Security as A Service Components Intro 1 Secure the Front Door 2 Secure Content 3 Secure Devices 4 Great Employee Experience

Security managed from the cloud. SECURE CONTENT PROTECT CONTENT: CREATION, TRANSIT, CONSUMPTION SECURE DEVICES WORKPLACE ISSUED OR BYOD DEVICES GREAT EMPLOYEE EXPERIENCE PRODUCTIVITY WITHOUT COMPROMISE SECURE THE FRONT DOOR IDENTITY DRIVEN SECURITY Security managed from the cloud. Security as a Service

Secure your Data/Files 5/29/2018 Secure your Devices Secure your Apps Secure your Data/Files Secure your identities © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Three steps to identity-driven security 1. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses 2. Protect your data against user mistakes Gain deep visibility into user, device, and data activity on- premises and in the cloud. 3. Detect attacks before they cause damage Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.

Protect at the front door 5/29/2018 1:32 AM Protect at the front door User Conditions Actions Allow access Or Location Device state Enforce MFA per user/per app MFA User/Application Risk Block access Azure AD Identity Protection Azure AD Privileged Identity Management © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Detect attacks before they cause damage On-premises detection Detection in the cloud Microsoft Advanced Threat Analytics (ATA) Cloud App Security + Azure Active Directory Premium Behavioral Analytics Behavioral analytics Detection of known malicious attacks Anomaly detection Detection of known security issues Security reporting and monitoring © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect your data against user mistakes 5/29/2018 1:32 AM Protect your data against user mistakes Microsoft Intune How do I prevent data leakage from my mobile apps? LOB app protection DLP for Office 365 mobile apps Optional device management Azure Information Protection Classify & Label Protect How do I control data on-premises and in the cloud Monitor and Respond Cloud App Security Risk scoring Shadow IT Discovery Policies for data control How do I gain visibility and control of my cloud apps? © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Secure The Front Door Risk based conditional access and Multi-Factor Authentication You can use Azure AD Identity Protection for conditional access risk policies. Conditional access risk policies help give your organization advance protection based on risk events and unusual sign-in activities. Using multi-factor authentication helps protect resources from being accessed by an unauthorized or risky users. Advanced Security Reporting Take advantage of advanced security reports, notifications, remediation recommendations and policies to protect your business from current and future threats. Identify threats on-premises From detecting known malicious attacks to uncovering abnormal activity with machine learning and behavioral analytics, identify advanced persistent threats to your enterprise quickly and take action swiftly with Microsoft Advanced Threat Analytics. Identify high-risk usage of cloud apps, abnormal behavior and prevent threat. Whether or not you’re in the cloud, your employees are. Bring the security of your on-premises systems to your cloud applications—both approved and unapproved—for deeper visibility, comprehensive controls, and enhanced protection against cloud security issues.

Azure Active Directory Identity Protection Windows Server Management Marketing 5/29/2018 Azure Active Directory Identity Protection Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Infected devices Leaked credentials Configuration vulnerabilities Brute force attacks Suspicious sign-in activities Security/Monitoring/Reporting Solutions Notifications Data Extracts/Downloads Power BI SIEM Monitor Tools Reporting APIs Apply Microsoft learnings to your existing security tools Microsoft machine - learning engine © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Risk-based conditional access 5/29/2018 1:32 AM Risk-based conditional access Block access Wipe device Conditions Allow Enforce MFA Remediate Actions Location (IP range) Device state User group User MFA Risk On-premises applications Microsoft Azure Risk (Low, Medium, High) Based on the state of the conditions you have set, you can set controls that allow, restrict, require MFA or remediate the issue. You can also set a control to wipe the device. Azure Active Directory Premium Microsoft Intune Microsoft Intelligent Security Graph © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Privileged Identity Management Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator Privileged Identity Management Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time administrative access when needed Provides more visibility through alerts, audit reports and access reviews

Benefits: Privileged Identity Management 5/29/2018 1:32 AM Benefits: Privileged Identity Management Removes unneeded permanent admin role assignments Limits the time a user has admin privileges Ensures MFA validation prior to admin role activation Reduces exposure to attacks targeting admins Separates role administration from other tasks Adds roles for read-only views of reports and history Asks users to review and justify continued need for admin role Simplifies delegation Enables least privilege role assignments Alerts on users who haven’t used their role assignments Simplifies reporting on admin activity Increases visibility and finer-grained control © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What is Azure Multi-Factor Authentication? Azure AD Premium feature: Multi-factor authentication What is Azure Multi-Factor Authentication? What it is A standalone Azure identity and access management service, also included in Azure Active Directory Premium Prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication Trusted by thousands of enterprises to authenticate employee, customer, and partner access What are the factors Something you know – Password or PIN Something you have – a phone or token Something you are – a fingerprint or retina scan

How it works Mobile apps Phone calls Text messages Build 2012 5/29/2018 How it works Mobile apps Phone calls Text messages ALERT 1 4 5 6 7 6 Text Message Push Notification One-Time Passcode (OTP) Token Phone Calls © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Advanced Threat Analytics DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Microsoft Advanced Threat Analytics An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.

