pc security data protection through device lockdown (group policy, app mgmt., osd, compliance)...
TRANSCRIPT
![Page 1: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/1.jpg)
![Page 2: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/2.jpg)
Securing Mobile Device Access to Corporate Resources with Intune
Dilip RadhakrishnanPrincipal Program Manager, Microsoft Intune
EM-B320
![Page 3: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/3.jpg)
Enterprise Mobility Strategy OverviewConditional access to Email and Collaboration services Secure resource access
Deep dive on Certificate management, VPN and WifiNew Security PoliciesSelective wipe
Agenda
![Page 4: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/4.jpg)
Mobile device and app management evolution
PC
Secu
rity
• Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance)
• Hardening devices against attack (patch, anti-malware, etc.)
Earl
y M
obile
secu
rity • Device Policies
tied to Mailbox• PIN• Encryption• Device restrictions
• Full wipe of device
MD
M • Mobile Device
Management• Granular device policy controls
• Provision access to corp resources (Email, VPN etc)
• Selective wipe
MA
M • Mobile application management:• Corporate data containerization
• Per application policy restrictions
• Compliance based access control to corporate resources
![Page 5: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/5.jpg)
Enterprise Mobility Vision
Protect your data
Enable your users
User IT
Unify Your Environment
Devices Apps Data
Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure
![Page 6: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/6.jpg)
Enterprise Mobility Platform
Microsoft Differentiation• Managed Mobile Productivity• Layered Protection • Hybrid Solutions
Azure Active Directory
Enterprise Mobility Suite
Office 365 Dynamics Workday
![Page 7: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/7.jpg)
Mobile Data Protection approach
Mobile data protection
Protect corporate data cached ‘on the device’
• Emails, Attachments
• Cached documents
• Apps syncing corp data
• Apps sharing corp data
Protect corporate data accessed ‘from the device’
• Email & collab services
• Network services – VPN,Wifi
• Intranet sites
• On Prem File Shares
On Premise SharePoint
On PremiseFile Server
Cloud based email/collab services
BYOD and Corp owned Mobile devices
Remote access services (VPN, App Proxy etc) DMZ
![Page 8: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/8.jpg)
On going managementDevice and App level policiesKey Features • Block access if IT policies violated (Eg: Jailbreak)• Enforce data leak prevention• Self service portal for user initiated app
installs/help desk operations
RetireDisconnect from Company resources, Lost/stolen device etcKey concepts • Selective wipe
User
EnrollmentEnroll in MDM to get access to corporate resourcesKey Features• Block email/SharePoint etc until
enrolled• Customizable Terms & Conditions• Simple end user experience
Initial Provisioning
Quick access to corporate resources Key Features• Security policy settings• VPN, Wifi, Certificates• Mandatory app installs• App restriction policies
MDM Lifecycle Concepts
8
Devices
![Page 9: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/9.jpg)
Conditional access to email and collaboration services
![Page 10: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/10.jpg)
Block access to O365 services like email if device is not compliant to IT policies Simple end user experience for remediating the non compliance status
Features
![Page 11: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/11.jpg)
Demo – Conditional Resource accessDilip Radhakrishnan
![Page 12: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/12.jpg)
![Page 13: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/13.jpg)
![Page 14: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/14.jpg)
![Page 15: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/15.jpg)
![Page 16: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/16.jpg)
![Page 17: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/17.jpg)
![Page 18: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/18.jpg)
![Page 19: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/19.jpg)
![Page 20: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/20.jpg)
![Page 21: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/21.jpg)
![Page 22: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/22.jpg)
![Page 23: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/23.jpg)
![Page 24: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/24.jpg)
![Page 25: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/25.jpg)
![Page 26: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/26.jpg)
![Page 27: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/27.jpg)
![Page 28: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/28.jpg)
![Page 29: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/29.jpg)
![Page 30: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/30.jpg)
![Page 31: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/31.jpg)
![Page 32: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/32.jpg)
![Page 33: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/33.jpg)
![Page 34: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/34.jpg)
![Page 35: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/35.jpg)
![Page 36: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/36.jpg)
![Page 37: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/37.jpg)
![Page 38: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/38.jpg)
![Page 39: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/39.jpg)
![Page 40: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/40.jpg)
![Page 41: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/41.jpg)
![Page 42: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/42.jpg)
![Page 43: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/43.jpg)
Solution architecture
![Page 44: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/44.jpg)
Azure AD
EAS Client
Office 365 EAS Service
IntuneAttempt email
connection1
Is Device
Managed &
Compliant 2
Quarantine
If not compliant,
Push device into quarantine
4
Set device managemen
t/ compliance
status
6
Solution architecture – Secure email in O365
Who does what?
