Enterprise Mobility+Security Overview
Denunciar
Chris GenazzioSeguir
16 de Feb de 2017•0 recomendaciones•2,454 vistas
Enterprise Mobility+Security Overview
16 de Feb de 2017•0 recomendaciones•2,454 vistas
Descargar para leer sin conexión
Denunciar
Chris GenazzioSeguir
Recomendados
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
Enterprise Mobility Suite-Microsoft IntuneLai Yoong Seng
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
An introduction to Defender for BusinessRobert Crane
Más contenido relacionado
La actualidad más candente
Microsoft 365 business presentationGordon Pong
5 modern desktop - windows autopilotAndrew Bettany
Microsoft 365 Security OverviewRobert Crane
Office 365 Presentation - Renato Civili, Infosoft SystemsInfosoft Systems
Pitching Microsoft 365Robert Crane
Microsoft Azure Active DirectoryDavid J Rosenthal
Destacado
Enterprise Mobility + Security : tour d'horizonMaxime Rastello
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
EMS Diagram Click Through WebEric Inch
Data-Centric Protection: The Future of BYOD SecurityBitglass
Azure Active Directory : on fait le pointMaxime Rastello
Community day the power of certificationPeter De Tender
Similar a Enterprise Mobility+Security Overview
Gestión de identidadPlain Concepts
Microsoft Intune y Gestión de Identidad Corporativa Plain Concepts
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanDavid J Rosenthal
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
Microsoft Cloud Application Security Overview Syed Sabhi Haider
Get ahead of cybersecurity with MS Enterprise Mobility + Security Kjetil Lund-Paulsen
Enterprise Mobility+Security Overview
- 1. Go mobile. Stay in control. Chris Genazzio Director of Business Development Enterprise Mobility + Security
- 2. Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT Budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
- 3. Is it possible to keep up? Employees Business partners Customers Is it possible to stay secure? Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
- 4. Is it possible to keep up? Employees Business partners Customers The Microsoft vision Secure and protect against new threats Maximum productivity experience Comprehensive and integrated Apps Devices Data Users
- 5. User freedomSecure against new threats Do more with less Customers need Identity – driven security Productivity without compromise Comprehensive solutions Microsoft solution ENTERPRISE MOBILITY + SECURITY Identity-driven security Comprehensive solution Managed mobile productivity
- 6. Identity-driven security Comprehensive solution Managed mobile productivity ENTERPRISE MOBILITY + SECURITY
- 8. Identity is the foundation for enterprise mobility IDENTITY – DRIVEN SECURITY Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaS Azure Public cloud CloudMicrosoft Azure Active Directory
- 9. 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps with multifactor authentication. Manage access at scale Manage identities and access at scale in the cloud and on-premises Enable business without borders Stay productive with universal access to every app and collaboration capability and self service capabilities to save money Identity at the core of your business IDENTITY – DRIVEN SECURITY
- 10. Shadow IT Data breach IDENTITY – DRIVEN SECURITY Employees Partners Customers Cloud apps Identity Devices Apps & Data Transition to cloud & mobility New attack landscape Current defenses not sufficient Identity breach On-premises apps SaaS Azure
- 11. IntelligentInnovativeHolistic Identity-driven Addresses security challenges across users (identities), devices, data, apps, and platforms―on-premises and in the cloud Offers one protected common identity for secure access to all corporate resources, on- premises and in the cloud, with risk-based conditional access Protects your data from new and changing cybersecurity attacks Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a vast amount of datasets and machine learning in the cloud. IDENTITY – DRIVEN SECURITY
- 12. IDENTITY – DRIVEN SECURITY 1. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses 2. Protect your data against user mistakes Gain deep visibility into user, device, and data activity on- premises and in the cloud. 3. Detect attacks before they cause damage Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
- 13. Conditions Allow access Or Block access Actions Enforce MFA per user/per app Location Device state User/Application MFA Risk User IDENTITY – DRIVEN SECURITY
- 14. IDENTITY – DRIVEN SECURITY Azure Information Protection Classify & Label Protect How do I control data on-premises and in the cloud Monitor and Respond Microsoft Intune How do I prevent data leakage from my mobile apps? LOB app protection DLP for Office 365 mobile apps Optional device management Cloud App Security Risk scoring Shadow IT Discovery Policies for data control How do I gain visibility and control of my cloud apps?
