Security and Identity. Kevin Harris Account Technology Strategist Microsoft Corporation



Similar documents
Session ID: Session Classification:

BEING MOBILE WITH WINDOWS 8.1

Configuring Advanced Windows Server 2012 Services

Active Directory Services with Windows Server MOC 10969

Implementing an Advanced Server Infrastructure

Active Directory Services with Windows Server

Quality Management Consultancy

Configuring Advanced Windows Server 2012 Services 5 Days

WirelessOffice Administrator LDAP/Active Directory Support

NIIT Education and Training, Doha, Qatar - Contact: /1798;

Course Active Directory Services with Windows Server

Active Directory Services with Windows Server 10969B; 5 days, Instructor-led

TIBCO Spotfire Platform IT Brief

Configuring Advanced Windows Server 2012 Services

"Charting the Course... MOC D Configuring Advanced Windows Server 2012 Services Course Summary

Copyright

Virtualization Hyper-V host scale and scale-up workload support

Microsoft Active Directory Services with Windows Server

Course 10969A Active Directory Services with Windows Server

Configuring Advanced Windows Server 2012 Services Course# 20412D

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Windows Server 2012 / Windows 8 Audit Fundamentals

Course: Fundamentals of Microsoft Server 2008 Active Directory

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Build Your Knowledge!

Introduction. Connection security

MOC ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

C13 - Establishing a Windows Baseline Mike Villegas

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233

Implementing an Advanced Server Infrastructure

Agenda. How to configure

SINGLE COURSE. 136 Total Hours. After completing this course, students will be able to:

Lab : Planning and Implementing a Virtual Machine Deployment and Management Strategy

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Owner of the content within this article is Written by Marc Grote

MS Implementing an Advanced Server Infrastructure

Securing Active Directory Correctly

Microsoft Active Directory and Windows Security Integration with Oracle Database

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

Training Name Installing and Configuring Windows Server 2012

e-governance Password Management Guidelines Draft 0.1

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication

SIEMENS. Sven Lehmberg. ZT IK 3, Siemens CERT. Siemens AG 2000 Siemens CERT Team / 1

Centralized Oracle Database Authentication and Authorization in a Directory

PrivateWire Gateway Load Balancing and High Availability using Microsoft SQL Server Replication

Secure Login Issues & Solutions

Configuring User Identification via Active Directory

MCSA Security + Certification Program

Windows Server : Advanced Services 3 1 1

Identity and Access Windows Server 2012

Configuring Claims Based FBA with Active Directory store 1

Additional Security Considerations and Controls for Virtual Private Networks

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2

Samba as an Active Directory Domain Controller

Log Management and Intrusion Detection

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Overview of Active Directory Rights Management Services with Windows Server 2008 R2

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

What s in Installing and Configuring Windows Server 2012 (70-410):

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2

White Paper. Fabasoft Folio Cross-Domain License Check. Fabasoft Folio 2015 Update Rollup 2

Administering Windows Server 2012

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Single Sign On In A CORBA-Based

Smooth migration or how to preserve access rights during a win2000 migration? M. Köhler. -MPY- WNT Projektgruppe 20/04/2001 1

Active Directory Services with Windows Server

User-ID Best Practices

05.0 Application Development

Outline SSC Configuring and Troubleshooting Windows Server 2008 Active Directory

PCI DATA SECURITY STANDARD OVERVIEW

Active Directory Integration

IT SYSTEMS ADMINISTRATOR PROGRAM

Implementing an Advanced Server Infrastructure

Windows Password Change Scenarios

NOTE: Labs in this course are based on the General Availability release of Windows Server 2012 R2 and Windows 8.1.

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

ONLINE BACKUP MANAGER MS EXCHANGE MAIL LEVEL BACKUP

The Institute of Internal Auditors Detroit Chapter Presents

How To Make Your Computer System More Secure And Secure

Course Outline: Course Configuring Advanced Windows Server 2012 Services

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2

RDS Online Backup Suite v5.1 Brick-Level Exchange Backup

Rentavault Online Backup. MS Exchange Mail Level Backup

Basic principles of infrastracture security Impersonation, delegation and code injection

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

Take Control of Identities & Data Loss. Vipul Kumra

MCSA Windows Server Eğitimi İçeriği

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

Course 10233:Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2

Introduction. Activating the CFR Module License. CFR Configuration

Transcription:

Security and Identity Kevin Harris Account Technology Strategist Microsoft Corporation

2 Session Objectives Enhanced Authorization within the Enterprise Help with Compliance and Data Leakage Improve File Management

3 Agenda Customer Challenges Windows Server 8 Active Directory Changes Dynamic Access Control

4 Sound Familiar?

5 Data Management Challenges Growth of Users and Data? Distributed Computing Regulatory and Business Compliance? Budget Constraints

6 Different views of Information Governance CSO/CIO department I need to have the right compliance controls to keep me out of jail Infrastructure Support I don t know what data is in my repositories and how to control it Content Owner Is my important data appropriately protected and compliant with regulations how do I audit this IW I don t know if I am complying with my organization s polices

7 Windows Server 8 Active Directory Changes Bring existing identity claims model into the Windows platform Introduce a new Windows authorization and audit engine Improvements to the File Classification Infrastructure

8 Active Directory Authentication Domain Controller issues groups and claims! - Claims (user & device) sourced from Identity attributes in AD - Compound ID binds a user to the device to be authorized as one principal - Claims delivered in Kerberos PAC NT Token has sections - User & Device data - Claims and Groups! OID to claim for cert based Auth Support for X-Forest Claims Transformation

9 Access in the Enterprise?

Dynamic Access Control (DAC) Expression-based access control policy Active Directory File Servers User claims User.Department = Finance User.Clearance = High Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High ACCESS POLICY Applies to: @Resource.Impact == High Allow Read, Write if (@User.Clearance == High ) AND (@Device.Managed == True) 10

11 Classification and Tagging Define classification properties using resource property definitions - Eg. Impact Tag data by consuming classification properties - Eg. Low, Moderate, High

12 Dynamic Access Control on File Servers Identify data Control access Audit access Protect data Manual tagging by content owners Expression based access conditions with support for user claims, device claims and file tags Central audit policies that can be applied across multiple file servers Automatic RMS protection for Office documents based on file tags Automatic classification (tagging) Central access policies targeted based on file tags Expression based auditing conditions with support for user claims, device claims and file tags Near real time protection soon after the file is tagged Application based tagging Access denied remediation Policy staging audits to simulate policy changes in a real environment Extensibility for non Office RMS protectors

Control access to information In Active Directory: Create claim definitions Create resource property definitions Create central access policy In Group Policy: Send central access policies to file servers On File Server: Apply access policy to the shared folder Identify information At Runtime: User tries to access information Windows 8 Active Directory End User Access policy Claim Definitions Resource Property Definitions Allow / Deny Windows 8 File Server

14 Review Session Objectives Enhanced Authorization within the Enterprise - Dynamic Access Control - Central Authoring & Distribution of Access Policies Help with Compliance and Data Leakage - Target Audits with Claims Based Expressions - Only audit what you care about! Improve File Management - Learned how file classification ties into Windows Server 8 Dynamic Access Control

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information