Intune: Evaluate policy compliance for device
Azure AD: Auth user, provide device compliance status
Exchange Online: Enforces access to email based on device state.
Return Device
state
3
Enrollment / Compliance Remediation
5Quarantine email with remediation
steps
Link to enroll device/Compliance Remediation steps
7
If compliant, email access is
granted
![Page 45: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/45.jpg)
Secure resource access
![Page 46: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/46.jpg)
Resource Access Configuration
46* Varies based on device platform
Platforms
Windows 8.1Windows 8.1 RTiOSAndroidWindows Phone 8.1Samsung KNOX Standard
Benefits
End users get access to company resources with no manual steps for them
Features*• Configure VPN profiles• Support for Automatic VPN• Wi-Fi protocol and authentication settings• Email account profiles• Management and distribution of certificates
![Page 47: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/47.jpg)
Certificate Management
Challenges
Password based authentication is vulnerable but the alternative Cert based authentication is complex. How to issue certificate to mobile
devices that are not on my trusted network?
How do I manage the lifecycle of certificates?
How do I secure my network resources like Email, VPN, Wifi etc with certificates?
![Page 48: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/48.jpg)
Certificate management lifecycle
Issue/Enroll
certificates
Manage Certificat
es
Automated renewal
Certificate Revocation
![Page 49: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/49.jpg)
Issuing certificatesApproaches• Simple Certificate Enrollment Protocol (SCEP)• Generate and deploy PFX (Personal Information
Exchange) filesChoice depends on:• Security requirements, especially Where is the
private key generated and stored?• What are the deployment
requirements/constraints?
![Page 50: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/50.jpg)
SCEP solutionPFX approach – MDM servers generates private key and certificate and deploy it to the mobile device.SCEP approach – Mobile device generates the private/public key pair • Unlike PFX method, the Private key never leaves the device. • Unique key and certificate on every device allows certificate revocation for just a
specific device• Is not useful for S/MIME encryption scenarios
• Challenges and SolutionsChallenge Solution
SCEP is an old protocol designed to for use in closed networks. CERT warns that SCEP does not strongly authenticate requests.
Intune’s integration with Microsoft NDES (Network device Enrollment service) Policy module offers higher security and integrity of issued certificates
Security concerns with Microsoft NDES deployment
Use Microsoft Web Application Proxy
![Page 51: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/51.jpg)
Certificate Deployment with Intune
DMZ
ConfigMgr2012 R2
ADFS
CA
Intune (and Azure AD)
ADFS Proxy
DC
1. Deploy root CA cert2. Deploy SCEP
certificate profile (with challenge based on User/Type of Cert)
3. Device gets SCEP profile that contains URI for NDES
4. Device contacts NDES presents challenge
5. NDES contacts CRP and validates the challenge
6. If valid, NDES passes on request to issue Cert “on behalf”
7. Cert is delivered to the device and event is reported back to Intune
12 3
4
NDES
5 6
7
DirSync
Reverse ProxyBlog: Protecting NDES with WAP by Pieter Wigleven
Coming soon: Whitepaper on NDES deployment best practices
![Page 52: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/52.jpg)
ManageIntune provides rich certificate compliance reporting
Renew certificateAutomated renewal prior to certificate expiryAdmin can specify the # days prior to expiry
Revoke certificateDevice is lost, stolen or repurposed then initiate a Device retire operationSelective wipe triggers device clean up as well as revokes any certificates issued to that device automatically
Manage, Renew and Revoke certificates
![Page 53: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/53.jpg)
Demo – Certificate ManagementDilip Radhakrishnan
![Page 54: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/54.jpg)
Email profile management
Automate configuration of Email account settings
Secure access to email by requiring Certificate based authentication
Enable selective wipe of corporate email
![Page 55: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/55.jpg)
What happens if an email account already exists on the device?
On iOS, profile will be rejected with an erroriOS: fails if hostname + username + email address are matching
SolutionsUse Conditional access feature to block access to email until manually created MDM profile is removed by the user. Set up cert based authentication for email access. Whitepaper can be found here.
