Azure Active Directory: our vision and roadmap to help you secure remote access and | DB168

JOI CHIK I RUN IDENTITY DIVISION AT MICROSOFT. MY TEAM BUILDS THE SERVICES THAT SECURE ACCESS TO EVERYTHING FOR EVERYONE. IN A PARALLEL UNIVERSE, WE’LL BE IN ORLANDO IN ALT HUGE HALL WITH TEN THOUSANDS OF OUR CLOSEST FRIENDS. BUT INSTEAD, TODAY’S VIEW OF THE MAIN STAGE LOOKS A LOT MORE LIKE THIS. IN ANY CASE, I’M VERY EXCITED TO PRESENT AT THIS FIRST VIRTUAL IGNITE TO SHARE THE LATEST NEWS AND AWESOME DEMOS OF WHAT’S COMING IN IDENTITY. THIS YEAR HAS BEEN CRAZY, HASN’T IT? WE HAD IN TRENCHES WITH MANY OF YOU, HELPING YOU DEAL WITH ALL ALL OF THE SUDDEN CHANGES THAT ARE NECESSARY TO KEEP YOU UP AND RUNNING. WE HAVE HELPED ENTIRE COMPANIES AND NATIONAL SCHOOL SYSTEM MOVE ONLINE. TO GIVE YOU AN EXAMPLE, WHEN THE PANDEMIC HIT, MANY UNIVERSITIES HAD FOUR WEEKS TO GET REMOTE WORKING SLEWSES INTO HIGH GEAR. FOR ALL OF THEIR STAFF MEMBERS OVER 18, 000 STUDENTS. NO ONE WOULD BE AROUND TO TAKE ANY HARDWARE ISSUES FOR ON PREMISE IDENTITY SYSTEMS. SO WE HELP THEM MIGRATE TO AZURE AND DECOMMISSIONED THEIR ON PREMISE INFRASTRUCTURES IN JUST THREE WEEKS. AND EVEN BIGGER SCALE WE HELPED UNITED ARAB EMIRATES PROVISION THEIR ENTIRE EDUCATION SYSTEM FOR REMOTE LEARNING. THEY DID THIS FOR ALMOST 350, 000 STUDENTS. AGAIN, IN JUST A MATTER OF WEEKS. THIS PANDEMIC HAS PUT TREMENDOUS PRESSURE ON YOU TO DELIVER. THAT’S WHY WHAT WE’RE INVESTING SO MUCH ENGINEERING EFFORTS. BECAUSE WE KNOW THAT IDENTITY IS THE HEARTBEAT OF ALL OF THE SERVICES THAT YOUR USERS RELY ON. AND HOPE EVERYONE THAT WORK FROM HOME, WE EXPERIENCE A HUGE SURGE IN DEMAND WE HAVE LEARNED A LOT ABOUT HOW TO SCALE OUT OUR SERVICES AND OPTIMIZE OPERATIONS. AND AS A RESULT, OUR SERVICE GETS EVEN MORE RELIABLE WE WANT YOU TO HAVE EVERYTHING YOU NEED IN ONE SOLUTION. SO WHERE THINKING FOUR KEY AREAS. SECURE ADAPTIVE ACCESS TO PROTECT RESOURCES AND DATA. A SEAMLESS USER EXPERIENCE TO KEEP YOUR USERS PRODUCTIVE. UNIFIED IDENTITY MANAGEMENT TO CONNECT EMPLOYEES CUSTOMERS, AND PARTNERS TO ALL ACCESS DAG DA AT THAT AND SIMPLIFIED AND IDENTITY GOVERNANCE TO AUTOMATE ACCESS CONTROLS ACROSS HI HYBRID ENVIRONMENTS. SO NOW LET’S TAKE A LOOK AT WHAT’S NEW IN IDENTITY TO HELP YOU ACCOMPLISH YOUR MISSION AS YOU HAVE HEARD BEFORE MICROSOFT IS ALL IN ON YOUR TRUST. WITH IDENTITY AT THE HEART OF ZERO TRUST YOU GET SECURITY INSIGHT ACROSS ALL OF YOUR RESOURCES. PLUS, INTELLIGENT ACCESS POLICIES BASED ON THE REAL TIME RISK ASSESSMENT OF EVERY SINGLE AUTHENTICATION REQUEST. MANY OF YOU HAVE MADE AZURE CONDITIONAL ACCESS YOUR ZERO TRUST ENGINE. DID I WANT TO SHOME