Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Windows 10 with Intune, Azure AD and Configuration Manager

Published byChad Sharp Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Windows 10 with Intune, Azure AD and Configuration Manager"— Presentation transcript:

1 Secure Windows 10 with Intune, Azure AD and Configuration Manager
5/27/2018 3:09 AM BRK2079 Secure Windows 10 with Intune, Azure AD and Configuration Manager Dune Desormeaux Program Manager II @DuneConfigured Chris Green Principal Program Manager @ChrisGTech © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 - James Comey, former director of the FBI
“There are two kinds of companies: Those who’ve been hacked, and those who don’t know they’ve been hacked.” - James Comey, former director of the FBI Mischief Script kiddies Unsophisticated Fraud and theft Organized crime More sophisticated Damage and disruption Nations, terror groups, supervillains Very sophisticated and well resourced Microsoft Confidential

3 How do we fight back? Intune ConfigMgr Windows Security Platform
5/27/2018 3:09 AM How do we fight back? Intune ConfigMgr Windows Security Platform Conditional Access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Windows Security Platform
5/27/2018 3:09 AM Windows Security Platform Dune Desormeaux © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Security is built into Windows 10, not bolted on
Protection built deep into Windows and in the cloud provides best in class performance and eliminates 3rd party agents and complex infrastructure Prevent Encounters Detect even the most advanced threats Investigate and respond Control Execution Isolate Threats DETECTION RESPONSE PROTECTION Eliminates app compatibility issues due to 3rd party solutions Fully managed enabling customers to Just turn it on through Intune or ConfigMgr In box, doesn’t require any agent deployment Integral, providing deep platform integration without sacrificing perf & reliability

6 Protection Stack Management: Today
?

7 Protection Stack Management: “Tomorrow”
5/27/2018 Protection Stack Management: “Tomorrow” Policy Authoring Deployment and Targeting Compliance Monitoring Intune and Configuration Manager Traditional or Modern approach, each has one management interface Integrated monitoring provides visibility into policy deployment progress, issues at scale Configuration is simple and intuitive Easy transition from Traditional to Modern management for security © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

8 Management for the entire Windows Security Platform
5/27/2018 Management for the entire Windows Security Platform Windows Defender Antivirus Windows Defender Application Control Windows Defender Application Guard Windows Defender Credential Guard Windows Defender Exploit Guard Windows Defender Firewall Windows Defender Security Center Windows Defender SmartScreen If you want to go fast with Windows, you have to go fast with ConfigMgr © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

9 Advanced Threat Protection
Windows Defender Advanced Threat Protection Detect advanced attacks and remediate breaches Built in to Windows 10 No additional deployment & infrastructure. Continuously up-to-date, lower costs. Behavior-based, cloud-powered breach detection Actionable, correlated alerts for known and unknown adversaries. Real-time and historical data. Rich timeline for investigation Easily understand scope of breach. Data pivoting across endpoints. Deep file and URL analysis. Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles 1st and 3rd party threat intelligence data. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

10 Windows Defender Application Control
5/27/2018 3:09 AM Windows Defender Application Control Device Guard Configurable code integrity Hypervisor-protected code integrity (HVCI) Windows Defender Application Control © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Windows Defender Application Control
5/27/2018 3:09 AM Windows Defender Application Control Windows Defender Application Control = “Device Guard” Hypervisor-protected code integrity (HVCI) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Windows Defender Application Control
5/27/2018 3:09 AM Windows Defender Application Control Strongly control what is allowed to run on endpoints Windows components and Store apps just work Automatically trust ConfigMgr deployments And in the Fall Creators Update… Automatically trust apps with good reputation © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Windows Defender Application Control in Intune
5/27/2018 3:09 AM Windows Defender Application Control in Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Windows Defender Application Guard
5/27/2018 3:09 AM Windows Defender Application Guard Mon, 9 November 2015, 13:20 RE: Mission In Central African Republic John Smith John Smith Dear Sir! Please be advised that The Spanish Army personnel and a large number of Spanish Guardia Civil officers currently deployed in the Central African Republic (CAR) as part of the European EUFOR RCA mission will return to Spain in early March as the mission draws to a close. Visit for additional info. Best regards, Capt. John Smith, Defence Adviser, Public Diplomacy Division NATO, Brussels Isolate Microsoft Edge when insecure sites are accessed vs. ie. Application guard ie. Credential Guard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Windows Defender Application Guard
5/27/2018 3:09 AM Windows Defender Application Guard Normal looking website © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Windows Defender Application Guard in ConfigMgr
5/27/2018 3:09 AM Windows Defender Application Guard in ConfigMgr © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Windows Defender Exploit Guard
5/27/2018 3:09 AM Windows Defender Exploit Guard Attack Surface Reduction Controlled folder access Exploit protection Network protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Windows Defender Exploit Guard in Intune
5/27/2018 3:09 AM Windows Defender Exploit Guard in Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Windows Defender Firewall
5/27/2018 3:09 AM Windows Defender Firewall Configure global and profile specific Firewall settings in Intune Rich management across the newly exposed management interfaces in the Fall Creators Update © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Windows Defender Firewall in Intune
5/27/2018 3:09 AM Windows Defender Firewall in Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 5/27/2018 Integrated Security Configuration Management In the cloud Or Using Existing Infrastructure Available through Microsoft Intune and System Center ConfigMgr, eliminates the need to deploy, manage & secure additional infrastructure A single configuration management experience to author policies, track deployment & state Rich endpoint detection and response capabilities and analytics with Windows Defender ATP © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

