enterprise mobility+security overview
TRANSCRIPT
Go mobile. Stay in control.Chris GenazzioDirector of Business Development
Enterprise Mobility + Security
Mobile-first, cloud-first reality
Data breaches63% of confirmed data breaches involve weak, default, or stolen passwords.
63%
0.6%IT Budget growthGartner predicts global IT spend will grow only 0.6% in 2016.
Shadow ITMore than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs.
80%
Is it possible to keep up?
Employees
Business partners
Customers
Is it possible to stay secure?
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
Is it possible to keep up?
Employees Business partners Customers
The Microsoft vision
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integratedApps
Devices
Data
Users
User freedomSecure against new threats Do more with less
Customers needMicrosoft Enterprise Mobility + Security
Identity – driven security Productivity without
compromiseComprehensive
solutions
Microsoft solution
ENTERPRISE MOBILITY + SECURITY
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Identity-driven Security
Data Breaches 63%
Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other directories
Windows ServerActive Directory
SaaSAzure
Publiccloud
CloudMicrosoft Azure Active Directory
1000s of apps,
1 identityProvide one persona to the
workforce for SSO to 1000s of cloud and on-premises apps
with multifactor authentication.
Manage access at scale
Manage identities and access at scale in the
cloud and on-premises
Enable business without bordersStay productive with universal
access to every app and collaboration capability and self service capabilities to
save money
Identity at the core of your businessIDENTITY – DRIVEN SECURITY
ShadowIT
Data breach
Security landscape has changedIDENTITY – DRIVEN SECURITY
EmployeesPartnersCustomers
Cloud apps
Identity Devices Apps & Data
Transition tocloud & mobility
New attack landscape
Current defenses not sufficient
Identity breach On-premises apps
SaaSAzure
IntelligentInnovativeHolistic Identity-driven
Addresses security challenges across users (identities),
devices, data, apps, and platforms―on-premises and in the
cloud
Offers one protected common identity for secure access to all corporate resources, on-premises and in the cloud, with risk-based conditional
access
Protects your data from new and
changing cybersecurity attacks
Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a
vast amount of datasets and machine learning in the cloud.
Identity anchors our approach to securityIDENTITY – DRIVEN SECURITY
Three steps to identity-driven security IDENTITY – DRIVEN SECURITY
1. Protect at the front doorSafeguard your resources at the front door with
innovative and advanced risk-based conditional accesses
2. Protect your data against user mistakes
Gain deep visibility into user, device, and data activity on-premises and in the cloud.
3. Detect attacks before they cause damage
Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
Protect at the front door
ConditionsAllow access Or
Block access
Actions
Enforce MFA per user/per app
LocationDevice state
User/Application
MFA
Risk
User
Azure AD Privileged Identity Management
Azure AD Identity Protection
IDENTITY – DRIVEN SECURITY
Protect your data against user mistakesIDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data on-premises and in the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data leakage from my mobile apps?
LOB app protection
DLP for Office 365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility and control of my cloud apps?
Detect attacks before they cause damageIDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security
Behavioral analytics
Detection in the cloud
Anomaly detection
Azure Active Directory Premium
Security reporting and monitoring (access & usage)
Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY
MicrosoftIntune
Azure Information Protection
Protect your users, devices,
and apps
Detect threats early with
visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security to your cloud and
SaaS apps
Manage identity with hybrid integration to protect
application access from identity attacks
MicrosoftAdvanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory Premium
Identity-driven security
Protect against advanced threats
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Managed mobile productivity
Unsecuredapps 80%
Manage and secure devicesOffice mobile appsData-level protectionUser self-service
Mobile device, application, and information protection
MANAGED MOBILE PRODUCTIVITY
Manage and secure mobile devices MANAGED MOBILE PRODUCTIVITY
• Conditional access• Device settings &
Compliance enforcement
• Multi-identity support
Access manageme
nt• Mobile app management
(w & w/o a device enrollment)
• File level classification, labeling, and encryption
Built-in security
• Office mobile apps• Familiar and trusted
Goldstandard
Mobile app managementMANAGED MOBILE PRODUCTIVITY
Managed apps
Personal apps
Personal apps
Managed apps Corporate
data
Personal data
Multi-identity policy
Personal apps
Managed apps
Copy Paste Save
Save to personal storage
Paste to personal app
Email attachment
Empower users to
make right decisions
Enable safe sharing
internally and
externally
Data level protection
Maintain visibility and
control
MANAGED MOBILE PRODUCTIVITY
Protect your data at all
times
Classify and label data based on sensitivity
MANAGED MOBILE PRODUCTIVITY
STRICTLY CONFIDENTIAL
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies, templates, and rules
FINANCE
CONFIDENTIAL
Add persistent labels defining sensitivity to files
Classify data according to policies – automatically or by user
Manage your account, apps and groups
Company branded, personalized application Access Panel: http://myapps.microsoft.com+ iOS and Android Mobile Apps
Making the lives of users (and IT) easierMANAGED MOBILE PRODUCTIVITY
Self-service password reset
Application access requests
Integrated Office 365 app launching
Managed mobile productivity
Secure access to company data with maximum productivity
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Comprehensive solution
Global IT Budget growth 2016 0.6%
Comprehensive. Integrated. Cost Effective.