IMPROVEMENTS THAT WE HAVE MADE BASED ON YOUR FEEDBACK YOU ASKED US TO HELP YOU GET THE MOST OUT OF CONDITIONAL ACCESS SO WE HAVE ADDED CONDITIONAL ACCESS INSIGHTS WITH RECOMMENDATIONS TO ADDRESS ANY POLICY GAPS. WE HAVE MADE REPORT ONLY MODE THAT DEFAULTS FOR ANY NEW POLICIES AND IN A CONDITIONAL ACCESS NOW BLOCKS ANY UNSECURE PROTOCOLS YOU TOLD US YOU NEEDED THE ABILITY TO AUTOMATE YOUR ZERO TRUST POLICY MANAGEMENT. WELL GUESS WHAT? THE CONDITIONAL ACCESSI PI IS NOW GENERALLY AVAILABLE IN MICROSOFT. NOW YOU CAN MANAGE YOUR ZERO TRUST DEPLOYMENTS THROUGH CUSTOM CODE. AND TO GET YOU STARTED, WE’RE GIVING YOU PREDEFINED SCRIPT AND POST SAMPLES WHICH IS AVAILABLE ON GITHUB. WE HAVE SEEN AN INCREASE IN COVID RELATED ATTACKS SO WE HAVE UPPED OUR GAME IN IDENTITY PROTECTION TO HELP KEEP YOU SECURE HERE’S ONE EXAMPLE OF HOW WE IMPROVE DETECTION. PASSWORD SPRAYS WHEN ATTACKER TRY FEW COMMON PASSWORD LIKE PASS WE ARED ONE 23 AGAIN A LONG LIST OF USER NAME.AZURE PASSWORD PROTECTION CAN KEEP YOU SAFE FROM THESE ATTACKS

BUT YOU THERE USE IT YOU ARE VULNERABLE RECENTLY OUR DATA SCIENTIST IMPROVED OUR CUTTING EDGE ALGORITHM THAT A USED A SUPERVISED MACHINE LEARNING MODEL AND NOW EXAMINES OVER THREE 00 ASPECTS OF EACH AUTHENTICATION REQUEST INCLUDING IP RECOGNITION WITH THE SCALE OF THE TRAFFIC THAT WE HAVE, AND THE SIGNALS WE SHARE ACROSS MICROSOFT ECOSYSTEM WE CAN DETECT ATTACKS THAT NOBODY ELSE SEES. AND WE CATCH OVER 80 MILLION ATTACKS EVERY SINGLE DAY WITH 98 PERCENT PRECISION. AND THIS LEARNING SYSTEM ARE AUTOMATICALLY ADOCUMENTS TO NEW ATTACK PATTERNS. YOUR USERS CAN CAN NOW HELP SYSTEMS TO GET EVE MORE ACCURATE BECAUSE THEY CAN JUST CLICK ONE BUTTON MY SIGN ON PORTAL TO REPORT UNAUTHORIZED SIGN-IN YOU ALSO SAID THAT YOU WANTED PROTECTION FOR ALL OF YOUR IDENTITY. GOOD NEWS YOU CAN NOW JOIN THE PUBLIC PREVIEW OF CONDITIONAL ACCESS IDENTITY PROTECTION SUPPORT. NOW YOU CAN SET UP THE INTELLIGENT ACCESS POLICIES FOR YOUR CUSTOMERS TO REDUCE FRICTION AND MAKE THEM EVEN MORE SECURE SO NOW LET’S SEE THIS IN ACTION BAILEY AND JOE OR ASK YOU ARE RE REMOTE IN REMOTE WORK ENVIRONMENT >> HEY Y’ALL MY NAME IS BAILEY BERCIK I’M A PROGRAM MANAGER OH IDENTITY CUSTOMER SUCCESS ENGINEERING TEAM IN THIS DEMO I’LL OVERSEE IDENTITY ACCESS MANAGEMENT. LIKE ALL OF YOU MOVED EVERYONE TO WORK FROM HOME IN RESPONSE RESPONSE TO CONFIDENCE WUR IDENTITY TEAM WAS ON FRONT LINES OF MAKING SURE EVERYONE COULD STILL WORK EFFECTIVELY AT AND SECURELY AS AN ADMIN I GOT INTO HABIT OF CHECKING MY ADEPT TEE SECURE TO SEE HOW WE’RE DOING WHAT ELSE I COULD BE FINE TUNING. SECURE SPORT FREQUENTLY UPDATES MRENG DAGSS LAST WEEK