Microsoft Ignite 2016 9/18/2018 9:42 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Cloud App Security Microsoft Ignite 2016 9/18/2018 9:42 AM Microsoft Cloud App Security ENTERPRISE-GRADE SECURITY FOR YOUR CLOUD APPS WITH MICROSOFT CLOUD APP SECURITY   Yair Cohen Senior Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Mobile-first, cloud-first reality 72% 63% 1/3 Shadow IT By 2022, a third of successful attacks experienced by enterprises will be on their shadow IT resources. Mobile devices 72% of the U.S. workforce will be mobile by 2020, relying on devices other than their laptop to be productive. Data breaches 63% of confirmed data breaches involved weak, default, or stolen passwords.

The security perimeter has changed Identity Devices Apps Data On-premises

The security perimeter has changed OPPORTUNITY On-premises

Market is attempting to solve the problem Data Loss Prevention Information Rights Management Discovery Mobile Device & Application Management Secure collaboration Mobile Data Loss Prevention Identity governance Cloud Data Loss Prevention User & Entity Behavioral Analytics Single- sign on Cloud anomaly detection Identity & Access Management Conditional access Cloud Access Security Broker SIEM Threat Detection Cloud visibility

We would like to use a single slide and use this format We would like to use a single slide and use this format. Please update the icons. (You can use the icons from slide #13) How do I gain visibility into cloud apps used in my organization and get a risk assessment? How can I control and limit access to data in cloud apps? How can I prevent data loss in cloud apps and stay compliant with regulations? How do I protect cloud apps and the data in them from security attacks?

Microsoft Cloud App Security Discover and assess risks Control access in real time Protect your information Detect threats Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Extend Microsoft security To your cloud apps Threat detection: Microsoft Intelligent Security Graph, Office ATP Information Protection: Office 365 & Azure Information Protection Identity: Azure AD and Conditional Access + more Discover and assess risks Discover all cloud usage in your organization Information protection Monitor and control your data in the cloud Conditional access Control and limit user access based on session context Threat detection Detect usage anomalies and security incidents

Cloud App Security: Ignite Announcements Cloud App Security: proxy Control and limit access to cloud apps: Using proxy with Azure Active Directory Conditional Access. Public Preview in October Scan, classify sensitive data and apply AIP labels automatically Automatic labeling and protection will be in public preview in October 2017. Cloud App Security will classify file leveraging Microsoft’s Information Protection solution and capabilities starting Q4 2017. Support for Azure West Europe region Cloud App Security is also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements New Cloud App Discovery experience in Azure AD Cloud App Discovery in Azure AD’s now enhanced to provide deeper visibility into cloud app usage, no agents required, with ongoing analysis and alerts, powered by Cloud App Security. Available to Azure AD customers.

