What can you do in Azure?
Identity and Access Management
The Reality
Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection
On-premises
Other directories
Windows ServerActive Directory
SaaSAzure
Publiccloud
CloudMicrosoft Azure Active Directory
Azure Active Directory• Microsoft’s “Identity Management as a Service (IDaaS)” for
organizations.
• Millions of independent identity systems controlled by
enterprise and government “tenants.”
• Information is owned and used by the controlling
organization—not by Microsoft.
• Born-as-a-cloud directory for Office 365. Extended to
manage across many clouds.
• Evolved to manage an organization’s relationships with its
customers/citizens and partners (B2C and B2B).
1 trillionAzure AD
authentications
since the release of
the service
>80kthird-party
applications used
with Azure AD
each month
>1.3
billion authentications every
day on Azure AD
More than
600 Muser accounts on
Azure AD
Azure AD
Directories
>9 M
86% of Fortune 500
companies use
Microsoft Cloud
(Azure, O365, CRM
Online, and PowerBI)
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Azure Active Directory Connect
ADFS
Sync engine
Making a hybrid identity simple
•Azure Active Directory Connect
DirSync
Azure Active Directory Sync
FIM+Azure Active Directory Connector
ADFS
Microsoft AzureActive Directory
Identity synchronization with password (hash) sync
Identity synchronization
User attributes are synchronized using
identity synchronization services,
including a password hash;
authentication is completed against
Azure Active Directory
User attributes are synchronized using
identity synchronization tools;
authentication is passed back through
federation and completed against
Windows Server Active Directory
Delivering a seamless user-authentication experience
ADFS
Microsoft AzureActive Directory
Co
rpo
rate
n
etw
ork
Microsoft AzureActive Directory
Azure Active Directory Application Proxy
DM
Z
https://app1-
contoso.msappproxy.net/Application Proxy
http://app1
Single sign-on to any app
Web apps
(Azure Active Directory Application Proxy)
Integrated
custom appsSaaS apps
OTHER DIRECTORIES
Microsoft Azure
AzureActive Directory
Lift-and-shift on-premises
apps to Azure IaaS
On-premises
Azure AD Connect
Windows Server Active Directory
Your Azure IaaS workloads/apps
Azure AD
Domain Services
Your virtual network
Azure
Azure Active Directory Domain Services
• Your domain controller as a service for lift-and-shift scenarios
Kerberos
NTLM
LDAP
Group Policy
Connect Health: Monitor your Identity Bridge
Monitor:
• The Azure AD Connect sync
engine health
• ADFS infrastructure health
• On-premises AD Domain Services health
B2B: cross-organization collaboration“I need to let my partners access my company’s apps using their own credentials”
Azure Active Directory B2C
• Consumer identity and access management in the cloud
“By using Azure Active Directory B2C we were
able to build a fully customized login page
without having to build custom code.
Additionally, with a Microsoft solution in
place, we alleviated all our concerns about
security, data breaches, and scalability."
- Rafael de los Santos, Head of Digital, Real
Madrid
Intune/MDM
auto-enrollment
Azure Active Directory Join makes
it possible to connect work-
owned Windows 10 devices to
your company’s Azure Active
Directory
• Enterprise-compliant services
• SSO from the desktop
• Support for hybrid environments
• MDM auto-enrollment
Azure Active Directory Join for Windows 10
Windows 10 Azure AD joined devices
Enterprise State Roaming
Cloud-powered protection
Protect against
advanced threats
Mitigate
administrative
risks
Ensure accountability with better security and governance
"Microsoft is consistently and constantly looking out for us from a security perspective. We benefit from its experience in securing millions of users across its cloud assets, from Outlook.com to Xbox Live to Office 365 and Azure. Microsoft is a silent partner on our security team.
