Presentation is loading. Please wait.

Presentation is loading. Please wait.

Everything Windows User Group Meeting, Aug 2016

Published byHartono Rachman Modified over 5 years ago

Similar presentations

Presentation on theme: "Everything Windows User Group Meeting, Aug 2016"— Presentation transcript:

1 Everything Windows User Group Meeting, Aug 2016
EWUG.dk Everything Windows User Group Meeting, Aug 2016

2 Per Larsen Microsoft MVP – Enterprise Mobility
Solution Architect | | m: | f: Co-Organizer - Everything Windows User Group Denmark | Microsoft Partner Technology Solutions Professional (P-TSP) in: | Blog: P

3 Agenda Enterprise Mobility + Security New EMS license E3 / E5
EMS in a security perspective Enterprise Mobility + Security New EMS license E3 / E5 Identity is the foundation for enterprise mobility Access thousands of apps with one identity AzureAD privileged Identity Management (Just in time Admin)

4 Agenda Protect at the front door - Conditional Access
EMS in a security perspective Protect at the front door - Conditional Access Protect at the front door CA MFA and location based access rules CA Device based access rules Intune Mobile Application Management (MAM) Agent Less With Intune

5 Enterprise Mobility + Security
EMS Overview 12/3/2018 Enterprise Mobility + Security Identity and access management Managed mobile productivity Information protection Identity-driven security Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications EMS E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics EMS E3 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 AzureAD Identity Demo

7 Identity is the foundation for enterprise mobility
Build 2012 12/3/2018 IDENTITY – DRIVEN SECURITY Identity is the foundation for enterprise mobility Simple connection SaaS Azure Public cloud Cloud On-premises Other directories Windows Server Active Directory Self-service Single sign-on Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy) Microsoft Azure Active Directory

8 Access thousands of apps with one identity
Windows Server Management Marketing 12/3/2018 Access thousands of apps with one identity Microsoft Azure OTHER DIRECTORIES 2500+ pre-integrated popular SaaS apps and self-service integration via templates Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + custom apps Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 AzureAD privileged Identity Management
Demo

10 Security landscape has changed
IDENTITY – DRIVEN SECURITY Security landscape has changed Identity Devices Apps & Data Shadow IT Cloud apps SaaS Azure Employees Partners Customers Data breach Identity breach On-premises apps Transition to cloud & mobility New attack landscape Current defenses not sufficient

11 Protect at the front door - Conditional Access
Demo

12 Protect at the front door
12/3/2018 5:53 PM IDENTITY – DRIVEN SECURITY Protect at the front door User Conditions Actions Allow access Or Location Device state Enforce MFA per user/per app MFA User/Application Risk Block access Azure AD Identity Protection Azure AD Privileged Identity Management © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Conditional Access MFA and location based access rules
EMS in a security perspective MFA and location based access rules

14 Conditional Access Device based access rules
EMS in a security perspective Device based access rules

15 Intune Mobile Application Management (MAM)
Demo

16 Multi-identity policy
MANAGED MOBILE PRODUCTIVITY Mobile app management Corporate data Personal Multi-identity policy Managed apps Personal apps Managed apps Managed apps attachment Copy Paste Save Paste to person al app Save to personal storage If we take a closer look at our user’s newly enrolled device which is now compliant and ready to go, we can see that she is still able to maintain a personal experience on her device. She has organized her applications the way she wants, with all of her apps available on one screen. She has her managed corporate apps—the Office mobile apps she knows and loves and personal apps that she uses outside of work and may even consider using these personal apps to try to boost her productivity at work. Even though our user has all of her apps at hand on her personal device, IT is able to enjoy unparalleled management of the Office mobile apps, so that with Microsoft Intune, our IT pro has a different perspective on the organization of our user’s personal device. With the new multi-identity management feature, you an enable users to access both their personal and work accounts using the same Office mobile apps while only applying the MAM policies to their work account – providing a seamless experience while employees are on-the-go. For our IT pro, there is still a clear separation of the managed corporate apps and our user’s personal apps. But, this doesn’t affect the user’s access to apps. By applying policy at the app level, our IT pro can support mobile productivity while maintaining user preferences, and still have the ability to protect corporate data and resources with the Intune-managed Office mobile apps. The Intune App Wrapping Tool also allows IT to apply similar policies to your existing line-of-business applications so that these resources are equally protected through the organization’s proprietary apps. You can enable users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune as well. Let’s now take a closer look at how app-level policies can help keep company data and information secure. Our user receives a work through her managed Outlook account with an attached Excel spreadsheet containing information she needs for a report. Our user opens the attachment in her Excel mobile application to find the information she needs. She then wants to copy the info to add to her report. But when she tries to paste it into her personal notepad, it doesn’t work—the personal notepad is not a managed app and our IT pro has applied policies that restrict copy, paste, and cut functions to only apps that are part of the managed app ecosystem (for Intune enrolled devices). So our user opens her Microsoft Word mobile app which is managed by Intune and she is successfully able to paste her information. Now our user wants to save the working copy of her report to her personal OneDrive account so that she can access it from her home computer. Because her personal OneDrive account is not one of the managed applications, she’s unable to save it here. IT has applied policies restricting the ability to save to only apps that are part of the managed app ecosystem. So our user must save her working copy to her managed OneDrive for Business account, which means when she does want to work on this report from another device, this device will have to be an enrolled for management . By using the mobile application management capabilities of Intune, the IT pro can help prevent leakage of important company data and make sure that this information doesn’t get into the wrong hands.  Personal apps Personal apps

17 Intune Mobile Application Management
MAM – Agent less

18 Intune Mobile Application Management
MAM With Intune Standalone Hybrid

19 Three steps to identity-driven security
1. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses 2. Protect your data against user mistakes Gain deep visibility into user, device, and data activity on-premises and in the cloud. 3. Detect attacks before they cause damage Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics. Safeguard your resources at the front door. Our solution calculates risk severity for every user and sign-in attempt, so risk-based conditional access rules can be applied to protect against suspicious logins. Protect your data against users mistakes: Gain deeper visibility into user, device, and data activity on-premises and in the cloud to create more effective, granular-level policies. Classify and label files at creation, track their usage, and change permissions when necessary. Detect attacks before they cause damage: Identify attackers in your organization using innovative behavioral analytics and anomaly detection technologies – all driven by vast amounts of Microsoft threat intelligence and security research data.

20 Questions ??

21 Thank you

Download ppt "Everything Windows User Group Meeting, Aug 2016"

Similar presentations

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Go mobile. Stay in control.

Go mobile. Stay in control.
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services

Deployment Planning Services
Security as A Service Components

Security as A Service Components
O365 & AZURE ADDS Mladen Baranek, Miadria

O365 & AZURE ADDS Mladen Baranek, Miadria
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Microsoft Azure: The only consistent Hybrid Cloud

Microsoft Azure: The only consistent Hybrid Cloud
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services

Deployment Planning Services
SaaS Application Deep Dive

SaaS Application Deep Dive
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Microsoft Virtual Academy

Microsoft Virtual Academy
Manage mobile productivity with Enterprise Mobility + Security (EMS)

Manage mobile productivity with Enterprise Mobility + Security (EMS)

Similar presentations

Ads by Google