Microsoft Ignite 2016 7/17/2018 1:49 PM BRK3092 Get ahead of cybersecurity attacks with Microsoft Enterprise Mobility + Security Nasos Kladakis Pragya Pandey Demi Albuz © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

New blind spots for IT Cybercrimes Data breaches Shadow IT 32% of businesses reported to be affected by cybercrimes Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords Shadow IT >80% of employees admit using non-approved SaaS apps for work purposes

The security landscape has changed Identity Devices Apps & Data Microsoft Azure ? Cloud apps and data Employees Partners Customers ? On-premises apps and data Transition to cloud & mobility New attack landscape Current defenses not sufficient + =

Protects your data from new and changing cybersecurity attacks Our approach to the security challenge Addresses security challenges across users (identities), devices, data, apps, and platforms―on-premises and in the cloud Holistic Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a vast amount of datasets and machine learning in the cloud Intelligent Protects your data from new and changing cybersecurity attacks Innovative Offers one protected common identity for secure access to all corporate resources, on-premises and in the cloud, with risk-based conditional access Identity-driven

Introducing Microsoft Identity-driven security Holistic. Innovative. Intelligent. Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses Protect at the front door Gain deep visibility into user, device, and data activity on-premises and in the cloud. Protect your data against user mistakes Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics. Detect attacks before they cause damage

Protect at the front door Actions User Microsoft Azure Conditions Location (IP range) Allow access Device state User group MFA Block access Risk On-premises applications How can I protect my organization at the front door? Risk-based conditional access Identity Protection Privileged Identity Management

Protect your data against user mistakes How do I gain visibility and control of my cloud apps? How do I prevent data leakage from my mobile apps? How do I control data on-premises and in the cloud Cloud App Security Microsoft Intune Azure Information Protection Shadow IT Discovery DLP for Office 365 mobile apps Classify & Label Risk scoring Optional device management Protect Policies for data control LOB app protection Monitor and Respond

On-premises detection Detect attacks before they cause damage How do I detect attacks in the cloud? Microsoft Cloud App Security Cloud App Security (App level) Behavioral analytics Anomaly detection Detection in the cloud Azure Active Directory Premium Azure Active Directory (Identity level) Behavioral Analytics Security reporting and monitoring Cloud How do I detect on-premises attacks? On-premises detection Advanced Threat Analytics User and Entity Behavioral Analytics Detection of known malicious attacks and security issues Microsoft Advanced Threat Analytics On-premises

Enterprise Mobility + Security Azure Active Directory Microsoft Cloud App Security Manage identity with hybrid integration to protect application access from identity attacks Extend enterprise-grade security to your cloud and SaaS apps Protect devices and apps Microsoft Intune Detect problems early with visibility and threat analytics Microsoft Advanced Threat Analytics Azure Information Protection Protect your data, everywhere

Enterprise Mobility + Security EMS Overview 7/17/2018 Enterprise Mobility + Security Identity and access management Managed mobile productivity Information protection Identity-driven security Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Information Protection Premium P2 Intelligent classification and protection for files and emails shared inside and outside your organization (includes all capabilities in P1) Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications EMS E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection Premium P1 Manual classification and protection for files and emails shared inside and outside your organization Cloud-based file tracking Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics EMS E3 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Check out more sessions on this topic: 7/17/2018 1:49 PM Check out more sessions on this topic: Conditional Access BRK3225 Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune Tue, Sept 27, 2:15PM-3:30PM B308-B309 Advanced Threat Analytics BRK3090 Learn how Microsoft Advanced Threat Analytics combats persistent threats Tue, Sept 27, 4:00pm -5:15pm C113 Cloud App Security BRK3091 Get visibility, data control, and threat protection with Microsoft Cloud App Security Wed, Sept 28, 10:45AM -12:00PM B304-B305 Azure Active Directory BRK3110 Respond to advanced threats before they start - identity protection at its best! Thu, Sept 29, 2:15pm -3:30pm C1 Azure Information Protection BRK2127 Adopt a comprehensive identity-driven solution for protecting and sharing data securely Tue, Sept 27, 9:00AM – 10:15AM C108-C109 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Keep going… Try Enterprise Mobility + Security for free, today: www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial See Microsoft Cloud App Security in action www.microsoft.com/en-us/server-cloud/products/cloud-app-security/ Explore Identity + Access Management www.microsoft.com/en-us/cloud-platform/identity-management Learn more about Azure Information Protection www.microsoft.com/en-us/cloud-platform/information-protection Discover new MDM and MAM solutions with Microsoft Intune www.microsoft.com/en-us/cloud-platform/mobile-device-managementlink Check out new Desktop virtualization capabilities www.microsoft.com/en-us/cloud-platform/desktop-virtualization

Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 7/17/2018 1:49 PM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 7/17/2018 1:49 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Back up slides

Is it possible to keep up? The Microsoft vision Users Secure and protect against new threats Data Maximum productivity experience Apps Employees Business partners Customers Devices Comprehensive and integrated

The security landscape has changed LIFE BEFORE CLOUD AND MOBILITY LIFE AFTER CLOUD AND MOBILITY Firewall Office 365 Corp email, business apps On-premises Access via managed devices and networks Layers of defense protecting internal apps Known security perimeter Open access for users – any device, any network Unrestricted sharing methods – users decide how to share Cloud app ecosystem Limited visibility and control

A need for holistic and innovative security Traditional security solutions False positives Not up to the challenge Complex Transitioning to cloud and mobility New attack landscape End users making non-compliant choices Credential theft Lack of visibility and control for cloud apps Changes in attackers’ techniques Controlling/securing critical data across devices Costly recovery from advanced attacks

Protect at the front door Protect your data against user mistakes Identity-driven security scenarios Protect at the front door Protect your data against user mistakes Detect attacks before they cause damage

Windows Server Management Marketing 7/17/2018 PROTECT AT THE FRONT DOOR Azure Active Directory Identity Protection Identity Protection at its best Infected devices Leaked credentials Gain insights from a consolidated view of machine learning based threat detection Configuration vulnerabilities Brute force attacks Suspicious sign-in activities Risk-based policies Remediation recommendations MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Management Marketing 7/17/2018 PROTECT AT THE FRONT DOOR Azure Active Directory Identity Protection Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools Infected devices Leaked credentials Configuration vulnerabilities Brute force attacks Suspicious sign-in activities Security/Monitoring/Reporting Solutions Notifications Data Extracts/Downloads Power BI SIEM Monitor Tools Reporting APIs Apply Microsoft learnings to your existing security tools Microsoft machine - learning engine © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Privileged Identity Management Windows Server Management Marketing 7/17/2018 PROTECT AT THE FRONT DOOR Privileged Identity Management How time-limited activation of privileged roles works SECURITY ADMIN Users need to activate their privileges to perform a task ALERT MFA enforced during activation process Configure Privileged Identity Management Alerts inform administrators about out- of-band changes Identity verification Read only ADMIN PROFILES Monitor Users retain privileges for a pre-configured amount of time Billing Admin Global Admin Audit USER MFA Service Admin Security admins can discover all privileged identities, view audit reports, and review everyone who is eligible to activate via access reviews Access reports PRIVILEGED IDENTITY MANAGEMENT © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect at the front door Protect your data against user mistakes Identity-driven security scenarios Protect at the front door Protect your data against user mistakes Detect attacks before they cause damage

Cloud App Security - Discovery PROTECT YOUR DATA AGAINST USER MISTAKES Cloud App Security - Discovery Discover 13,000+ cloud apps in use—no agents required Identify all users, IP addresses, top apps, top users Shadow IT discovery Get an automated risk score driven by 60+ parameters See each app’s risk assessment based on its security mechanisms and compliance regulations Risk scoring Ongoing risk detection, powerful reporting, and analytics on users, usage patterns, upload/download traffic, and transactions Ongoing anomaly detection for discovered apps Ongoing analytics

Cloud App Security - data control PROTECT YOUR DATA AGAINST USER MISTAKES Cloud App Security - data control Set granular-control security policies for your approved apps Use out-of-the-box policies or customize your own Policy definition Prevent data loss both inline and at rest Govern data in the cloud, such as files stored in cloud drives, attachments, or within cloud apps Use pre-defined templates or extend existing DLP policies DLP and data sharing Identify policy violations, investigate on a user, file, activity level Enforce actions such as quarantine and permissions removal Block sensitive transactions, limit sessions for unmanaged devices Policy enforcement