- Will Lamb, Infrastructure Coordinator,Whole Foods Market
Conditional
access to resources
Compliance
reporting
R
X
Azure Active Directory Identity Protection
• Risk severity calculation
• Remediation recommendations
• Risk-based conditional access automatically protects against suspicious logins and compromised credentials
• Gain insights from a consolidated view of machine learning based threat detection
Leaked credentials
Infected devices Configuration
vulnerabilities Risk-based
policies
MFA Challenge Risky Logins
Block attacks
Change bad credentials
Machine-Learning Engine
Brute force attacks
Suspicious sign-in activities
Azure Active Directory Identity Protection•Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Security/Monitoring/Reporting SolutionsNotifications
Data Extracts/Downloads
Reporting APIs
Apply Microsoft learnings to your existing security tools
Microsoft machine - learning engine
Leaked credentials
Infected devices Configuration
vulnerabilities Brute force
attacksSuspicious sign-
in activities
Privileged Identity Management
•Discover, restrict, and monitor privileged identities
Global Administrator
Billing Administrator
Exchange Administrator
User Administrator
Password Administrator
Privileged Identity Management
•CLOUD-POWERED PROTECTION
•How time-limited activation of privileged roles works
MFA is enforced during the activation process
Alerts inform administrators about out-of-band changes
Users need to activate their privileges to perform a task
Users will retain their privileges for a pre-configured amount of time
Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews
Audit
SECURITY ADMIN
Configure Privileged
Identity Management
USER
PRIVILEGED IDENTITY MANAGEMENT
Identity
verificationMonitor
Access reports
MFA
ALERT
Read only
ADMIN PROFILES
Billing Admin
Global Admin
Service Admin
Cloud App Discovery
•Discover all SaaS apps in use within your organization
Security reporting that tracks inconsistent access patterns, analytics, and alerts
Reporting API
Built-in security features
Monitor and protect access to enterprise apps
Step up to Multi-Factor Authentication
X X X X X
X X X X X
X X X X X
Storage
Microsoft Azure Storage Abstractions
Microsoft Azure Storage
• Highly durable and scalable
• Multiple copies of your data
• Financially backed SLAs
Automatic Storage Redundancy
> 600 KM
Windows Azure StorageDefend against regional disasters
Premium Storage
SSD based storage
Add up to 64 TB of storage per VM
Capable of >80,000 IOPS per VM
Less than 1ms read latency
Cool Storage
Generally Available
Low-cost Blob storage
As low as $0.01 per gigabyte
Storage Service Encryption
Encrypt Block and Page Blobs
256-bit AES encryption
Fully managed encryption process
Azure Disk Encryption
Windows and Linux
Standard and Premium
Fast data transfer to Azure
Encrypted data transfer
Efficient recovery
Office 365 Import Service
Bitlockered
HDD
COURIER
SERVICE
Azure Datacenter
Import/Export Your Data
Bitlockered
HDD
BLOB STORAGE
Customer
100
Terabytes
Hybrid Cloud Storage
StorSimple
Networking
Cloud Customer Segment & Workloads
Hybrid Networking Scenarios
Secure point-to-site connectivityVirtual network (Point-to-Site)
• Developers
• Small scale deployments
• Connect from anywhere
Secure site-to-site VPN connectivityVirtual network (Site-to-Site)
• SMB, Enterprises
• Connect to Azure compute
• IaaS and PaaS workloads
Private site-to-site connectivityExpressRoute
• SMB & Enterprises
• Mission critical workloads
• Backup/DR, media, HPC
• Connect to all hardware
Virtual Network and ExpressRoute
Publicinternet
Publicinternet
Publicinternet
Public, Private and Microsoft peering
VNet Peering
Directly link two virtual networks in the same
region
Internal Azure backbone network
No gateway
Low-latency, high-bandwidth connection
