Website under construction

Download 13,37 Mb.

Pdf ko'rish

bet	114/131
Sana	27.03.2022
Hajmi	13,37 Mb.
	#512480

1 ... 110 111 112 113 114 115 116 117 ... 131

Bog'liq
9780735697744 Introducing Windows Server 2016 pdf

More info

Microsoft Passport
Authentication methods are moving at a faster pace than ever before. Think about it for a moment:
you sign in to your laptop and then open your browser to go to your favorite websites where you
again sign in. In these instances, you are not always using your corporate credentials. If you hear of a
new service and want to access it, the chances are that you will be prompted to sign up and use
credentials from, for example, your public Microsoft account, Facebook, Google, and so on. The
traditional paradigm of using a dedicated identity authentication provider that you build as an
application developer is moving on and we are now using more “well-known” services like those just
mentioned.
Microsoft Passport is a new key-based authentication method that goes beyond passwords to
mitigate traditional authentication attacks. A user enrolls for Microsoft Passport but must ensure that
the authentication provider she uses supports Fast Identity Online (FIDO) authentication; thus,
through a two-step process, the user sets up Microsoft Passport on her device and sets a gesture or
PIN. This can then be used to authenticate the user via Microsoft Passport
During the setup, a certificate of asymmetric key–pair is stored on the device. The private key is stored
within the TPM chip on the device. The private key never leaves the device during the authentication
process. The public key is registered in Azure Active Directory and Windows Server Active Directory.
The user account has a mapping between the public and private key, which helps to validate the user.
Additional controls are implemented via One Time Passwords, Phonefactor, and so on.
More info For further information on deploying Microsoft Passport check the following link
https://aka.ms/bh1m24
.
Active Directory Federation Services
As we move forward in a cloud-focused world, being able to control your identity is becoming more
important. We need to think about how we can use our corporate identity to access applications that
we don’t technically own anymore. We also need to think about how we provide access to
applications we own to other organizations in a secure and controlled manner without having a
cumbersome user-management process.
Active Directory Federation Services (AD FS) provides this ability so that you can connect to
applications that are on-premises or in the cloud (Platform as a Service [PaaS] or SaaS) with your
corporate identity.

129
CHAPTER 4 | Security and identity
AD FS has been around for quite a while (since AD FS 2.0), and with Windows Server 2016, there are
further enhancements to the technology to ensure that it meets the next level of demands from
organizations in the cloud world. Here are some of the key improvement areas for AD FS:

Multifactor authentication
Windows Server 2016 contains a built-in Azure MFA adapter to simplify the process of using
Azure MFA as the primary provider for authentication. There is no longer a need to deploy an on-
premises MFA server.

Device registration for hybrid conditional access
You now can configure AD FS to recognize the device status. This means that you can manage the
device and apply policies as necessary. This will ensure that the device stays compliant to
corporate policy and reduce potential risks to corporate resources.

Download 13,37 Mb.

Do'stlaringiz bilan baham:

1 ... 110 111 112 113 114 115 116 117 ... 131