Hello, I'm Alexei Simmonds I'm here today because usually this is a slot filled by Kim Cameron, but Kim unfortunately had some medical issues. He had to deal with minor ones. So I'm pitch hitting for, for Kim today, but I thought it was a great opportunity to come share with you. Some of the things that we're learning and the things we're seeing. I think I have a pretty optimistic view compared to some of the things that we've talked about already today and wanted to kind of point out some of the things we're learning.
The, we obviously, as Microsoft, we run a whole bunch of different kinds of businesses, both on premise and in the cloud. My team at Microsoft, the identity team is responsible for the Microsoft account cloud service. So that's about 900 million active consumer identities. We're responsible for the windows server active directory and the Azure active directory businesses as well.
So in the cloud, that's another 150 million active identities, but we're also doing a lot of the work that you may hear about in the conference as well. So my team is responsible for all of our standards work.
So if you know, Mike, or, you know, Tony Netherland, where there, and my team as well, and then later Daniel, later in the week, Daniel's gonna talk about some of the cool new things we're doing with blockchain based identity and, and some of the things we're doing there. So we have a pretty broad set of initiatives that we're working on, but I thought in particular, it might be interesting to talk about some of the things that we're seeing in the enterprise identity space and how that is affecting and changing. I think the requirements for modern identity systems.
So I always start this story with talking about, Hey, in the old world where, you know, we're kind of the world that we designed active directory for originally, right?
You had a relatively simple story, right? You had some kinds of on-premise servers and your users, devices, apps, and data, all kind of lived inside a simpler world, at least. And the boundary of that was kind of your DMZ and your firewall and things like that. Unfortunately, or fortunately, in terms of the opportunity available, we live in a much more complex world now.
And I think we can all see a world where in five or 10 years, every major organization in the world will have nodes of compute that they're using to get their jobs done. Right? So you might have a node of compute on premise that's your private cloud, and that you've become very efficient at running, but you'll also have nodes of compute in Amazon and in Azure and in salesforce.com and office 365 and lots of other services, right? Like if that is clearly the world that we're headed toward and you'll have lots of different kinds of devices wanting to access those services.
So some of those devices will look like the devices we know today, iOS devices and Android devices and PCs, but increasingly they'll look like new things. They'll look like Amazon echoes, or they will look like thermostats or they'll look like washing machines and you need a way to coordinate across all of these different devices. And then finally you'll have lots and lots of people who you want to interact with digitally.
And I, Kim would talk about this as the API economy, the world where all of your customers and your partners and your employees expect to be able to interact with you digitally from the devices they love, or that are built into their houses or things like that, using the identities of their choice, right? The identity that's well suited for the use case.
So in some cases that might be a, an identity rooted in active directory, but increasingly that'll be identities rooted in lots of other things, that'll be identities rooted in the cloud with things like Google or things like Microsoft accounts, that'll be identities root rooted in national ID systems, right?
There'll be lots of different places where you, those kinds of identities you'll need to be able to interact with, ate with seamlessly. And you wanna bring this all together in a way where you can have consistent policies.
You can have consistent security and monitoring, particularly as Martin was talking about earlier, as we get to a world where essentially you have to assume breach and then be really good at monitoring for anomalous behavior, right? You can't just look for the known pattern, which you have to know is what does normal look like? And then rely on things like machine learning and, and AI to show you the things that are anomalous behavior, the new attacks that you can't see.
So you wanna be able to bring all of these different interactions together in one place that you can monitor with one great machine learning and AI system to show you what's going on in a consistent compliant manner.
And we think of this as the interconnected identity system. One that I think today on premise systems are poorly suited for, but they're an emerging set of cloud services with very different architectures that are well suited for this. And when I, we talk about this as identity as the new control plane, not the security perimeter.
I think as Patrick was talking about earlier, though, I loved Patrick's recommendations. If you're running active director on premise, please, please follow the best practices that Patrick outlined. That's certainly what we do at Microsoft. But when we talk about identity as the new control plane, we think that identity plays this glue role in making it possible to coordinate across that very rich set of identity.
And we think of that rich set of identity, being all about the user and the devices that they use, but also the applications that they access and the places that they access from the times of day that they access.
All of that information helps you as an organization, make really good choices about who should be able to get to what to do what when informed by both corporate policy and by security and risk analysis of the actions that are about to be taken.
Now, if you think about that picture, I drew about the nodes of compute. There's really four fundamental shifts happening here. One is from a world of centralized, on-premises it to a world of decentralized nodes of compute, where you'll be able to essentially harness different kinds of compute opportunities all around the world, seamlessly a world that is essentially internally focused on enterprise employees to one that is permitless where you need to be able to interact seamlessly with your partners, your customers, and your employees.
