Presentation is loading. Please wait.

Presentation is loading. Please wait.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Similar presentations


Presentation on theme: "Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors."— Presentation transcript:

1

2

3 Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors and even suppliers getting targeted Software solutionsHardware rooted trust the only way Secure the perimeterAssume breach. Protect at all levels Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate? FamiliarModern Company owned and tightly managed devicesBring your own device, varied management

4 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

5 http://www.uefi.org/specs/

6 Firmware boot loaders OEM UEFI applications Windows boot manager Power On Windows OS boot Windows update OS boot Boot to flashing mode SoC Vendor OEM MSFT

7

8

9 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

10 Least Privilege Chamber (LPC) Trusted Computing Base (TCB) Dynamic Permissions (LPC) Fixed Permissions Chamber Central repository of rules 3-tuple {Principal, Right, Resource} Chamber boundary is security boundary Chambers defined using policy rules Expressed in application manifest Disclosed in Windows Store Defines app’s security boundary on device

11

12 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

13

14

15

16 IDP Active Directory Azure Active Directory Microsoft Account Other IDP’s 1 Create Account or proves identity Create and trust unique key Authentication by validating this signed request 2 3 Resource 4 Authentication token Trusts tokens from IDP User Unlock Windows identity container w/ PIN or Hello Token binding Access Token Relying Party

17

18

19

20

21

22 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

23

24

25 IDP Active Directory Azure Active Directory Microsoft Account Other IDP’s 1 Create Account or proves identity Create and trust unique key 2 MDM 4 Authentication token User Unlock Windows identity container w/ PIN or Hello MDM enrollment EDP Policies Key Management Enterprise allowed apps Network / Storage App data flow management Block or Allow/Audit controls Selective wipe on un-enroll

26 Personal Apps & Data (Unmanaged) Business Apps & Data (Managed) Data exchange is controlled

27 UPDATE ARTWORK Cortana assets from Shane Early Designs Not Final UI

28 Office Early Designs Not Final UI

29 UPDATE ARTWORK Cortana assets from Shane Pasting content from a Fabrikam file to a personal file is discouraged, and if you choose “paste anyway” your action and the content will be logged for IT review. Early Designs Not Final UI

30 One consistent set of MDM capabilities across Mobile, Desktop, and IoT Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration Extended set of policies Context based policies Client certificates – Direct install (PFX) Enterprise Wi-Fi profiles VPN profiles Email provisioning MDM Push when user not logged in Kiosk Mode, Start screen configuration and control Curated Windows Store Volume Purchase Program and app distribution License reclaim/re-use Enterprise App management LOB app management App inventory (MDM/Store) App allow/deny list Enterprise data protection Remote Lock, PIN reset, Ring, Find Full device wipe Un-enrollment with alerts Removal of configuration & EDP protected data ENROLLMENT INVENTORY APPLICATION MANAGEMENT DEVICE CONFIGURATION AND SECURITY REMOTE ASSISTANCE UNENROLLMENT Enhanced inventory for compliance decisions

31 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

32

33

34

35 Online with Mobile Device Management

36

37 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

38

39 Microsoft Cloud Enterprise Mobility Suite + Office 365 + Azure AD Simplified and Interated Flexible options Reduced complexity Windows Security Solid identitiesData protection Secured devicesApplication controls Enabled By

40

41

42


Download ppt "Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors."

Similar presentations


Ads by Google