I NOTICED A RECOMMENDATION TO CONFIGURE SETTING BUT THERE TURNED ON USERS CAN ALL VERIFIED PATHS THAT ONLY KNEE BIEFK USER INFO HERE’S ANOTHER RECOMMENDATION U TURNING ON USER RISK POLICY. LET ME DO THAT NOW. SECURE SPORT IS RECOMMEND ICON FIGURE THIS IDENTITY PROTECTION. SO LET ME GO TAKE A CLOSER LOOK. AND WHILE I’M HERE, I WANT TO CHECK FOR ANYTHING SUSPICIOUS GOING ON ATWOOD GROVE. SOMETHING NEW IDENTITY PROTECTION WE CAN PEKT PASSWORD ATTACKS. AND IT LOOKS LIKE SOME OF MY USERS ARE UNDER ATTACK RIGHT NOW. IDENTITY PROTECTION HAS ALREADY FLAGGED THEM AS HAVING HIGH USER RISK THIS PERFECT TIME FOR ME TO ADD A NEW POLICY. AND I COULD CONFIGURE THIS IN AZURE PORTAL BUT IT WOULD FASTER FOR TO USE PREMADE TEMPLATE BLIEK JOY MENTIONED THESE TEMPLATES AROUND AVAILABLE ON GITHUB TO CREATE THIS NEW POLICY ALL I GOT TO DO IS DRAG AND DROP. ONE I DROP THAT TEMPLATE FILE INTO ONE DRIVER I’LL GET NOTIFICATIONS IN TEAMS ASKING ME TO APPROVE THIS CONFIGURATION. AND AFTER I APPROVE, I’LL GET IN AN ALERT MY CONFIGURATION IS COMPLETE. THE CONDITIONAL ACCESS POLICY WAS SUCCESSFULLY CREATED NOW IF I GO BACK TO AN AZURE 80 PORTAL YOU’LL SEE THAT MY CONDITIONAL ACCESS POLICY IS NOW DISPLAYED BELOW WITH THIS THE TEMPLATE IS ALREADY CONFIGURED WITH EVERYTHING I NEEDED TO MITIGATE THOSE ATTACKS LIKE HIGH RISK ACCOUNTS WE’RE EXPERIENCING BY DESIGN THIS IS IN REPORT ONLY MODE. ALL SEE HOW IT AFFECTS MY USERS BEFORE I ACTUALLY DEPLOY IT BUT I’M PRETTY CONFIDENT I WANT TO BLOCK JOEYING FROM DOING ANY MORE RISKY ACTIONS. LET ME TURN IT ON NOW. YOU WANT TO LEARN CHECK THEM OUT AT THE WEBSITE ON YOUR SCREEN. AND ALSO, CHECK OUT ARE ON DEMAND SESSION LATER AT IGNITE >> MY NAME IS JOZY CRUZ I AM PROGRAM MANAGER ON CUSTOMER SUCCESS ENGINEERING TEAM. THIS DEMO I’M NEW DEVELOPER AND WOOD GROVE BANKING CURRENTLY WORKING ON NEW FEATURE FOR MY TEAM WORKING FROM HOME HAS BEEN DEFINITELY BEEN AN ADJUSTMENT ONE THING I REALIZE MY KITCHEN TABLE IS NO THE REALLY GOOD SPOT TO WRITING ALL OF MY CODE IN. I’VE ASKED TO CREATE FAY FOR THIS THEY FEATURE SO I CAN GO MY I’M APPS WORLD THAT I CAN FIND ALL APPS I NEED IN ONE PLACE. HMM P THAT’S STRANGE. GOT TO — YOU NEVER GET PROMPTED TO GO TO MY APPS BEFORE I’M REALLY CURIOUS WITH MY ACCOUNT SO IF I GO TO VIEW MY ACCOUNT, CHECK OUT MY RECENT SIGN-INS, OH, WOW THERE’S REALLY NOT ME. I’VE NEVER AB IN ROMANIA BEFORE. GOOD THING I HAVE ABILITY TO REPORT THIS WASN’T ME AND CONFIRM MY SECURITY INFORMATION

