Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing the Office 365 Multi-Factor Authentication and RM Online

Similar presentations


Presentation on theme: "Enhancing the Office 365 Multi-Factor Authentication and RM Online"— Presentation transcript:

1 Enhancing the Office 365 Multi-Factor Authentication and RM Online
Microsoft Office365 9/8/2018 Enhancing the Office 365 Multi-Factor Authentication and RM Online October 2013 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Why is Multi-Factor important Securing Cloud resources
Microsoft Office365 9/8/2018 Multi-Factor authentication Why is Multi-Factor important Securing Cloud resources Windows Azure AD Multi-Factor Authentication (WAAD MFA) Rich Client Support with App Password Information Protection and Control using Windows Azure AD Rights Management Agenda © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Windows Azure AD – Multiple-Factor Authentication

4 Why MFA is important Passwords are no longer enough. Customers want a higher level of security than standard authentication of user name and password. Growing need for stronger security measures for identities Cloud services perceived as higher risk, requiring MFA Increase use of mobile access demands stronger seamless security measures Competition is driving expectation for Strong Authentication Compliance drives increasingly rigorous authentication scenarios, and is showing up as sales blocker (e.g. FISMA, NIST) Windows Azure AD is used for multiple online services

5 What is Azure AD MFA? Secure resources accessed by Azure AD, with phone-based Multi-Factor Authentication. Applicable for Cloud Identities and Federated Identities Ease of configuration and low maintenance – no server installation required, end-users configure 2FA.

6 Azure AD MFA for Cloud Identities Securing Cloud resources
Customer 1. Logon with Username / Password Azure AD & Office 365 2. MFA challenge 3. Reply to MFA challenge 1-way or 2-way SMS Phone call Mobile Application

7 Enabling MFA on your tenant
Through Azure portal only

8 First logon experience with MFA

9 User Security Verification Options

10 Further web logon experience

11 Setting up App Password for rich client support

12 App Password maintenance

13 App Password Rich client support with MFA
1. One-time setup: User create App Password (1 per application) through MOP or AAD Customer Azure AD & Office 365 2. Rich client logon with App Password

14 App Password features Admin must:
Create a Windows Azure Authentication Provider Enable Multi-Factor Authentication for the users App Password available to end-users only Not available for Administrative accounts Password is automatically generated 16 characters A limit of 40 passwords per user Passwords never expire Set Expiration feature is schedule for a future release

15 Azure AD MFA offering Free for Administrators Must pay for Users
Purchase as a Multi-Factor Authentication Provider through Windows Azure AD Per-user or Per-authentication licensing models Web application support by default Outlook Web Access (OWA), SharePoint, etc. Must enable Application Passwords for use with rich clients Outlook, Lync, PowerShell, Lync IP phone Application passwords cannot be enabled for administrator accounts Does not support Lync phones Not supported with Office 365 Pre-Upgrade (Wave 14 customers)

16 Windows Azure AD Right Management

17 Information Protection and Control (IPC) Industry trends
Consumerization of IT Users need access, from any device Externalization of IT Applications are on-premises and in the cloud More Data, Stored in More Places Dispersed enterprise data needs protection Social Enterprise Data is shared between people and applications The traditional perimeter is rapidly eroding IT needs continuous data protection that work across ‘classic ‘boundaries’

18 Internal Sharing of Sensitive Data
Organization of all sizes have sensitive data The numbers vary from ~3% to “far more” when customer data contain PII Data is increasing rarely in a state of permanent rest Mobile devices; data sync’d for use at home; SQL/SAP reporting to Excel; etc. RMS is used / reasoned over by users / software RMS protects sensitive data at rest and in motion RMS, and enlightened applications, offer native supports for file protection Outlook and Exchange adds RMS support for Vertical offers are now adding RMS too. SharePoint, DAC, DLP, and now SAP…

19 Right Management deployment options
Use Windows Azure AD Right Management Out-of the box Integrate natively with Exchange online and SharePoint online Integrate Office 365 with existing on-premises AD RMS infrastructure

