"securing your data... wherever it is" from aptera's dave hall
TRANSCRIPT
Microsoft Enterprise Mobility Suite | Overview…
Dave HallCloud Services Practice [email protected]
2
Agenda• Enterprise challenges for mobility and Bring Your Own Device (BYOD)
• How Microsoft’s Enterprise Mobility Suite Provides helps with those challenges
• Hybrid identity With Azure Active Directory and Azure Active Directory Premium
• Mobile Device Management with Microsoft Intune
• Data Protection with Azure Rights Management Services
The time to address enterprise mobility is now
3
Data leakage resulting from device loss or theft is a top smartphone security risk – European Union Agency for Network and Information Security
29% of today’s global workforce use 3+ devices, work from multiple locations and use many apps.
67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves
80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps
Today’s challenges
DataUsers need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Mobile device management
Microsoft IntuneMobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premiumsecurity reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Introducing the Enterprise Mobility Suite -Microsoft.com/EMS
Access & Information protection
Microsoft Azure Rights Management serviceInformation protection
Connection to on-premises assets
Bring your own key
EMS and Office 365Cloud and hybrid identity management
Mobile device management
Information protection
Enterprise Mobility
Suite
•Protection for O365 content•Protection for on premises Exchange SharePoint content•Access to RMS SDK•Bring your own Key
•Protection for on-premises Windows Server file shares
•Basic Mobile Device Management via EAS
•PIN enforcement•Device wipe
•PC Management•Mobile Device Management•Mobile App Management•Certificate Provisioning•Selective wipe
•Single Sign on for O365 •Basic Multifactor Authentication (MFA) for O365
•Single Sign on for all cloud apps •Advanced MFA for all workloads•Self Service group management and password reset with write back to on premises directory•Advanced security reports•FIM (Server + CAL)
Hybrid Identity
Mobile device management
Microsoft IntuneMobile device settings management
Mobile application management
Selective wipe
Enterprise Mobility SuiteHybrid identity
Microsoft Azure Active Directory PremiumGroup management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management serviceInformation protection
Connection to on-premises assets
Bring your own key
Hybrid identityBridging on-premises and Azure Active Directory
Enable your usersProvide users with self-service experiences to keep them productiveEnable single sign-on for users across the resources they need access to
Protect your dataEnforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applicationsEnsure compliance with governance, attestation, and reporting
√
Unify your environmentCreate a centralized identity across on-premises and cloud environmentsUse identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely
Azure Active Directory Premium
Take advantage of a directory in the cloudGroup-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percent
Empower users
Self-service password resetDelegated group management
Monitor and protect access to applicationsSecurity reports based on machine learningApplication usage reportsMulti-factor authentication
Built on top of a free offeringRobust set of capabilities for empowering enterprises with demanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager server licenses and CALs
• Your Active Directory - Synchronized to the cloud
• Company Branding of Sign In Page• Group-based Application Access• Self-Service Password Reset• Self-Service Group Management• User based SSO to thousands of
SAAS applications• Multi-Factor Authentication for Cloud
and on-premises applications• Advanced security reporting with
anomaly learning
Azure Active Directory Premium
Company Portal - Sign-In Experience
Company Portal - SSO to Applications
Company Portal Profile Password Reset
Self Service Password Reset
Group Management
Multi-Factor Authentication
Advanced Reporting
Second step – Device Management
Microsoft Intune
Mobile device management
Microsoft IntuneMobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory PremiumGroup management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Enterprise Mobility Suite
Access & Information protection
Microsoft Azure Rights Management serviceInformation protection
Connection to on-premises assets
Bring your own key
22
Manage and Secure PCs and Devices AnywhereSimple web-based Administration Console and a richer experience for Information Workers
Conditional Access Simplified Device Enrollment
App Wrapping / Containers Managed Productivity with Office Company Portal – Self Service Device Settings Management VPN Profile Management Wifi and Certificate Management
Mobile App Management
PC Management
Mobile Device Management with Microsoft Intune
EAS based management Integration with Exchange ServerEither on-premises or Office365 hosted
Corporate data protection
Over-the-air enrollment of devices for management
Mobile application management
Settings Management
Mobile device inventory
Direct management (Windows RT, Windows Phone 8.x, iOS,
Android)
Microsoft Intune integrated with System Center 2012 R2 Configuration Manager
IT
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8.x
iOS, Android
Single AdminConsole
Microsoft Intune
Company PortalConsistent self service experience for end user across mobile platforms
Available in the Windows
Store
Windows Phone iOS
Side-loaded during
enrollment
Available in the Apple App store
Windows Android
Available in the Google Play
Store
Settings management
Comprehensive security policies are enforced on each platform
Reporting available on each setting whether it is applicable, conformant or has an error
Extensive configuration settings are available for each platform
Policies can be applied to user and device groups
User
Third step – Data ProtectionAzure Rights Management
Mobile device management
Microsoft IntuneMobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory PremiumGroup management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Enterprise Mobility Suite
Access & Information protection
Microsoft Azure Rights Management serviceInformation protection
Connection to on-premises assets
Bring your own key
Protect data with rights management
Take advantage of hybrid options across Windows Server and Azure Rights Management service
Integrate Microsoft SharePoint and Microsoft Exchange Server
Automatically identify and classify data based on content with automatic encryption
More securely share documents with colleagues and business partners
Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients
35
Sharing Protected Files
36
RMS Integration with SharePoint Online
Multiple layers of data protection
ITUser
Enterprise Mobility Suite
Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
Active Directory Premium
Rights Management
Enterprise Mobility Suite Overview Dave HallCloud Services Practice [email protected]
Q & A