Just a couple of days now until TechEd starts in Berlin and I just arrived today after a couple of days in Copenhagen. This time we have a lot of different Identity and Access sessions across many different tracks. When we talk about Identity and Access we include a number of different technologies across on-premises and cloud with some of them highlighted in green in this picture.
Below are some of the sessions that are related to IDA. All TechEd attendees and Technet Subscribers will get access to recordings and PowerPoint slides after the event.
ARC303 - Architecting Claims-Aware Applications (with the Windows Identity Foundation and Active Directory Federation Services)
Claims, Tokens and (possibly) Federation are the new ways to model authentication, access control and personalization for distributed applications. The possibilities for these technologies are vast, but there are some well-established patterns to fit typical security scenarios. These include guidelines for the usage of claims, identity providers, resource security token services, federation gateways and multi-tenancy. This talk walks you through common application architectures and illustrates how to use the Windows Identity Foundation (WIF) and Active Directory Federation Services (ADFS) to tap into the power of claims-based security
This session provides a preview of the identity and access solutions in the next generation of the Business Productivity Online Standard Suite (Office 365). The session will focus on how authentication works for both web apps and rich client apps, how to enable single sign-on (SSO) using corporate AD credentials and AD FS 2.0 to Office 365 services, and the different SSO deployment options for Office 365 services.
This session will walk you step-by-step through the process of configuring a SharePoint web application to use SAML claims and ADFS v2. It will cover some basic usage scenarios, and describe specifically how they impact sites using SAML claims and how to implement common changes in a SAML claims environment. The session will also include some basic troubleshooting steps to help you understand why users may not be able to log on to a SAML claims site
SIA203-IS - Interactive Discussion on Identity Futures with Microsoft Program Managers
What does Identity mean to you? Do you want to influence the future of Microsoft's Identity offerings? This highly interactive, discussion-based session provides a unique opportunity to share real-world requirements and understand how your priorities align with those of other TechEd attendees. Members of Microsoft's Identity and Access product team will be on hand to absorb your feedback first-hand, and to guide participants through a fast-paced discussion covering a wide range of topics
SIA301-IS - Under the Hood: What Really Happens During Critical Active Directory Operations
Come and discuss critical Active Directory-Operations. Are you fully aware what “critical” operations in AD really do? In this interactive session we will talk about those operations, understanding what they are doing and how to distinguish whether operations are critical to your environment or not. Ulf has been working in the field for more than 13 years, and has a lot of notes and examples to share. We will talk about how to approach challenges, and study scenarios that show how other companies managed the associated risks and prepared for rollbacks. We have some common scenarios for everyone but please bring your own questions as well, as we want this talk to be as interactive as possible
See how Forefront Identity Manager is used to provide self-service delegated management of on-premises and private cloud datacenter resources. You will learn how Forefront Identity Manager, Active Directory Federation Services and Windows Identity Foundation are being integrated to provision users and provide access to application services in the cloud (Azure and BPOS), and also how to configure FIM to ensure that quality identity data is available to these applications, and how users can perform self-service claims management
Claims-based identity provides an open and interoperable approach to identity and access control that can be applied consistently, both on-premises and in the cloud. Come to this session to learn about how Windows Identity Foundation can be used to secure your Web Roles hosted in Windows Azure, how you can take advantage of existing on-premises identities, and how to make the best of features in our cloud offering, such as certificate management and staged environments. This is an ideal session for developers
SIA305-IS - Enable Secure Access using Forefront UAG Service Pack 1
Access using Federation and DirectAccess has never been so easy! Learn what service pack 1 of Forefront UAG has to offer, enabling secure access to corporate resources with AD FS and DirectAccess. This session will focus on scenario-enablers we have built onto SP1 of the Unified Access Gateway.
Active Directory has evolved over the years, along with security recommendations and best practices. But has our corporate design changed that much? Is it required? What should we change, and what should we retain? Ulf B. Simon-Weidner is a long standing, internationally recognized expert in Active Directory, and in this session he will discuss Active Directory Designs of the past, present and future
Forefront Identity Manager 2010 is a powerful product that includes many features across multiple platforms. Deploying and managing FIM requires broad domain knowledge in technologies like Active Directory, SharePoint, Exchange, SQL, Windows Communication Foundation, Workflow Foundation and ILM 2007. This session covers the basic approaches, “tips and tricks”, and common problems faced by customers. It includes best practices for managing and deploying FIM, based on the knowledge and experience of the product team and work done with Microsoft IT. This is the session for attendees who plan to deploy, configure or administer FIM
The CLOUD is coming. But let’s face it, you must have asked yourself if it possible to hack the claims? How can we prevent this? One thing is sure: moving from on-premises applications to the cloud is like moving from a home generator to the electricity grid. We put our trust in the external identity providers, but are we really sure that all of the security issues have been addressed? We focus on the application in the cloud, but is this really the application that we need to protect? New solutions bring new possible attack vectors, and not only from the outside! Come and see what can happen when the users, or even the administrators, become the bad guys.During this intensive and extremely practical session, presenters will guide you through the threats and challenges related to the industry standard- based services delivered by ADFS v2. Only real-life scenarios! Many practical demos!
