ems-hpt template-v.1.0

Enterprise Mobility SuiteHybrid IdentityMobile Device ManagementAccess & Information Protection

Enterprise Mobility Suite

AgendaEnterprise Challenges


EMS Benefit

EMS Pricing

Q&A

Enterprise Challenges

of employees use personal devices for work purposes.*

of employees that typically work on employer premises, also frequently work away from their desks.***

of all software will be available on a SaaS delivery by 2020.**

66% 25% 33%

*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.

Mobility is the new normal

User Devices Apps Data IT

What’s Driving Change?

Protect your data

Enable your users

User IT

Unify your environment

Management | Access | Protection

Devices Apps Data

Empowering Enterprise Mobility

Protect your data

Enable your users

User ITDesktop

Virtualization

Access & Informatio

n Protection

HybridIdentity

Mobile Device & Application

Management

Empowering Enterprise Mobility

Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)

Mobile device management

Windows Intune

Mobile device settings management

Mobile application management

Selective wipe

Hybrid identity

Microsoft Azure Active Directory Premium

Security reports, and audit reports, multi-factor authentication

Self-service password reset and group management

Connection between Active Directory and Azure Active Directory

Access & Information protection

Microsoft Azure Rights Management service

Information protection Connection to on-premises assets

Bring your own key


http://www.surface.com/















Hybrid Identity

Connect between Active Directory and Azure Active DirectoryReport & Multi-factor AuthenticationSelf-Service Password



Windows Intune



Selective wipe

Hybrid identity








Bring your own key




Windows Intune



Selective wipe




Bring your own key


























Connect and Sync on-premises directories with Azure.

Azure Active Directory Connect*

Microsoft AzureActive Directory

Other Directories

PowerShell

LDAP v3

SQL (ODBC)

Web Services ( SOAP, JAVA, REST)

*

Your Directory on the cloud

Identity Synchronization with password hash sync

Identity Synchronization

AD FS

Delivering a seamless user authentication experience

User attributes are synchronized using Identity Synchronization services including a password hash, Authentication is completed against Azure Active Directory

Microsoft Azure

User attributes are synchronized using Identity Synchronization tools, Authentication is passed back through federation and completed against Windows Server Active Directory

Microsoft Azure

Pre-integrated SaaS apps in the application gallery

Microsoft Azure Active Directory2400+ Preintegrated popular SaaS apps.

Connect and Sync on-premises directories with Azure.

Easily publish on-prem web apps via Application Proxy + Custom apps through a rich standards-based platform.

Identities and applications in one place.

Web Apps (Azure Active Directory

Application Proxy)

SaaS apps Integrated custom apps

Other Directories

Your Directory on the cloud

Self-service Single sign on

•••••••••••

Username

Simple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On-premises

Microsoft Azure Active Directory

Hybrid IdentityBridging on-premises and Azure Active Directory

Security reporting that tracks inconsistent access patterns, analytics and alerts.

Built-in security features.

Monitor & Protect access

Security reporting that tracks inconsistent access patterns, analytics and alerts.

Built-in security features.

Step up to Multi-Factor authentication.

X X X X X

X X X X X

X X X X X

Monitor & Protect access

Any two or more of the following factors:Something you know: a password or PIN.Something you have: a phone, credit card or hardware token.Something you are: a fingerprint, retinal scan or other biometric.

Stronger when using two different channels (out-of-band).

Hardware token Certificates Smartcard Phone

0 1 2 3 4

What is Multi-factor Authentication?

An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication

Trusted by thousands of enterprises to authenticate employee, customer, and partner access.

What is Azure Multi-factor Authentication?

Mobile appsPhone callsText messages

ALERT

1 4 5 6 7 6

Azure Multi-factor AuthenticationHow it works

• Azure Multi-Factor Authentication stand-alone • Included in Azure Active Directory Premium

• Free for Azure administrators

• A subset of Azure MFA functionality included in Office 365

Where is Azure Multi-factor Authentication?

