Security Best Practices for Microsoft Azure Applications

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security Best Practices for Microsoft Azure Applications"

Transcription

1 Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT

2 Service Lines Application Security Infrastructure Security Customized Solutions & Training 10+ years of tailored best practices and specialized intellectual property Microsoft Internal MSIT MSN Microsoft.com Product Groups Service Channels Microsoft External MCS Premier Acquisitions Global and Strategic Partners Unique knowledge transfer and value-add for Microsoft and its customers, partners and acquisitions Functional Capacity Specialization Totals Canada Global Delivery India Application Security 30 Infrastructure Security Dedicated PMs Total US- Redmond, ACE HQ United States Mission: to protect key assets by lowering overall information security risk for Microsoft and its customers through advisory services

3 Comprehensive Approach Security Program Security Architect Led & Program Manager Supported Infrastructure Security Application Security

4 Introductions

5 Shared security responsibility Data classification & accountability Client & endpoint protection Identity & access management Application level controls Network level controls Host Security Physical Security

6 Agenda 1. Setup the sample HRPortal application 2. Authentication 3. Auditing & Logging 4. Configuration Management 5. Sensitive Data 6. Communication 7. Host Security

7 HRPortal sample app Architecture diagram Admin Azure Active Directory User Use cases User can login to HR Website User can view salary, edit bank account number, update skills and upload resume AV scan engine scans resumes for malware Admin deploys solution to Azure Azure subscription HR Website AV Scan engine Azure Storage Azure SQL Database

8 Lab: Setup the sample application

9 1. Authentication

10 Authentication - Threats and Countermeasures Countermeasures Admin User Admin Use organizational accounts or corporate identities Azure Active Directory Use strong passwords Use multi-factor authentication Use federated identity pattern... Extend on-premise AD to Azure Azure Portal Cloud Service Virtual Machines... Active Directory Enterprise

11 Use Organizational Accounts or Corporate Identities Microsoft Account (Windows Live ID) Azure Active Directory Azure Active Directory Azure Active Directory Directory sync with password Directory sync with Federation Active Directory Active Directory Enforce password policies Enforce Cloud based Multi factor Authentication Enforce On premise Multi factor Authentication

12 Lab: Azure AD password policy

13 Lab: Enabling MFA for Azure AD users

14 Directory sync with federation Admin logs in on-prem Admin browses to Azure portal Windows Azure Portal Windows Azure Active Directory ADFS (sts.contoso.c om) Active Directory Admin is redirected to AAD AAD redirects to onprem STS since directory sync with SSO is setup. Admin authenticates to on-prem STS On-prem STS returns admin token to AAD AAD has a trust with STS, validates token, redirects to Azure portal

15 Demo: Directory sync with federation

16 Federated Identity Pattern Consumer authenticates and requests token STS returns token Identity Provider (IdP) or Security Token Service (STS) Service trusts IdP or STS Consumer Consumer presents token to service Service

17 Lab: Enabling Azure AD authentication on Azure Website

18 Extend on-premise Active Directory to Azure Application... Availability Set Virtual Network SQL Server... VPN Domain controllers Availability Set... = OR Availability Set AD Replication Enterprise... Active Directory User Enterprise

19 Authentication Summary Threats Improper de-provisioning Credential theft Brute forcing passwords Countermeasures Use organizational accounts or corporate identities Use strong passwords Use multi-factor authentication Use federated identity pattern Extend on-premise AD to Azure

20 2. Auditing & Logging

21 Auditing & Logging - Threats and Countermeasures Countermeasures Admin User Admin Enable logging Transfer logs to storage Azure Active Directory Monitor logs for suspicious activity Subscription Audit logs... Auditing and Activity Logging Azure Portal Cloud Service Virtual Machines Windows Azure Diagnostics Azure Storage Logging Azure storage Azure SQL Database SQL Azure Auditing

