Day 2 of the Microsoft Cloud Roadshow kicks off with a session on Enterprise Mobility by Michael Kophs, Senior Product Marketing Manager, IT Pro Readiness, Microsoft. This was a packed event promising some great content.

Accelerate your journey to the Cloud with Integrated Identity

Michael Kophs begins his sessions about hooking up your on-premises Active Directory with Azure AD. Canvassing the audience reveals that a significant number of customers have tried Azure AD.

Customers need to put a plan together for Azure AD. DirSync on its own just isn’t enough.

Session overview

• Get identities to the cloud
• Mix on-premises and cloud identity for improved productivity
• Cloud identities help you run your business better

Is on-prem AD going to go away? Michael says not.

The current reality is the proliferation of devices. PCs, mobile devices, servers, SaaS spread across on-prem, Private Cloud etc.

Identity is the cornerstone between on-prem and the Cloud. Microsoft Azure Active Directory is the link between the two. Azure AD Connect provides self-service features and SSO to enabled access to your private cloud.

Identity and Access Management Evolution

• On-premises  – Managed SCCM
• Event,  Mobility – iOS, Android, BYOD
• Hybrid – Intune, connected to SCCM
• Event, Win 8.x/10 – cloud-enabled rich clients, multi-factor authentication
• Cloud – managed by EMS

Mobility is transforming organisations. Microsoft’s Enterprise Mobility Solutions (EMS) work across iOS, Android and Windows to enable new mobile apps and BYOD. In the hybrid World, Microsoft InTune connected to System Center, can manage these devices.

Azure Active Directory Momentum

• 86% Fortune 500 companies on Microsoft Cloud
• 1 trillion Azure AD authentications since the release of the service
• Azure AD manages identity data for >7 million organisations
• More than 500 million user accounts on Azure AD
• >1 billion authentications every day on Azure AD

Customer story: British Airways

British Airways operates in 75 countries and are a truly global company. The question they asked Microsoft is “how do we encourage our employees to connect?”.

BA wanted to know what is the best way for their employees to be productive, and use cloud identity to succeed.

The solution was for them to share the identity with their directory in the Cloud. They took their on-prem identity to the Cloud, and enable productivity solutions like Yammer, Office 365 etc.

Office 365 Identity Models

• Office 365 Synchronised Identity – Azure AD Connect and on-premises
• Office 365 Federated Identity – Federation & Azure AD Connect
• Office 365 Cloud Identity – zero on-premises servers

British Airways used Azure AD Connect. This scenario allows employees to use the same corporate credentials across a number of applications, including Office 365 and other SaaS apps.

Making the scenario successful

Tip 1 – Perform AD health check first to make sure identities are cloud ready

Tip 2 – Azure AD Connect Express works well for most organisations

Tip 3 – Azure AD Connect offers write-back of passwords, users, groups and devices

Customer story: Aston Martin

Aston Martin and Microsoft mix on-premise and cloud identity for improve PC, mobile, and web productivity.

Aston Martin struggled with demand for services, especially with (what was) the upcoming launch of the latest James Bond movie, Spectre. They had a fifteen-member IT team, and needed more from what they have.

Aston Martin chose the federated identity model. Using it this way, password hashes using AD FS are used as a backup, but Azure AD Connect is the primary.

Password sync backup for federated sign-on is the new backup solution for Office 365 customers.

AD FS is easy. You can use experienced deployment staff and Azure AD Connect. It is the standard tool for synchronising on-premise identities to the Cloud. It’s a Windows Server 2012 R2 role that can be deployed quickly.

Password Hash Sync Security

Hashed are mathematical functions that are nearly impossible to reverse. AD DS passwords use this to store credentials. The result of a hash is a digest. Think of it as a representation of your password.

Connections between your on-premise Active Directory and Azure AD are encrypted using SSL. This provides extra security.