THIS IS PROBABLY WHY MY ADMIN PROMPTED ME FOR MORE BECAUSE WHAT’S GOING ON MY ADMIN ALSO AS ABILITY TO FORCE ME TO CHANGE MY PASSWORD TO SECURE MY ACCOUNT. NOW TO CONFIRM MY SECURITY INFO. LOOKS GOOD. LET’S GO BACK TO MY APPS. I’LL GOING TO MY TEAMS COLLECTION. HERE, ARE ALL THE APPS MY TEAM USES. NOW TO CREATE A SURVEY I HAVEN’T USED THIS APP BEFORE I’M BEING PROMOTED FOR CONSENT. THIS APP IS FROM VERIFY PUBLISHER I CAN EASILY TELL BECAUSE OF BLUE CHECKMARK NICE. I DON’T HAVE TO REQUEST ANYTHING SO I CLICK ACCEPT AND I’M IN. AS JOY MENTIONED, HACKER ARE EVOLVING THERE ATTACK METHODS AND APP BASED COMPROMISE IS AN EMERGING THREAT LET’S SEE HOW EASY IT CAN TO FALL FOR ONE OF THESE ATTACKS. AFTER I COMPLETED MY SURVEY I CHECK MY MAIL. JUST GOAT EMAIL FROM MY MANAGER LOOKS LIKE I JUST GOT APPROVED FOR STANDING DESK. NICE. ALL I HAVE TO DO IS CONFIRM MY SHIPPING ADDRESS LOOKS LEGIT. HAS MY COMPANY NAME ON IT, EXCEPT THIS TIME I’M PROMPTED REQUEST MY DISCIPLINE’S APPROVAL COMPROMISED COULD HAVE BEEN THAT EASY. REMEMBER POLICY BAILEY SET FOR. IF IT WASN’T FOR THAT POLICY I MIGHT HAVE FALLEN VICTIM TO THIS ATTACK AND GRANTED THIS APP ACCESS TO THE DATA. BUT INSTEAD I’M PROMPTED TO PROVIDE JUSTIFICATION FOR APP NOW ADMIN HAS TO REVIEW IT AND APPROVE IT. NOW BACK TO JOY. >> THANK YOU, BAILEY AND JOEY. MAKE NO MISTAKE, THE HACKERS COMMUNITY IS ALWAYS BUSY AND ALWAYS EVOLVING. SECURE ARE SPORT CONDITIONAL ACCESS ARE YOUR FRIENDS. NOW LET’S TURN TO AT SCENARIO JOEY JUST INTRODUCED HOW TO SECURE YOUR ARE APP SYSTEM AT BUILD WE ANNOUNCED SEVERAL NEW FEATURES TO HELP. FIRST, HUH ENGLISH VERIFICATION AND USER CONSENTS POLICIES THIS CAPABILITY IS NOW GENERALITY AVAILABLE WITH OVER 650 PUBLISHERS ALREADY VERIFIED. WE ALSO ANNOUNCED RISK BASED STEP UP CONSENT AND A USER REPORTING OF SUSPICION ACTS ESSENTIAL FIRST STEP TO ASECURING YOUR I THINK EL SIGN ON. THAT MEANS, EVERY APP NEEDS TO BE CONNECTED TO AZURE A Z TO HELP YOU CONNECT VIRTUALLY ANY APP , AZURE AD APPLICATION PROXY WAS SUPPORT HEAD OF BASE AWE THEN THE CASINGS, MOST POPULAR LEGACY AWE THEN THE CAKES PROTOCOL.NOW YOU CAN APPLY SAME GRANULAR SECURITY CONTROLS FOR REMOTE ACCESS TO LEGACY APPLICATIONS WE’RE EXPANDING OUR SECURE HYBRID ACCESS MU PUBLISHERS. WE’RE ALSO CONTINUING TO A BUILD DEEPER INTEGRATIONS WITH THE MOST POPULAR APPS. AND ONE GOOD EXAMPLE ADOBE IS ONE OF THE LARGEST APPS THAT WE HAVE INTEGRATED FOR SINGLE SIGN ON. MARKETING AUTOMATION TOOL THAT WE CHOSE AT MICROSOFT TO SUPPORT USER AND A CONSISTENT SECURITY POLICY, MICROSOFT HAS PARTNERED WITH ADOBE TO IMPLEMENT PROVISIONING WITH A CUSTOMIZED ADMIN EXPERIENCE FOR ADOBE APPS. AS A RESULT OF THIS COLLABORATION, WE HAVE DEEPER INTEGRATION WITH THE ADOBE CLOUD THAT WILL BE AVAILABLE FOR EVERYONE. AND FINALLY, WE’RE MAKING IT EASIER TO ACCESS