22 Demo: Subscription operation logs

23 Demo: SQL database logs

24 Demo: Azure storage logs

25 Demo: Cloud Service logs

26 Auditing and Logging Summary Azure component Logging feature Examples of suspicious behavior Azure Active Directory Auditing and Activity Logging Addition of user, admin, change of group membership Azure Subscription Subscription Operation logs Addition of co-administrator, enabling RDP on cloud service, operation from unexpected IP Address Azure Web Sites Application and Site Diagnostics Performance degradation due to DOS attack Cloud Services Windows Azure Diagnostics Security event for malware, remote login, creation of local user, change of important files, performance Virtual Machines Windows Azure Diagnostics or Windows Event degradation due to DOS attack Forwarding Azure Storage Azure Storage Logging Operation from unexpected IP Address, unexpected operated Azure SQL Database SQL Azure Auditing Operation from unexpected IP Address

27 3. Configuration Management

28 Configuration Management - Threats and Countermeasures Dev cspkg Admin cscfg Countermeasures Protect secrets in config files Use Runtime Reconfiguration pattern Rollover secret keys Visual Studio Online Git repository cscfg Azure subscription cloud service Azure Storage Azure SQL Database

29 Lab: Setting configuration values for Azure Websites

30 Runtime Reconfiguration pattern Dev Admin Admin changes configuration in service configuration file Visual Studio Online cspkg cscfg cloud service Application code subscribes to an event to know if configuration has changed. Code allows change if acceptable. Git repository cscfg Azure subscription If change is not acceptable and may cause configuration issues, code requests a role restart. Azure Storage Azure SQL Database

31 Roll over secret keys Dev Admin Azure storage has primary and secondary access keys cspkg cscfg Change configuration to secondary access key Visual Studio Online Git repository cscfg Azure subscription cloud service Configuration changes at runtime Regenerate primary access key and change configuration to new primary access key Azure Storage Azure SQL Database Configuration changes at runtime Regenerates secondary access key

32 Demo: Re-generating storage access keys

33 Lab: Using Key Vault to store secrets

34 Configuration Management Summary Threats Secret keys compromised from repository Improper de-provisioning Countermeasures Protect secrets in config files Use Runtime Reconfiguration pattern Rollover secret keys

35 4. Sensitive Data

36 Sensitive Data - Threats and Countermeasures Admin User Countermeasures Use Valet Key pattern Encrypt sensitive data at rest Application... cloud service Web application SQL Server... Azure Storage Azure SQL Database

37 Valet Key Pattern SAS SAS User cloud service User requests a resource Application checks validity of request, generates Shared Access Signature (SAS) and returns to user User directly accesses resource using SAS Application Azure Storage

38 Demo: Shared Access Signatures

39 Encrypt sensitive data at rest BitLocker Drive Encryption Admin User SQL Server Transparent Data Encryption or Column Level Encryption Application... Web application cloud service Application level encryption using.net Crypto API or other languages or Azure SQL TDE SQL Server... Azure Storage Azure SQL Database

40 Lab: Encrypting data using Key Vault

41 Encrypt sensitive data at rest Scenario Encryption technology Key management Azure VMs with sensitive files BitLocker Drive Encryption 3rd party solutions Sensitive data in SQL Server on Azure VM Sensitive data in Azure Storage, NoSQL, Azure SQL Database SQL Server Transparent Data Encryption or Column Level Encryption Application level encryption using.net Crypto API or other languages or Azure SQL TDE Can use Extensible Key Management and existing on-premise HSM Azure Key Vault

42 5. Communication

43 Communication - Threats and Countermeasures User cloud service Admin Countermeasures Use SSL Disable remote desktop Limit input endpoints Use IP based restrictions Azure Storage Azure SQL Database Service Bus Relay App Server Enterprise

44 Demo: Configuring Azure Website to use SSL

45 Demo: SQL Database Firewall

46 Communication Summary IP based restriction Encrypt data in transit Azure Web Sites IIS IP Restrictions Upload SSL certificate and use custom domain Cloud Services Configure host firewall using Start-up task or use IIS IP Restrictions Upload SSL certificate and use custom domain Virtual Machines Network Access Control List Configure SSL certificate Virtual Network Inbound and Outbound IP restriction using Network Security Group Use SSL Azure SQL Database Azure SQL Firewall Use Encrypt=true; TrustServerCertificate=False in SQL Connection string

