November 6-7, 2017 NEW YORK
≡
Mobile workforce, cloud applications, and enterprise digitization challenge identity professionals. If you are faced with securing and operating identity platforms, Hybrid Identity Protection Conference is the event for you.
Register Now |
Hybrid Identity Protection Conference offers identity professionals an opportunity to discover new possibilities and technologies around directory services in the on-premises, cloud, and hybrid enterprise. |
 |
Learn from and interact with the world's leading experts and see what cutting edge industry professionals are doing to revolutionize identity management and protection in the modern organization. |
 |
Acquire critical technical knowledge, discover best practices, and interact with your peers facing the same complex IAM needs in organizations with increasingly evolving and demanding requirements. |
Sean Deuby is an identity architect for Edgile, Inc., where he focuses on enterprise cloud identity and Active Directory solutions. Sean is a Microsoft MVP in the directory services and enterprise mobility expertise areas for 14 years.
Gil Kirkpatrick is the CTO at ViewDS Identity Solutions. Gil has been lead developer, architect, or product manager for several of the IAM industry’s leading products, and a Microsoft Directory Services/Enterprise mobility MVP for the last 14 years. Gil is known for his articles in Windows IT Pro, the book Active Directory Programming, and as the founder of the Directory Experts Conference.
Darren Mar-Elia is Head of Product at Semperis. Darren has 30 years of experience in enterprise IT and software and has been a Cloud and Datacenter MVP for the past 14 years.
Brian Desmond is a Principal Consultant with Ravenswood Technology Group. He is also the author of O’Reilly’s Active Directory book and a Microsoft MVP for Identity and Access Management.
Sean Metcalf is CTO at Trimarc Security, LLC and one of ~100 people globally who holds the Microsoft Certified Master Directory Services (MCM) certification. Sean presented on Active Directory attack and defense at Black Hat, Bsides, DEF CON, DerbyCon, Shakacon and Sp4rkCon security conferences.
Allen Brokken is a 20+ year Security and Identity veteran and is the Chief Architect, CyberSecurity at Ascent Solutions. He has consulted with some of the largest companies to help build successful Security Strategies both at Ascent Solutions and as an Enterprise Architect at Microsoft.
Joe Kaplan is an Identity Architect in Accenture’s internal IT organization where he focuses on solving real world problems for a large, complex business. Joe is a Microsoft MVP in Enterprise Mobility and is a co-author of the .NET Developer’s Guide to Directory Services Programming.
Sander Berkouwer is an identity architect from the Netherlands, focusing on Azure, Active Directory and Azure Active Directory. Sander is a Microsoft MVP and Veeam Vanguard.
John Savill is a Principal Solutions Architect, 11-time MVP, and MCSE for Azure Infrastructure and Windows Server 2016. He's also Azure certified, ITIL certified and a CISSP. John is the author of FAQ for Windows and a senior contributing editor to IT Pro, as well as the author of eight books including Mastering Azure Infrastructure Services (Wiley).
Roelf Zomerman is a Microsoft Cloud Solution Architect, specializing in the architecture of complex solutions in Azure and on-premises products such as Active Directory, Exchange, Windows Server products and other Microsoft solutions. Roelf is one of very few globally who was awarded with the Microsoft Certified Master Certification in Active Directory Services.
Tomasz is a technology expert on digital identity and governance, leading and advising for IT projects worldwide. With over 17 years of experience in identity area, and multiple MVP titles, Tomasz is leading Predica in its technical choices and directions as CTO.
Peter Geelen is an independent consultant in Security, Identity & Access and Privacy management at Quest For Security. Peter has over 20 years of experience in enterprise security and architecture, identity and access management, information protection, cybersecurity, corporate security policies, and cloud security and privacy management. Peter is a 5-time MVP for Identity & Access, ISO27001 Master, and Certified Security Trainer.
Jorge has a very strong focus on and passion about Microsoft Identity & Access Management technologies, both on-premises and in the cloud. He blogs at “Jorge’s Quest For Knowledge!” and has been a Microsoft MVP for Identity and Access Management since 2006.
Michael is an Active Directory Security expert who works at Microsoft as a Premier Field Engineer. He is also the author of the DSInternals PowerShell module.
Daniel is a Program Manager at Microsoft’s Azure AD Product Group’s Customer Success Get-To-Production responsible for Proof of Concepts and competitive efforts. Before moving to US, Daniel was a Premier Field Engineer, Consultant, and Microsoft MVP in Management Infrastructure.
With over 15 years of experience in the Identity and Access Management (IAM) field, Guy leads the technical solution strategy and engineering for Semperis.
