"securing your data... wherever it is" from aptera's dave hall

Microsoft Enterprise Mobility Suite | Overview…

Dave HallCloud Services Practice [email protected]

2

Agenda• Enterprise challenges for mobility and Bring Your Own Device (BYOD)

• How Microsoft’s Enterprise Mobility Suite Provides helps with those challenges

• Hybrid identity With Azure Active Directory and Azure Active Directory Premium

• Mobile Device Management with Microsoft Intune

• Data Protection with Azure Rights Management Services

The time to address enterprise mobility is now

3

Data leakage resulting from device loss or theft is a top smartphone security risk – European Union Agency for Network and Information Security

29% of today’s global workforce use 3+ devices, work from multiple locations and use many apps.

67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves

80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs

The explosion of devices is eroding the standards-based approach to corporate IT.

Devices

Deploying and managing applications across platforms is difficult.

Apps

Today’s challenges

DataUsers need to be productive while maintaining compliance and reducing risk.

Users expect to be able to work in any location and have access to all their work resources.

Users

Mobile device management

Microsoft IntuneMobile device settings management

Mobile application management

Selective wipe

Hybrid identity

Microsoft Azure Active Directory Premiumsecurity reports, and audit reports, multi-factor authentication

Self-service password reset and group management

Connection between Active Directory and Azure Active Directory

Introducing the Enterprise Mobility Suite -Microsoft.com/EMS

Access & Information protection

Microsoft Azure Rights Management serviceInformation protection

Connection to on-premises assets

Bring your own key

http://www.surface.com/















EMS and Office 365Cloud and hybrid identity management


Information protection

Enterprise Mobility

Suite

•Protection for O365 content•Protection for on premises Exchange SharePoint content•Access to RMS SDK•Bring your own Key

•Protection for on-premises Windows Server file shares

•Basic Mobile Device Management via EAS

•PIN enforcement•Device wipe

•PC Management•Mobile Device Management•Mobile App Management•Certificate Provisioning•Selective wipe

•Single Sign on for O365 •Basic Multifactor Authentication (MFA) for O365

•Single Sign on for all cloud apps •Advanced MFA for all workloads•Self Service group management and password reset with write back to on premises directory•Advanced security reports•FIM (Server + CAL)

Hybrid Identity




Selective wipe

Enterprise Mobility SuiteHybrid identity

Microsoft Azure Active Directory PremiumGroup management, security reports, and audit reports

Self-service password reset and multi-factor authentication





Bring your own key
















Hybrid identityBridging on-premises and Azure Active Directory

Enable your usersProvide users with self-service experiences to keep them productiveEnable single sign-on for users across the resources they need access to

Protect your dataEnforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applicationsEnsure compliance with governance, attestation, and reporting

√

Unify your environmentCreate a centralized identity across on-premises and cloud environmentsUse identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely

Azure Active Directory Premium

Take advantage of a directory in the cloudGroup-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percent

Empower users

Self-service password resetDelegated group management

Monitor and protect access to applicationsSecurity reports based on machine learningApplication usage reportsMulti-factor authentication

Built on top of a free offeringRobust set of capabilities for empowering enterprises with demanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager server licenses and CALs

• Your Active Directory - Synchronized to the cloud

• Company Branding of Sign In Page• Group-based Application Access• Self-Service Password Reset• Self-Service Group Management• User based SSO to thousands of

SAAS applications• Multi-Factor Authentication for Cloud

and on-premises applications• Advanced security reporting with

anomaly learning

Azure Active Directory Premium

Company Portal - Sign-In Experience

Company Portal - SSO to Applications

Company Portal Profile Password Reset

Self Service Password Reset

Group Management

Multi-Factor Authentication

Advanced Reporting

Second step – Device Management

Microsoft Intune




Selective wipe

Hybrid identity




Enterprise Mobility Suite




Bring your own key
















22

Manage and Secure PCs and Devices AnywhereSimple web-based Administration Console and a richer experience for Information Workers

Conditional Access Simplified Device Enrollment

App Wrapping / Containers Managed Productivity with Office Company Portal – Self Service Device Settings Management VPN Profile Management Wifi and Certificate Management

Mobile App Management

PC Management

Mobile Device Management with Microsoft Intune

EAS based management Integration with Exchange ServerEither on-premises or Office365 hosted

Corporate data protection

Over-the-air enrollment of devices for management


Settings Management

Mobile device inventory

Direct management (Windows RT, Windows Phone 8.x, iOS,

Android)

Microsoft Intune integrated with System Center 2012 R2 Configuration Manager

IT

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows RT, Windows Phone 8.x

iOS, Android

Single AdminConsole

Microsoft Intune

Company PortalConsistent self service experience for end user across mobile platforms

Available in the Windows

Store

Windows Phone iOS

Side-loaded during

enrollment

Available in the Apple App store

Windows Android

Available in the Google Play

Store

Settings management

Comprehensive security policies are enforced on each platform

Reporting available on each setting whether it is applicable, conformant or has an error

Extensive configuration settings are available for each platform

Policies can be applied to user and device groups

User

Third step – Data ProtectionAzure Rights Management




Selective wipe

Hybrid identity








Bring your own key
















Protect data with rights management

Take advantage of hybrid options across Windows Server and Azure Rights Management service

Integrate Microsoft SharePoint and Microsoft Exchange Server

Automatically identify and classify data based on content with automatic encryption

More securely share documents with colleagues and business partners

Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients

35

Sharing Protected Files

36

RMS Integration with SharePoint Online

Multiple layers of data protection

ITUser


Identify and authorize user

Apply device policies

Apply application policies

Apply content policies

Active Directory Premium

Rights Management

Enterprise Mobility Suite Overview Dave HallCloud Services Practice [email protected]

Q & A

"securing your data... wherever it is" from aptera's dave hall

Technology