The evolution of Azure RMS PROTECT YOUR DATA AGAINST USER MISTAKES The evolution of Azure RMS LABELING CLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond

The evolution of Azure RMS Azure Information Protection PROTECT YOUR DATA AGAINST USER MISTAKES The evolution of Azure RMS Full Data Lifecycle CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond

Microsoft Intune: Mobile device and app management PROTECT YOUR DATA AGAINST USER MISTAKES Microsoft Intune: Mobile device and app management Corporate data Personal Multi-identity policy MAM policies Corporate apps Microsoft Intune Azure Rights Management Simplify BYOD program - device management is optional Secure your LOB apps with App SDK and App Wrapping Tool Prevent data loss from Office mobile apps; natively built in. File policies Extend protection at file level with Azure Information Protection MDM – optional (Intune or third party) Personal apps MDM policies

Protect at the front door Protect your data against user mistakes Identity-driven security scenarios Protect at the front door Protect your data against user mistakes Detect attacks before they cause damage

Microsoft Advanced Threat Analytics DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Microsoft Advanced Threat Analytics An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.

Microsoft Advanced Threat Analytics at work DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Microsoft Advanced Threat Analytics at work 1 Analyze 2 Learn 3 Detect ATA analyzes all Active Directory-related traffic and collects relevant events from SIEM ATA automatically learns all entities’ behaviors ATA builds the organizational security graph, detects abnormal behavior, protocol attacks, and weaknesses, and constructs an attack timeline

Threat prevention for your cloud apps with Cloud App Security DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Threat prevention for your cloud apps with Cloud App Security Behavioral analytics Attack detection Identify anomalies in your cloud environment which may be indicative of a breach Leverage behavioral analytics (each user’s interaction with SaaS apps) to assess risk in each transaction Identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with vast Microsoft threat intelligence Coming soon: send any file through real-time behavioral malware analysis

Protect at the front door Protect your data against user mistakes Identity-driven security scenarios Protect at the front door Protect your data against user mistakes Detect attacks before they cause damage

Enhanced by Microsoft security intelligence Microsoft Intelligent Security Graph Identity Device Apps and data Platform Unique insights into the threat landscape Informed by trillions of signals from billions of sources Powered by inputs we receive across our endpoints, consumer services, commercial services, and on-premises technologies Anomaly detection that draws from our vast amount of threat intelligence, machine learning, security research, and development data Intelligence

closing the gap between discovery and action 7/17/2018 1:49 PM PROTECT across all endpoints, from sensors to the datacenter DETECT using targeted signals, behavioral monitoring, and machine learning YOUR SECURITY POSTURE ! RESPOND closing the gap between discovery and action © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR UNIQUE APPROACH OUR SECURITY PLATFORM PLATFORM Identity Device Apps & Data Infrastructure OUR UNIQUE APPROACH OUR SECURITY PLATFORM Advanced Threat Protection Anti-Spam / Anti-Malware Message Encryption Customer Lockbox Data Loss Prevention Windows Trust Boot Privileged Identity Management Credential Guard Microsoft Passport Windows Hello Windows Defender ATP Windows Update for Business Enterprise Data Protection Azure Active Directory Azure Security Center Azure Storage Service Encryption Azure Key Vault Advanced Threat Analytics Cloud App Security Intune Windows Server 2016 SQL Server 2016

Microsoft Security Technology 7/17/2018 1:49 PM Microsoft Security Technology Operations Management Suite Advanced Threat Protection Advanced Security Management Data Protection Office 365 Across clouds & on premises Security Backup and disaster recovery Analytics and monitoring Automation Advanced Threat Protection Data Protection Credential Guard Device Guard Windows 10 Enterprise Mobility + Security Advanced Threat Analytics Cloud App Security Mobile Device & App Management Azure Active Directory Premium Azure Rights Management User security Infrastructure security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 7/17/2018 1:49 PM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 7/17/2018 1:49 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/17/2018 1:49 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.