THE RP APPS ON IOS WITH SINGLE SON ON ACROSS WEB NATIVE APP CONNECTED TO SO AZURE. YOUR USER GET A MUCH BETTER MOBILE EXPERIENCE AND YOU CAN PROVISIONAL ACCESS TO ALL APPS OH SO NOW IT’S TIME FOR JASMINE AND JOEY TO SHOW YOU HOW IT SIMPLIFYING SECURE PHONE ACCESS TO ALL OF THEIR APPS. >> HI I’M JASMINE AN ARE PRM MANAGER IDENTITY DIVISION AND I’M EXCITED TO SHOW YOU AN NEW FEATURE THAT I HELPED BUILD FOR AZURE AD APPLICATION PROXY. >> IN THIS DEMO I ALSO WORK ON IDENTITY MANAGEMENT TEAM AT THE WOOD GROVE BANK. LATELY WE HAVE HAD SEVERAL EMPLOYEES ASK US TO ROLL OUT NEW APPS TO MAKE WORKING FROM HOME EASIER. HERE I SEEN AN DISCIPLINE CONSENTS REQUEST FROM JOEY TO WOOD GROVE APP. THIS REQUEST IS STRANGE. SINCE I EVER ALREADY CONFIGURED CON CONSENT SETTING TO LEVER USER OOS PROVE LOW IMPACT PERMISSION LIKE READING BASIC PROFILE INFORMATION WOULD MY REVIEW REQUIRED WHY AM I STILL GETTING THIS REQUEST? I CHECK MY PENDING A DMRIN CONSENT

I NOTICE A FEW THINGS THAT OFF WITH THIS APP. FIRST OFF IT’S ALL BUT APP IS NOT PROSECUTE VERIFY PUBLISHER BUT USE NAME OF OUR ORGANIZATION IT LIKES REPLY URL IS GOING SITE NOT AFFILIATED WITH WOOD GROVE IT’S MARKED AS RISKY APP. I’M GOING TO REPORT THIS APP AND LAUNCH AN INVESTIGATION SINCE IT LOOKS LIKE AN ACTUALLY ATTACK AGAINST WOOD GROVE. JOEY PROBABLY WON’T BE GETTING A STANDING DESK ANY TIME SOON BUT AT LEAST WE’VE PROTECTED OUR DATA NOW I NEED TO REVIEW OTHER ACCESS REQUESTS. ESPECIALLY ARI MOAT ACCESS TO CORPORATE APPS FROM MY APPS PORTAL I’LL LAUNCH OUR SERVICE NOW DASHBOARD HERE I NOTICE SOME HELP DESK TICKETS FROM USERS UNABLE TO ACCESS THEIR ORACLE OOECHLT PS SUPPLY FOR SUPPLY CHAIN MANAGEMENT. THIS APP IS ALSO POSTED ON PREMISES ACTION USE HEADER BASE AUTHENTICATION. SO USERS ALWAYS RELIED ON NETWORK APPS TO GET TO THIS APP. NOW THAT WE HAVE AT TON OF USERS TRYING TO ACCESS THIS FROM HOME, IT’S NO WONDER THEY ARE HITTING ISSUES. TO GET THIS APP UP AND RUNNING FOR EVEN I’LL GO AHEAD ININTEGRATE DIRECTLY GO INTO ENTER PRIZE MR AND WHERE I’LL SEE AN OPTION TO USE APP PROXY TO ADD ON PREMISES APPLICATION. APP PROXY ALLOWS ME TO PROVIDE BOTH SECURE MODE ACCESS TO SINGLE SIGN-ON FOREHEADER BASED AUTHENTICATION I JUST NEED TO INSTALL ON PREMISES CONNECTOR WHICH LIGHT WEIGHT AGENT THAT THE GIVES ACCESS TO MULTIPLE APPS. SINCE I’VE ALREADY SET UP MY CONNECTOR I’LL SET UP REST HERE IN PORTAL. TO ENABLE REMOTE ACCESS TO APP I JUST NEED TO FILL OUT FEW FIELDS. SUCH AT NAME OF THE APPLICATION, THE INTERNAL URL FOR ACCESSING APP LOCALLY, WHICH THEN MAPS TO AN EXTERNAL URL FOR ACCESSING APP FROM INTERNET. ISLE AL MAKE PREOFFICE SETS SO AZURE AD WILL