Can I change an existing profile?Yes, unless you modify the key values (which will result in a new profile being pushed)
On IOS device the email profile key is : HostName + EmailAddressOn Windows Phone device the email profile key is : AccountName + EmailAddress
What versions of Exchange are supported?Any version that supports Exchange ActiveSync (Exchange 2007, 2010, 2013, Exchange Online)
Email profiles FAQs
![Page 56: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/56.jpg)
VPN Profile Management
Automatic VPN connection
Features
Support for major SSL VPN vendorsSSL VPNs from Cisco, Juniper, Check
Point, Microsoft, Dell SonicWALL, F5
Support for VPN standardsPPTP ,L2TP, IKEv2
Automatic VPN connectionApplication ID based initiation support for Windows 8.1 and Windows Phone 8.1
Per-app VPN for iOS
![Page 57: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/57.jpg)
Create a secure connection between your Line of business or Productivity applications and the corporate networkConcepts
Traditional VPN :VPN tunnel established at the device level Introduces risk of providing corporate access to unauthorized appsDepending on VPN infrastructure, can impact end user’s internet access speeds Privacy issue associated with routing user’s personal traffic to corporate servers
Per App VPNOn demand VPN connection for corporate apps onlyRoutes only specific app’s data to corporate VPN
Per App VPN (iOS 7+)
![Page 58: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/58.jpg)
Wi-fi Profiles
• Manage Wi-Fi protocol and authentication settings • WEP• WPA/WPA2
Personal• WPA/WPA2
Enterprise• Provision Wi-Fi
networks that device can auto connect
• Specify certificate to be used for Wi-Fi connection
User attempts to connect to Wifi Endpoint
Server presents its identity certificate
User Trusts this certificate
1) Server establishes tunnel2) Server asks for user
credentials
User provides credentials (username/password or cert)Connect
EAP- TLS – Authenticate with certificateEAP-TTLS – Authenticate with user name/pwd through PAP, CHAP, MSCHAP v2PEAP – Authentication determined by Wifi infra – Either password or Cert based.
![Page 59: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/59.jpg)
Demo – VPN & Wi-fi configurationDilip Radhakrishnan
![Page 60: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/60.jpg)
New security settings
• iOS• Allow/Block applications• Kiosk Mode• Custom Payload: Import profiles created in Apple
configurator
• Windows Phone• Allow/Block applications• Custom Payload: Configure Any Window Phone (OMA
URI) setting
• Android• Allow/Block applications• Kiosk mode
![Page 61: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/61.jpg)
Demo – Security settings & Custom ProfilesDilip Radhakrishnan
![Page 62: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/62.jpg)
![Page 63: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/63.jpg)
![Page 64: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/64.jpg)
![Page 65: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/65.jpg)
![Page 66: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/66.jpg)
![Page 67: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/67.jpg)
Selective Wipe
![Page 68: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/68.jpg)
“Work” email profile is first provisioned to the device
iOS selective wipe - email
68
![Page 69: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/69.jpg)
iOS selective wipe - email
69
![Page 70: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/70.jpg)
iOS selective wipe - email
70
![Page 71: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/71.jpg)
Securing access to corporate data resources is a key component of your corporate Data protection strategyMicrosoft Intune’s tight integration with Azure AD’s Identity and O365’s productivity services offers an unique comprehensive solution for MDM/MAM.Microsoft continues to innovate at the OS platform level for securing your corporate assets on PCs and Mobile devices.
Key Takeaways
![Page 72: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/72.jpg)
Breakout SessionsTuesday, October 28th, 3:15 PM-4:30 PM: EM-B216 - Enterprise Client Management with System Center Configuration Manager and Intune
Tuesday, October 28th, 5:00 PM-6:15 PM: EM-B326 - What’s New and Upcoming with OS Deployment in System Center Configuration Manager and the Microsoft Deployment Toolkit
Wednesday, October 29th, 8:30 AM – 9:45 AM: EM-B321 - Infrastructure Deployment for Mobile Device Management with System Center Configuration Manager and Intune
Wednesday, October 29th, 5:00 PM – 6:15 PM - Securing Mobile Device Access to Corporate Resources with Intune
Thursday, October 28th, 3:15 PM-4:30 PM: EM-B312 - Mobile Application Management with Intune
Friday, October 31st, 8:30 AM – 9:45 AM: EM-B317 - Configuring Corporate-Owned Mobile Devices with Intune
Related content
![Page 73: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/73.jpg)
Enterprise Mobility Suitehttp://aka.ms/enterprisemobilitysuite
Microsoft Intunehttp://aka.ms/microsoftintune
Configuration Managerhttp://aka.ms/configmgr
Enterprise Mobility Track Resources
Hybrid Identityhttp://aka.ms/hi
Access & Info Protectionhttp://aka.ms/aip
Desktop Virtualizationhttp://aka.ms/virtualdesktop
![Page 74: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/74.jpg)
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
Developer Network
http://developer.microsoft.com
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
![Page 75: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/75.jpg)
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
TechEd Mobile appPhone or Tablet
QR code
![Page 76: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/76.jpg)
Evaluate this session
![Page 77: PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d6f5503460f94a508fb/html5/thumbnails/77.jpg)
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.