47 6. Host Security

48 Host - Threats and Countermeasures Countermeasures Patch management User Enable Anti-malware Application... cloud service Machine policy management Web application

49 Lab: Machine policy management using start-up tasks

50 Lab: Enabling Anti-malware on Cloud Services

51 Host Security Summary Threats Unpatched VMs Malware Insecure host settings Countermeasures Patch management Enable Anti-malware Machine policy management

52 Summary

53 Security Frame Threats and Countermeasures Security category Threats Countermeasures Authentication Auditing & Logging Configuration management Sensitive Data Improper de-provisioning Credential theft Brute forcing passwords Repudiation Logs lost due to recycle or deleted Improper de-provisioning Secret keys compromised from repository Shared secrets are only line of defense Use organizational accounts or corporate identities Use strong passwords Use multi-factor authentication Use federated identity pattern Extend on-premise AD to Azure Enable logging Transfer logs to storage Monitor logs for suspicious activity Encrypt secrets in config files Use Runtime Reconfiguration pattern Rollover secret keys Use Valet Key pattern Encrypt sensitive data at rest Communication Host Security Data sniffed on network Remote desktop password compromised Unpatched VMs Malware Insecure host settings Use SSL Disable remote desktop Limit input endpoints Use IP based restrictions Patch Management Enable Anti-malware Machine policy management

54 Summary Understand what you are responsible for Understand threats and implement countermeasures Use Azure security features, patterns and practices

55 References Related references for you to expand your knowledge on the subject Azure Trust Center, Azure Security Guidance, Azure Identity, Azure Multi-factor authentication, Cloud Design patterns, Security best practices for Windows Azure solutions, FDDEEE8F70C1/SecurityBestPracticesForWindowsAzureSolutionsFeb2014.docx Security Best Practices For Developing Windows Azure Applications, technet.microsoft.com/en-in aka.ms/mva msdn.microsoft.com/

56

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC Azure Security Services, Features and Options Ioannis Stavrinides Technical Evangelist, CEE MC Agenda for today General security features Encryption Other security mechanisms Azure Active Directory security

More information

Microsoft Enterprise Mobility Suite

Microsoft Enterprise Mobility Suite Microsoft Enterprise Mobility Suite Standalone - overview Peter Daalmans http://configmgrblog.com, peter@daalmans.com IT-Concern John Marcum Enterprise Client Management Architect / johnmarcum@outlook.com

More information

Microsoft Azure Fundamentals

Microsoft Azure Fundamentals Microsoft Azure Fundamentals 10979C - 2 Days - Instructor-led, Hands-on Introduction This course provides the underlying knowledge required by all individuals who will be evaluating Microsoft Azure, regardless

More information

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Microsoft SharePoint Architectural Models

Microsoft SharePoint Architectural Models Microsoft SharePoint This topic is 1 of 5 in a series Introduction to Fundamental SharePoint This series is intended to raise awareness of the different fundamental architectural models through which SharePoint

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course details Course Outline Module 1: Introduction to Azure This module provides the students a high level introduction to Azure. Cloud

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently

More information

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 5. Microsoft Azure Fundamentals M-10979 Length: 2 days Price: $ 1,295.

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 5. Microsoft Azure Fundamentals M-10979 Length: 2 days Price: $ 1,295. Course Page - Page 1 of 5 Microsoft Azure Fundamentals M-10979 Length: 2 days Price: $ 1,295.00 Course Description Get hands-on instruction and practice implementing Microsoft Azure in this two day Microsoft

More information

Azure Powershell Command Line Reference

Azure Powershell Command Line Reference Name Description Add-AzureEnvironment Creates an Azure environment Disable-AzureWebsiteApplicationDiagnostic Disables the website's application diagnostics Enable-AzureWebsiteApplicationDiagnostic Enables

More information

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Managing trust relationships with multiple business identity providers (basics)

More information

This module provides an overview of service and cloud technologies using the Microsoft.NET Framework and the Windows Azure cloud.