- 15. IDENTITY – DRIVEN SECURITY Microsoft Advanced Threat Analytics (ATA) Behavioral Analytics Detection of known malicious attacks Detection of known security issues On-premises detection Cloud App Security Behavioral analytics Detection in the cloud Anomaly detection Azure Active Directory Premium Security reporting and monitoring (access & usage)
- 16. Enterprise Mobility +Security IDENTITY - DRIVEN SECURITY Microsoft Intune Azure Information Protection Protect your users, devices, and apps Detect threats early with visibility and threat analytics Protect your data, everywhere Extend enterprise-grade security to your cloud and SaaS apps Manage identity with hybrid integration to protect application access from identity attacks Microsoft Advanced Threat Analytics Microsoft Cloud App Security Azure Active Directory Premium
- 18. Identity-driven security Comprehensive solution Managed mobile productivity ENTERPRISE MOBILITY + SECURITY
- 20. Manage and secure devices Office mobile apps Data-level protection User self-service MANAGED MOBILE PRODUCTIVITY
- 21. MANAGED MOBILE PRODUCTIVITY • Conditional access • Device settings & Compliance enforcement • Multi-identity support Access management • Mobile app management (w & w/o a device enrollment) • File level classification, labeling, and encryption Built-in security • Office mobile apps • Familiar and trusted Gold standard
- 22. MANAGED MOBILE PRODUCTIVITY Managed apps Personal apps Personal apps Managed apps Corporate data Personal data Multi-identity policy Personal apps Managed apps Copy Paste Save Save to personal storage Paste to personal app Email attachment
- 23. Empower users to make right decisions Enable safe sharing internally and externally Maintain visibility and control MANAGED MOBILE PRODUCTIVITY Protect your data at all times
- 24. MANAGED MOBILE PRODUCTIVITY STRICTLY CONFIDENTIAL CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin sets policies, templates, and rules FINANCE CONFIDENTIAL Add persistent labels defining sensitivity to filesClassify data according to policies – automatically or by user
- 25. Manage your account, apps and groups Company branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps MANAGED MOBILE PRODUCTIVITY Self-service password reset Application access requests Integrated Office 365 app launching
- 26. Managed mobile productivity Secure access to company data with maximum productivity
- 27. Identity-driven security Comprehensive solution Managed mobile productivity ENTERPRISE MOBILITY + SECURITY
- 28. Comprehensive solution Global IT Budget growth 2016 0.6%
- 29. COMPREHENSIVE SOLUTION Integrates with what you have Simple to set up Easy to maintain Saves you money
- 30. COMPREHENSIVE SOLUTION Employees Business partners Customers Secure and protect against new threats Maximum productivity experience Comprehensive and integrated Apps DevicesDataUsers
- 31. Always up to date • Real-time updates • Keep up with new apps and devices Works with what you have • Support multiple platforms • Use existing investments Simple to set up and connect • Easy, secure connections • Simplified management COMPREHENSIVE SOLUTION
- 32. Simple set up with FastTrack FastTrack will: Retain control of sensitive documents locally and over email Automatically protect mail containing privileged information Ensure files stored in SharePoint are rights protected Envision Azure Rights Management FastTrack will: Setup and deploy mobile app management policies to help prevent Office 365 data leakage Setup and deploy device security policies like pin or device encryption Integrate on-premises System Center Configuration Manager with Intune Enable conditional access and compliance policies to control access to data FastTrack will: Get organizational identities to the cloud Set up single sign-on for test apps (including Azure Active Directory Application Proxy apps) Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site Azure Active Directory Premium Microsoft Intune Onboard Drive Value FastTrack is included with EMS to accelerate your deployments COMPREHENSIVE SOLUTION
- 33. Comprehensive solution Stay secure and maximize your budget COMPREHENSIVE SOLUTION
