mitigate risk & optimize your ad for windows server 2016, office...

Mitigate risk & optimize your AD for Windows Server 2016, Office 365 and Azure AD

Windows Server 2016Cloud-Ready Operating System

“Windows Server 2016 is the cloud-ready operating system that delivers new layers of security and

Azure-inspired innovation for the applications and infrastructure that power your business.”

IT pros are looking forward to:

• Improvements to Hyper-V (VM resiliency, rolling

cluster updates, hot add for memory and network

adapters)

• PowerShell 5.0 (ability to send commands to VMs

directly from the host)

• Enhanced security features (Host Guardian

Service and shielded VMs)

• Software defined storage upgrades (Storage

Spaces Direct and Storage QoS)

Benefits of AD modernization

"Microsoft believes it's a good

time to modernize your

infrastructure …It's important

and necessary to have a clean

and streamlined AD

environment when taking

advantage of all benefits of

technology like Office 365 and

other cloud-based

applications and

infrastructure.” -Mark Linton, GM OEM Prod Mgmt. Group

ROI: 124%

Payback: 23 Months

Benefits: $14.5 M

Costs: $6.5 M

Disclaimer: Dell commissioned Forrester to

do a TEI study

“Modernizing your AD deployment will enable you to take advantage of Microsoft’s new best practices and the new features available to you.”

-Darren Mar-Elia, contributing editor, Windows IT Pro magazine MSFT MVP

MICROSOFT FORRESTER MVP

What about Azure Active Directory?

o Office 365 *requires* an Azure AD instance

o Azure AD provides the Directory Service for Office 365 applications

o Azure AD integrates with on-prem AD creating a HYBRID Directory

environment

Azure Active Directory

90% of Companies use AD-

On prem.

O365 Adoption Growing at

70% YoY

AAD has >10M tenants

75% of Orgs. > 500 users

sync AD-On prem. >> AAD

Hybrid Directory

How Hybrid AD was ‘created’

8

On-Premises AD Azure AD

•LDAP Interface

•Kerberos/NTLM Authentication

•Hierarchical structure (OUs, etc.)

•Rich schema

•Integrated management services (e.g. Group Policy)

•Tight Windows integration

•PowerShell and REST interfaces

•OAUTH and SAML authentication

•Flat structure

•Simple non-extensible schema

•Management services are add-on

•Integrated SSO support

•Client agnostic

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

What Does It Mean to Modernize?

Normalize AD

Domains

Clean-up OU

Structure

Improve

SecuritySolid

Provisioning

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

• the fewer domains/forests you have to synchronize to Azure AD, the better

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

More likely to get objects you don’t want/need

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

- If you don’t have good control over on-prem identity lifecycle, then it won’t be

better in Azure AD

- Security - people getting access to Office 365 apps and data that shouldn’t

- Licensing - costs for licensing people who no longer exist in your org

Hybrid AD Security

75% of enterprises with

more than 500 employees

sync their on prem AD

accounts to AzureAD/O365

(AD on prem. is

authoritative)

Business challenges

• Data exfiltration

• Insider threats

• Compliance failures

• Prolonged operational

downtime

• Revenue loss due to

downtime, loss of

productivity & potential fines

• No permission baselining

• No automatic remediation

• Lack of detailed auditing

• Labor-intense/error-prone

• Lack of granular delegation

• Disjointed administration

• Manual DR processes

Technical challenges

Dangers and pitfalls if you don’t secure AD on-prem

Hybrid AD challenges

Improve the security posture of your Microsoft infrastructure

• Who has access to what sensitive

data and how did they get that

access?

• Who has elevated privileged

permissions in AD, servers and SQL

DBs?

• What systems are vulnerable to

security threats?

• How will I know if any suspicious

privileged account activities have

occurred?

• Have any changes occurred that

could be significant of an insider

threat?

• How will I know, quickly, if an

intrusion has happened?

• Could we be under brute-force attack

right now?

• Is access control allowing those

whitelisted in and blacklisted out?

• Do my users have the lowest level of user

rights possible to do their jobs?

• Are my sensitive resources protected?

• How much time will it take me to manually

remediate unauthorized changes?

• How can I be sure that ‘it’ doesn’t happen again?

• How can I test my business continuity plan without going

off line?

• How long will it take us to recover from an AD

security incident, manually?

• What is my AD RTO after a disaster?

• Can I secure access to my DC before

next time?

Why Dell Software?

Market leadership and experience

Hybrid Infrastructure & Management Launch | 27 October 2016 | Malaysia

MPM Portfolio

• Network Product Guide – Product Portfolio Expansion (IT Software) ofthe Year – Gold

Active Administrator

• Redmond Reader’s Choice Award – Gold

• WindowSecurity.com Readers’ Choice Winner

Change Auditor

• People’s Choice STEVIE Award Winner

• Redmond Reader’s Choice Award – Gold

• New Product of the YearSTEVIE Winner – Bronze

• Network Product Guide – Gold

• Info Security Compliance Award – Bronze

• SIIA CODiE Award for Best GRC Solution

InTrust

• Redmond Reader’s Choice Award – Bronze

• Network Product Guide – Silver in GRC

• New Product of the Year STEVIE Winner –Bronze

Migration Manager for AD

• Redmond Reader’s Choice Award – Silver

AwardsMigration Suite for Exchange

• Redmond Reader’s Choice Award – Bronze

Migration Manager for PSTs

• New Product of the Year STEVIE Winner –Bronze

On Demand Migration for Email

• New Product of Year STEVIE Winner –Bronze

• Network Products Guide – Silver

Recovery Manager for AD Forest Edition

• People’s Choice STEVIE Award - Winner

• New Product of Year STEVIE Winner –Bronze

Unified Communications Command Suite

• UC Product of the Year - TMCNet

• Network Product Guide – Gold Innovations in UC

• STEVIE WINNER – Bronze

• Windows IT Pro Community Choice – Silver

ZeroIMPACT Migration Portfolio

• Partner of the Year Finalist – Messaging

• Global touch and hold model(one person manages issue through resolution)

• Highly skilled and certified engineers are product and domain experts who interact at the customer’s skill set

• Robust support portal and communitiesfor quick self-help, 24x7

Industry-leading support

100,000 articles

in knowledgebase

94% CSAT satisfaction rating

70% NPS net promoter score

Multiple services

to suit unique needs

Complete

lifecycle

• End-to-end portfolioassessment, migration,

security & compliance,

management

• One solutionSoftware, services,

support & community

• Migrate to/from

anywhere:AD, O365, Exchange,

Google, Lotus Notes,

SharePoint and more

• Secure & manage

cloud, hybrid or on-

prem environments

Future ready

• THE AD experts

• 180M Microsoft users

managed

• Email migration

leaders – DOUBLE the

competition

Unrivaled

experience

• Global presence

• World-class services

• Award-winning 24x7

global support

• Community members

sharing best practices

Global support

Visit us onlinehttps://software.dell.com/solutions/microsoft-platform-management/• Videos, case studies, product specs, etc.

Try it out • Free 30-day trials – download or run from Azure Marketplace

(complimentary SC and Support assistance)

• POC or workshop

Join the communityhttps://software.dell.com/community/• Product betas, how-to videos, discussions, blogs, tips and

tricks, etc.

Think Dell Software

© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.