Networking
• Reserved IPs
• Multiple NIC’s
• Forced Tunneling
• Network Security Groups
• Virtual Network Appliances
• Multiple load balanced IPs per VM
• Create virtual networks with private or public IP ranges
• IPv6 in most regions
• Accelerated Networking (Preview)
• High performance S2S VPN gateways (200Mbps vs 100Mbps)
Compute
New H family ofvirtual machines
New N family ofvirtual machines
New F family ofvirtual machines
2 GB RAM & 8 GB (SSD) per
CPU core
2.4-GHz Intel Xeon E5-2673 v3
(Haswell) processor
Clock speeds as high as 3.1 GHz
G series virtual machines
Optimized for data workloads
Up to:
32 CPU cores
450 GB RAM
6.5 TB local SSD
Latest generation Intel processor
G
Scale-up options
VM Scale Sets
Generally Available
Reliably deploy and update at large scale
Scale automatically
Simplify networking
Support hyperscale workloads
Dev-Test Labs
Generally Available
Self-service without the worry
Quickly get to “ready to test”
Create once, use everywhere
Integrates with your existing toolchain
What’s New About IaaS v2• v2: ARM APIs
• Tags and RBAC at granular levels• More asynchronous operations - massive and parallel
deployment of VMs• Dependencies• Network resource types are separate from compute• 3 Fault Domains in Availability Sets• Part of Azure-consistent private cloud. Deploy same JSON
template in Azure or Azure Stack
Management models for IaaS
•Classic Model (v1) •Resource Manager (V2)
Fault and Update Domains• Fault domains:
• Represent groups of resources anticipated to fail together, i.e. same rack, same server
• Fabric spreads instances across fault at least two fault domains• The number of fault domains is controlled by the Azure Fabric• Anticipated to fail together: share power source and network
switch• 3 fault domains by default
• Update domains:• Represents groups of resources that will be updated together• Host OS updates honor service update domains• Specified in service definition• Default of five (up to 5)• More than 5 update domains allowed
• Fabric spreads role instances across update domains and fault domains
VM Availability Sets•Update domains are honored by host OS updates
VM-In Place Migration
Eliminate the need for a full VM reboot
Fast pause for low-impact maintenance
Host OS Host OS
Host OS
Question...How long would it take to create this SharePoint environment today in Dev/Test?
1 Hour
• Visual Studio 2013 Update 4 or
Visual Studio 2015
• Azure SDK 2.8.x
• New ‘Azure Resource Group’
project available
• GUI JSON Editor
Visual Studio ARM Project Template
Preview : Portal Templates
Containers
Containers Introduction
What:• Virtualization Technology
• Host applications (processes)
• Shared kernel architecture
Why:• Fast Start
• Hyper Density
• Portable
• Potential to change how application are written and datacenters operate.
Container Images
Application 1 Application 2
Base OS Image
Application 3
Container Host
Base OS Image Base OS Image
Prerequisites VSRDPrerequisites VSRD Prerequisites VSRD Prerequisites VSRD
Base OS Image
Datacenter Evolution
Physical Computer
Hypervisor
Physical Computer
OS / Kernel
Prerequisites (.net)
Applications
Resources
Container Host
OS / Kernel
Base OS Image
Prerequisites (.net)
Application
Perquisites (.net)
OS / Kernel
Virtual Machine
Application
Perquisites (.net)
OS / Kernel
Virtual Machine
Applications
Applications
Applications
Enterprise Mobility & Security
What is EMS E3?
DEVICE & APP MANAGEMENT IDENTITY MANAGEMENT DATA PROTECTION SECURITY
Microsoft
Intune
Azure Active
Directory Premium
P1
Azure Information
Protection P1
Advanced Threat
Analytics
Manage Android, IOS
and Windows devices
Protect and manage
identities
Protect information at
the file level
Detect threats and
exploits fast with
behavioral analytics
What is EMS E5?
