Identity-driven security Sizwe Zikhali Mobility + Security Solutions Professional

New blind spots for IT Cybercrimes Data breaches Shadow IT 32% of businesses reported to be affected by cybercrimes Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords Shadow IT >80% of employees admit using non-approved SaaS apps for work purposes

The security landscape has changed LIFE BEFORE CLOUD AND MOBILITY LIFE AFTER CLOUD AND MOBILITY Firewall Office 365 Corp email, business apps Critical mass of corporate data is migrating to the cloud. Moving away from the traditional on-premises security models and into new territory introduces new problems. Challenges: Open access for users—any device, any network Unrestricted sharing methods—users decide how to share Cloud app ecosystem Limited visibility, tools from cloud provider On-premises Access via managed devices and networks Layers of defense protecting internal apps Known security perimeter Open access for users – any device, any network Unrestricted sharing methods – users decide how to share Cloud app ecosystem Limited visibility and control

Security landscape has changed Identity Devices Apps and data Microsoft Azure ? Cloud apps and data Employees Partners Customers ? On-premises apps and data Transition to cloud & mobility New attack landscape Current defenses not sufficient + =

Microsoft Consumer Channels and Central Marketing Group 10/5/2017 A need for holistic and innovative security New attack landscape Costly recovery from advanced attacks Changes in attackers’ techniques Credential theft Traditional security solutions False positives Not up to the challenge Complex Transitioning to cloud and mobility Controlling/securing critical data across devices Lack of visibility and control for cloud apps End users making non-compliant choices © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Our approach to the security challenge Identity driven security Offers one protected common identity for secure access to all corporate resources, on-premises and in the cloud, with risk-based conditional access Holistic Addresses security challenges across users (identities), devices, data, apps, and platforms―on-premises and in the cloud Intelligent Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a vast amount of datasets and machine learning in the cloud Intune includes multiple features that help protect corporate apps and data on the user devices. Enforce corporate data access requirements Require a PIN for launching the app Require authentication using corporate credentials before launching the app Require compliance with device policies for launching the app Restrict data leakage Allow/Block copy/paste Allow/Block screen capture Allow/Block print Prevent file backup to unauthorized locations Restrict sharing of data between applications Enforce encryption of app data at rest App level selective wipe

Microsoft Consumer Channels and Central Marketing Group 10/5/2017 Our approach to security challenge Holistic. Innovative. Intelligent. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses Demi – add discovery here somewhere Detect threats & remediate Discover anomalies by on-going analytics. Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect at the front door Identity-Driven Security Protect at the front door

Protect at the front door 10/5/2017 2:27 PM Protect at the front door Actions User Microsoft Azure Conditions Location (IP range) Allow access Device state User group MFA Block access Risk On-premises applications How can I protect my organization at the front door? Azure Active Directory Identity Protection Risk-based conditional access Privileged Identity Management © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Identity Protection Windows Server Management Marketing 10/5/2017 PROTECT AT THE FRONT DOOR Azure Active Directory Identity Protection Identity Protection at its best Infected devices Leaked credentials Gain insights from a consolidated view of machine learning-based threat detection Configuration vulnerabilities Risk-based policies Brute force attacks Suspicious sign-in activities Remediation recommendations MFA Challenge risky logins Block attacks Change bad credentials Risk severity calculation Machine-Learning Engine Risk-based conditional access automatically protects against suspicious logins and compromised credentials © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AAD Identity Protection Dashboard overview + Demo

Privileged identity management Windows Server Management Marketing 10/5/2017 PROTECT AT THE FRONT DOOR Privileged identity management Discover, restrict, and monitor privileged identities SECURITY ADMIN Users need to activate their privileges to perform a task ALERT MFA enforced during activation process Configure Privileged Identity Management Alerts inform administrators about out- of-band changes Identity verification Read only ADMIN PROFILES Monitor Users retain privileges for a pre-configured amount of time Billing Admin Global Admin Audit USER MFA Service Admin Access reports Security admins can discover all privileged identities, view audit reports, and review everyone who is eligible to activate via access reviews PRIVILEGED IDENTITY MANAGEMENT © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Detect attacks and remediate How do I detect attacks in the cloud? Detection in the cloud Azure Active Directory (Identity level) Behavioral Analytics Security reporting and monitoring Azure Active Directory Premium Cloud How do I detect on-premises attacks? On-premises detection Advanced Threat Analytics User and Entity Behavioral Analytics Abnormal behavior detection Known malicious attack and security vulnerabilities detection Microsoft Advanced Threat Analytics On-premises

