1 / 32

Making Identity and Access Management Real – The Early Days

Making Identity and Access Management Real – The Early Days. Brian Lauge Pedersen Senior Technology Specialist. What Will We Cover?. The Infrastructure Optimization Model Customer Challenges Implementing Solutions. Agenda. Understanding Identity Management Challenges

sibley
Download Presentation

Making Identity and Access Management Real – The Early Days

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Making Identity and Access Management Real – The Early Days Brian Lauge PedersenSenior Technology Specialist

  2. What Will We Cover? • The Infrastructure Optimization Model • Customer Challenges • Implementing Solutions

  3. Agenda • Understanding Identity Management Challenges • Implementing Active Directory • Implementing Password Security • Implementing Security Templates

  4. Overview – The Core IO Model Identity and Access Management Desktop, Device, and Server Management Security and Networking Data Protection and Recovery IT Management and Security Process CROSS-MODEL ENABLERS • Identity • Presence • Rights Management • Network Access

  5. Identity and Access Management Centralized administration, federated identity management Centralized configuration and authentication, information protection infrastructure Identity management for user identification No common identity management model Active Directory for authentication and authorization Users have access to admin mode Security templates applied to standard images Desktops not managed by policy No server-based identity or access management Users operate in admin mode Limited or inconsistent use of passwords at the desktop Minimal enterprise access standards Policy and security templates used to manage desktops for security and settings Directory and certificate-based information protection infrastructure Certificate provisioning and authorization for mobile devices Centrally manage users provisioning across heterogeneous systems Federated identity management across organizational and platform boundaries

  6. Contoso Identity Management Today User name Password

  7. Key Challenges No single sign-on Non-standard computers and servers Passwords managed non-securely IT strained due to company growth Contoso is in the Basic or Standardized Stage

  8. Our Goals: Optimize IDAM Provide single sign-on to network resources Enforce password security Implement scalable centralized management

  9. The Solution – Active Directory Enforce password security Provide single sign-on Implement scalable centralized management Robust replication Enforces security Active Directory Simplified administration Application-friendly Scalable infrastructure

  10. Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

  11. Active Directory Planning OU design DNS design Domain design Forest design

  12. Active Directory Domains Boundary of Policies Boundary of Authentication CONTOSO.COM Boundary of Replication

  13. Domain Design Options Regional domains structure Single domain structure

  14. Additional Domain Considerations Management of multiple service administrator groups Group Policy consistency Access control and auditing settings consistency Increased likelihood of objects moving between domains Solution: Single domain structure

  15. Organizational Units – An Overview OU Admin OU Security OU Policy • Organized For: • Administration • Same Requirements • Delegation • Group Policy • Configuration • Security CONTOSO.COM

  16. Organizational Unit Design • Delegation of administration • Scope Group Policy application Contoso.com Administrative Exchange Servers Servers Data Entry Users Print Servers Users SQL Servers Power Users Workstations Standard Users Desktops Laptops

  17. Active Directory Deployment Deployed first forest root domain controller Deployed second domain controller Configured and verified DNS Configured global catalog settings Reviewed operations master roles

  18. Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

  19. Password Challenges Username: aaronc Password: abc123 Username: acon Password: password Username: aaronc Password: aaronc Username: aaronc Password: P$7k#yZ Insufficient expiration policy Multiple passwords to remember Passwords written down Calls to helpdesk for password resets Weak passwords and desktop security

  20. Password Security Solutions Password policy Password change Password reset Password synchronization Credential mapping Solution: Group Policy

  21. Demo demonstration • Setting Group Policy Password Options • Configure Default Domain Policy • Verify Group Policy Application

  22. Understanding Identity Management Challenges Implementing Active Directory Implementing Password Security Implementing Security Templates Agenda

  23. Group Policy Security Templates Compatws.inf Secure*.inf Hisec*.inf

  24. demonstration Demo • Implementing Security Templates • Create Security Template • Create Desktops GPO and Apply Security Template

  25. What Have We Accomplished? Identity and Access Management Desktop, Device, and Server Management Security and Networking Data Protection and Recovery IT Management and Security Process CROSS-MODEL ENABLERS • Identity • Presence • Rights Management • Network Access

  26. Session Summary • Deployed Active Directory • Implemented password security • Configured security templates

  27. For More Information Visit TechNet at:www.microsoft.com/technet Visit the following site for additional information: www.microsoft.com/technet/hot-11

  28. Microsoft Press Publications For the latest titles, visit: www.microsoft.com/learning/books/itpro/

  29. Readiness with Skills Assessment • Self-study learning tool free to anyone • Determines skills gaps • Provides learning plans • Post your score—see how you stack up Visit: www.microsoft.com/assessment

  30. Become a Microsoft Certified Professional What are MCP certifications? Validation in performing critical IT functions. Why Certify? WW recognition of skills gained via experience. More effective deployments with reduced costs What Certifications are there for IT Pros? MCP, MCSE, MCSA, MCDST, MCDBA. www.microsoft.com/learning/mcp

  31. Introducing: TechNet Plus Direct! • All the benefits of TechNet Plus for 30% less, • TechNet Plus Direct subscribers receive… • • Online Benefits Portal – New! • • Immediate download access: software and betas – New! • • 2 free Professional Support Incidents • • Managed Newsgroups and Online Concierge • • The TechNet Library containing the KB, security updates, service packs, resource kits, and more • …TechNet Plus Direct is available exclusively online without media shipments Available Now! For more information please visit www.microsoft.com/technet/subscriptions

  32. Where Else Can I Get Help? • Live Events and Online Webcast series • Microsoft Professional Blogs Directory • Chats, Newsgroups, Forums and Virtual Labs • Local Locator for Professional User Groups www.microsoft.com/technet/community

More Related