Cloud App Security Demo Microsoft Ignite 2016 9/18/2018 9:42 AM Cloud App Security Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud discovery Shadow IT discovery Microsoft Ignite 2016 9/18/2018 9:42 AM Cloud discovery Shadow IT discovery Risk assessment and migration to business- ready apps On-going protection and analytics Discover cloud apps in use across your networks Investigate users and source IP cloud usage Create custom views and reports for business units, networks and groups Optional PII anonymized reports Risk assessment for 15,000+ cloud apps based on 60 security and compliance risk factors Un-sanction, sanction and protect apps Customize labels, notes, weight in risk scoring and override per app risk assessment to support internal workflows Anomalous usage alerts New apps and trending apps alerts Identify and close policy enforcement gaps Programmatically generate blocking scripts to supported network appliances Integrates with Your network appliances, SIEM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Information protection for cloud apps Microsoft Ignite 2016 9/18/2018 9:42 AM Information protection for cloud apps Gain visibility into data and sharing Classify, label and protect Monitor & investigate   Visibility to sharing level and classification labels Quantify over-sharing exposure and compliance risks Detect and manage 3rd apps access Govern data in the cloud with granular DLP policies Leverage Microsoft’s Information Protection capabilities for classification Automatically protect your data using Azure Information Protection Identify policy violations Investigate incidents and related activities Quarantine and permissions removal Integrates with Azure Information Protection, Office 365, External DLP solutions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Conditional Access: Proxy Microsoft Ignite 2016 9/18/2018 9:42 AM Conditional Access: Proxy Investigate & enforce app and data restrictions Unique integration with Azure AD Context-aware session policies Control access to cloud apps based on user, location, device and app Identify managed devices via VPN (location based), Domain joined devices, Intune compliant devices or client certificates Supports any SAML-based app, any OS Enforce browser-based “view only” mode for low-trust sessions Limit access to sensitive data Classify, label and protect on download Visibility into for unmanaged device activity Integral component of Azure AD Conditional Access Simple deployment directly from your Azure AD portal Leverages existing device management mechanisms, no additional deployment required Integrates with Azure Active Directory Public Preview in October © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Threat detection & investigation Microsoft Ignite 2016 9/18/2018 9:42 AM Threat detection & investigation Behavioral analytics & ransomware detection Advanced investigation & remediation Threat Intelligence   Leverages Microsoft Intelligent Security Graph: Unique insights, informed by trillions of signals across Microsoft’s customer base Native integration with Office Threat Intelligence Identify anomalies in your cloud environment via advanced behavioral analytics Built-in detections for leading threat scenarios: Ransomware, admin take-over, shared accounts Pivot on users, IP addresses, resources, activities and locations Customize detections based on your findings Automate remediation with Azure AD Integrates with Microsoft Intelligent Security Graph, 3rd party SIEM solutions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Keep going… Try Enterprise Mobility + Security for free, today: www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial See Microsoft Cloud App Security in action https://www.microsoft.com/en-us/cloud-platform/cloud-app-security-trial Evaluate and try Microsoft Advanced Threat Analytics now www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics Explore Identity + Access Management www.microsoft.com/en-us/cloud-platform/identity-management Learn more about Azure Information Protection www.microsoft.com/en-us/cloud-platform/information-protection Discover new MDM and MAM solutions with Microsoft Intune www.microsoft.com/en-us/cloud-platform/mobile-device-management Check out new Desktop virtualization capabilities www.microsoft.com/en-us/cloud-platform/desktop-virtualization

9/18/2018 9:42 AM © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix Microsoft Ignite 2016 9/18/2018 9:42 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

80% 73% SaaS adoption challenge Microsoft Ignite 2016 9/18/2018 9:42 AM SaaS adoption challenge 80% 73% of enterprises indicated security as a top challenge holding back SaaS adoption* >80% of employees admit to using non-approved SaaS apps in their jobs** Cloud Security Alliance (CSA) survey, Cloud Adoption, Practices and Priorities Survey Report 2015 ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing Microsoft Cloud App Security Enterprise-grade security for your cloud apps Visibility Gain complete visibility and context for cloud usage and shadow IT Control Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP Threat detection Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats

Information Protection Microsoft Ignite 2016 9/18/2018 9:42 AM Microsoft Cloud App Security: gain visibility and control of data in cloud apps Cloud Discovery Discover 14K+ cloud apps in your environment, gain visibility into shadow IT and assess risk Information Protection Shape your cloud environment with granular controls and use out-of-the-box or custom policies for data sharing, and data loss prevention Threat Protection Identify high-risk usage and cloud security issues, detect abnormal user behavior, and prevent threats Discovery Risk Assessment Ongoing analytics ! ! Behavioral Analytics Identify anomalies in your cloud environment that may be indicative of a breach Collect logs from firewalls and proxies - no agents required on user devices Policy Setting DLP & Data Sharing Policy Enforcement Policies Policy Enforcement Activity Scan for advanced alerts Enhanced by Microsoft Intelligent Security Graph Protect file Anomaly Detection App Discovery Quarantine Leverage Microsoft’s threat intelligence to detect anomalies, prevent threats, and stop risky behavior right away. Discovery Anomaly Make private File Remove a collaborator Integrated with Azure Information Protection Create policies for files classified by Azure Information Protection and govern sensitive data in the cloud Investigate and gather unique insights Gain a deeper understanding of what's happening in your cloud environment by pivoting on users, files, accounts, apps and activities. Use log anonymization to protect employee privacy while uncovering Shadow IT © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Enterprise Mobility + Security Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Identity and access management Managed mobile productivity Information protection Threat protection

