方案和案例指南Solutions and Scenario Guides

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

使用 Microsoft 的存取,資訊的保護方案部署及跨先環境和雲端應用程式設定公司資源的存取權。With Microsoft's access and information protection solutions, you can deploy and configure access to corporate resources across your on-premises environment and cloud applications. 你就可以時保護公司的資訊。And you can do it while protecting corporate information.

存取和資訊保護Access and Information Protection

指南Guide 如何本指南協助您How can this guide help you
安全地存取的任何裝置上的任何位置公司資源Secure access to company resources from any location on any device 本指南顯示如何讓員工使用個人與公司裝置,安全地存取應用程式公司資料。This guide shows how to allow employees to use personal and company devices to securely access corporate applications and data.
加入的任何裝置 SSO 和順暢的第二個工作地點因數驗證跨公司應用程式Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications 員工可以在任何裝置上存取應用程式與地方,資料。Employees can access applications and data everywhere, on any device. 員工可以在瀏覽器應用程式或企業中使用單一登入。Employees can use Single Sign-On in browser applications or enterprise applications. 系統管理員可以控制者可存取應用程式、 使用者、 裝置和位置為基礎的公司資源。Administrators can control who has access to company resources that are based on application, user, device, and location.
管理其他多因素驗證敏感的應用程式的風險Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications 在本案例中,您可以根據針對特定應用程式的使用者的群組成員資格資料 MFA。In this scenario, you enable MFA based on the user's group membership data for a specific application. 亦即,您將會設定驗證原則聯盟伺服器上為需要 MFA 時的特定群組的使用者要求存取特定應用程式的網頁伺服器上。In other words, you will set up an authentication policy on your federation server to require MFA when users that belong to a certain group request access to a specific application that is hosted on a web server.
管理條件存取控制的風險Manage Risk with Conditional Access Control AD FS 中的存取控制係發行授權理賠要求規則發行允許或拒絕宣告將會判斷使用者是否可使用與或存取 AD FS 保護資源,或不會允許群組中的使用者。Access control in AD FS is implemented with issuance authorization claim rules that are used to issue a permit or deny claims that will determine whether a user or a group of users will be allowed to access AD FS-secured resources or not. 授權規則只能信賴廠商信任上設定。Authorization rules can only be set on relying party trusts.