Microsoft Cloud App Security Discovery Data control Threat protection Gain complete visibility and context for cloud usage and shadow IT—no agents required Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats Integrate with existing security, mobility, and encryption solutions

Secure Content

How much control do you have? Unregulated, unknown How much control do you have? Hybrid data = new normal It is harder to protect Managed mobile environment Identity, device management protection On-premises Perimeter protection

WHY AZURE INFORMATION PROTECTION? Persistent protection Safe sharing Intuitive experience Greater control

The evolution of Azure RMS LABELING CLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond

The evolution of Azure RMS Azure Information Protection The evolution of Azure RMS Full Data Lifecycle CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond

Multi-identity policy Control what happens after the data is accessed Managed apps Personal apps Managed apps Corporate data Personal Multi-identity policy Our app protection policies allow you to control what happens to docs and data after they’ve been accessed. App encryption at rest App access control – PIN or credentials Save as/copy/paste restrictions App-level selective wipe Managed web browsing Secure viewing of PDFs, images, videos Restrict features, sharing and downloads And then there is an unprecedented ability to control what happens after the data is accessed. Our unique approach to data protection allows us to protect the data at the app level, with out the need for traditional containerization or sandboxing. And because we leverage the user identity in our approach, we can enable multi- identity usage of apps - -where app policies are intelligent enough to only apply to data applicable to corporate accounts. Our capabilities here include: App encryption at rest App access control – PIN or credentials Save as/copy/paste restrictions App-level selective wipe Managed web browsing Secure viewing of PDFs, images, videos Intune has been working directly with the Office team to define our app protection strategy. Intune is the only mobility management solution that can control Office with this much granular control, without compromising on the end user experience. Personal apps MDM – optional (Intune or 3rd-party)

Secure Devices

Enterprise mobility management with Intune Mobile device management Mobile application management PC management User IT Optional slide for customers that are not familiar with Intune’s high level capabilities…. Microsoft Intune Protect your data Enable your users Strategically direct the flow of your mobile ecosystem, giving your end users the experience they expect while ensuring your corporate data is protected at every turn.

System Center Marketing Comprehensive lifecycle management 5/29/2018 Enroll Provide a self-service Company Portal for users to enroll devices Deliver custom terms and conditions at enrollment Bulk enroll devices using Apple Configurator or service account Restrict access to Exchange email if a device is not enrolled Provision Deploy certificates, email, VPN, and WiFi profiles Deploy device security policy settings Install mandatory apps Deploy app restriction policies Deploy data protection policies User IT Retire Revoke access to corporate resources Perform selective wipe Audit lost and stolen devices Manage and Protect Restrict access to corporate resources if policies are violated (e.g., jailbroken device) Protect corporate data by restricting actions such as copy, cut, paste, and save as between Intune-managed apps and personal apps Report on device and app compliance © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Selective wipe Personal apps IT Managed apps IT Perform selective wipe via self-service company portal or admin console Remove managed apps and data Keep personal apps and data intact

Windows 10 Azure AD joined devices ENABLE BUSINESS WITHOUT BORDERS Enabling anytime, anywhere productivity: Azure Active Directory Join for Windows 10 Apps in Azure Third-party apps and clouds Azure Active Directory Azure Active Directory Join makes it possible to connect work-owned Windows 10 devices to your company’s Azure Active Directory Enterprise State Roaming Enterprise-compliant services Intune/MDM auto-enrollment SSO from the desktop to cloud and on-premises applications with no VPN MDM auto-enrollment Windows 10 Azure AD joined devices Support for hybrid environments On-premises apps

Great Employee Experience Single sign-on to any cloud and on-premises web app Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box. Self Service Azure Active Directory (Azure AD) sets itself apart from other offerings by providing some of the easiest to use and most powerful self-service capabilities available today. Multi-Factor Authentication Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal. App Proxy without the need of VPN Azure AD Application Proxy helps you support remote workers by publishing on-premises applications to be accessed over the internet.  

Identity as the control plane Build 2012 5/29/2018 Identity as the control plane Simple connection Self-service Single sign on ••••••••••• Username Other Directories Windows Server Active Directory On-premises Cloud SaaS Azure Office 365 Public cloud Microsoft Azure Active Directory

Windows Server Management Marketing 5/29/2018 Powerful uplift in Business User Experience > Drive rapid adoption of business apps & services across any mobile platforms Company branded, personalized application Access Panel : http://myapps.microsoft.com Provide ‘single click’ access to 2,700+ SaaS/Cloud apps + any internal Company Web apps Facilitate rapid adoption of new app deployments across business users Supported across mobile platforms Manage you account © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empowering Business Users Windows Server Management Marketing 5/29/2018 Empowering Business Users Company branded, personalized application Access Panel : http://myapps.microsoft.com + Mobile Apps Manage your account Self Service Password Reset and delegated group management © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Security As a Service = Enterprise Mobility +Security Extend enterprise-grade security to your cloud and SaaS apps Microsoft Cloud App Security Microsoft Intune Azure Active Directory Premium Manage identity with hybrid integration to protect application access from identity attacks Azure Information Protection Protect your data, everywhere Protect your users, devices, and apps Detect threats early with visibility and threat analytics Microsoft Advanced Threat Analytics