Manage your account

Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps

Empower Users

Manage your account

Self Service Password Reset and delegated group management for cloud users

Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps

Empower Users



Windows Intune



Selective wipe

Hybrid identity








Bring your own key



Windows Intune



Selective wipe




Bring your own key


Hybrid identityHybridIdentity

Demo



























Mobile Device Management

Conditional AccessMobile Device/Application ManagementSelective Wipe



Windows Intune



Selective wipe

Hybrid identity








Bring your own key

Introduction to Enterprise Mobility Suite


Hybrid identity








Bring your own key


























Microsoft IntuneBuilt-In

Device Management

Conditional Access

Selective Wipe

Built-In Microsoft Intune

Application Management

LoB app

User-centric approach

Mobile Device Management

Before mobile devices can access Office 365 data, they must be enrolled and healthy.

1. A user downloads the public OneDrive app on a personal iPad

2. The user is shown a page that directs them to enroll the iPad

3. The user steps through the enrollment process

4. The OneDrive app is now MDM enabled

5. The user is able to access their OneDrive data

Conditional Access

Device Polices• Control what mobile devices can connect to

Office 365 Data• Set device configuration policies such as pin

lock• Enforce data encryption on devices

Admin Controls• Built-In management in Office 365 Admin

Center, and PowerShell• Configure device policies by groups• Product level granular control

Device Reporting• Device compliance reports• Mobile usage and trends in our organization• API support

Device Management

Corporate

Complete mobile application management

• Securely access corporate information using Office mobile apps, while preventing company data loss by restricting actions such as copy/cut/paste/save in your managed app ecosystem

• Extend these capabilities to existing line of business apps using the Intune app wrapper

• Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Manage all of your corporate apps and data with Intune’s mobile device and application management solution

Personal

Managed Browser & Viewer Apps

MicrosoftIntune

Mobile Application Management

Mobile device management• Deploy certificates, WiFi, VPN, and email

profiles automatically once a device is enrolled for management

• Enable bulk enrollment of task-worker devices to set policies and deploy applications on a large scale.

• Provide a self-service Company Portal for users to enroll their own devices and install corporate apps

PC management• Provide lightweight, agentless management

from the cloud• Connect Intune to System Center 2012 R2

Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers, and mobile devices from a single management console

• Provide real-time protection against malware threats on managed computers

• Collect information about hardware configurations and software installed on managed computers

• Deploy software based upon policies set by the administrator

User

Additional Intune Capabilities

Managed Browser

Native E-mail

denied

Pasted1. Sara tries to set up her new unmanaged

tablet to connect to Exchange and is blocked.

2. She enrolls the tablet into Microsoft Intune and is then granted access to Exchange.

3. Sara tries to save attachment to OneDrive, and is blocked since OneDrive is not managed by IT.

4. She saves attachment to OneDrive for Business, which is allowed since it is managed by IT.

5. She tries to copy/paste content into a PowerPoint slide and is successful.

6. Sara tries to copy text from her attachment and paste it into another, unmanaged app. This action is blocked since this app is not managed by IT.

7. Sara later leaves the company, and a selective wipe is done on her tablet, removing corporate apps and data, while leaving her personal content on the device.

saved

PDF Viewer

Line of Business

App

AV Player

denied

How it works

1. An employee uses Office 365 apps and data on a mobile

device. The employee leaves the company.

2. The IT admin logins into Office 365 Admin Center to perform a

selective wipe

3. The Office 365 data is removed from the Office applications leaving

personal information intact

The IT admin can wipe Office 365 data from the user’s device. When they trigger the wipe, all of the data cached or stored by the apps will be deleted, while all of the user’s personal content remains intact.

Selective/Retire Wipe

Consistent Company Portal experiences across mobile platforms

Native Windows app package (.appx)

Available in the Windows Store

Windows Phone 8 Company Portal

iOS/Android Company Portal

Native Windows Phone 8 app (.xap)

Available in the Windows Store

Native iOS app

Available in the Apple Appstore™

WindowsCompany Portal

End User Experience

Platforms Windows 8 /Windows RT

Windows Phone 8 iOS Android

Line-of business apps (sideloaded)

*.appx *.xap *.ipa *.apk

Deep links to store apps – install from store

Web-shortcuts installed on device desktop

Yes Yes Yes Yes

Application Management on Mobile Dev



Windows Intune



Selective wipe

Hybrid identity








Bring your own key



Hybrid identity








Bring your own key

MDM

Demo


























Access & Information Protection

Azure Rights Management Service



Windows Intune



Selective wipe

Hybrid identity








Bring your own key




Windows Intune



Selective wipe

Hybrid identity






























Take advantage of hybrid options across Windows Server and Azure Rights Management service.