DEVICE & APP MANAGEMENT IDENTITY MANAGEMENT DATA PROTECTION SECURITY
Microsoft
Intune
Azure Active
Directory Premium
P2
Azure Information
Protection P2
Advanced Threat
Analytics
Manage Android, IOS
and Windows devices
Protect and manage
identities
Protect information at
the file level
Detect threats and
exploits fast with
behavioral analytics
SECURITY
Cloud App
Security
Discover, Investigate,
secure and control
cloud usage
Enterprise Mobility + SecurityInformation protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information
Protection Premium P2
Intelligent classification and
encryption for files shared
inside and outside your
organization
(includes all capabilities in P1)
Azure Information
Protection Premium P1
Encryption for all files and
storage locations
Cloud-based file tracking
Microsoft Cloud
App Security
Enterprise-grade visibility,
control, and protection for
your cloud applications
Microsoft Advanced
Threat Analytics
Protection from advanced
targeted attacks leveraging
user and entity behavioral
analytics
Microsoft Intune
Mobile device and app
management to protect
corporate apps and data on
any device
Azure Active Directory
Premium P2
Identity and access
management with advanced
protection for users and
privileged identities
(includes all capabilities in P1)
Azure Active Directory
Premium P1
Secure single sign-on to
cloud and on-premises apps
MFA, conditional access, and
advanced security reporting
EMS
E3
EMS
E5
AAD Versions
Azure AD Free
Azure AD Basic
Azure AD Premium
AAD Common Features•Directory Objects
•User/Group Management (add/update/delete)/
User-based provisioning, Device registration
•Single Sign-On (SSO)
•Self-Service Password Change for cloud users
•Connect (Sync engine that extends on-premises
directories to Azure Active Directory)
•Security / Usage Reports
AAD Basic Features
•Group-based access management / provisioning
•Self-Service Password Reset for cloud users
•Company Branding (Logon Pages/Access Panel
customization)
•Application Proxy
•SLA 99.9%
AAD Premium Features•Self-Service Group and app Management/Self-Service
application additions/ Dynamic Groups
•Self-Service Password Reset/Change/Unlock with on-
premises write-back
•Multi-Factor Authentication (Cloud and On-premises
(MFA Server))
•MIM CAL + MIM Server
•Cloud App Discovery
•Connect Health
•Automatic password rollover for group accounts
Azure AD Multi-Factor Authentication
• Secure cloud or On-Premises resources
• Using existing personal or company provided phones
• Users manage their own authentication methods and phone numbers
• Verification options include phone call, text message, or mobile app notification
Mobile application management
PC managementMobile device management
Enterprise mobility management with Intune
User IT
Azure InformationProtection
The evolution of Azure RMS
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
Full Data
Lifecycle
Operations Management Suite
Operations Management Suite
Enable a unified view of all your IT assets whether on-premises or in the cloud.
Manage Azure or AWS, Windows or Linux, VMware or OpenStack
• Log Analytics
• Automation
• Backup
• Site Recovery
• System Center*
Azure Backup - Files
• Backups are encrypted
• Efficient use of storage through compression
• Restore to the same server or different
• Integrates with DPM
• Retain data for up to 99 years
Azure Backup – VM’s
• Agentless backup
• No shut down of VM required
• No On-Premises resources required
• Perform scheduled daily or weekly backups
Azure Site Recovery
Replicate and protect physical, VMware, AWS and Hyper-V VMs to Azure
• Migration cutovers to Azure in as little as minutes
• Automated asset discovery and migration
• On the fly conversion of source VM
• Auto-provisioned target Azure VM’s
• Near zero downtime and data loss
• Failback to VMware infrastructure from Azure
Azure Automation
• Runbook authoring in Azure
• High availability engine
• Integrate into other systems
• Store secure credentials
• Desired State Configuration
• Source Control
• Hybrid Worker
• Script Gallery
Azure App Service
Azure App Service
Web Apps
Mobile Apps
Logic Apps
API Apps
APIM
Azure Functions
Create and deploy mission-critical web apps that scale with your business
Supports .NET, Java, PHP, Node.js, and Python
Built-in auto-scale and load balancing
High availability with auto-patching
Continuous deployment with Git, TFS, GitHub, and Visual Studio Team Services
Supports WordPress, Umbraco, Joomla, and Drupal
Web Apps
Develop and deliver powerful integration solutions with ease
Create business processes and workflows visually
Deliver integration capabilities in web, mobile, and API apps
Integrate with your SaaS and enterprise applications
Automate EAI, B2B, and business processes
Connect to on-premises data
Logic Apps
Build engaging iOS, Android, and Windows apps. Develop with Xamarin or local SDKs
Broadcast push with customer segmentation
Enterprise single sign-on with Active Directory
Autoscale to support millions of devices
Apps can work offline and sync
Social integration with Facebook, Twitter, Google
Leverage HockyApp or Azure Mobile Engagement to learn and improve
Mobile Apps
Process events with Serverless code
Make composing cloud apps insanely easy
Develop Functions in C#, Node.js, Python, PHP, Batch, and more
Easily schedule event-driven tasks across services
Expose Functions as HTTP API endpoints
Scale Functions based on customer demand
Easily integrate with Logic Apps
Azure Functions
Quickly build APIs in the cloud using the language of your choice. Publish, manage, secure, and analyze your APIs in minutes
Secure APIs with Active Directory, single sign-on, and OAuth
Generate client proxies or APIs in your language of choice
Mashup existing enterprise APIs
Integrate with API Management and Logic Apps
API Apps & APIM
Data Insights
Azure SQL Database
Manual Backup to Azure Storage
Secure your Data
Benefits of Backing Up to Azure Storage
• Flexible, reliable, limitless off-site storage
•Backup Archive
•1-time backup
•No overhead of hardware management
•By-pass Azure VM attached disk limit
•Cost
Managed Backup to Azure
More options to store your database
• What is it?• An agent that manages and automates
SQL Server backup policy
• Benefits• Simple + flexible
• Minimal input – control retention period
• Manages entire instance, or individual DBs
• Leverages Backup to Azure (page blob)• Supports backup encryption• Inherently off-site & geo-redundant• Minimal storage cost/hardware
management• Intelligence built-in
• Retention• Context-aware – e.g.