Our FastTrack Momentum 9/18/2018 9:42 AM Our FastTrack Momentum “We saw what Microsoft was putting into Intune and saw that it could do everything that we wanted ... and that it would grow with our future needs… … the other thing, and this is a huge part not to be diminished, was the magnitude of positive experience and support from the FastTrack Center.” Willem Bagchus Messaging and Collaboration Specialist, United Bank 40k+ 6.3 PB+ 6.8 M+ 189.5 Customers enabled Data migrated Seats migrated Customer satisfaction (NSAT) 800+ 51k+ 53% FastTrack Engineers worldwide Success plans Faster Time to Value © Microsoft Corporation. All rights reserved.

Solution comes in two different flavors: Office 365 Cloud App Security Microsoft Cloud App Security Enhanced visibility and control for Office 365 Advanced security alerts Productivity app discovery App permissions and control Available in Office E5 Integrated security suite across identity, device, apps and data Discovery of Shadow IT Unified Information protection Automated detection and remediation Available standalone and as a part of EMS E5

Office 365 Cloud App Security vs. Microsoft Cloud App Security Office 365 Advanced Security Management Cloud Discovery Discovered apps 15,000 + cloud apps 750+ cloud apps with similar functionality to Office 365 Deployment for discovery analysis Manual and automatic log upload Manual log upload Log anonymization for user privacy Yes Access to full Cloud App Catalog Cloud app risk assessment Cloud usage analytics per app, user, IP address Ongoing analytics & reporting Anomaly detection for discovered apps Information Protection Data Loss Prevention (DLP) support Cross-SaaS DLP and data sharing control Uses existing Office DLP (available in Office E3 and above) App permissions and ability to revoke access Policy setting and enforcement Integration with Azure Information Protection Integration with third party DLP solutions Threat Detection Anomaly detection and behavioral analytics For Cross-SaaS apps including Office 365 For Office 365 apps Manual and automatic alert remediation SIEM connector Yes. Alerts and activity logs for cross-SaaS apps. Yes. Office 365 alerts only. Integration to Microsoft Intelligent Security Graph Activity policies https://docs.microsoft.com/en-us/cloud-app-security/editions-cloud-app-security

Microsoft Ignite 2016 9/18/2018 9:42 AM From SaaS providers “At Box, we believe in a modern content management and collaboration experience where information can move easily and securely between individuals and organizations and across devices and applications. By working closely with Microsoft Cloud App Security, we're providing businesses with stronger controls and deeper visibility around their cloud apps, and protecting unwanted access to critical business content."  ROGER MURFF Vice President of Technology Partnerships at Box BOX © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete framework to secure your cloud apps Microsoft Ignite 2016 9/18/2018 9:42 AM Complete framework to secure your cloud apps Cloud discovery Information protection Threat detection Conditional Access Discover all cloud usage in your organization Monitor and control your data in the cloud Detect usage anomalies and security incidents Control and limit user access based on session context Extend Microsoft security To your cloud apps Threat detection: Microsoft Intelligent Security Graph, Office ATP Information Protection: Office 365 & Azure Information Protection Identity: Azure AD and Conditional Access + more © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud App Security: Ignite Announcements Cloud App Security: proxy-enforced session restrictions Control and limit access to cloud apps: Using proxy-enforced app restrictions with Azure Active Directory Conditional Access. Public Preview in October Scan, classify sensitive data and apply AIP labels automatically Automatic labeling and protection will be in public preview in October 2017. Cloud App Security will classify file leveraging Microsoft’s Information Protection solution and capabilities starting Q4 2017. Support for Azure West Europe region Cloud App Security is also be available in Azure West Europe region to better serve our customers in Europe and support their compliance requirements New Cloud App Discovery experience in Azure AD Cloud App Discovery in Azure AD’s now enhanced to provide deeper visibility into cloud app usage, no agents required, with ongoing analysis and alerts, powered by Cloud App Security. Available to Azure AD customers.