AUTHENTICATE ALL WERE REQUESTS TO APP FIRST THIS WAY ONLY VALID REQUESTS EVER REACH MY ON PREMISE ACCOUNT. WE CAN NOW LAUNCH THE APP FROM INTERNET VIA ANY BROWSER BUT I ALSO WANT TO SET HEADER BASE SINGLE SIGN ON SO APP WON’T PROMPT USERS TO SIGN IN AGAIN. HERE, I CAN SELECT HEADER BASED SINGLE SIGN-ON I MOO MY SING HE WILL SIGN ON MODE AND QUICKLY SET UP HEADER MY APPLICATION NEEDS. I CAN SEND ANY ATTRIBUTE IN AZURE AD AS HEAD OR USE TRANSFORMATIONS TO A MANIPULATE THE VALUES TO CRAFT EXACT HEADER I NEED. IN THIS CASE ORACLE EPS REQUIRES THE USER’S EMAIL SO I’LL GO AHEAD AND ADD THAT ATTRIBUTE AS A HEADER. LASTLY, LET’S CHECK OUT THE CONDITIONAL ACCESS POLICY BAILEY SET UP EARLIER. SHE CAN CONFIGURED POLICY TO COVER ALL CLOUD APPS THIS NEWLY INTEGRATED APP WILL ALSO BE PROTECTED. NOW USERS WITH HIGH RISK WILL BE REQUIRED TO PROVIDE THIS APP IS NOT CONFIGURED WITHOUT SECURED WITH MY CONTINUE POLICY GREAT ORACLE EPS IS NOW READY FOR REMOTE ACCESS AND SINGLE SIGN ON >> LET MY IM JOEY ABOUT THIS GREAT NEWS. HEY JOET WE JUST INTEGRATED ORACLE CAN YOU GO MY APPS PORTAL AND GIVE IT A TRY? >> HEY JASMINE NICE. LET ME GIVE IT A TRY. NICE I CAN THANK YOU SO MUCH. I WANT TO ASK BY MY STANDING DESK. THAT YOU EMAIL I GOT. >> SO, ABOUT THAT NO STANDING DESK BUT YOU CAN AT LEAST ACCESS YOUR APPS FOR WORK >> HUH. OKAY. LET ME ASK MY BOSS FOR A STANDING DESK. NOW BACK TO JOY. >> THANK YOU, JASMINE AND JOEY THIS PANDEMIC HAS SHOWED US THAT WE CAN NO LONGER PICK AND CHOOSE WHICH USERS OR APPS GET REMOTE ACCESS SUPPORT. ALL OF YOUR USERS WORKING FROM HOME NEED TO ACCESS ALL OF THEIR APPS SECURELY. AZURE AD AND OTHER FEATURE THAT IS YOU JUST SAW WILL HELP YOU DO JUST THAT. WE HAVE TALKED ABOUT VERIFYING AWE TENT INDICATION REQUEST AND ZERO TRUST WORLD. BUT AS MORE OF OUR INTERACTIONS TURN DIGITAL HOW DO WE VERIFY INFORMATION THAT WE USUALLY SHARE WITH PHYSICAL STORMS LIKE PASSPORTS, DIPLOMA OR OTHER TRUSTED DOCUMENTS? WE NEED A DIGITAL MECHANISM FOR VERIFYING SUCH CREDENTIALS. BUT THE SYSTEMS WE HAVE TODAY LEAD JUST TOO MUCH ROOM FOR DATA LOSS OR MISUSE. WE BELIEVE THESE CENTRALIZED IDENTIFIERS AND VERIFIABLE CREDENTIALS ARE THE ANSWER. AND THIS IS A COMMUNITY EFFORT. BUILT ON NEW OPEN STANDARDS AND AN EASILY INTEGRATE WITH YOUR EXISTING IDENTITY SYSTEMS. IT USES AN OPEN SOURCE BLOCK CHAIN SOLUTION THAT IS DESIGNED SO THAT NO SINGLE ORGANIZATION OWNS OR CONTROLS IT INCLUDING MICROSOFT. AND THIS IS ALREADY BECOMING REAL. WE ARE PARTNERING