- 34. ENTERPRISE MOBILITY + SECURITY Holistic, intelligent, innovative security to keep up with new threats. Identity-driven security Secure your enterprise fast – while keeping what you have and saving money. Comprehensive solution Encourage secure work habits by providing the best apps with built-in security. Managed mobile productivity
- 35. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5
- 36. IntelligenceCollaborationTrust Mobility Empower your employees by creating a secure productive enterprise
- 37. Office 365 Enterprise Mobility + Security Windows 10 Enterprise Delivered through enterprise cloud services
- 38. Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Azure AD for O365+ • Advanced security reports • Single sign-on for all apps • Advanced MFA • Self-service group management & password reset & write back to on-premises, • Dynamic Groups, Group based licensing assignment MDM for O365+ • PC management • Mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps) • Secure content viewers • Certificate provisioning • System Center integration RMS for O365+ • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Advanced Security Management • Insights into suspicious activity in Office 365 Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Azure AD Premium P2 • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
- 39. Windows 10 Enterprise Mobility +Security • Single sign-on for business cloud apps • Device setup and registration for Windows devices • Windows Store for Business • Traditional domain join manageability • Manageability via MDM and MAM • Encryption for data at rest and generated on device • Encryption for data included in roaming settings • Conditional access policies for secure single sign-on • MDM auto-enrollment • Self-Service Bitlocker recovery • Password reset with write back to on-premises • Cloud-based advanced security reports and monitoring • Enterprise State-Roaming • Mobile device management • Mobile app management • Secure content viewer • Certificate, Wi-Fi, VPN, email profile provisioning • Agent-based management of Windows devices (domain- joined via ConfigMgr and internet-based via Intune) • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for content stored in Office and Office 365 & Windows Server on premises Windows Defender Advanced Threat Protection • Identify advanced threats focused on Windows 10 behavioral sensors Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Behavioral analytics for advanced threat detection Azure AD Premium • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
Notas del editor
- 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 Data Breach Report) 70% of the 10 most commonly used devices have serious vulnerabilities (HP 2014) More than 80% of employees admit using non-approved SaaS apps for work purposes (Stratecast, December 2013) 33% of user breaches come from user error (VansonBourne February 2014) 88% organizations who are no longer confident in their ability to detect and prevent threats to their sensitive files and emails 0.6% http://www.gartner.com/newsroom/id/3186517
- IT cannot afford to live in the past. Successful businesses of today (and tomorrow) realize the power of mobility to support employee productivity and collaboration. You need to prepare to mitigate the risks of providing freedom and space to your employees. You need to meet compliance and regulatory standards, maintain company security policies and requirements, and detect threats — all the while giving workers a better and more productive experience, so that they’re motivated to follow protocol. You need an enterprise mobility partner that can help you achieve all of this, so that everyone is a winner, and your business stays out of the headlines. Microsoft’s vision includes management and protection across four key layers: users, device, app, and data – for both your employees, business partners, and customers. Our strategy is to ensure management across these layers while ensuring your employees, business partners, and customers by providing access to everything they need from everything; protecting corporate data across email and collaboration apps all while integrating these new capabilities with what customers already have like Active Directory and System Center.