Advanced Threat Analytics

Microsoft Advanced Threat Analytics DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Microsoft Advanced Threat Analytics Identifies advanced persistent threats (APTs) on-premises using User and Entity Behavioral Analytics Detects suspicious user and entity behavior with machine learning Detects malicious attacks (i.e. Pass the Hash, Pass the Ticket) Provides a simple attack timeline with clear and relevant attack information

Focus on what is important fast DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Focus on what is important fast Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives So what are the benefits? Detect threats fast with behavioral analytics Microsoft Advanced Threat Analytics works around the clock to help IT pinpoint suspicious activities by profiling and knowing exactly what to look for. Using its proprietary algorithm, ATA surfaces suspicious activity you may never have recognized and brings them to your attention quickly. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. Advanced Threat Analytics doesn’t just identify questionable activities in the system—it also identifies known advanced attacks and security issues.   Adapt to the changing nature of cyber-security threats ATA continuously learns from the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, Microsoft Advanced Threat Analytics helps you adapt to the changing nature of cyber-security attacks with continuously-learning behavioral analytics. Focus on what’s important using the simple attack timeline IT and security teams are overwhelmed with the constant reporting of traditional security tools and the task of sifting through them to locate the important and relevant attacks. Many go undetected in all of the noise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of the enterprise. Reduce false positive fatigue Traditional IT security tools are often not equipped to handle the sheer volume of data, turning up unnecessary red flags and distracting you from real threats. With Microsoft Advanced Threat Analytics, these alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. Microsoft Advanced Threat Analytics will also automatically guide you through the process, asking you simple questions to adjust the detection process according to your input. Prioritize and plan next steps with recommendations For each suspicious activity, ATA provides recommendations for investigation and remediation. No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.

How Microsoft Advanced Threat Analytics works 1 Analyze After installation: Simple non-intrusive port mirroring, or deployed directly onto domain controllers Remains invisible to the attackers Analyzes all Active Directory network traffic Collects relevant events from SIEM and information from Active Directory (titles, groups membership, and more) The ATA system continuously goes through four steps to ensure protection: Step 1: Analyze After installation, by using pre-configured, non-intrusive port mirroring, all Active Directory-related traffic is copied to ATA while remaining invisible to attackers. ATA uses deep packet inspection technology to analyze all Active Directory traffic. It can also collect relevant events from SIEM (security information and event management) and other sources.

How Microsoft Advanced Threat Analytics works 2 Learn ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources Step 2: Learn ATA automatically starts learning and profiling behaviors of users, devices, and resources, and then leverages its self-learning technology to build an Organizational Security Graph. The Organizational Security Graph is a map of entity interactions that represent the context and activities of users, devices, and resources. What is entity? Entity represents users, devices, or resources

How Microsoft Advanced Threat Analytics works 3 Detect Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect security risks and attacks in near real-time based on attackers Tactics, Techniques, and Procedures (TTPs) Step 3: Detect After building an Organizational Security Graph, ATA can then look for any abnormalities in an entity’s behavior and identify suspicious activities—but not before those abnormal activities have been contextually aggregated and verified. ATA leverages years of world-class security research to detect known attacks and security issues taking place regionally and globally. ATA will also automatically guide you, asking you simple questions to adjust the detection process according to your input. ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path.

How Microsoft Advanced Threat Analytics works 4 Alert ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation While the hope is that this stage is rarely reached, ATA is there to alert you of abnormal and suspicious activities. To further increase accuracy and save you time and resources, ATA doesn’t only compare the entity’s behavior to its own, but also to the behavior of other entities in its interaction path before issuing an alert. This means that the number of false positives are dramatically reduced, freeing you up to focus on the real threats.   At this point, it is important for reports to be clear, functional, and actionable in the information presented. The simple attack timeline is similar to a social media feed on a web interface and surfaces events in an easy-to-understand way

ATA detects a wide range of suspicious activities Microsoft Advanced Threat Analytics ATA detects a wide range of suspicious activities Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal resource access Account enumeration Net Session enumeration DNS enumeration Compromised credential Privilege escalation Reconnaissance Lateral movement Domain dominance Abnormal working hours Brute force using NTLM, Kerberos or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC)