Mickey brings to Semperis a vast experience in the enterprise software field, stretching back from his management roles in the Israeli Defense Force Navy computing technical unit, over a decade ago.
| 08:30-09:45 am - Registration, breakfast, networking | ||
| 09:45-10:00 am - Opening remarks and welcome, Gil Kirkpatrick | ||
| 10:00-11:00 am - Attacking Active Directory: New Tools and Techniques for Using your AD Against You, Darren Mar-Elia | 10:00-11:00 am - Beyond the Border: Protecting Office 365 Data in a Modern World, Brian Desmond | |
 Darren Mar-Elia | Head of Product, SemperisIn this talk, Darren will discuss and demo recent “red team” tools that let attackers mine your AD for information about how to attack you and move throughout your environment. He’ll also present some strategies and best practices for minimizing these types of information-mining attacks. |
 Brian Desmond | Principal, Ravenswood Technology GroupIn today’s world, end users expect to be able to work in almost any location with the device of their choosing. With key corporate data in the cloud, enforcing traditional perimeters inside the firewall and on corporate owned devices is no longer possible. In this session, you’ll learn how to extend the native security and information protection capabilities of Office 365 with Microsoft’s Enterprise Mobility Suite (EMS). We’ll discuss multi-factor authentication and conditional access with Azure Active Directory Premium (AAD-P), securing corporate data on mobile devices and personal computers with Intune, and data classification and protection with Azure Information Protection (AIP). |
|
| 11:00-11:30 am - Coffee break | ||
| 11:30 am-12:45 pm - Case Study: Integrating Two Companies while Transitioning to the Cloud, Jorge de Almeida Pinto | 11:30 am-12:45 pm - Master Modern Authentication Troubleshooting, Joe Kaplan | |
 Jorge de Almeida Pinto | Identity Engineer/Architect/MVP, RabobankFrom an organizational perspective the integration of Rabobank International and Rabobank Nederland has ended. From a technical perspective the integration is ongoing. In this session we’ll discuss how some on-premises infrastructure components have been integrated/consolidated and how we set up the identity bridge for Rabobank between the on-premises AD and Azure AD. We’ll cover (at least) the following: AD, Exchange, Skype for Business, ADFS, Azure AD, Azure AD Connect, Azure AD Connect Health, Azure AD MFA Server, Azure AD Conditional Access, Azure AD Password Management, and Mobility. |
 Joe Kaplan | Identity Architect, AccentureModern authentication is essentially a set of approaches for implementing authentication using HTTP-based protocols and web user interfaces. It is part of the journey to Hybrid Identity but it can be frustrating to understand and especially troubleshoot when it is not behaving as expected. Fortunately, there are readily available tools and techniques for debugging HTTP-based protocols and we can use these to see what is going on under the hood. In this session, we’ll introduce some key concepts in HTTP itself, apply that to modern authentication on the Microsoft Azure AD platform and demonstrate practical techniques for understanding common problems with tools like Fiddler and HTTPWatch. |
|
| 12:45-01:30 pm - Lunch, networking | ||
| 01:30-02:30 pm - A Day in The Life of Active Directory Passwords, Michael Grafnetter and Guy Teverovsky | 01:30-02:30 pm - It's All About the Data: Protecting Corporate Data In The Wild, Sean Deuby | |
 Michael Grafnetter | PFE Identity & Security, Microsoft Guy Teverovsky | CTO, SemperisWhere does Active Directory store passwords? Are they encrypted and/or hashed? Can they be extracted? How does a password change work? Can it be reverted? There are many misconceptions regarding these topics, even among experienced Active Directory administrators. Join experts Guy and Michael during this deep-dive talk and find out how Active Directory handles your password. |
 Sean Deuby | Architect, Edgile Inc.According to Microsoft, 88% of organizations report that they cannot adequately protect data against cyber threats. At the same time, your users are clamoring to access this data from their mobile devices or external sharing applications both at work and away - without IT taking over their personal device. How do you reconcile these two seemingly opposing requirements? You must focus on protecting the data, not the device. In this session, Sean will show how important corporate data can be protected in BYOD scenarios and beyond with Intune mobile application management and Azure Information Protection. |
|
| 02:30-03:30 pm - Using advanced security in Azure AD with Privileged Identity Management and Identity Protection, John Savill | 02:30-03:30 pm - Virtualizing Domain Controllers in Hyper-V and Azure the right way! Sander Berkouwer | |
 John Savill | Principal Solutions Architect, Microsoft Technology CenterAs Azure AD becomes the core identity for the enterprise it’s critical that identity is well protected which includes solutions such as MFA but also better visibility into the account usage and removing standing privilege. In this session John will look at key aspects around maximizing security of identities and embracing just enough and just in time administration across your services and Azure. |
