Security for your digital transformation 9/18/2018 11:32 AM Security for your digital transformation <name> <title> © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/18/2018 11:32 AM Microsoft mission Empower every person and every organization on the planet to achieve more MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR COMMITMENT TO YOU 9/18/2018 11:32 AM SECURITY PRIVACY & CONTROL COMPLIANCE MSFT Field - Please view presenter notes at: https://microsoft.sharepoint.com/sites/infopedia/pages/layouts/KCDoc.aspx?k=G01KC-1-18252 TRANSPARENCY RELIABILITY © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/18/2018 11:32 AM Microsoft Secure Ensuring security to enable your digital transformation through a comprehensive platform, unique intelligence, and broad partnerships MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TURBULENT TIMES 2 Billion records compromised in the last year 9/18/2018 11:32 AM TURBULENT TIMES 2 Billion records compromised in the last year 99+ DAYS between infiltration and detection $15 MILLION of cost/business impact per breach MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

YOUR IT ENVIRONMENT 9/18/2018 11:32 AM MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

YOUR YOUR IT ENVIRONMENT OPPORTUNITY 9/18/2018 11:32 AM MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

YOUR YOUR IT ENVIRONMENT O P P O R T U N I T Y Smart cities Sensors 9/18/2018 11:32 AM Smart cities Sensors Vehicles Partners Energy systems Cloud Equipment On-premises YOUR YOUR IT ENVIRONMENT O P P O R T U N I T Y Mobile devices MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx Marketplaces Manufacturers Citizens Supply Chains Customers © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

YOUR IT ENVIRONMENT 9/18/2018 11:32 AM MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR UNIQUE APPROACH Platform Intelligence Partners Microsoft Inspire 9/18/2018 11:32 AM OUR UNIQUE APPROACH Platform Intelligence Partners © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

SECURE FOUNDATION Platform Intelligence Partners Physical security Operational security SECURE FOUNDATION Platform Intelligence Partners Global datacenter

Platform

BUILT IN SECURITY Platform Identity & access management Threat protection BUILT IN SECURITY Platform Information protection Security management

EMS Overview 9/18/2018 Identity & Access Management Prove users are authorized and secure before granting access to apps and data Protect at the front door Simplify access to devices and apps Safeguard your credentials Microsoft’s Identity and Access Management solution and technologies are designed to prove users authorized before granted access and apps to data. If identity is our new control plane and our perimeter, we need to protect that identities and protect our organization from identity breaches. Here we will focus on three key areas: First, protecting at the front door. No matter where you’re accessing from, we will help you to protect your organization. No matter where you’re coming in, we will be the first line of defense to protect your organization. So we build that security into your users experience. But that security we build in needs to be simple. At Microsoft, we heavily invest in making that security simple. Why? As we have seen the statistics earlier, users will bypass any protection if we don’t make it simple. Passwords are not sustainable, they’re weak and they’re not the best form of authentication. I heard from one of the customers, the opposite of security is convenience. Our job is to make sure that the experience is convenient and yet secure. And remember, another important distinction: security needs to be almost invisible but not completely invisible, Because otherwise, we wont know if our security is breached. We need to get indications that we’re protected. We need strike a balance. Sadly, there are no technologies that can change passwords over night. This is why we also help you safeguard credentials, we help you protect credentials – privileged and non privileged ones - in the first place. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 15

organizations from advanced cyber attacks EMS Overview 9/18/2018 THREAT PROTECTION Protect against advanced attacks; detect and respond quickly if breached PROTECT organizations from advanced cyber attacks DETECT malicious activities RESPOND to threats quickly Microsoft believes the goal for threat protection should be: Enabling organizations to have the ability to protect themselves from advanced cyber attacks. Providing organizations with solutions which can help detect suspicious behavior within the organization. Finally, since no security solution is ever 100% effective, there must be processes and tools to quickly respond to threats which enable damage control and limit the effects from an attack. With these targeted solutions in mind, Microsoft has built Threat Protection security services which are ideal for today’s businesses. We offer a combination of traditional approaches such as anti-malware and new innovations such as user and entity behavior analytics (UEBA) and endpoint detection and response (EDR). We are investing in both the prevention of attacks and post-breach detection and response. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

