1
00:00:05,120 --> 00:00:10,130
Windows Server 2016 has several new features as part of ads.

2
00:00:11,030 --> 00:00:17,420
These features help you make your ads environment more secure and migrate to cloud based or hybrid environments.

3
00:00:18,260 --> 00:00:19,910
Privileged Access Management.

4
00:00:20,780 --> 00:00:22,350
Privileged Access Management.

5
00:00:22,370 --> 00:00:25,400
Pam is based on Microsoft Identity Manager.

6
00:00:26,240 --> 00:00:31,550
Pam allows you to separate the permissions required for certain administrative activities from the permissions

7
00:00:31,550 --> 00:00:33,500
of the current ads environments.

8
00:00:33,500 --> 00:00:40,250
Members with PAM users request permission to perform activities that require privileged access.

9
00:00:40,250 --> 00:00:46,040
Instead of having that access granted on a permanent basis, granting those permissions can mean that

10
00:00:46,040 --> 00:00:50,840
you should provide additional authentication steps, such as multifactor authentication.

11
00:00:51,680 --> 00:00:57,200
When the user is gains access, the access is granted on a temporary basis through a shadow group in

12
00:00:57,200 --> 00:00:58,220
a bastion forest.

13
00:00:59,090 --> 00:01:04,760
The Bastion Forest is meant to be devoid of any access from hackers or any stolen credentials of privileged

14
00:01:04,760 --> 00:01:05,240
users.

15
00:01:06,110 --> 00:01:11,420
Because the user accounts do not have the required permissions on a permanent basis, there is a decrease

16
00:01:11,420 --> 00:01:16,850
in the possibility of a security breach, such as unlawful access by a malicious hacker who has stolen

17
00:01:16,850 --> 00:01:17,690
and administrators.

18
00:01:17,690 --> 00:01:18,290
Password.

19
00:01:19,130 --> 00:01:25,850
Additional reading for more information on Pam referred to privileged access management for Active Directory

20
00:01:25,850 --> 00:01:26,900
Domain Services.

21
00:01:27,810 --> 00:01:29,100
Azure ad join.

22
00:01:29,930 --> 00:01:36,890
As your Active Directory join Azure AD Join supports connecting on premises domain joined devices to

23
00:01:36,890 --> 00:01:40,370
Azure AD for improved cloud only and hybrid environments.

24
00:01:41,320 --> 00:01:45,760
For corporate owned devices, users no longer need a personal Microsoft account.

25
00:01:46,630 --> 00:01:53,110
Azure ad also supports connecting devices that normally cannot join an on premises domain such as mobile

26
00:01:53,110 --> 00:01:53,800
devices.

27
00:01:54,680 --> 00:02:00,140
Users can access the Windows Store with their on premises accounts and even with their personal devices.

28
00:02:01,050 --> 00:02:07,560
Support also exists for mobile device management, MDM setting up shared devices and imaging corporate

29
00:02:07,560 --> 00:02:08,400
owned devices.