Everything Windows User Group Meeting, Aug 2016

Slides:



Advertisements
Similar presentations
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Advertisements

Go mobile. Stay in control.
Active Directory Modernization Technical competitive comparison
Identity & Access Management for a cloud-first, mobile-first world
The time to address enterprise mobility is now
Deployment Planning Services
Deployment Planning Services
Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services
Security as A Service Components
O365 & AZURE ADDS Mladen Baranek, Miadria
Azure Information Protection Strategy and Roadmap
Microsoft Azure: The only consistent Hybrid Cloud
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services
SaaS Application Deep Dive
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Microsoft Virtual Academy
Manage mobile productivity with Enterprise Mobility + Security (EMS)
Microsoft Ignite /17/2018 1:49 PM BRK3092
The power of common identity across any cloud
Protect sensitive information with Office 365 DLP
Secure Remote Access to on-premises Web Apps using Azure AD
Microsoft Ignite /31/ :08 AM
Information Protection
Go mobile. Stay in control.
Microsoft Dynamics NAV 2018 – what’s new
Rights Management Services (RMS)
Understanding best practices in classifying sensitive data
Microsoft Intune MAM without Device Enrollment
Microsoft Ignite /18/2018 9:42 AM
Security for your digital transformation
Welcome! Microsoft Tech Talks - Charlotte, NC
Windows Store for Business
Microsoft Virtual Academy
Application Delivery & MAM Policy
Enterprise Modernization
Power Apps & Flow for Microsoft Dynamics SL
Azure Active Directory
Azure AD Domain Services
Microsoft Virtual Academy
Access and Information Protection Product Overview October 2013
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Microsoft Virtual Academy
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Virtual Academy
Five mistakes to avoid when deploying Enterprise Mobility + Security
Mobility Workshop Microsoft Mobility + Security Vision
12/29/2018 8:46 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Virtual Academy
SPC Developer 1/1/2019 Deep Dive on the Capabilities of SharePoint Online's New Public Website Josh Stickler Program Manager WCM Kevin Gjerstad Principal.
What’s new in the Fall Creators Update for Windows Defender ATP
Microsoft Virtual Academy
Surviving identity management in a hybrid world
Protecting your data with Azure AD
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
System Center Marketing
One Marketing Template
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft Virtual Academy
Microsoft Data Insights Summit
Helping You Be What’s Next Eric Boustouller President
Build /27/2019 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Azure AD Simon May Technical Evangelist.
Microsoft Data Insights Summit
Microsoft Virtual Academy
Presentation transcript:

Everything Windows User Group Meeting, Aug 2016 EWUG.dk Everything Windows User Group Meeting, Aug 2016

Per Larsen Microsoft MVP – Enterprise Mobility Solution Architect | per.larsen@atea.dk | m: +45 3078 1828 | f: +45 7025 2575 Co-Organizer - Everything Windows User Group Denmark | www.ewug.dk Microsoft Partner Technology Solutions Professional (P-TSP) in: http://www.linkedin.com/in/perlarsen1975 | t: @PerLarsen1975 Blog: http://osddeployment.dk P

Agenda Enterprise Mobility + Security New EMS license E3 / E5 EMS in a security perspective Enterprise Mobility + Security New EMS license E3 / E5 Identity is the foundation for enterprise mobility Access thousands of apps with one identity AzureAD privileged Identity Management (Just in time Admin)

Agenda Protect at the front door - Conditional Access EMS in a security perspective Protect at the front door - Conditional Access Protect at the front door CA MFA and location based access rules CA Device based access rules Intune Mobile Application Management (MAM) Agent Less With Intune

Enterprise Mobility + Security EMS Overview 12/3/2018 Enterprise Mobility + Security Identity and access management Managed mobile productivity Information protection Identity-driven security Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications EMS E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics EMS E3 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AzureAD Identity Demo

Identity is the foundation for enterprise mobility Build 2012 12/3/2018 IDENTITY – DRIVEN SECURITY Identity is the foundation for enterprise mobility Simple connection SaaS Azure Public cloud Cloud On-premises Other directories Windows Server Active Directory Self-service Single sign-on Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy) Microsoft Azure Active Directory

Access thousands of apps with one identity Windows Server Management Marketing 12/3/2018 Access thousands of apps with one identity Microsoft Azure OTHER DIRECTORIES 2500+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AzureAD privileged Identity Management Demo