This module provides an overview of service and cloud technologies using the Microsoft.NET Framework and the Windows Azure cloud. Module 1: Overview of service and cloud technologies This module provides an overview of service and cloud technologies using the Microsoft.NET Framework and the Windows Azure cloud. Key Components of

More information

Course Outline. Microsoft Azure Fundamentals Course 10979A: 2 days Instructor Led. About this Course. Audience Profile. At Course Completion

Course Outline. Microsoft Azure Fundamentals Course 10979A: 2 days Instructor Led. About this Course. Audience Profile. At Course Completion Microsoft Azure Fundamentals Course 10979A: 2 days Instructor Led About this Course Get hands-on instruction and practice implementing Microsoft Azure in this two day Microsoft Official Course. You will

More information

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Course Description This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Sales 406/256-5700 Support 406/252-4959 Fax 406/256-0201 Evergreen Center North 1501 14 th St West, Suite 201 Billings, MT 59102 Course

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

MS 20533B - Implementing Microsoft Azure Infrastructure Solutions

MS 20533B - Implementing Microsoft Azure Infrastructure Solutions MS 20533B - Implementing Microsoft Azure Infrastructure Solutions COURSE OVERVIEW: This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure. The course

More information

Assignment # 1 (Cloud Computing Security)

Assignment # 1 (Cloud Computing Security) Assignment # 1 (Cloud Computing Security) Group Members: Abdullah Abid Zeeshan Qaiser M. Umar Hayat Table of Contents Windows Azure Introduction... 4 Windows Azure Services... 4 1. Compute... 4 a) Virtual

More information

Hybrid Cloud Identity and Access Management Challenges

Hybrid Cloud Identity and Access Management Challenges Hybrid Cloud Identity and Access Management Challenges Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3,

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is

More information

SINGLE & SAME SIGN-ON ASPECTS

SINGLE & SAME SIGN-ON ASPECTS SINGLE & SAME SIGN-ON ASPECTS OF AZURE ACTIVE DIRECTORY Harold Baele Senior ICT Trainer JULY 2, 2015 SLIDE 1 TRAINER INFO Harold Baele MCT at RealDolmen Education Harold.baele@realdolmen.com - @hbaele

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS

MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS Number: 70-346 Passing Score: 800 Time Limit: 120 min File Version: 58.5 http://www.gratisexam.com/ MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS Exam Name:Managing

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Microsoft Azure Fundamentals 10979B; 2 Days

Microsoft Azure Fundamentals 10979B; 2 Days Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Microsoft Azure Fundamentals 10979B; 2 Days Course Description Get hands-on

More information

DreamFactory on Microsoft SQL Azure

DreamFactory on Microsoft SQL Azure DreamFactory on Microsoft SQL Azure Account Setup and Installation Guide For general information about the Azure platform, go to http://www.microsoft.com/windowsazure/. For general information about the

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

Webinar Self-service in Microsoft Azure AD Premium

Webinar Self-service in Microsoft Azure AD Premium Webinar Self-service in Microsoft Azure AD Premium Hugh Simpson-Wells : CEO Agenda What is Azure Active Directory Premium? Self-service demo basis Self-service security groups Self-service application

More information

Big data variety, 179 velocity, 179 volume, 179 Blob storage containers

Big data variety, 179 velocity, 179 volume, 179 Blob storage containers Index A AADRM. See Azure active directory rights management (AADRM) AADRM PowerShell module Azure AD module, 164 Connect-AadrmService cmdlet, 164 Connect-MsolService cmdlet, 164 PowerShell v2.0 and.net

More information

SHAREPOINT HYBRID AND IMPLICATIONS OF 2016

SHAREPOINT HYBRID AND IMPLICATIONS OF 2016 SHAREPOINT HYBRID AND IMPLICATIONS OF 2016 Dan Charlton Senior Consultant MCSE, MCSA, MCP COMPANY OVERVIEW TOTAL SOLUTIONS OVERVIEW SharePoint Consulting & Development Organization Design Development Administration

More information

Microsoft 20533 - Implementing Microsoft Azure Infrastructure Solutions

Microsoft 20533 - Implementing Microsoft Azure Infrastructure Solutions 1800 ULEARN (853 276) www.ddls.com.au Microsoft 20533 - Implementing Microsoft Azure Infrastructure Solutions Length 5 days Price $4389.00 (inc GST) Version C Overview This course is intended for IT professionals

