peters event - do you know your security risks? - …...2018/11/10 · office 365 atp –email...
TRANSCRIPT
Helping you grow your business with
scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.
© 2017 Peters & Associates, Inc. All rights reserved.
Windows 10
October 25, 2018
Bruce Ward, VP of Business StrategyDan Sharp, Senior ConsultantAdam Gassensmith, Manager of Client Engagement
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPeters & Associates Security Wheel
DATAControls surround Data
+EMS E5
Azure AD Basic:
• Single sign-on (SSO) for O365
• Basic multi-factor authentication (MFA) for O365
• SSO for Cloud Apps
MDM for O365
• Device settings management
• Selective wipe
• Built into O365 management console
RMS for O365
• Protection for content stored in Office (on-premises or O365)
• Access to RMS SDK
Activity Logs
Azure Active Directory P2
• Risk based conditional access
• Identity Protection Portal
Identity and access management
Azure Active Directory P1
• Single sign-on (SSO) for all apps
• Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
• Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
• Identify advanced threats in on premises identities
Azure Information Protection Plan 2
• Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
• App management (MAM)
• Device management (MDM)
• PC management
Azure Information Protection Plan 1
• Tracking and notifications for shared documents
Office 365 ATP – email links, attachments, phishing
Skype/Teams Extension
• Voice
• Conferencing
Power BI
Advanced eDiscovery–search
Compliance
• Customer Lockbox, Customer Key, Privileged Access
Cloud App Security - O365
Portal with anomalous activity
+EMS E3
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Agenda
• Introduction
• Why Windows 10
• Licensing and Features
• Design and Deploy
• Tools of the Trade
• Demo Time
• Wrap and Q&A
© 2018 Peters & Associates, Inc. All rights reserved.
Why Windows 10
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsSome Reasons
Top Employee Features Top Admin Features
Boot up MUCH faster NOT 10-year old code
Search = Find Security Prevention
Touch Ready Provisioning options and ease
Surface, Windows Hello Bitlocker, Direct Access
Modern, Everywhere Secure Edge Browser
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsThe Real Reason
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsThe Reality Today
https://www.netmarketshare.com
Windows 10
96% of enterprise customers piloting
15% desktop management time savings*
33% reduction in security issues and time to resolve*
*“The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of
Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.
Traditional on-prem
Active Directory
Domain Join
Group Policy
System Center Configuration
Manager
Azure Active Directory
Azure AD Join
MDM Policies
Microsoft Intune
and other MDM
Traditional on-premCloud
Active Directory
Domain Join
Group Policy
System Center Configuration
Manager
Windows 10 designed for modern IT
Modern IT
Traditional IT Cloud
© 2018 Peters & Associates, Inc. All rights reserved.
Licensing & Features
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsLicensing
https://www.microsoft.com/en-us/WindowsForBusiness/Compare
“No Pro if you want these…
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsWindows 10 “Features”
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsWindows 10 “Features”
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsRemember: 18 Months!
https://www.peters.com/end-life-beginning-loss/
Version History:• Version 1507.• Version 1511 (November Update).• Version 1607 (Anniversary Update).• Version 1703 (Creators Update) EOL on October 9, 2018
Current Versions:• Version 1709 (Fall Creators Update).• Version 1803 (April 2018 Update).• Version 1809
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsWindows Defender ATP
• Behavior-based, cloud-powered breach detection• Forensic tools, rollback capabilities• Operates independent of AV/Malware protection
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsWindows Virtual Desktop
• Announced Sept 18th, Private Preview
• Azure-based. Rapid deploy / scale.
• Office 365 functionality. EMS security. Windows 10 capability.
• Individual apps or full desktop.
• Extend service via partners including: Citrix, Liquidware, and ThinPrint
© 2018 Peters & Associates, Inc. All rights reserved.
Design & Deploy
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsDesign Questions
UEFI
Disk Encryption
AAD Join / Co-Manage
Windows Defender
Bitlocker / MBAM
ManagementNew
Hardware
Telemetry
Secure / Lockdown
You’re in control
Security – Minimum data to keep your device secure
Basic – Simple device and quality data
Enhanced – Detailed activity data
Full – Enhanced Diagnostics
Choose the level right for your organization
Granularly configured by device or user.
Risk level determined by your business.
©2018 Microsoft Corporation. Content is subject to change. See https://technet.microsoft.com/library/mt577208(v=vs.85).aspx for more information.
“Windows Modern Deployment”
QUICKLY PREPARE NEW DEVICES FOR USER PRODUCTIVITY
Refresh – (Bare Metal, same hardware) -
Keeping the same device but deploying a fresh
image with user settings, data, and apps.
In-Place Upgrade –automated OS update
including apps, settings, and data. Rollback data is saved in Windows.old.
Replace – (Bare Metal, new hardware) -
Deploy a new device with a fresh image and
transition user settings, data, and apps from old
device.
Subscription Activation - Switch from Windows
10 Pro to Enterprise
Unique situations: • Lab refresh /
multicasting• Internet-managed• Road Warrior devices• Kiosk machines
AutoPilot – self-managed, cloud-directed device image upgrades.
© 2018 Peters & Associates, Inc. All rights reserved.
Tools of the Trade
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsTools of the Trade
User State Migration Tool (USMT)
Task Sequence – used via SCCM or WDS
Upgrade Readiness
Application Compatibility
Microsoft Deployment Toolkit (MDT)
Notable Security Mentions…
Group Policies (GPO)
Software Updates (WSUS)
Bitlocker Admin (MBAM)
Local Account Passwords (LAPS)
© 2018 Peters & Associates, Inc. All rights reserved.
Demo Time!
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Reminder – Free XBOX Raffle
http://www.peters.com/events http://www.peters.com/blog/
Events, Webinars & Blogs
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Offers:
© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.
To ask questions, either:
1) Take phone off mute, ask.
2) Type question in IM Window
1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181
(630) 832-0075
Thank you!
© 2018 Peters & Associates, Inc. All rights reserved.
Bruce Ward
© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Windows 10 Roadmap (can be tested with Insider Builds for IT personnel) - https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap
• Windows 10 AutoPilot Provisioning (leverages Intune/Azure AD licensing not owned and SCCM) -https://www.peters.com/leveraging-windows-autopilot-device-provisioning/
Important URL’s
© 2018 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Microsoft Security Compliance Toolkit 1.0 - set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
• Windows 10 – using a script to check for versions 1507/1511 (currently not getting updates) or 1607 (stopping in March 2018) -https://www.peters.com/end-life-beginning-loss/
• LAPS (Local Administrator Password Solution) -https://www.peters.com/manage-windows-local-administrator-passwords-laps/
Discussion Areas with URL’s