COMPREHENSIVE SOLUTION
Integrates with what you haveSimple to set upEasy to maintainSaves you money
Protect users, apps, data, and devicesCOMPREHENSIVE SOLUTION
Employees Business partners Customers
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integrated
Apps DevicesDataUsers
Always up to date• Real-time updates• Keep up with new
apps and devices
Works with what you
have• Support multiple platforms
• Use existing investments
Simple to set
up and connect
• Easy, secure connections
• Simplified management
Flexible architecture that just worksCOMPREHENSIVE SOLUTION
Simple set up with FastTrack
FastTrack will:Retain control of sensitive documents locally and over emailAutomatically protect mail containing privileged informationEnsure files stored in SharePoint are rights protected
EnvisionDefine your vision and plan for a successful rollout
Azure Rights Management
FastTrack will:Setup and deploy mobile app management policies to help prevent Office 365 data leakageSetup and deploy device security policies like pin or device encryptionIntegrate on-premises System Center Configuration Manager with IntuneEnable conditional access and compliance policies to control access to data
FastTrack will: Get organizational identities to the cloudSet up single sign-on for test apps (including Azure Active Directory Application Proxy apps)Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site
Azure Active Directory Premium
Microsoft Intune
OnboardMove to EMS smoothly and with confidence
Drive ValueBoost user engagement and manage change
FastTrack is included with EMS to accelerate your deployments
COMPREHENSIVE SOLUTION
Comprehensive solution
Stay secure and maximize your budget
COMPREHENSIVE SOLUTION
ENTERPRISE MOBILITY + SECURITY
Holistic, intelligent, innovative security to keep up with new threats.
Identity-drivensecurity
Secure your enterprise fast – while keeping what you have and saving money.
Comprehensive solution
Encourage secure work habits by providing the best apps with built-in security.
Managed mobile productivity
Enterprise Mobility + SecurityInformation protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information Protection Premium P2Intelligent classification and encryption for files shared inside and outside your organization(includes all capabilities in P1)
Azure Information Protection Premium P1Encryption for all files and storage locationsCloud-based file tracking
Microsoft Cloud App SecurityEnterprise-grade visibility, control, and protection for your cloud applications
Microsoft Advanced Threat AnalyticsProtection from advanced targeted attacks leveraging user and entity behavioral analytics
Microsoft IntuneMobile device and app management to protect corporate apps and data on any device
Azure Active Directory Premium P2Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1)
Azure Active Directory Premium P1Secure single sign-on to cloud and on-premises appsMFA, conditional access, and advanced security reporting
EMS E3
EMS E5
Provide insights to drive better business decisions faster
IntelligenceCreate a productive workplace to embrace diverse workstyles
CollaborationProtect your organization,
data and people
TrustEnable your people to get
things done anywhere
Mobility
Empower your employees by creating
a secure productive enterprise
Secure Productive Enterprise
Office 365Enterprise Mobility + SecurityWindows 10 Enterprise
Delivered through enterprise cloud services
Enterprise Mobility + Security
Basic identity mgmt. via Azure AD for O365:• Single sign-on for O365 • Basic multi-factor
authentication (MFA) for O365
Basic mobile device management via MDM for O365• Device settings
management• Selective wipe• Built into O365
management console
RMS protection via RMS for O365• Protection for content
stored in Office (on-premises or O365)• Access to RMS SDK• Bring your own key
Azure AD for O365+• Advanced security reports• Single sign-on for all apps • Advanced MFA• Self-service group
management & password reset & write back to on-premises, • Dynamic Groups, Group
based licensing assignment
MDM for O365+ • PC management• Mobile app management
(prevent cut/copy/paste/save as from corporate apps to personal apps)• Secure content viewers• Certificate provisioning• System Center integration
RMS for O365+ • Automated intelligent
classification and labeling of data• Tracking and notifications
for shared documents• Protection for on-premises
Windows Server file shares
Advanced Security Management• Insights into suspicious
activity in Office 365
Cloud App Security• Visibility and control for all
cloud appsAdvanced Threat Analytics• Identify advanced threats in
on premises identities Azure AD Premium P2• Risk based conditional access
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
EMS Benefits for O365 customers
Windows 10
Enterprise Mobility +Security
• Single sign-on for business cloud apps• Device setup and
registration for Windows devices
• Windows Store for Business• Traditional domain join
manageability• Manageability via MDM and
MAM
• Encryption for data at rest and generated on device• Encryption for data
included in roaming settings
• Conditional access policies for secure single sign-on• MDM auto-enrollment• Self-Service Bitlocker
recovery • Password reset with write
back to on-premises• Cloud-based advanced
security reports and monitoring• Enterprise State-Roaming
• Mobile device management• Mobile app management • Secure content viewer• Certificate, Wi-Fi, VPN,
email profile provisioning• Agent-based management
of Windows devices (domain-joined via ConfigMgr and internet-based via Intune)
• Automated intelligent classification and labeling of data• Tracking and notifications
for shared documents• Protection for content
stored in Office and Office 365 & Windows Server on premises
Windows Defender Advanced Threat Protection• Identify advanced threats
focused on Windows 10 behavioral sensors
Cloud App Security• Visibility and control for all
cloud appsAdvanced Threat Analytics• Behavioral analytics for
advanced threat detectionAzure AD Premium• Risk based conditional access
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
EMS benefits for Windows 10 customers
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.