And particularly when every major customer I talk to has lots of customers who look like small businesses who look like partners and are almost indistinguishable, cuz once you get into the small business and medium size market, the difference between a cus, a consumer and a, and an employee is almost indistinguishable, right?
And you need a way to be able across that whole per enterprise, including your smallest vendors and all of your customers to coordinate a world where platform level integration is no longer the key, like building everything up on windows server or everything up on Oracle or everything up on IBM. Isn't really the key anymore. A world where standards based integration is the key. And I'm gonna spend a lot of time talking about this, but this I think is the kind of the, the happy, great news that we're at.
And the big turning point we're at is the state of the standards in the identity business and how far we've come in the last 10 years. And then finally a world where maybe you thought about managed PCs to a world where you think about governed devices and by a governed device.
I mean, rather than putting the device into a set state, being able to have the device attest to you, the state that it is in, in a way that's secure and you know, that is protecting your corporate data or your customer's data or your partner's data appropriately.
If you think about those four big shifts that leads us to a whole set of design imperatives in the systems that we build that have to be different, right?
So if you're building for a permitless enterprise, that means that the identity system underlying it needs to be suitable for business to customer business, to employee and business, to business, and the broad kind of gray spectrum that there is there we've for all of the, the millions and millions of enterprise identities and partner identities and consumer identities. We manage, we've never been able to find a clean line where the consumer starts and the partner ends and the enterprise starts and the partner ends like it's just, they're just identities.
You know, every, let's say every major auto manufacturer in the world needs sales people at their, at their dealer networks to be able to log in and look a lot like a business to business partner, but they also need those identities to be able to log in and take advantage of the special discounts they give for buying a car.
And they want them to have that same kind of end user consumer experience when they do that. So you really have to have a, you have to think differently about a service that's designed to run across all of those different constituents.
It has to be a system that's designed for heterogeneous environments, the world of a simple it's all windows, or, you know, maybe once upon a time it was all something else. It just doesn't exist anymore. It has to be agile and transparent, right? The speed of business is accelerating. We wanna move to a world where you can very quickly adapt the policies and the way that these systems work and be able to interlock them very quickly. And at any time, be able to essentially query the system and say, look, tell me what state you're in and what's going on, right?
Like what are the policies I have in place?
What are the applications people are using? What are they doing with all those things and have the system reliably attest to you exactly what state it's in and all of the decisions it's made for you. Obviously you need a, you need a system that's designed to house and take care of billions of devices and a world that supports the core concept of people being able to bring their own identities with them.
Now you may, as the, as the, you know, as the owner of the system, you probably wanna specify which identities you trust for which kinds of things, but fundamentally the under underlying infrastructure needs to let you seamlessly interconnect with any of the standards based identity providers. And so then this leads us to a set of architectural imperatives that we use. So the first is it has to be open standards based in all the ways you interact, interact with the system should be standards based.
It should be policy based and declarative.
We really wanna get rid of the need to write code any change in the system that's needed to run your business process should be done through configuration rather than code. That's a great place to be yet. And one that we think is very achievable.
In fact, we're well on the way to doing that, it has to be verifiable audible. And obviously these days it has to be GDPR compliance. It has to support the idea of trust frameworks and user journeys. Being able to lay out, Hey, what's the, how are we sharing data? What's the appropriate use of that data? What rights have we been given to use that data?
And then to like Ian was saying, plan the user journey, particularly when you're talking about consumers or your citizens, things like that, to be able to plan the user journey across multiple data sources in a way that essentially amalgamate and creates that rich consumer experience that we're all looking to provide.
It has to be inter interconnected with, with any identity system, right? Like I can't, you can't have a system that only works with Microsoft accounts or active directory accounts or with any other particular kind of counts. And it has to have essentially infinite scale, right?
You have to be able to deal with billions of things. So if you're talking about architectures that support hundreds of thousands of things like our traditional on-premise identity systems, you, that just doesn't work anywhere either you really have to get to the world of billions of consumers and billions of devices. So we think about these as kind of the guiding principles that lead the, the, that make this identity control plane in the cloud possible.
And of course, all of this then needs to be backed by really great machine learning and AI to spot both what's normal behavior and what's abnormal behavior. And I would define when we think about identity as the new control plane, this is the kind of, of service that we envision and we are building.
Now, we are at a very, very kind of exciting point in the open standards world that gives us the ability to build this system and actually make it work. I would claim that within the next 120 to maybe 180 days, every major piece of the underlying standards work, we need to be able to make this work will reach the point where either it's at RFC or it's very, very stable. So I think you can see a world where probably by October, right, we're in the position where all of the underpinning standards are now at the point that you can reliably work with them and make these kinds of things happen.
And that's a very, that's amazing, right? That's taken years and years of work by a lot of people. And I enjoyed Pamela's discussion earlier in the day and her pointing out some of the minor things that need to continue to be updated for instance, in the OAuth specs, which is great.