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide This document covers steps to configure Citrix VDI on Juniper Network s SA Series SSL VPN platforms. It also covers brief overview of

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

Course 10978A Introduction to Azure for Developers

Course 10978A Introduction to Azure for Developers Course 10978A Introduction to Azure for Developers Duration: 40 hrs. Overview: About this Course This course offers students the opportunity to take an existing ASP.NET MVC application and expand its functionality

More information

MOC 20487 DEVELOPING WINDOWS AZURE AND WEB SERVICES

MOC 20487 DEVELOPING WINDOWS AZURE AND WEB SERVICES ONE STEP AHEAD. MOC 20487 DEVELOPING WINDOWS AZURE AND WEB SERVICES Length: 5 Days Level: 300 Technology: Microsoft Visual Studio 2012 Delivery Method: Instructor-led (classroom) COURSE OUTLINE Module

More information

Additional Security Considerations and Controls for Virtual Private Networks

Additional Security Considerations and Controls for Virtual Private Networks CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES

More information

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide Published July 2015 This document covers steps to configure Citrix VDI on Pulse Secure s SA Series SSL VPN platforms. It also covers brief

More information

Getting Started with Sitecore Azure

Getting Started with Sitecore Azure Sitecore Azure 3.1 Getting Started with Sitecore Azure Rev: 2015-09-09 Sitecore Azure 3.1 Getting Started with Sitecore Azure An Overview for Sitecore Administrators Table of Contents Chapter 1 Getting

More information

IT Exam Training online / Bootcamp

IT Exam Training online / Bootcamp DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Implementing Microsoft Azure Infrastructure About this Course This course is aimed at experienced IT Professionals who currently administer their on-premise infrastructure. The course introduces the student

More information

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work. Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using

More information

10979 Microsoft Azure Fundamentals. Sobre o curso. Destinatários. Microsoft. Nível: Iniciado Duração: 12h

10979 Microsoft Azure Fundamentals. Sobre o curso. Destinatários. Microsoft. Nível: Iniciado Duração: 12h 10979 Microsoft Azure Fundamentals Microsoft Nível: Iniciado Duração: 12h Sobre o curso Get hands-on instruction and practice implementing Microsoft Azure in this two day Microsoft Official Course. You

More information

VMware Virtual Desktop Manager User Authentication Guide

VMware Virtual Desktop Manager User Authentication Guide Technical Note VMware Virtual Desktop Manager User Authentication Guide VMware Virtual Desktop Manager The purpose of this guide is to provide details of user authentication in VMware Virtual Desktop Manager

More information

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Ensuring the Security of Your Company s Data & Identities. a best practices guide a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course 20533A: Implementing Microsoft Azure Infrastructure Solutions Page 1 of 7 Implementing Microsoft Azure Infrastructure Solutions Course 20533A: 4 days; Instructor-Led Introduction This course is

More information

SQL Server Hybrid Features. Luis Vargas, Senior Program Manager Lead Xin Jin, Program Manager @ Microsoft

SQL Server Hybrid Features. Luis Vargas, Senior Program Manager Lead Xin Jin, Program Manager @ Microsoft SQL Server Hybrid Features Luis Vargas, Senior Program Manager Lead Xin Jin, Program Manager @ Microsoft Key Takeaway SQL Server integrates cloud services from Azure providing end-to-end experiences that

More information

Administering Windows Server 2012

Administering Windows Server 2012 Administering Windows Server 2012 Course Summary Configuring and Troubleshooting Domain Name System Maintaining Active Directory Domain Services Managing User and Service Accounts Implementing a Group

More information

Developing Microsoft Azure Solutions

Developing Microsoft Azure Solutions Course Duration: 5 Days About this Course This course is intended for students who have experience building vertically scaled applications. Students should also have experience with the Microsoft Azure

More information

Azure Solution Guide

Azure Solution Guide Azure Solution Guide Scenario 1 Contoso currently uses Small Business Server 2003 R2 for SharePoint, emails, backup, and Server 2003 R2 for Remote Access to LOB applications. They need a replacement. Contoso

More information

Sentinet for Windows Azure SENTINET

Sentinet for Windows Azure SENTINET Sentinet for Windows Azure SENTINET Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...