Azure Active Directory

Azure Active Directory Microsoft Confidential NDA Only 10/5/2017 Azure Active Directory Premium Azure Active Directory 86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Azure AD Directories >8 M More than 550 M user accounts on Azure AD Microsoft’s “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B). 1 trillion Azure AD authentications since the release of the service >40k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active Directory © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enable anywhere access Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Enable anywhere access “I need to let my users access my company’s apps from anywhere” Microsoft Azure AD OTHER DIRECTORIES 2500+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps SaaS apps (e.g. Concur or Salesforce) On-premises apps (e.g. HR or SharePoint) Custom web or native apps (e.g., mobile app or LOB app) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Control anywhere access Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Control anywhere access “I need to control access to resources based on a variety of conditions” USER ATTRIBUTES User identity Group memberships Auth strength (MFA) DEVICES Are domain joined Are compliant Platform type (Windows, iOS, Android) Azure AD is the control plane Allow Enforce MFA Block APPLICATION Per app policy Type of client Business sensitivity OTHER Network location Risk profile Brute force attacks Leaked credentials Suspicious sign-in activities On-premises applications Infected devices Configuration vulnerabilities © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Enable partner access “I need to let my partners access my company’s apps using their own credentials” Users lose access when they leave the partner org Partners use their own credentials to access your org No external directories No per-partner federation FREE FREE FREE FREE © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Premium Enable easy access “I need to make it easy for my users to access my company’s apps”

Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Manage User lifecycle “I need to automatically create and remove accounts from third-party SaaS apps” Comprehensive identity and access management console Centralized access administration for pre-integrated SaaS apps and other cloud-based apps SaaS apps Dynamic groups, device registration, secure business processes with advanced access management capabilities IT professional © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enable self-service password reset Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Enable self-service password reset “I need to enable my users to securely reset their own password” MFA Challenge Microsoft Azure Active Directory Azure AD Connect Username ? Forgot your password? On-premises applications © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity as the core of enterprise mobility Build 2012 10/5/2017 Azure Active Directory Premium Identity as the core of enterprise mobility Simple connection SaaS Azure Public cloud Cloud On-premises Other directories Windows Server Active Directory Self-service Single sign-on Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy) Microsoft Azure Active Directory

Azure Active Directory scenarios Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium Azure Active Directory scenarios 1000s of apps, 1 identity Identity-driven security Making the lives of users (and IT) easier Managing identities Collaborating with partners Enabling anytime/anywhere productivity Connecting with consumers Your domain controller as a service © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium 1000s of apps, 1 identity Microsoft Azure HR and other directories Cloud HR 2500+ popular SaaS apps Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + Custom apps through a rich standards-based platform SaaS apps Web apps (Azure Active Directory Application Proxy) Integrated custom apps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 10/5/2017 Azure Active Directory Premium 1000s of apps, 1 identity HR apps Connect and sync on-premises directories with Azure MIM * Azure Active Directory Connect and Connect Health * Microsoft Azure Active Directory PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) OTHER DIRECTORIES © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Intelligence Graph

Enhanced by Microsoft security intelligence Microsoft Intelligent Security Graph Identity Device Apps and data Platform Unique insights into the threat landscape Informed by trillions of signals from billions of sources Powered by inputs we receive across our endpoints, consumer services, commercial services, and on-premises technologies Anomaly detection that draws from our vast amount of threat intelligence, machine learning, security research, and development data Intelligence

closing the gap between discovery and action 10/5/2017 2:27 PM PROTECT across all endpoints, from sensors to the datacenter DETECT using targeted signals, behavioral monitoring, and machine learning YOUR SECURITY POSTURE MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx ! RESPOND closing the gap between discovery and action © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR UNIQUE APPROACH OUR SECURITY PLATFORM PLATFORM 10/5/2017 2:27 PM Identity Device Apps & Data Infrastructure OUR UNIQUE APPROACH OUR SECURITY PLATFORM Advanced Threat Protection Anti-Spam / Anti-Malware Message Encryption Customer Lockbox Data Loss Prevention Windows Trust Boot Privileged Identity Management Credential Guard Microsoft Passport Windows Hello Windows Defender ATP Windows Update for Business Enterprise Data Protection Azure Active Directory Azure Information Protection Azure Security Center Azure Storage Service Encryption Azure Key Vault Advanced Threat Analytics Cloud App Security Intune Windows Server 2016 SQL Server 2016 People – identity, device, apps, data MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Security Technology 10/5/2017 2:27 PM Microsoft Security Technology Operations Management Suite Advanced Threat Protection Advanced Security Management Data Protection Office 365 Across clouds & on premises Security Backup and disaster recovery Analytics and monitoring Automation Advanced Threat Protection Data Protection Credential Guard Device Guard Windows 10 Enterprise Mobility + Security Microsoft Advanced Threat Analytics Microsoft Cloud App Security Microsoft Intune Azure Active Directory Premium Azure Information Protection 2 min: high level set on security strategy and tech - O365, Azure, EMS, OMS à CISO comprehensive security package is ECS User security Infrastructure security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.