You always have to learn and keep going, but I'm so, so excited to where we are currently at in terms of turning the corner here and having these things be real. I thought I'd share with you some, some, some examples from us.
So for instance, with the development of oof two, we've now been able to very, very rapidly expand the number of identity providers that we can support in our system. In fact, in two days at our build conference, we're gonna announce support for any oof two open ID based IDP inside of Azure active directory with our identity experience engine. And then very quickly after that, within about 120 days, you'll see us be able to use that identity experience engine across all of the scenarios for Azure ad.
You'll be able to see it for employees, for consumers, for partners in kind of that, that mixed gray world I was talking about.
And of course we always have had great support for lots and lots of more traditional Federation servers and services, but this will give us the ability to hook into any SAML based Federation server as well. Right?
So the, the progress in these open standards puts us in a place where we can very, very rapidly add all of these new kinds of identity providers. It's super exciting. It also lets us build things like the Microsoft graph. So the Microsoft graph is the rest based API for accessing everything about me or you or everybody in, in the Microsoft cloud. And of course you have to have the appropriate oof scope permissions to be able to get to it. But this graph, for instance, knows me. It knows my mailbox. It knows my OneDrive. It knows where my email box is.
And so we can very quickly build interesting applications. Here's the one that's real. Is there sound
Alexa what's on my calendar today,
Today, there are 10 events remaining. Here are the first four events. There are four events in progress. Joyce. So customer visits May 1st, 2017 to may.
Third, 2017 is an all day event. Steve ATUs an all day event package from Amazon is an all day event. And Rhoda oof is an all day event. Do you want to hear more?
And that's not just a slide that actually works. You could all go home and try it tonight.
In fact, it's the single fastest growing application that uses Azure active directory today. Skim two, oh is also finding the point where it really is coming together and works. So we've used skim for our integrations with workplace, by Facebook and with slack. This has had a huge benefit for us. We can turn these connectors very, very quickly, right? So for what used to take us many months of work, we can now do in some cases as little as four weeks. And that means that we can now dramatically open up the surface area of applications that we can provision to.
This is just the set of things that we've done recently and that we'll do in the next 90 days. All right. So this standard is in great shape and really, really does do what it was promised to do.
This has led for us to an awesome place where all of this work lets us then expand out across a tremendous number of customers and get a lot of things done. But the thing I'm the proudest of is that we're in the we're right at the point where we're now transfer.
But with this embrace of open standards, we've been able to transition from being the directory that I think most people think of as for office and for Microsoft to really a identity provider for the cloud. This is our latest number. So in the month of April, 180,000 applications that were not written by Microsoft used Azure active directory to authenticate a user, right? All of this done through the same set of open standards, it's either O off two or SAML. That's the only things that we support for this right now, office is always the biggest app that people use with the directory.
But I think you might be surprised to know that the biggest third party app is Google apps, right? And we have a pretty long list here of apps that are used by many, many different enterprise customers as they U as they use this kind of open standards based approach to manage their, their presence in the modern world of cloud and devices. So finally, I'm gonna close now and just give you a chance to take a picture of this slide.
Again, if you're interested, we feel like these design imperatives and these architectural imperatives are really the key to achieving this world of an identity control plane for the world of cloud and devices. And we hope that you'll join us on this journey either as a customer or even just as a participant in the community, we would really, really encourage you to make sure that in your RFPs for SAS apps and for all your apps, you include requirements to support the modern standards.
Oof two and open ID connect skim two and 5 0 2, right?
Like these standards really are the things that enable this world of the cloud and devices to work. And then finally, we would love to have you particularly help us in the 5 0 2 oh standards. There are three sets of, of work here that are very close to completion.
The web, the W3C web authentication specification, the fi oh C a specification and token binding are all right at the point where with a little bit of push by the community, we can get those to a final stable point and enable them in all the Microsoft software at the Google software and a bunch of other places that I think will be fabulous. And this is all short term requests. These are things that you could do in the next 90 to 120 days. That by the time you get to October and November, you could take advantage of thank you for your time.
So I'm an office 65 user.
I'm a Google Google apps user. And of course I have some corporate stuff in my university, but I'm, I'm in, can I now use the identity provider I use Sy by the way? Yeah. Can I exchange now the identity provider for my own data or do, what do I need to do
Well? So if you're using sh with, for instance, you can federate sh with, to Azure ad, and then you could use that to manage the identities for all of those services. So we have plenty of customers, particularly in EDU space who use us to interop operate to authenticate both with Google apps and with officer 65 using Shiff.
So you'll see, in fact, over the next 120 days, you'll see an explosion. I think of the variety of identities that you can use with the service.
This is excellent. This is really great news. Thank you very much. Thank you.