SIA316 - Exploring the Possibilities of Forefront Identity Manager 2010: Meeting Business Requirements Through Customization
Forefront Identity Manager 2010 provides a sophisticated platform for enforcing policy in an organization. Often it is necessary to extend FIM to enable some business policies, and this is your opportunity to learn about techniques for extending FIM to meet your specific business requirements. This session introduces the recommended patterns for creating custom web service clients and workflow activities, and includes code examples for each that accomplish common scenarios, such as group management and authorization workflows. The session is designed for developers who are already familiar with FIM, and plan to extend FIM.
Are you wondering how customers are adopting Windows Identity Foundation (WIF) in the real world? What challenges do they face? What solutions are they implementing? This session presents a series of best practices collected, and lessons learned, during the implementation of large WIF solutions in the real world. We have included a series of practical demonstrations that illustrate how to address important aspects of WIF-based solutions, such as monitoring, scalability, testing, and claim and record management, among many others. Additionally, we will present three case studies that demonstrate how customers are leveraging these solutions to facilitate the implementation of WIF in the enterprise.
SIA319 - DirectAccess and Forefront Unified Access Gateway 2010: The Complete Remote Access solution
Spend an hour learning about Microsoft's complete remote access vision, and how UAG and Direct Access Technology together, provide seamless remote access to users while reducing IT risks and costs. This session includes a live demonstration of the features and of the remote access solution in action!
Customers are looking to further virtualize their environments: file servers, web servers, DNS servers and even their domain controllers. It is clear that virtualization provides many benefits in areas such as deployment, disaster-recovery and lowering TCO. However, while virtualization offers many powerful capabilities and greatly simplifies repetitive tasks, it is a technology that must be handled with care when used in conjunction with Active Directory. In this session we will review fundamental concepts within Active Directory and the impact of cloning & virtualization upon domain controllers, domain members and Windows in general. We will also discuss how to best leverage virtualization, and how to both mitigate problems and to avoid occurrences in the first place.
Supercharge your federation solution with Forefront UAG SP1! Learn how UAG can simplify migration to a claims-aware environment, enabling secure, seamless access to all your applications. We will cover what is new in UAG SP1 and look at secure collaboration scenarios and federation via AD FS 2.0. We will demonstrate federation with legacy applications, by translating claims to Kerberos, and enforcing authorization at the edge level
As the requirement for certificates proliferates with the introduction of smartcards, HTTPS, IPSec, NAP and DirectAccess, customers are suffering through a lack of understanding of PKI, certificate templates, deployment and revocation. This highly pragmatic session, based on field experience, will alleviate the pain! If you don’t currently have a Public Key Infrastructure, or have one in place and are not completely comfortable with how certificates really work, then this demo rich session is for you. You will learn how to build a PKI, create and issue appropriate templates, publish certificates, and build the infrastructure to support revocation checking
Secure applications must be able to “trust” the identity of users who are accessing the resources. It is simple to establish that trust when Active Directory Windows authentication is used. And if the application needs further identity information about the user in order to qualify its response, the additional properties can be read from the Active Directory. When the application resides outside your realm, maybe in the Cloud or within a partner organization, how do we establish trust? This is where Active Directory Federation Services (ADFS) provides a method of linking trust between disparate parties. One organization authenticates the user and creates an industry standard token that contains the Identity of the user in the form of claims. The receiving organization accepts the user’s identity and responds with the appropriate resources because of the established trust. Come to this deep dive, demo rich session and learn how to setup and leverage the true power of ADFS v2
As a consultant with 10 years of experience in troubleshooting ADDS and as MVP for Directory Services, I prepared an ADDS with the top 10 errors - all at the same time. During this session we will fix it step-by-step, while explaining the reason why this happened and how it can be avoided next time
Get more from Group Policy with Advanced Group Policy Management (AGPM). AGPM is part of the suite of MDOP products, and delivers change management and advanced reporting to Group Policy management. This high-energy session demonstrates all the cool features you've been missing from Group Policy like auditing, difference reporting, workflow, and role delegation. Plus, you will see all the new features of 4.0: multi forest functionality, Windows 7 support and search
Ask a group of people who have run through the DirectAccess step-by-step guides, and they will report different levels of success. If DirectAccess doesn’t work, then the normal recourse has been to start again making sure that none of the steps are missed. It’s magic when it works but when it doesn’t, how do you start troubleshooting? Come to this session and learn from John’s experience of working with DirectAccess. This highly practical session, with lots of demos, will show you what you need to know to troubleshoot and resolve issues successfully with DirectAccess. Whether the problem is with one of the IPv6 transition technologies, certificates, name resolution or network location, you will see how to successfully resolve issues
To deploy DirectAccess with Forefront Unified Access Gateway, all you need to do is install UAG on top of Windows 2008 R2 and run the DirectAccess wizard – job done! Well maybe, maybe not. Come to this pragmatic session on deploying DirectAccess with UAG. John will dive in under the hood and see what the wizard really does. You will see how the transition technologies and network paths are configured, IPsec rules deployed and more. The magic of the wizard will no longer be a mystery and you will know how to choose the best options for your organisation whether your corporate network is supporting IPv6, ISATAP or IPv4 only. If you are new to DirectAccess attend session SIA319 - DirectAccess and Forefront Unified Access Gateway 2010: The Complete Remote Access solution. Put on your diving gear and come to this session and prepare to go deep!
post updated 11/15/10 with Links to the presentations