WITH EDUCATIONAL PROGRAM THAT HELPS U. S. MILITARY VETERANS AND RETIRING SERVICE MEMBERS ENRO UNTIL HIGHER EDUCATION TO JUMP START THEIR CIVILIAN CAREERS. NEITHER U. S. EMPLOYERS NOR ACADEMIC INSTITUTIONS HAVE A CONVENIENT WAY TO ACCESS THE SKILLS, THE EXPERIENCE OF MILITARY TRAINING CANDIDATES. SO OF THEM HAVE TO GO TO THREW LENGTHY VALIDATION PROCESS TO COLLECT AND SUBMIT MULTIPLE FORMS OF CREDENTIAL AND DOCUMENTS. AND MOSTLY ON PAPER. AND THIS CAN TAKE MONTHS. VERIFIABLE VERY KRE DOZEN SHALL MACE A SKILLS THAT SERVICE MEMBERS GAIN ON CLASSROOM OR ON JOB. MAKING THIS PROCESS FULLY DIGITAL NOT ONLY SAVE SERVICE MEMBERS WEEKS OF WAITING IT ALSO GIVES THEM CONTROL OVER THEIR DATA. AND UNIVERSITIES DO NOT NEED TO COLLECT, STORE OR PROTECT SERVICE MEMBERS’ RECORDS THIS PARTNERSHIP IS ESPECIALLY MEANINGFUL FOR US AT MICROSOFT. AND FOR ME PERSONALLY. MICROSOFT SOFTWARE AND SYSTEM ACADEMY, WHICH WE CALL MSASS PROGRAM HAS BEEN A GREAT SOURCE OF TALENT MORE IF I TEAM. WE WANT TO HELP MORE SERVICE MEMBER FINDING THEIR NEW CAREER OTTO SHOW U HOW THIS LOOKS LIKE, I WOULD LIKE TO WELCOME MELANIE AND JOEY WHO IS A GRADUATE OF OUR MSSASS PROGRAM >> AS A VETERAN, I’M EXCITED TO TALK ABOUT THIS NEW TECHNOLOGY THAT WILL BE HELPING OUT OUR VETERAN COMMUNITY. IN THIS DEMO I’M PARTICIPANT OF A U. S. DEPARTMENT OF DEFENSE EDUCATION PROGRAM. WHERE I WILL BE RECEIVING MY VERIFIABLY CREDENTIALS NOW LET’S SEE HOW EASY IT WILL BE FOR SERVICE MEMBERS VETERANS LIKE ME TO VERIFY THEIR SERVICE RECORD OR TRANSCRIPT. IN THIS DEMO I AM WORKING ON BEHALF OF ALICE SMITH I LOG INTO A WEBSITE, SO RECEIVE MY QR CODE. I ACTIVATE THE CREDENTIAL WITH MY AUTHENTICATOR APP. NOW I CAN SCAN THE CODE WITH MY APP, AND ADD THE CARD BY PROVIDING MY SIGNING IN AND PROVIDING BIO METRICS TO PROVE IT’S ME. NOW YOU CAN USE VERIFIABLY CREDENTIAL FOR APPLYING TO UNIVERSITY IN MY CASE TRIDENT UNIVERSITY WHERE I NEED TO FINISH MY APPLICATION ALL OF THIS IS VERY SIMPLE NOW, NO SENDING OF TRANSCRIPTS AND WAITING WEEKS. I CAN SCAN A QR CODE TO ALLOW ACCESS TO MY TRANSCRIPT. STORED IN MY APP. WITHIN SECONDS IT’S VERIFIED WHAT I LOVE MOST I MY PERSONAL INFORMATION STAYS WITH ME UNIVERSITY DOESN’T NEED TO KEEP IT PROTECT IT I CAN REVOKE ACCESS TO MY DATA AT ANY TIME. I’M LOOKING FORWARD FOR THIS NEW EXPERIENCE AVAILABLE TO ALL SERVICE MEMBERS AND VETERANS TO MAKE EASIER FOR THEM TO START THEIR CIVILIAN CAREERS. NOW MELANIE IS GOING IT TO SHOW US HOW TO SET THIS UP AS N DISCIPLINE. >> THANKS, JOEY HI I’M MELANIE I’VE WORKING THIS FOR LAST COUPLE OF YEARS. SO I’M REALLY EXCITED TO SHOW YOU THE EXPERIENCE FOR THE CREDENTIALING TEAM THAT RUNS THIS TO START USING THIS NEW TECHNOLOGY WITH SOME FAMILIAR AZURE TOOLS. TO ASH VERIFIABLE CREDENTIAL AS YOU NEED AZURE ACTIVE DIRECTOR SUBSCRIPTION AND AZURE