- Mobility tools are often point solutions that address specific security needs, but even multiple point solutions are still disconnected from one another, leaving cracks. Microsoft believes you should have an integrated mobility solution that provides security across multiple layers. You should have a comprehensive set of tolls that use identity as a control plane, provide the visibility and insights required to quickly pinpoint and resolve issues or threats, and simplify mobile device and application management. Identity-driven security. Microsoft simplifies identity management by creating a single set of credentials for each worker, making it easier for IT to apply identity-based security measures, including conditional access policies and multi-factor authentication. Identity based security reporting, auditing, and alerting offer greater visibility so you can spot potential issues. 200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Managed mobile productivity. Encourage your workers to use secure applications for work — even on personal devices — by providing the Office tools they know and love. Management capabilities built into Office make it easier for IT to protect company information. Conditional access policies restrict actions such as copy, paste, edit, and save —ensuring that workers only access corporate files through approved, managed apps and not personal workarounds where information can be corrupted or leaked. Nobody manages Office better than Microsoft. Sharing is a mainstay of collaboration for the mobile workforce, but poses a serious challenge to security. Microsoft gives you another integrated approach to information protection with a layer of security at the file level. Encryption, rights management, and authorization policies can be applied to any file type and remain with the data, wherever it goes and even in motion. Only authorized users can access protected files, and only on the sender’s terms. Comprehensive Solution: Meet new business challenges with the flexibility of a cloud-first mobility solution. Microsoft cloud services are designed to work seamlessly with your on-premises infrastructure and existing investments. Stay ahead of your BYOD workers with rapid release cycles to support the latest devices and apps. Scale quickly to onboard new hires, devices, apps, and more. It’s fast, it’s cost-effective, and it’s always up-to-date. Manage across multiple OS types (iOS, Android, Windows) and thousands of cloud apps.
- Identity-driven security. Identity is the new control plane for security and management in the mobile-first, cloud-first world. Microsoft simplifies identity management by creating a single set of credentials for each worker, making it easier for IT to apply identity-based security measures, including conditional access policies and multi-factor authentication. Identity based security reporting, auditing, and alerting offer greater visibility so you can spot potential issues.
- 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 Data Breach Report) 200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.
- Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy)
- Safeguard your resources at the front door. Our solution calculates risk severity for every user and sign-in attempt, so risk-based conditional access rules can be applied to protect against suspicious logins. Protect your data against users mistakes: Gain deeper visibility into user, device, and data activity on-premises and in the cloud to create more effective, granular-level policies. Classify and label files at creation, track their usage, and change permissions when necessary. Detect attacks before they cause damage: Identify attackers in your organization using innovative behavioral analytics and anomaly detection technologies – all driven by vast amounts of Microsoft threat intelligence and security research data.
- Microsoft’s enterprise & security solutions provide a holistic framework to protect your corporate assets across, on prem, cloud and mobile devices Advanced Threat Analytics helps IT detect threats early and provide forensic investigation to keep cybercriminals out Azure Active Directory Premium security reports help identify risky log ins. That paired with Azure Active Directory Identity Protection gives IT the ability to automatically block access to apps based on real time risk scoring of identities and log ins. Microsoft Cloud App Security provides deep visibility and control of data inside cloud applications Microsoft Intune manages and secures corporate data on mobile devices and collaborated within corporate apps. Azure Information Protection helps keep data secure and encrypted throughout a customers environment and extends security when data is shared outside the organization.
- Enterprise Mobility Suite (EMS) helps to provide employees with secure and seamless access to corporate email and documents as well as familiar email and productivity experiences with Office mobile apps such, as Outlook, Word, Excel, and PowerPoint. EMS helps protect corporate data on the device itself and beyond with four layers of protection—all without affecting the personal data on the device. IT can even manage these apps without requiring the device to be enrolled for management.
- Unsecured apps pose a serious risk for IT. EMS can ensure that you provide your end users great apps that are secure and manageable. More than 80% of employees admit to using non-approved software as a service (SaaS) applications in their jobs. http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
- Protect your Office Mobile apps without compromising your Office experience: EMS is the only solution built with and for Microsoft Office. This means that email and other Office files can be secured without compromising the Office experience – the gold standard of productivity. Enable easy access to resources: Sign in once for secure access to all corporate resources, on-premises and in the cloud, from any device. This includes pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps. Enable users to protect and control data: Employees can encrypt virtually any type of file, set granular permissions, and track usage. With Office files, encryption can be applied with just one click. The encryption stays with the file where it goes, enabling more secure file sharing, internally and externally. Empower users with self-service capabilities: Users can update passwords and join and manage groups via a single portal to help save your IT helpdesk time and money. This applies across all iOS, Android, and Windows devices in your mobile ecosystem.
