACE JOIN DEVICES:ALL • DNS Records: • Internet Explorer Settings (these are defaults) • Don’t prompt for client certificate selection when only one certificate exists: Enable • Allow scripting: Enable • Automatic logon only in Intranet zone: Checked • Group Policy to enforce registration Entry Type Address enterpriseregistration.contoso.com CNAME enterpriseregistration.windows.net enterpriseregistration.region.contoso.com CNAME enterpriseregistration.windows.net
  • 56.
    ADFS Claims forDRS • Additional Claims: • http://schemas.microsoft.com/ws/2012/01/accounttype • http://schemas.microsoft.com/identity/claims/onpremobjectguid • http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid • http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid
  • 57.
  • 58.
    Please evaluate thesession on your way out… Hated It! Meh… Best session ever!