經(jīng)典PPT靜態(tài)模板194

1、Deploying and managing applications across platforms is difficult.AppsTodays challengesUsers expect to be able to work in any location and have access to all their work resources.UsersDataUsers need to be productive while maintaining compliance and reducing risk.The explosion of devices is eroding t

2、he standards-based approach to corporate IT.DevicesUsersPeople-centric ITEnable your end usersAllow users to work on the devices of their choice and provide consistent access to corporate resources.Unify your environmentDeliver a unified application and device management on-premises and in the cloud

3、.Protect your dataHelp protect corporate information and manage risk.Management. Access. Protection.DataDevicesAppsAccess and Information ProtectionProtect your dataCentralize corporate information for compliance and data protection Policy-based access control to applications and dataEmpower usersSi

4、mplified registration and enrollment for BYO devicesAutomatically connect to internal resources when neededAccess to company resources is consistent across devicesUnify your environmentCommon identity to access resources on-premises and in the cloudChallengesSolutionsUsers want to use the device of

5、their choice and have access to both their personal and work-related applications, data, and resources.Users want an easy way to be able to access their corporate applications from anywhere.IT departments want to empower users to work this way, but they also need to control access to sensitive infor

6、mation and remain in compliance with regulatory policies.Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources.Users can enroll their devices, which provides them with the company portal for consisten

7、t access to applications and data, and to manage their devices.IT can publish access to corporate resources with conditional access based on the users identity, the device they are using, and their location.Empower usersEnabling IT to empower usersIT can publish access to resources with the Web Appl

8、ication Proxy based on device awareness and the users identityIT can provide seamless corporate access with DirectAccess and automatic VPN connections.Users can work from anywhere on their device with access to their corporate resources. Users can register devices for single sign-on and access to co

9、rporate data with Workplace JoinUsers can enroll devices for access to the Company Portal for easy access to corporate applicationsIT can publish Desktop Virtualization (VDI) for access to centralized resourcesActive DirectoryWeb AppsWeb Application ProxyRemote AccessRDS GatewayVDISession hostFilesL

10、OB AppsRegistering and Enrolling DevicesIT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.Users can register BYO devices for single sign-on

11、and access to corporate data with Workplace Join. As part of this, a certificate is installed on the deviceUsers can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applicationsAs part of the registra

12、tion process, a new device object is created in Active Directory, establishing a link between the user and their deviceData from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloudActive AuthenticationActive DirectoryWeb Applic

13、ation ProxyADFSDemoWorkplace JoinPublish access to resources with the Web Application ProxyUsers can access corporate applications and data wherever they areIT can use the Web Application Proxy to authenticate users and devices with multi-factor authenticationUse conditional access for granular cont

14、rol over how and where the application can be accessedActive Directory provides the central repository of user identity as well as the device registration informationOther cloud based apps and identity storesMobile ServicesActive DirectoryDevelopers can leverage Windows Azure Mobile Services to inte

15、grate and enhance their appsActive DirectoryReverse proxy pass throughe.g. NTLM & Basic based appsPublished applicationsRestful OAuth appsOffice Forms Based AccessClaims & Kerberos web appsAD IntegratedADFSWeb Application ProxyDevicesApps & DataDemoWeb Application ProxyUsers can sync their work data

16、 to their devices. Users can register their devices to be able to sync data when IT enforces conditional accessIT can publish access directly through a reverse proxy, or conditional access can be enforced via device registration through the Web Application ProxyIT can configure a File Server to prov

17、ide Work Folder sync shares for each user to store data that syncs to their devices, including integration with Rights ManagementIT can selectively wipe the corporate data from Windows 8.1 clientsMake corporate data available to users with Work FoldersActive Directory discoverability provides users

18、Work Folders locationDomain joined devicesAccess PolicyActive DirectoryWeb Application ProxyReverse ProxyFile ServicesDevicesApps & DataDemoWork FoldersEffective working with Remote AccessCan originate admin connection from intranetConnection tointranet is always activeCannot originate admin connect

19、ion from intranetVPNDirectAccessWith DirectAccess, a users PC is automatically connected whenever an Internet connection is present.Traditional VPNs are user- initiated and provide on-demand connectivity to corporate resources.An automatic VPN connection provides automated starting of the VPN when a

20、 user launches an application that requires access to corporate resources.FirewallWeb AppsSession hostLOB AppsFilesVDIUnify your environmentChallengesSolutionsProviding users with a common identity when they are accessing resources that are located both on-premises in a corporate environment, and in

21、 cloud-based platforms.Managing multiple identities and keeping the information in sync across environments is a drain on IT resources.Users have a single sign-on experience when accessing all resources, regardless of location.Users and IT can leverage their common identity for access to external re

22、sources through federation.IT can consistently manage identities across on-premises and cloud-based identity domains.Expanded domain join capabilitiesNot JoinedWorkplace JoinedDomain JoinedUser provided devices are “unknown” and IT has no control. Partial access may be provided to corporate informat