information protection 9/18/2018 11:32 AM information protection Protect sensitive data throughout the lifecycle – inside and outside the organization Detect Classify Protect Monitor We see four primary elements of the information protection lifecycle: Detect, classify, protect and monitor. Each step has its own set of requirements and unique considerations. First, let’s talk about the Detect phase: Detecting sensitive data is the first step. As data travels to various location – often outside of the organization’s environment, you want to know what sensitive data you have and where it’s located. Data may have different levels of sensitivity, and not all data needs the same level of protection. Classify: After sensitive data has been detected, it’s important to classify the data into distinct categories so that custom controls, such as policies and actions, can be applied. Once the classification scheme is set by the organization, policies can be configured and customized so that sensitive data such as intellectual property, customer info, health records, etc., are protected, stored and shared in a manner that adheres to the organization’s unique requirements. Classification and labeling persists with the file and can be understood and honored by other services, avoiding the need to reclassify and re-label throughout the file’s journey. Protect: Classifying and labeling data often results a policy rule to apply some level of protection to sensitive data. Monitor: Gaining visibility into how users are using or distributing sensitive information is an important component of your information protection strategy. In the case of unexpected activity or events involving sensitive information, organizations also need to be able to respond quickly and accurately.   Microsoft’s information protection solutions addresses each of these steps. This includes protecting sensitive information across Devices, SaaS applications and cloud services, as well as on premises environments. Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

INTELLIGENT SECURITY MANAGEMENT DEVICES APPS / DATA INFRASTRUCTURE IDENTITY INTELLIGENT SECURITY MANAGEMENT DEVICES APPS / DATA INFRASTRUCTURE IDENTITY An effective security management solution is not about a single console. Effective security management integrates where it counts, but also offers specialized tools for different functions. We can help you consolidate from many to few while ensuring that your specialized teams have the flexibility and freedom to manage their security as per the unique needs of that component, whether it is identity, devices, apps or infrastructure. However, the key that makes Microsoft security management consoles much more effective is the intelligence sharing, which helps your organization maintain a consistent and robust security posture. With Microsoft, intelligence is shared through the Microsoft Intelligent Security Graph. Harnessing the power of machine learning, processing trillions of pieces of data from billions of devices, we make the security management solutions work for you. This shared intelligence is leveraged by the management consoles across Identity, Devices, Apps & Data and Infrastructure- helping security admins and operation center teams to get important information optimized for their workloads. The key for a CISO’s success in managing security is not about a single console across everything, but integration wherever it makes sense. You don’t need all the point solutions to manage, data points to sift through to secure your end user devices and expanding networks. With single vendor mgmt., built-in controls that come with MS solutions and the unmatched intelligence, Microsoft becomes your trusted partner in achieving intelligent security management. In short, Microsoft provides you intelligent security management with: Specialized Controls based on your security teams’ needs; Visibility where needed; And Guidance on how to harden your organization’s security posture based on unmatched intelligence. Powered by the Intelligent Security Graph VISIBILITY CONTROL GUIDANCE Understand the security state and risks across resources Define consistent security policies and enable controls Enhance security through built-in intelligence and recommendations

Identity & access management Threat protection Information protection Security management Protect users’ identities & control access to valuable resources based on user risk level Protect against advanced threats and recover quickly when attacked Ensure documents and emails are seen only by authorized people Gain visibility and control over security tools Azure Information Protection Office 365 Data Loss Prevention Windows Information Protection Microsoft Cloud App Security Office 365 Advanced Security Mgmt. Microsoft Intune Advanced Threat Analytics Windows Defender Advanced Threat Protection Office 365 Advanced Threat Protection Office 365 Threat Intelligence Azure Active Directory Conditional Access Windows Hello Windows Credential Guard Azure Security Center Office 365 Security Center Windows Defender Security Center

OUR UNIQUE APPROACH Platform Intelligence Partners

INTELLIGENCE Multi-factor authentication Data encryption User accounts 9/18/2018 11:32 AM Multi-factor authentication Data encryption User accounts Device log-ins Malware Unauthorized data access Attacks INTELLIGENCE User log-ins Phishing Denial of service Spam System updates Enterprise security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR UNIQUE INTELLIGENCE 9/18/2018 11:32 AM OUR UNIQUE INTELLIGENCE 450B user authentications each month 1B Windows devices updated 400B emails analyzed for spam and malware Be clear about how to position and pitch Intelligent Security Graph © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR INTELLIGENCE OUR INTELLIGENCE INTELLIGENCE 9/18/2018 11:32 AM MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OUR UNIQUE APPROACH Platform Intelligence Partners

Platform Intelligence PARTNERSHIP APPROACH Partners Partner with peers Work with industry alliances PARTNERSHIP APPROACH Partners Work with government

9/18/2018 11:32 AM Microsoft Secure Ensuring security to enable your digital transformation through a comprehensive platform, unique intelligence, and broad partnerships MSFT Field - Please view associated material at: https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.