 Sander Berkouwer | Identity Architect and Microsoft MVPActive Directory Domain Controllers hold the keys to your kingdom. So how do you virtualize these castles of identity, without compromising on the requirements of your organization? This session shares the best practices for hardening, backing up, restoring and managing virtualized Domain Controllers on both Hyper-V, Azure Stack and in Azure Infrastructure-as-a-Service VMs, from the field, The information is based on the latest version of Azure and Windows Server 2016, like Shielded VMs, but will also show how the functionality of Windows Server 2012 and Windows Server 2012 R2 already allow for risk mitigation and availability, too, so you don't have to upgrade everything immediately, if you can't. |
|
| 03:30-04:00 pm - Coffee break | ||
| 04:00-05:00 pm - Modernizing the Enterprise Identity Platform, Gil Kirkpatrick | ||
 Gil Kirkpatrick | CTO, ViewDSActive Directory is without question the most successful IAM platform in history. Over its 20-year lifetime, AD has provided robust, scalable, and extensible IAM services to at least 80% of all enterprise IT organizations. But AD was designed for a different time and a different IT environment, and the rapid changes in enterprise IT have pushed AD to the "hey you kids, get off of my lawn!" stage of its life. In this session Gil will discuss what made AD successful, what it's fundamental weaknesses are today, and what to look for in an IAM platform that can serve enterprise needs for the next 20 years. |
||
| 05:00-06:00 pm - The Do’s and Don’ts of Deploying Azure Active Directory, Daniel Stefaniak | ||
 Daniel Stefaniak | Program Manager, Azure AD Product Group Customer Success, MicrosoftLearn the best practices of deploying Azure AD from the Azure AD Customer Success Team, who works directly with customers on some of the most difficult deployments worldwide. Please bring YOUR stories and questions. What are you doing that is successful or unsuccessful, and what can the Customer Success Team do to help? |
||
| 08:30-09:45 am - Registration, breakfast, networking | ||
| 09:45-10:00 am - Opening remarks and welcome, Darren Mar-Elia | ||
| 10:00-11:00 am - Detect and Respond to Active Directory Cyber-Breaches, Allen Brokken | 10:00-11:00 am - Azure AD Connect, The Dutch Connection, Sander Berkouwer and Roelf Zomerman | |
 Allen Brokken | Chief Architect - CyberSecurity, Ascent SolutionsIndustry statistics say cyber-breaches are a lot more common than we want to admit. And unfortunately, in most companies it can still take months to discover a breach. You may have taken every measure you can to protect your organization from hackers, but it doesn’t guarantee that no one will gain access to your Active Directory – and therefore, to the entire company. In this hands-on presentation you will learn how you can detect breaches immediately as they happen. You will see how to stop attackers in their tracks and bring your environment back to its pre-breach state. |
Sander Berkouwer | Identity Architect and Microsoft MVP Roelf Zomerman | Cloud Solution Architect, MicrosoftWith businesses adopting more cloud, how do you cope with the new identity challenges? How do you properly design and implement Hybrid Identity in real-world scenarios? In this first of two demo-packed sessions, two Dutchmen, Sander Berkouwer (Microsoft MVP) and Roelf Zomerman (Microsoft Cloud Solution Architect), explain the ins and outs of Azure AD Connect, the Microsoft’s free Hybrid Identity “bridge” product. Learn about the history of Azure AD Connect and why and what it does. See authentication scenarios supported by Azure AD Connect and how Azure AD Connect brings your colleagues and their devices to the cloud. You’ll receive useful tips and tricks to apply in your organization. |
|
| 11:00-11:30 am - Coffee break | ||
| 11:30 am-12:45 pm - Inside and Out: Make Your App Finally Work for You, Tomasz Onyszko | 11:30 am-12:45 pm - Azure AD Connect, The World Is Not Enough, Roelf Zomerman and Sander Berkouwer | |
 Tomasz Onyszko | CTO, PredicaApplication access was always a problem. VPNs, Remote desktops - we've seen it all. With cloud and identity right now we can finally make it work. See how Azure AD Web Application Proxy makes on-prem apps work for you regardless of place and if you are on-prem, cloud or business guest user in organization. Topics covers: Azure AD WAP, B2B, Ping Access, on-prem and Kerberos applications |
Roelf Zomerman | Cloud Solution Architect, Microsoft Sander Berkouwer | Identity Architect and Microsoft MVP Join Roelf Zomerman (Microsoft Cloud Solution Architect) and Sander Berkouwer (Microsoft MVP) for the second session in their Azure AD Connect series, where they open the door to the world behind complex Hybrid Identity architectures. (And to people who didn’t attend the first session, of course.) Like the Dutch explored the world, they explore the world of complex identity scenarios in multi-forest environments and alternate ImmutableID situations. Find out where errors come from and how to resolve them while we sail through the inner workings of the Azure AD Connect tool. We'll share the things you didn’t think were possible with Azure AD Connect, and dive deep into the tools. Are you looking to handle multi-forest scenarios, change the immutable ID or juggle with Azure AD Connects synchronization rules to cope with increasing business requirements, without losing your Microsoft support? This is your go-to session! |
