Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Slides:



Advertisements
Similar presentations
Unified Communications Bill Palmer ADNET Technologies, Inc.
Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Mohan Atreya Sr. Product Manager RSA Corporation SIA311 Marcio Mello Sr. Program Manager Lead Microsoft Corporation.
What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Upgrading the Platform - How to Get There!
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.
Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.
Implementing Secure Shared File Access
Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation.
A long time ago, before I started working in the PC world, I was a government economist. I don't do that any more, but being an economist gives you a framework.
WSV323. CSO/CIO department Regulation translated to control objectives Infrastructure Support Control objectives turned into control activities.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Module 9 Configuring Messaging Policy and Compliance.
Module 6 Planning and Deploying Messaging Security.
Get Hands-on with the New Hyper-V Extensible Switch in Windows Server 2012 Bob Combs Hyper-V Networking Microsoft Corporation VIR307.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Making Entitlements in AD Understandable to the Business Rob de Jong Senior Program Manager Microsoft Corporation SIA314.
User and computer attributes can be used in ACEs ACEs with conditions, including logical and relational operators User and Device Claims Expression-Based.
Kick starting your migration to Windows Server 2012 Alex Pubanz, Jesse Suna Senior PFEs, Microsoft WSV331.
Module 7 Planning and Deploying Messaging Compliance.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
FDN03. Source: IDC, Media Tablet Multi-Client Study, February Note: IDC only surveyed iPad owners for this study.
What’s New in Active Directory in Windows Server 2012 Samuel Devasahayam Active Directory Product Group Microsoft Ulf Simon-Weidner Senior Consultant,
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Uri Lichtenfeld Security Specialist Certified Security Solutions – Microsoft Partner SESSION CODE: SIA312.
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Vijay Sistla Senior Program Manager Microsoft Corporation VIR302.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
The time to address enterprise mobility is now
Deployment Planning Services
Protect sensitive information with Office 365 DLP
Session Dynamic Access Control – The NEW Black
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
Threat Management Gateway
9/6/2018 1:41 AM SAC-422T Using claims-based access control for compliance and information governance Samuel Devasahayam Nir Ben Zvi Lead Program Manager.
9/14/2018 2:22 AM THR2026 Set up secure and efficient collaboration for your organization with Office 365 Joe Davies Senior Content Developer Brenda Carter.
Dynamic Access Control
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
11/19/2018 6:21 AM SAC-425T Building security auditing solutions for compliance and forensic analysis Jay Dave Dave McPherson Program Manager Security.
Access and Information Protection Product Overview October 2013
Using classification for access control and compliance
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
System Center Marketing
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Service Template Creation from the Ground Up
Microsoft Data Insights Summit
Microsoft Data Insights Summit
Microsoft Virtual Academy
Presentation transcript:

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206

Expanding Importance of Identity Advanced Persistent ThreatCloud Computing Government Interests Consumerization of IT

Information Privacy is the most important security concern in the enterprise, outranking malware for the first time

Percentage cause of data breach Cost of Data Breach report Ponemon Institute 2010 Estimated sources of data breach Global State of Information Security Survey PriceWaterhouseCoopers 2010 Likely Source Current Employee34%33%32% Former Employee16%29%23% Hacker28%26%31% Customer8%10%12% Partner/Supplier7%8%11% Unknown42%39%34%

Information Protection Discover, protect and manage confidential data throughout your business with a comprehensive solution integrated into the platform and applications Protect critical data wherever it goes Protect data wherever it resides Secure endpoints to reduce risk Protect everywhere, access anywhere Simplify deployment and ongoing management Enable compliance with information security policy Simplify security, manage compliance Extend confidential communication to partners Built into the Windows platform and Microsoft applications Integrate and extend security

Active Directory Rights Management Services

Persistent Protection + Encryption Policy: Access Permissions Use Right Permissions

Information Author AD RMS Recipient

Automatic Content-Based Privacy: Transport Rule action to apply AD RMS template to message Transport Rules support regex scanning of attachments in Exchange 2010 Do Not Forward policy available out of box Automatic Content-Based Privacy: Transport Rule action to apply AD RMS template to message Transport Rules support regex scanning of attachments in Exchange 2010 Do Not Forward policy available out

SharePoint Server AD RMS

Demo AD Rights Management Services

Access Control Auditing Classification RMS Protection What data do I have? Who should have accessed it? Who has accessed it, and how? How do I protect my sensitive data?

