community it - single sign on
TRANSCRIPT
Mobile-first, cloud-first reality
Exploited credentialsMore than 75 percent of network
intrusions exploit weak or
stolen credentials.
75% 15%Mobile security governanceBy the end of 2015 only 15 percent
of large organizations will have
adequate mobile security
governance for process and policy.
Viral unsanctioned ITMore than 80 percent of employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
Best Practices
• Password Policy• 8 characters minimum• 90 day age• Account lockout after 5 failed attempts,
10 min reset• 2FA for Cloud
• SSO for Cloud Applications
• Rename Admin Account
• Complex Service Account Passwords
• Disable inactive & unused accounts
• Remote access• Enable NLA for RDP• Restricted Access for Server Admin RDP• RDP behind Firewall/RD Gateway• Direct Access/VPN• Go Cloud
• Security Awareness Training for Staff
Managing Passwords
Single Sign On
• Designed for Enterprise
• Single Authentication Source
• Centralized provisioning
• Centralized reporting
• Policy management
• Relies on SSO vendor service
Password Manager
• User Centric
• Store & copy passwords
• Can generate passwords
• Relies on application vendor
One common identity
Self-service capabilities
• Password reset
• Group membership
• MyApps portal
Manage everything
• Dynamic groups
• Provisioning
• B2B collaboration
Single sign-on
• Easy connection to existing assets
• Unified experience across user devices
Enterprise Mobility +Security
Protect your users, devices, and apps
AZURE RIGHTS
MANAGEMENT
& SECURE
ISLANDS
Detect problems early with visibility
and threat analytics
Advanced
Threat
Analytics
MICROSOFT
INTUNE
Protect your data, everywhere
AZURE ACTIVE
DIRECTORY
IDENTITY
PROTECTION
Extend enterprise-grade security to your cloud and SaaS apps
Protect application access from identity attacks
MICROSOFT
CLOUD APP
SECURITY
Microsoft enterprise mobility solutions
Identity and access
management
Azure Active
Directory
Single sign-on to 1000s of
cloud and on-premises
applications. Identity
protection with
notifications, analysis,
recommended
remediation, and risk-
based conditional access.
Mobile device and
app management
Microsoft
Intune
Leverage mobile device
management and
mobile app
management to
protect corporate apps
and data on almost any
device.
Information
protection
Azure Rights
Management
Encryption, identity, and
authorization to secure
corporate files and email
across phones, tablets,
and PCs.
Cloud and SaaS
app security
Microsoft
Cloud App Security
Bring enterprise-grade
visibility, control, and
protection to your cloud
applications.
User and entity
behavioral analytics
Microsoft Advanced
Threat Analytics
Identify suspicious
activities and advanced
attacks that target your
on-premises platform.
Quickly focus on what
is most important with
clear, actionable
reporting.
Enterprise Mobility Suite
SSO Options for Non-Profits
• Office 365• EM + S • $1.65 per user• Integrated with Office 365• Thousands of Native Integrations
• OKTA• OKTA for Good https://www.okta.com/okta-
for-good/• 25 free licenses• Integrated with Office 365• Easy setup and integration• OKTA 1 integration for free
Planning
• Identify current applications• Use OpenDNS• Microsoft Cloud App Discovery• Firewall
• Review current SaaS subscription levels• Some SSO integrations require
higher tiers (Box, Slack, Salesforce)
• Determine level of Application integration
• What features?• SSO• MFA• Provisioning• Desktop SSO
• Use with current intranet
Implementation
• Use Vendor provide resources
• Staff notification• Pre project notification• Email blasts• Staff meeting• Define dates for application
cutover
• Phased approach• Easiest application first• Testing is difficult, hard to get
“Sandbox” environments• Plan on making tweaks