23、ion.Registered devices are “known” and device authentication allows IT to provide conditional access to corporate informationDomain joined computers are under the full control of IT and can be provided with complete access to corporate informationBrowser session single sign-onSeamless 2-Factor Auth

24、for web appsEnterprise apps single sign-onDesktop Single Sign-OnActive Directory for the cloudRun Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning.Developers can integrate applications for single sign-on across on-premises and cloud-bas

25、ed applications.Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises.Manage Active Directory using Windows PowerShell, use the improved deployment experience and leverage the Active Directory Administrative Cent

26、er for centralized managementActivate clients running Office on at least Windows8 or Windows Server 2012 automatically using existing Active Directory infrastructure.Active DirectoryFilesLOB AppsWeb AppsInfrastructure ServicesUsers get access through accounts in Windows Azure Active Directory to Win

27、dows Azure, Office 365 and 3rd party applicationsManaging cloud identitiesIT can provide users with a common identity across on-premises or cloud-based services leveraging Windows Server Active Directory and Windows Azure Active DirectoryUsers are more productive by having a single sign-on to all th

28、eir resourcesIT can use Active Directory Federation Services to connect with Windows Azure for a consistent cloud based identity. Developers can build applications that leverage the common identity model Dirsync keeps user attributes in sync across directories.ADFSDirSyncActive DirectoryActive Direc

29、toryWeb AppsLOB AppsFiles3rd party servicesApps in AzureIncreasing the value in Active Directory Federation ServicesUsers can register their devices to gain access to corporate data and apps and single sign-on through device authentication Conditional access with multi-factor authentication is provi

30、ded on a per-application basis, leveraging user identity, device registration & network locationOrganizations can federate with partners and other organizations for seamless access to shared resourcesOrganizations can connect to SaaS applications running in Windows Azure, Office 365 and 3rd party pr

31、ovidersEnhancements to ADFS include simplified deployment and managementPublished applicationsRestful OAuth appsOffice Forms Based AccessClaims & Kerberos web appsFirewallADFSWeb Application Proxy(includes ADFS Proxy)ADFSActive DirectoryResources in other businesses or identity realmsSaaS AppsDemoAD

32、FSCorporate identity managementAllow users to manage their identity with an easy to use portal, tightly integrated with Office.Self-service group and distribution list management, including dynamic membership calculation in these groups and distribution lists, is based on the users attributes.Users

33、can reset their passwords via Windows logon, significantly reducing help desk burden and costs.Sync users identity across directories, including Active Directory, Oracle, SQL Server, IBM DS, and LDAP.Manage the complete life cycle of certificates and smart cards through integration with Active Direc

34、tory.Active DirectoryUser provisioning, de-provisioning, and role updatesBuilt-in workflow for identity managementAutomatically synchronize all user information to different directories across the enterprise Automate the process of on-boarding new usersReal-time de-provisioning from all systems to p

35、revent unauthorized access and information leakageLDAPCertificate ManagementActive DirectoryProtect your dataChallengesSolutionsAs users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device.A signifi

36、cant amount of corporate data can only be found locally on user devices.IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance.Users can work on the device of their choice and be able to acces

37、s all their resources, regardless of location or device.IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents.IT can centrally audit and report on information access.Policy based access to corporate informationIT

38、can publish resources using the web application proxy and create business-driven access policies with multi-factor authentication based on the content being accessed.IT can audit user access to information based on central audit policies.Users can access corporate data regardless of device or locati

39、on with Work Folders for data sync and desktop virtualization for centralized applications.IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.AccessPolicyLOB AppsWeb AppsSession hostFilesVDIDistributed DataDevi

40、cesDesktop VirtualizationCentralized DataRDS GatewayProtecting information with multi-factor authentication1. Users attempts to login or perform an action that is subject to MFAActive Authentication2. When the user authenticates, the application or service performs a MFA call3. The user must respond

41、 to the challenge, which can be configured as a txt, a phone call or using a mobile app5. IT can configure the type and frequency of the MFA that the user must respond to4. The response is returned to the app which then allows the user to proceedUserApplication authentication e.g. Active Directory,

42、Radius, LDAP, SQL, Custom appsADFSDevicesApps & DataDemoWindows Azure Active Authentication (PhoneFactor)Dependent on network connectivity Protect data with Dynamic Access ControlCentrally manage access control and audit polices from Windows Server Active Directory.Automatically identify and classif

43、y data based on content. Classification applies as files are created or modified.Integration with Active Directory Rights Management Services provides automated encryption of documents.Central access and audit policies can be applied across multiple file servers, with near real-time classification a

44、nd processing of new and modified documents. File classification, access policies and automated Rights Management works against client distributed data through Work Folders.Active DirectoryFile ServicesDemoDynamic Access ControlRecap: Access and Information ProtectionProtect your dataCentralize corp

45、orate information for compliance and data protection Policy-based access control to applications and dataEmpower usersSimplified registration and enrollment for BYO devicesAutomatically connect to internal resources when neededAccess to company resources is consistent across devicesUnify your environmentCommon identity to access resources on-premises and in the cloudRelated co