KEY FAULT I WILL START AZURE PORTAL AND FOLLOW THESE THREE STEPS. FIRST I’M GOING TO CLICK ON AZURE KEY FAULT. HERE’S THE ISSUER KEY VAULT FOR VERIFIABLE CREDENTIAL I CAN GENERATE AND THE MUST BE MY KEYS HERE THAT ARE PROTECTED WITH CRYPTOGRAPHY. I CAN AN AND A PUBLISH DECENTRALIZED IDENTIFIER AND PUBLIC KEY TO DISTRIBUTED LEDGER TO MANAGE SIGNING RECOVERY AND UPDATES FOR MY DECENTRALIZED IDENTIFIER NEXT I NEED TO CREATE MY VERIFIABLE CREDENTIAL AND CONFIGURE THE PROPERTIES SUCH AS NAME RULES AND DISPLAY. ON LEFT ARE THE CREDENTIAL DETAILS ON RIGHT IS CODE WITH A TWO FILES YOU NEED TO CREATE ONE FOR RULES AND ONE FOR THE DISPLAY. LET’S START WITH THE RULES FILE SIMPLE JSON FILE VERIFIABLE CREDENTIAL BEING INCLUDE R. INCLUDES INFORMATION CREDENTIAL ISSUER’S STATION AND VALIDITY INTERVAL AS YOU CAN SEE, IT INCLUDE AS MAPPING TO THE NAME EMAIL HIGH SCHOOL ATTENDANT AND THE GRADUATION YEAR TO ESTABLISH PROPERTIES OF MY VERIFIABLE CREDENTIAL THEN THE THIRD STEP IS TO CONFIGURE LOOK AND FEEL FOR THIS DREN SHALL CREDENTIALS WILL BE PLAYED AND AT CARDS IN MICROSOFT AUTHENTICATOR APP LIKE JOEY JUST SHOWED YOU. HERE IN MY CARD DISPLAY FILE I USE THE COLOR ICON AND A DESCRIPTION TO MATCH THE LOOK AND FEEL LET USERS KNOW HOW TO USE IT. NOW, MICHAEL

LOWING FROM TRIDENT UNIVERSITY ALREADY INFORMED ME THE WORK COMPLETED ON THEIR PART. AS A VERY FIRE THEY ALSO NEEDED TO DOWNLOAD THIS S AND CEIL THEIR OWN IDENTIFIER AND AN UPDATE THEIR APP TO REQUEST PERMISSION TO ACCESS THE INFORMATION. SINCE BOTH PARTIES HAVE NOW JUST COMPLETED THE WORK WE ARE READY TO VERIFY TRANSCRIPTS DIGITALLY AND SECURELY WHILE RESPECTING THE APARTMENTS R. PARTICIPANTS’ PRIVACY. NOW BACK TO YOU YOU JOY >> THANK YOU, JOEY AND MELANIE. SOON, EVERYONE WILL BE ABLE TO A ROLL OUT THIS NEW TECHNOLOGY IT THAT IS BEEN A CRAZY YEAR SO FAR SO INTENSE AND SO MUCH HAS CHANGED IN SUCH A FAST PACE. SO ONE THING WE KNOW FOR SURE, COVID HAS TAUGHT US IS THAT WE NEED TO KEEP YOUR USERS SECURE WHEREVER THEY ARE AND THIS IS COLLECTIVELY OUR NUMBER ONE JOB. SO TO RECAP, HERE KEY STEPS YOU SHOULD TAKE TO SECURE YOUR REMOTE ACCESS. CHECK YOUR SECURE BES AND ENABLE CONDITIONAL ACCESS CONNECT ALL OF YOUR APPS. AND GET READY FOR WERE VERIFIABLE VERY CREDENTIAL YOU ONLY DO ONE THING PLEASE TURN ON FMA. NO MATTER HOW THE NEW NORMAL UNFOLDS AFTER THIS PANDEMIC, I OOI IDENTITY AND CURE ACCESS SOLUTION WILL CONTINUE TO PLAY CRUCIAL ROLE IN KEEPING YOUR USERS AND ORGANIZATIONS SAFE. LET’S STAY CONNECTED, CONTINUE TO GIVE US FEEDBACK ON WHAT YOU NEED, AND WE WILL KEEP WORKING SIDE BY SIDE TOGETHER. THANK YOU SO MUCH EVERYONE. JOIN THE OF YOUR IGNITE