20 What is Windows Azure AD Right Management
Microsoft Office365 9/8/2018 What is Windows Azure AD Right Management Windows Azure AD Rights Management enables the ability to encrypt and assign usage restrictions to content for organizations that subscribe to Microsoft online services. Rights Management helps protect content created and exchanged using Microsoft Office as well as other applications or services that have been updated to integrate with the Rights Management service. By implementing a cloud-based rights management service, Rights Management provides an alternative for organizations seeking information protection capabilities within Microsoft Office 365. Rights management provides the following: Safeguards sensitive information. Provides persistent protection. Supports closer management of usage rights and conditions. Integrates rights management with Office 365.  Safeguards sensitive information.   Applications and services such as Microsoft Office 2010 and Microsoft Office Professional Plus 2013, Microsoft SharePoint Online and Microsoft Exchange Online are enabled to help safeguard sensitive information. Users and administrators can define who can open, modify, print, forward, or take other actions with the information. Organizations are provided usage policy templates such as "Company Confidential - Read Only" that can be applied directly to the information. Provides persistent protection.   Rights Management persists protection of file data when at rest and in motion. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information. Supports closer management of usage rights and conditions.   Organizations and individuals can assign usage rights and conditions using rights management that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire. Integrates rights management with Office 365.   Rights Management is integrated with SharePoint Online, Exchange Online and other Office 2010 and Office Professional Plus 2013 applications to provide rights management functionality across the Microsoft Office suite. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Right Management deployment options
Microsoft Office365 9/8/2018 Right Management deployment options Windows Azure AD Rights Management information rights management (IRM) features available in Microsoft Office 365 Enterprise E3 and Microsoft Office 365 ProPlus: Office IRM Integration Exchange Online IRM Integration SharePoint Online IRM Integration Office IRM Integration – Rights Management enables Microsoft Office Professional Plus 2013 and Microsoft Office 2010 users to be able to IRM protect content using predefined policies provided by the service within a company. Office applications that include these capabilities are Word, Excel, PowerPoint, Outlook, and InfoPath. Exchange Online IRM Integration – Rights Management enables users of Microsoft Exchange Online to IRM protect and consume messages in Outlook Web Access (OWA) and consume IRM protected messages via Exchange Active Sync for devices that have implemented IRM support including Windows Phone 7. Exchange administrators can enable additional features, such as Outlook protection rules as well as transport rules for protection and decryption, to ensure content is not inadvertently leaked outside of the organizational boundary and edit the content of the message to include disclaimers. SharePoint Online IRM Integration – Rights Management enables Microsoft SharePoint Online administrators to create IRM protected document libraries so that when a user checks-out a document from the IRM document library, IRM is applied to the document and the user has the rights to that document as they were specified for the document library by the administrator. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Office integration w/ Rights Management
Microsoft Office365 9/8/2018 Office integration w/ Rights Management When creating or consuming information rights management (IRM) protected content only the following versions of Microsoft Office are supported For this Office product family… …these restrictions apply for Rights Management use Microsoft Office Professional Plus 2013 Supported for this release. Microsoft Office 2010 To publish rights-protected content requires Office Professional Plus. To consume rights-protected content, Office Standard is required. Microsoft Office 2007 Not supported for this release. Office IRM Integration – Rights Management enables Microsoft Office Professional Plus 2013 and Microsoft Office 2010 users to be able to IRM protect content using predefined policies provided by the service within a company. Office applications that include these capabilities are Word, Excel, PowerPoint, Outlook, and InfoPath. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Configuring RMO for Exchange online
Microsoft Office365 9/8/2018 Configuring RMO for Exchange online Step 1: Use the Office 365 Admin Center to activate Windows Azure Active Directory Rights Management (see next slide) Step 2: Use the Shell to configure the RMS Online key sharing location in Exchange Online Note: Use the RMS key sharing URL corresponding to your location (using Set-IRMConfiguration -RMSOnlineKeySharingLocation ….) Step 3: Use the Shell to import the Trusted Publishing Domain (TPD) from RMS Online Using Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online" Step 4: Use the Shell to enable IRM in Exchange Online Using Set-IRMConfiguration –InternalLicensingEnabled Check RMS capability using OWA Note: this can take some additional hours to propagate Open OWA, Click on New Message and in the “…” menu you should see a “Set Permission” option © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Activating Rights Management

25 RMO with Exchange online capabilities
Microsoft Office365 9/8/2018 RMO with Exchange online capabilities After it’s enabled, IRM protection can be applied to messages as follows: Users can manually apply a template using Outlook and Outlook Web App Users can apply an AD RMS rights policy template to an message by selecting the template from the Set permissions list. When users send an IRM-protected message, any attached files that use a supported format also receive the same IRM protection as the message. IRM protection is applied to files associated with Word, Excel, and PowerPoint, as well as .xps files and attached messages. Administrators can use transport protection rules to apply IRM protection automatically to both Outlook and Outlook Web App  You can create transport protection rules to IRM-protect messages. Configure the transport protection rule action to apply an AD RMS rights policy template to messages that meet the rule condition. After you enable IRM, your organization's AD RMS rights policy templates are available to use with the transport protection rule action called Apply rights protection to the message with. Administrators can create Outlook protection rules Outlook protection rules automatically apply IRM-protection to messages in Outlook 2010 (not Outlook Web App) based on message conditions that include the sender's department, who the message is sent to, and whether recipients are inside or outside your organization. For details, see Create an Outlook Protection Rule. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Configuring RMO for SharePoint online
Microsoft Office365 9/8/2018 Configuring RMO for SharePoint online Need to be a SharePoint online administrator Step 1 go to SharePoint online Admin center / Settings Step 2 Check IRM usage And click on Refresh IRM settings Step 3 IRM-enable SharePoint document libraries and lists Go to the list or library for which you want to configure IRM. On the ribbon, click the Library tab, and then click Library Settings (If you are working in a list, click the List tab, and then click List Settings). Under Permissions and Management, click Information Rights Management. On the Information Rights Management Settings page, select the Restrict permission to documents in this library on download check box to apply restricted permission to documents that are downloaded from this list or library. In the Create a permission policy title box, type a descriptive name for the policy that you can use later to differentiate this policy from other policies (Example Company Confidential) In the Add a permission policy description box, type a description that will appear to people who use this list or library that explains how they should handle the documents in this list or library (Example, Discuss the contents of this document only with other employees) To apply additional restrictions to the documents in this list or library, click Show Options, and select the one you want to apply After you finish selecting the options you want, click OK. SharePoint Online supports encryption of the following file types: PDF The file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint The XML Paper Specification (XPS) format © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 9/8/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Enhancing the Office 365 Multi-Factor Authentication and RM Online"

Similar presentations


Ads by Google