workload/throttling• Backups consider log accumulation
Managed Backup to Azure
Example:EXEC smart_admin.sp_set_db_backup
@database_name='TestDB',
@retention_days=30,
@credential_name='MyCredential',
@encryption_algorithm='NO_ENCRYPTIO
N',
@enable_backup=1
GO
Your SQL Server
Be flexible
Current landscape
Stretch mindset
How it works
Only on SQL Server 2016
Keep, keep,
keep! Cut, cut,
cut!
???!#$^*
Business owners, end-users, …
Storage admins, budget owners, …
DBA
StretchDB – automatic scalingAzure
On-
premises
SQL Server
instanceOn-premises
application(s)
DB in SAN/Local Storage
Ord_detail
Storage
Shard 1
Ord_detail_archive
table
Txn_detailTxn_detail(cold rows
only)
Compute
Storage
Shard 2
Ord_detail_archive
table
Txn_detail(cold rows
only)
Transparent scaleout
On-premises
Hadoop / HDInsight
Be Bold
Why do it?
How to do it?
Introducing Apache Hadoop
Apache Open Source Project
Highly scalable distributed file system (HDFS)
Distributed processing on data nodes
Hadoop is a platform with portfolio of projects•Governed by Apache Software Foundation (ASF)
•Comprises core services of MapReduce, HDFS, and YARN
• In addition to the core, includes functions across: • Data services which allow you to manipulate and move data (Hive, HBase, Pig, Flume, Sqoop)
• Operational services which help manage the cluster (Ambari, Falcon, and Oozie)
http://Hortonworks.com/hdp/whats-new
PowerBI
POWERFUL data visualization
What is it? Really?
Lets clear some cloud around it
See all your data in a single pane of glassLive dashboards and interactive reports
146.03K145.84K145.96K146.06K 40.08K38.84K39.99K40.33K
PowerBI Overview
Azure ML
POWERFUL data visualization
Overview of Machine Learning
Overview of Azure ML
Reduce complexity to broaden participation
Microsoft Azure Machine LearningFeatures and Benefits
• Accessible through a web browser, no software to install;
• Collaborative work with anyone, anywhere via Azure workspace
• Visual composition with end2end support for data science workflow;
• Best in class ML algorithms;
• Extensible, support for R OSS.
Microsoft Azure Machine LearningFeatures and Benefits
Rapid experimentation to create a
better model
Immutable library of models, search discover and reuse;
Rapidly try a range of features, ML algorithms and modeling strategies;
Quickly deploy model as Azure web service to our ML API service.
Other Services
Azure Media Services
Scalable components for building custom media workflows in the cloud
• Cloud upload and storage
• Encoding & packaging
• Content protection
• CDN for live & on-demand streaming
• Player clients
• Backend for Office 365 video
Traffic Manager
www.contoso.com
What next?
Try Azure App Service
https://trywebsites.azurewebsites.net/
Migrating IIS to Azure
https://www.migratetoazure.net/
Mig
ratio
n To
ol
• Windows Server 2003 is EOL
• 22M instances still running worldwide
• 17% are running IIS
• 1 in 6 instances use SQL 2005
• 53% are non-virtualized physical instances
Microsoft IT Pro Cloud Essentials
https://www.Itprocloudessentials.com
Get startedVisit azure.microsoft.com
http://aka.ms/try-azure
http://aka.ms/azuredd