Modify / Create file Determine classification Save classification In-box content classifier 3 rd party classification plugin LocationManualContextualApplication

USER CLAIMS User.Department = Finance User.Clearance = High USER CLAIMS User.Department = Finance User.Clearance = High ACCESS POLICY For access to finance information that has high business impact, a user must be a finance department employee with a high security clearance, and be using a managed device registered with the finance department. ACCESS POLICY For access to finance information that has high business impact, a user must be a finance department employee with a high security clearance, and be using a managed device registered with the finance department. DEVICE CLAIMS Device.Department = Finance Device.Managed = True DEVICE CLAIMS Device.Department = Finance Device.Managed = True FILE PROPERTIES File.Department = Finance File.Impact = High FILE PROPERTIES File.Department = Finance File.Impact = High Components

Workflow Access denied remediation provides a user access to a file when it has been initially denied: 1.The user attempts to read a file. 2.The server returns an “access denied” error message because the user has not been assigned the appropriate claims. 3.On a computer running Windows® 8, Windows retrieves the access information from the File Server Resource Manager on the file server and presents a message with the access remediation options, which may include a link for requesting access. 4.When the user has satisfied the access requirements (e.g. signs an NDA or provides other authentication) the user’s claims are updated and the user can access the file

Today Audit is all or nothing Not contextual information Windows Server 2012 Expression based auditing Audit resource attribute changes Enhanced audit entries to include context required for compliance and operational reporting USER CLAIMS User.Department = Finance User.Clearance = High USER CLAIMS User.Department = Finance User.Clearance = High AUDIT POLICY Audit Success/Fail if (File.Department==Finance) OR (File.Impact=High) AUDIT POLICY Audit Success/Fail if (File.Department==Finance) OR (File.Impact=High) DEVICE CLAIMS Device.Department = Finance Device.Managed = True DEVICE CLAIMS Device.Department = Finance Device.Managed = True FILE PROPERTIES File.Department = Finance File.Impact = High FILE PROPERTIES File.Department = Finance File.Impact = High

Dynamic Access Control allows sensitive information to be automatically protected using AD Rights Management Services 1.A rule is created to automatically apply RMS protection to any file that contains the word “confidential”. 2.A user creates a file with the word “confidential” in the text and saves it. 3.The RMS Dynamic Access Control classification engine, following rules set in the Central Access Policy, discovers the doc with the word “confidential” and initiates RMS protection accordingly. 4.The RMS template and encryption are applied to the document on the file server and it is classified and encrypted

Dynamic Access Control

 File inherits classification tags from parent folder  Manual tagging by owner  Automatic tagging  Tagging by applications  File inherits classification tags from parent folder  Manual tagging by owner  Automatic tagging  Tagging by applications  Central access policies based on classification  Expression-based access conditions for user claims, device claims, and file tags  Access denied remediation  Central access policies based on classification  Expression-based access conditions for user claims, device claims, and file tags  Access denied remediation  Central audit policies can be applied across multiple file servers  Expression-based audits for user claims, device claims, and file tags  Staging audits to simulate policy changes in a real environment  Central audit policies can be applied across multiple file servers  Expression-based audits for user claims, device claims, and file tags  Staging audits to simulate policy changes in a real environment  Automatic Rights Management Services (RMS) protection for Microsoft Office documents  Near real-time protection when a file is tagged  Extensibility for non- Office RMS protectors  Automatic Rights Management Services (RMS) protection for Microsoft Office documents  Near real-time protection when a file is tagged  Extensibility for non- Office RMS protectors Classification Access ControlAuditingRMS Protection

DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver #TESIA206 DOWNLOAD Microsoft System Center 2012 Evaluation microsoft.com/systemcenter Hands-On Labs Talk to our Experts at the TLC

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Evaluations Submit your evals online

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.