- If we take a closer look at our user’s newly enrolled device which is now compliant and ready to go, we can see that she is still able to maintain a personal experience on her device. She has organized her applications the way she wants, with all of her apps available on one screen. She has her managed corporate apps—the Office mobile apps she knows and loves and personal apps that she uses outside of work and may even consider using these personal apps to try to boost her productivity at work. Even though our user has all of her apps at hand on her personal device, IT is able to enjoy unparalleled management of the Office mobile apps, so that with Microsoft Intune, our IT pro has a different perspective on the organization of our user’s personal device. With the new multi-identity management feature, you an enable users to access both their personal and work accounts using the same Office mobile apps while only applying the MAM policies to their work account – providing a seamless experience while employees are on-the-go. For our IT pro, there is still a clear separation of the managed corporate apps and our user’s personal apps. But, this doesn’t affect the user’s access to apps. By applying policy at the app level, our IT pro can support mobile productivity while maintaining user preferences, and still have the ability to protect corporate data and resources with the Intune-managed Office mobile apps. The Intune App Wrapping Tool also allows IT to apply similar policies to your existing line-of-business applications so that these resources are equally protected through the organization’s proprietary apps. You can enable users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune as well. Let’s now take a closer look at how app-level policies can help keep company data and information secure. Our user receives a work email through her managed Outlook account with an attached Excel spreadsheet containing information she needs for a report. Our user opens the attachment in her Excel mobile application to find the information she needs. She then wants to copy the info to add to her report. But when she tries to paste it into her personal notepad, it doesn’t work—the personal notepad is not a managed app and our IT pro has applied policies that restrict copy, paste, and cut functions to only apps that are part of the managed app ecosystem (for Intune enrolled devices). So our user opens her Microsoft Word mobile app which is managed by Intune and she is successfully able to paste her information. Now our user wants to save the working copy of her report to her personal OneDrive account so that she can access it from her home computer. Because her personal OneDrive account is not one of the managed applications, she’s unable to save it here. IT has applied policies restricting the ability to save to only apps that are part of the managed app ecosystem. So our user must save her working copy to her managed OneDrive for Business account, which means when she does want to work on this report from another device, this device will have to be an enrolled for management . By using the mobile application management capabilities of Intune, the IT pro can help prevent leakage of important company data and make sure that this information doesn’t get into the wrong hands.
- With Microsoft Azure Information Protection, you can: Provide persistent protection Data itself carries the protection. This ensures data is always protected – regardless of where its stored or with whom its shared Enable safe sharing Access to shared data is identity driven. This enables safe sharing with internal employees as well as customers and partners. Empower users Deep integration with Office 365 enables users to apply protection easily without interrupting your employees normal course of work. In product notifications empower users to make right decisions and tools such as document tracking help them gain visibility into use of shared data Maintain control Different key management and deployment options are available to fit your requirements. IT can use powerful logging and reporting to monitor, analyze and reason over data. Classify your data based on sensitivity Policies classify and label data at time of creation or modification based on source, context, and content. Classification can be fully automatic, driven by users, or based on recommendation. Protect your data at all times Embed classification and protection information for persistent protection that follows your data—ensuring it remains protected regardless of where it’s stored or who it’s shared with. Add visibility and control Users can track activities on shared files and revoke access if they encounter unexpected activities. Your IT team can use powerful logging and reporting to monitor, analyze, and reason over data.
- 0.6% http://www.gartner.com/newsroom/id/3186517 IT is continually being asked to do “more with less”. As business embraces a mobile first cloud first world IT budgets aren’t increasing. Finding a vendor that offers a comprehensive, cost effective, integrated solution is key to maximizing limited budgets.
- Microsoft’s vision for Enterprise Mobility expands the boundaries of current thinking. Managing devices with MDM or Identities with IAM is not enough. Microsoft EMS protects holistically across users, devices, apps, and data with a comprehensive solution that no other vendor provides.
- Our unique approach
- Our unique approach