22 Conditional Access with Azure Active Directory
5/27/2018 3:09 AM Conditional Access with Azure Active Directory Chris Green © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Conditional Access Policy Conditions Policy Controls Applications
5/27/2018 3:09 AM Conditional Access Policy Conditions Policy Controls Applications OS Platform Is Compliant / Domain joined Is lost or stolen Device Risk Device User identity Group membership Session Risk User Mobile or Cloud app Per app policy App Location IP range Country / Region Prevent data leak Disable print Restrict download Enforce MFA Block sign-in Allow sign-in Access Control Session Restrictions Microsoft Cloud 3rd Party SaaS Apps On Premises Apps Microsoft Azure Azure AD Identity Protection Service Windows Defender © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Managed by ConfigMgr and Intune Windows 10 personal and other devices
5/27/2018 3:09 AM Azure AD Azure AD Azure AD Windows 10 work devices AD Domain Joined Hybrid Azure AD Joined Azure AD Joined Managed by ConfigMgr Managed by ConfigMgr and Intune (co-management) Managed by Intune AD Azure Windows 10 personal and other devices Conditional Access Azure AD Registered Managed by Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Co-management with Configuration Manager and Intune
5/27/2018 3:09 AM Co-management with Configuration Manager and Intune AD + ConfigrMgr Software Distribution Patching Conditional Access EMS (Intune & Azure AD) On-premises Cloud Traditional Management Modern Management © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 5/27/2018 3:09 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Demo: Conditional Access with Windows
5/27/2018 3:09 AM Demo: Conditional Access with Windows Chris Green © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Conditional access from Intune managed devices
5/27/2018 3:09 AM Conditional access from Intune managed devices SharePoint Online 7 Client signs in; Azure AD performs a redirect to Intune Client is directed to join the device to Azure AD or to add a work or school account Device begins enrollment Device enrolls in Intune and is registered in AAD Device management and compliance status is set in AAD AAD issues direct access token Client accesses service with direct access token Data is delivered to client 8 Company Portal Step 1: Enroll device 2 6 Intune Azure Active Directory 1 3 Device object device id isManaged MDMStatus Unified Enrollment 5 4 Microsoft Cloud © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 VPN and Azure AD conditional access
5/27/2018 3:09 AM VPN and Azure AD conditional access 1 Auth to AAD Cert issued Cert used to auth to VPN Server VPN auth to RADIUS Server 2 3 Internet Intranet 4 VPN Server 5 RADIUS Server © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 5/27/2018 3:09 AM Conclusion © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 FastTrack for Microsoft 365
5/27/2018 3:09 AM FastTrack.microsoft.com FastTrack for Microsoft 365 Move to the cloud with confidence Faster Deployment Migrate , content, and light up Microsoft 365 services Deploy and securely manage devices Enable your business and gain end-user adoption Delivered by Microsoft engineers as part of your subscription Tight integration with qualified partners for additional services Maximized ROI Higher Adoption © Microsoft Corporation. All rights reserved.

32 Ignite 2017 Intune/ConfigMgr sessions
5/27/2018 3:09 AM *Locations are subject to change. Please check Ignite Scheduling Tool prior to session time Ignite 2017 Intune/ConfigMgr sessions Code Day Time Title BRK3057 Tuesday 9:00 AM - 10:15 AM Overview: Modern Windows 10 and Office ProPlus management with EMS BRK3075 10:45 AM - 12:00 PM Modernize deployment and servicing of Windows 10 and Office ProPlus with EMS BRK2015 Wednesday Mobile device and app management overview with Microsoft Intune BRK3009 4:00 PM - 5:15 PM System Center Configuration Manager overview and roadmap BRK3011 Thursday Manage and secure Android, iOS and MacOS devices and apps with Microsoft Intune BRK3076 Transition to cloud-based management of Windows 10 and Office ProPlus with EMS BRK3012 Secure access to Office365, SaaS and on-prem apps with Microsoft EMS BRK2079 12:30 PM - 1:45 PM Secure Windows 10 with Intune, Azure AD and System Center Configuration Manager BRK3119 2:15 PM - 3:30 PM Learn how to use Intune with the new admin console and Microsoft Graph API BRK3059 Friday 10:15 AM - 11:00 AM Manage and protect Office 365 mobile apps with Microsoft Intune BRK3010 Conduct a successful pilot deployment of Microsoft Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Please evaluate this session
Tech Ready 15 5/27/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 5/27/2018 3:09 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Secure Windows 10 with Intune, Azure AD and Configuration Manager"

Similar presentations

The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Manage and protect Office 365 mobile apps with Microsoft Intune

Manage and protect Office 365 mobile apps with Microsoft Intune
Creating Enterprise Grade BI Models with Azure Analysis Services

Creating Enterprise Grade BI Models with Azure Analysis Services
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Deployment Planning Services

Deployment Planning Services
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
SaaS Application Deep Dive

SaaS Application Deep Dive
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
Firstline Workforce and Office 365: Microsoft StaffHub

Firstline Workforce and Office 365: Microsoft StaffHub
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Similar presentations

Ads by Google