Security landscape has changed IDENTITY – DRIVEN SECURITY Security landscape has changed Identity Devices Apps & Data Shadow IT Cloud apps SaaS Azure Employees Partners Customers Data breach Identity breach On-premises apps Transition to cloud & mobility New attack landscape Current defenses not sufficient

Protect at the front door - Conditional Access Demo

Protect at the front door 12/3/2018 5:53 PM IDENTITY – DRIVEN SECURITY Protect at the front door User Conditions Actions Allow access Or Location Device state Enforce MFA per user/per app MFA User/Application Risk Block access Azure AD Identity Protection Azure AD Privileged Identity Management © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Conditional Access MFA and location based access rules EMS in a security perspective MFA and location based access rules

Conditional Access Device based access rules EMS in a security perspective Device based access rules

Intune Mobile Application Management (MAM) Demo

Multi-identity policy MANAGED MOBILE PRODUCTIVITY Mobile app management Corporate data Personal Multi-identity policy Managed apps Personal apps Managed apps Managed apps Email attachment Copy Paste Save Paste to person al app Save to personal storage If we take a closer look at our user’s newly enrolled device which is now compliant and ready to go, we can see that she is still able to maintain a personal experience on her device. She has organized her applications the way she wants, with all of her apps available on one screen. She has her managed corporate apps—the Office mobile apps she knows and loves and personal apps that she uses outside of work and may even consider using these personal apps to try to boost her productivity at work. Even though our user has all of her apps at hand on her personal device, IT is able to enjoy unparalleled management of the Office mobile apps, so that with Microsoft Intune, our IT pro has a different perspective on the organization of our user’s personal device. With the new multi-identity management feature, you an enable users to access both their personal and work accounts using the same Office mobile apps while only applying the MAM policies to their work account – providing a seamless experience while employees are on-the-go. For our IT pro, there is still a clear separation of the managed corporate apps and our user’s personal apps. But, this doesn’t affect the user’s access to apps. By applying policy at the app level, our IT pro can support mobile productivity while maintaining user preferences, and still have the ability to protect corporate data and resources with the Intune-managed Office mobile apps. The Intune App Wrapping Tool also allows IT to apply similar policies to your existing line-of-business applications so that these resources are equally protected through the organization’s proprietary apps. You can enable users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune as well. Let’s now take a closer look at how app-level policies can help keep company data and information secure. Our user receives a work email through her managed Outlook account with an attached Excel spreadsheet containing information she needs for a report. Our user opens the attachment in her Excel mobile application to find the information she needs. She then wants to copy the info to add to her report. But when she tries to paste it into her personal notepad, it doesn’t work—the personal notepad is not a managed app and our IT pro has applied policies that restrict copy, paste, and cut functions to only apps that are part of the managed app ecosystem (for Intune enrolled devices). So our user opens her Microsoft Word mobile app which is managed by Intune and she is successfully able to paste her information. Now our user wants to save the working copy of her report to her personal OneDrive account so that she can access it from her home computer. Because her personal OneDrive account is not one of the managed applications, she’s unable to save it here. IT has applied policies restricting the ability to save to only apps that are part of the managed app ecosystem. So our user must save her working copy to her managed OneDrive for Business account, which means when she does want to work on this report from another device, this device will have to be an enrolled for management . By using the mobile application management capabilities of Intune, the IT pro can help prevent leakage of important company data and make sure that this information doesn’t get into the wrong hands.  Personal apps Personal apps

Intune Mobile Application Management MAM – Agent less

Intune Mobile Application Management MAM With Intune Standalone Hybrid

Three steps to identity-driven security 1. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses 2. Protect your data against user mistakes Gain deep visibility into user, device, and data activity on-premises and in the cloud. 3. Detect attacks before they cause damage Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics. Safeguard your resources at the front door. Our solution calculates risk severity for every user and sign-in attempt, so risk-based conditional access rules can be applied to protect against suspicious logins. Protect your data against users mistakes: Gain deeper visibility into user, device, and data activity on-premises and in the cloud to create more effective, granular-level policies. Classify and label files at creation, track their usage, and change permissions when necessary. Detect attacks before they cause damage: Identify attackers in your organization using innovative behavioral analytics and anomaly detection technologies – all driven by vast amounts of Microsoft threat intelligence and security research data.

Questions ??

Thank you