More information

Mod 2: User Management

Mod 2: User Management Office 365 for SMB Jump Start Mod 2: User Management Chris Oakman Managing Partner Infrastructure Team Eastridge Technology Stephen Hall CEO & SMB Technologist District Computers 1 Jump Start Schedule

More information

Developing Microsoft Azure Solutions 20532B; 5 Days, Instructor-led

Developing Microsoft Azure Solutions 20532B; 5 Days, Instructor-led Developing Microsoft Azure Solutions 20532B; 5 Days, Instructor-led Course Description This course is intended for students who have experience building vertically scaled applications. Students should

More information

Getting Started with Clearlogin A Guide for Administrators V1.01

Getting Started with Clearlogin A Guide for Administrators V1.01 Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality

More information

Employee Active Directory Self-Service Quick Setup Guide

Employee Active Directory Self-Service Quick Setup Guide Employee Active Directory Self-Service Quick Setup Guide (V2.0) Last update: 11/5/2014 Copyright 2014 InfraDog Inc. All rights reserved Corporate Phone: +1 (416) 473-4096, Fax: +1 (888) 863-3936, Email:

More information

AVG Business SSO Connecting to Active Directory

AVG Business SSO Connecting to Active Directory AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud

More information

MS 10978A Introduction to Azure for Developers

MS 10978A Introduction to Azure for Developers MS 10978A Introduction to Azure for Developers Description: Days: 5 Prerequisites: This course offers students the opportunity to learn about Microsoft Azure development by taking an existing ASP.NET MVC

More information

IT Services Qualifying & COP Form Training. April 2011

IT Services Qualifying & COP Form Training. April 2011 IT Services Qualifying & COP Form Training April 2011 1 Agenda Purpose for the COP Form & How it Should Be Used Customer Opportunity Profile (COP) Form Identifying Virtualization Opportunities Identifying

More information

Technology Day 2015 Xylos

Technology Day 2015 Xylos Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)

More information

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services Windows Azure Infrastructure Services provides cloud based storage, virtual networks

More information

Using RD Gateway with Azure Multifactor Authentication

Using RD Gateway with Azure Multifactor Authentication Using RD Gateway with Azure Multifactor Authentication We have a client that uses RD Gateway to allow users to access their RDS deployment from outside their corporate network. They have about 1000+ users.

More information

MOC 20413C: Designing and Implementing a Server Infrastructure

MOC 20413C: Designing and Implementing a Server Infrastructure MOC 20413C: Designing and Implementing a Server Infrastructure Course Overview This course provides students with the knowledge and skills to provide an enterprise solution that supports manual and automated

More information

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE Copyright This document is provided "as-is." Information and views expressed in this document, including

More information

Developing Microsoft Azure Solutions 20532A; 5 days

Developing Microsoft Azure Solutions 20532A; 5 days Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Developing Microsoft Azure Solutions 20532A; 5 days Course Description This

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning

More information

Developing Microsoft Azure Solutions

Developing Microsoft Azure Solutions Course 20532A: Developing Microsoft Azure Solutions Page 1 of 7 Developing Microsoft Azure Solutions Course 20532A: 4 days; Instructor-Led Introduction This course is intended for students who have experience

More information

SQL Server on Azure An e2e Overview. Nosheen Syed Principal Group Program Manager Microsoft

SQL Server on Azure An e2e Overview. Nosheen Syed Principal Group Program Manager Microsoft SQL Server on Azure An e2e Overview Nosheen Syed Principal Group Program Manager Microsoft Dedicated Higher cost Shared Lower cost SQL Server Cloud Continuum Hybrid SQL Server in Azure VM Virtualized Machines

More information

SharePoint 2013 Business Connectivity Services Hybrid Overview

SharePoint 2013 Business Connectivity Services Hybrid Overview SharePoint 2013 Business Connectivity Services Hybrid Overview Christopher J Fox Microsoft Corporation November 2012 Applies to: SharePoint 2013, SharePoint Online Summary: A hybrid SharePoint environment

More information

WHITEPAPER SECURITY APPROACHES AND SECURITY TECHNOLOGIES IN INTEGRATION CLOUD

WHITEPAPER SECURITY APPROACHES AND SECURITY TECHNOLOGIES IN INTEGRATION CLOUD WHITEPAPER SECURITY APPROACHES AND SECURITY TECHNOLOGIES IN INTEGRATION CLOUD TABLE OF CONTENTS 1 In this whitepaper... 3 2 User security... 4 2.1 Authentication... 4 2.2 Authorization & Access Control...