|
| 12:45-01:30 pm - Lunch, networking | ||
| 01:30-02:30 pm - When Worlds Collide: Security in a Cloud-Enabled Environment, Sean Metcalf | 01:30-02:30 pm - Identity as the Control Plane, Joe Kaplan | |
 Sean Metcalf | CTO, Trimarc Security, LLCMany companies have gone ""To the Cloud!"" and many more are planning to move services into the cloud. This shift is typically focused on associated cost savings and reduced overhead. The question remains though: how does the cloud impact security? This session covers key cloud security concepts, some common hybrid cloud scenarios, and the potential security issues with leveraging cloud services. Also explored are ways to avoid common pitfalls, how to appropriately balance operations and security in a cloud world, and how to retain insight into cloud-based user (and potential attacker) activity. |
Joe Kaplan | Identity Architect, Accenture What do we really mean when we say “identity is the new control plane?” Yes, networks are still important but as more and more services shift to Internet-facing deployment models (both SaaS and corporate), the role of identity in controlling access to these resources comes to the forefront. In Azure AD, the Conditional Access feature provides the policy engine to manage user-based access. This session will focus on the key features of Conditional Access including multi-factor authentication, device-based authentication, risk-based authentication and location awareness for both workstations and mobile devices. |
|
| 02:30-03:30 pm - Protecting Active Directory Infrastructure against Petya and Her Friends, Michael Grafnetter | 02:30-03:30 pm - The IT Pro as SaaS Wrangler: Gaining Control of Your Company's Grassroots SaaS Usage, Sean Deuby | |
|
Michael Grafnetter | PFE Identity & Security, Microsoft Many companies have struggled to restore their business-critical services like Active Directory or Exchange for weeks after the (Not)Petya malware outbreak. What could they have done better to prevent such catastrophes? And what can be done when all DCs, including their backups, get lost? |
Sean Deuby | Architect, Edgile Inc. 80% of employees admit to using unauthorized SaaS applications. Generally, they aren't being malicious; they're just trying to get their work done. But it's critical that you become aware of what SaaS apps your users are using, the relative risk each app creates, and control what happens to your data in those apps. In this session, Sean will show you how to use Microsoft Cloud App Security to quickly (and at no cost) gain insight into your all your organization's SaaS app usage - not just the ones you think you know about. |
|
| 03:30-04:00 pm - Coffee break | ||
| 04:00-05:00 pm - Forget about compliance! Only the GDP mindset will keep you alive , Peter Geelen | 04:00-05:00 pm - AAD Pass-through Authentication & SSO authentication – without ADFS, Roelf Zommerman | |
 Peter Geelen | Managing Consultant in Security, Identity & Access and Privacy, Quest For SecurityWith the 2018 GDPR deadline in focus, many businesses with EU customers are feeling like a rabbit frozen in the GDPR headlights… But it’s not the ‘R (regulation) that matters, the GDP does. In this fastmoving era of cloud and data centers, information is flowing like water, and perimeter security is so Y2000. Join this presentation to learn how you can leverage best practices to build an end-to-end, layered security, and avoid information spills. |
Roelf Zomerman | Cloud Solution Architect, Microsoft There are multiple options for authenticating users against Azure AD. Not replicating passwords meant you had to deploy a federation service, which also gave you Single-Sign-On. But today, more options are available, which will be detailed in this Azure AD authentication session. Think you still need ADFS? Come and find out! |
|
| 05:00-05:30 pm - Conference closing remarks, Mickey Bresman | ||
Hybrid Identity Protection Conference 2017 offers a unique opportunity to spend two days on site in New York with your peers, whose day-to-day job is to architect, manage, and protect identity management in the hybrid enterprise. You will also be able to meet face-to-face with the leading experts of your field, acquire in-depth technical knowledge, and be exposed to the latest innovation.
Meet key industry experts
Listen to relevant presentations
Expand your technical knowledge and explore possible strategies
Network with your peers from similar organizations
Semperis is an enterprise identity protection company that helps recover enterprises from cyber breaches and identity system failures, on-premises and on cloud. Semperis' leading technology enables organizations to ensure the secure operation of their directory services, allowing IT and Security teams to respond in cases of Active Directory disasters and cyber breaches. Founded in 2013 by experienced IAM professionals, Semperis serves customers in the financial, healthcare, government and other industries worldwide. Semperis' solutions are accredited by Microsoft and are included in the latest Gartner reports.