Integrate Microsoft SharePoint and Microsoft Exchange Server.

Automatically identify and classify data based on content with automatic encryption.

More securely share documents with colleagues and business partners.

Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients.

ServerFiles Services

ServerRights Management

Protect data with Rights Management

Integration with Office 2010/13

Across devices – Windows, iOS, Android

Windows Shell Extensions

Native Applications and Generic protection using Protected File (PFILE)

Custom administrator defined policies

I can protect and share information securely across device types

End User Experience with Rights Management

Sharing files using Azure RMS

Use Microsoft Azure RMS to securely share documents with colleagues and business partners Consuming Azure RMS protected files

Consuming RMS protected documents in Office 2013

Sharing documents securely

[email protected]

Email Receiver

Quartely_Sales_Report.xslxQuartely_Sales_Report.ppdf

A protected PDF copy is sent for easy access on all platforms

Sharing protected files with anyone

Choosing to get email notifications

Notification about unauthorized user

[email protected];

Notification about authorized user

[email protected] opened RMS blog post – Aug2014.docx.pdf



[email protected] was denied access to BudgetWithCharts.xlsx.pdf

[email protected] was denied access to BudgetWithCharts.xlsx.pdf

[email protected] was denied access to BudgetwithCharts.xlsx.pdf

Getting email notifications for document use

Apply access control Require authentication

Protect in transit

Protect at rest

Read/write/editScenario

Inte

grat

ed N

ative

App

s

Read only experience, but

still secure

Shar

ing

with

Pr

otec

ted

PDF

Application Integrate with RMS



Windows Intune



Selective wipe

Hybrid identity








Bring your own key




Windows Intune



Selective wipe

Hybrid identity





Azure Rights Mgmt

Demo


























EMS Benefits

Desktop EADomain-based identity management (single sign-on for on-premises applications).

Centralized PC management.

Information protection for on-premises Office deployments.

Desktop EA + Office 365Hybrid identity and single sign-on for Office 365.

Multi-factor authentication for Office 365.

Cloud-based information protection for Office 365.

Enterprise Mobility SuiteSecurity reports and multi-factor authentication.

Self-service password reset and group management.

Connection between Active Directory and Azure Active Directory.

Mobile device settings management.

Mobile application management.

Selective wipe.

Information protection.

Connection to on-premises assets.

ON-PREMISES SOLUTION CLOUD SOLUTION

EMS IT Manageability benefitsfor existing customers

CLOUD AND HYBRID IDENTITY MANAGEMENT

MOBILE DEVICE MANAGEMENT

INFORMATION PROTECTION

• Protection for O365 content• Protection for on-premises

Exchange SharePoint content

• Access to RMS SDK• Bring your own key

• Basic mobile device management via EAS• PIN enforcement• Device wipe

• Single sign-on for O365 • Basic multi-factor

authentication (MFA) for O365

• Protection for on-premises Windows Server file shares

• PC management• Mobile device management• Mobile app management• Certificate provisioning• Selective wipe

• Single sign-on for all cloud apps

• Advanced MFA for all workloads

• Self-service group management and password reset with write back to on-premises directory

• Advanced security reports• FIM (Server + CAL)


EMS IT Manageability benefits for O365 customers

EMS Pricing



Windows Intune



Selective wipe

Hybrid identity








Bring your own key



Windows Intune



Selective wipe

Hybrid identity








Bring your own key


Question?































ems-hpt template-v.1.0

Documents

group management connection

azureactive directory

application gallery

month limited time ea

promotion pricing

premises assets

audit reports

seat minimum purchase