More information

Hybrid for SharePoint Server 2013. Search Reference Architecture

Hybrid for SharePoint Server 2013. Search Reference Architecture Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including

More information

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Course 20688A: Managing and Maintaining Windows 8

Course 20688A: Managing and Maintaining Windows 8 Course 20688A: Managing and Maintaining Windows 8 Length: 5 Days Audience(s): IT Professionals Level: 200 Delivery Method: Instructor-led (classroom) About this Course In this course, students learn how

More information

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support Learning & Development Specialist Customer Support Services Been with Microsoft for 7 years Professionally

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1

More information

ICONICS Using the Azure Cloud Connector

ICONICS Using the Azure Cloud Connector Description: Guide to use the Azure Cloud Connector General Requirement: Valid account for Azure, including Cloud Service, SQL Azure and Azure Storage. Introduction Cloud Connector is a FrameWorX Server

More information

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,

More information

Introduction to the Mobile Access Gateway

Introduction to the Mobile Access Gateway Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch

More information

PI Cloud Connect Overview

PI Cloud Connect Overview PI Cloud Connect Overview Version 1.0.8 Content Product Overview... 3 Sharing data with other corporations... 3 Sharing data within your company... 4 Architecture Overview... 5 PI Cloud Connect and PI

More information

Kaseya IT Automation Framework

Kaseya IT Automation Framework Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Setup Guide for AD FS 3.0 on the Apprenda Platform

Setup Guide for AD FS 3.0 on the Apprenda Platform Setup Guide for AD FS 3.0 on the Apprenda Platform Last Updated for Apprenda 6.0.3 The Apprenda Platform leverages Active Directory Federation Services (AD FS) to support identity federation. AD FS and

More information

AVG Business Secure Sign On Active Directory Quick Start Guide

AVG Business Secure Sign On Active Directory Quick Start Guide AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide

Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide Contents Introduction... 2 Environment Topology... 2 Virtual Machines / System Requirements...

More information

Discovering Azure AD Premium.

Discovering Azure AD Premium. Discovering Azure AD Premium. In this section we will start using AD Premium features, and see how it add value to our Company. Some Useful info for this article and related components. Lab Company Name:

More information

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led Course Description This is a 5-day Instructor Led Training (ILT) course that targets the needs of IT professionals who take part

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Implementing Microsoft Azure Infrastructure Solutions Course M20533 5 Day(s) 30:00 Hours Introduction This course is aimed at experienced IT Professionals who currently administer their on -premise infrastructure.

More information

Administering Windows Server 2012

Administering Windows Server 2012 20411D - Version: 1 25 June 2016 Administering Windows Server 2012 Administering Windows Server 2012 20411D - Version: 1 5 days Course Description: Get hands-on instruction and practice administering Windows

More information

Course 20346: Managing Office 365 Identities and Services

Course 20346: Managing Office 365 Identities and Services Course 20346: Managing Office 365 Identities and Services Overview About this course This is a 5-day Instructor Led Training (ILT) course that targets the needs of IT professionals who take part in evaluating,

More information

Integrating Single Sign-on Across the Cloud By David Strom

Integrating Single Sign-on Across the Cloud By David Strom Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio

More information

Speeding Office 365 Implementation Using Identity-as-a-Service

Speeding Office 365 Implementation Using Identity-as-a-Service August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com

More information

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.

More information

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations TECHNICAL WHITE PAPER Symantec pcanywhere Security Recommendations Technical White Paper Symantec pcanywhere Security Recommendations Introduction... 3 pcanywhere Configuration Recommendations... 4 General

More information