Microsoft offers secure productivity solutions through its Secure Productive Enterprise (SPE) plan. SPE provides common identity, mobility management, and data protection across devices, apps, and cloud services. It includes Microsoft Azure Active Directory for identity and access management, Microsoft Intune for mobile device and application management, and Microsoft Azure Rights Management for information protection. These solutions help secure access and protect sensitive data as employees are increasingly mobile and productive outside the traditional office environment.

1. Productivity With Mobility + Security
By
Bipeen Sinha

2. Bipeen Sinha
Cloud Architect & Consultant
Bipeen.Sinha@Hotmail.com

3. Enterprise Security & Productivity Overview

4. All our people…
…get the tools, expertise
and information they need…
…to do their
jobs well…
…anytime and
anywhere
Today Enterprise Vision
With all corporate
security and
compliance

5. legacy
data
security
secure the
infrastructure
But Actual Practice Legacy Security

6. So How to implement secure productivities in current
reality

7. Shadow
IT
Data breach
Employees
Partners
Customers
Cloud apps
Identity Devices Apps & Data
Transition to
cloud & mobility
New attack
landscape
Current defenses
not sufficient
Identity breach On-premises apps
SaaS
Azure
Because Security landscape has changed…..
security must evolve to protect
data outside the firewall
sensitive
data on
unmanaged
devices
ungoverned
access to
corporate
data in the
cloud

8. Microsoft has answer to all productivities and security
concern

9. Microsoft New Licensing- SPE E5

10. Enterprise Secure Mobility Solutions Offering
Common
Identity
Microsoft
Mobility
Solution
ISV/Custom
Apps
Cloud Services
Independent
Cloud App
Vendors
Specific product/service connections and data sync
Datacenter

11. MANAGEMENT | ACCESS | PROTECTION
DATAAPPSDEVICESUSERS
SPE – Empowering People centric IT

12. Secure Productive Enterprise – SPE Plan

13. Secure Productive Enterprise – SPE Products

14. Productivities Suites

15. Office and Collaboration Productivities Suites Bundle in SPE

16.  Exchange Online (EXO)
 Exchange Online Archiving (EOA)
 Skype for Business (Skype)
 Skype Meeting Broadcast
 Exchange Online Protection (EOP)
 Data Loss Prevention (DLP)
 O365 Message Encryption (OME)
 eDiscovery
 RMS for Office 365 (RMS)
 MFA for Office 365 (MFA)
 MDM for Office 365 (MDM)
 Advance Threat Protection (ATP)
 Office 365 Groups
 SharePoint Online (SPO)
 OneDrive for Business (OneDrive)
 Yammer
 Office 365 Videos
 Microsoft Team
 Office 365 ProPlus (Office)
 Office 2016 for Mac
 Office on Mobiles
 Office Online
CollaborateAuthor
ProtectCommunicate
O365 What’s included?
 Power-BI
 Delve
Analytics

17. Enterprise Mobility Suites
Lets Talk on Security in detail

18. Security overview
Microsoft
Intune
Azure Information
Protection
Protect your users,
devices, and apps
Detect threats early
with visibility and
threat analytics
Protect your data,
everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium

19. Microsoft Azure AD Premium
Pre-integrated for Single Sign On (SSO) to over 2,500+ popular SaaS apps
Easily add custom cloud-based apps.
Connect to your on-premises Windows Server Active Directory
SaaS apps
many apps, one
identity repository
manage identities
and access to cloud
apps
monitor and protect
access to enterprise
apps
enable users
Comprehensive identity and access management console
Centralized management for assigning access to applications with groups
Secure business processes with advanced access management capabilities
Security reporting to track inconsistent access patterns
Included Multi-Factor authentication capabilities
Advanced machine-learning-based reporting
Consistent experience for SSO – the access panel
Tenant branded access panel
Self service password reset

20.  Risk based Conditional Access
automatically protects against
suspicious logins and
compromised credentials
 Detect and remediate
configuration vulnerabilities to
improve your security posture
 Gain insights from a
consolidated view of machine
learning based threat detection
Brute force attacks
Leaked credentials
Infected devices
Suspicious sign-in
activities
Configuration
vulnerabilities
Risk-Based policies
MFA Challenge
Risky Logins
Block attacks
Change bad
credentials
Azure Active Directory Identity Protection (E5)

21. HR
System
LDAP
Exchange
Database
title Coordinator
givenName
surname
employeeID
Samantha
Dearing
007
e-mail samd@contoso.com
telephone 555-123-4567
givenName
surname
title
E-mail
employeeID
telephone
samd@contoso.com
Samantha
Dearing
007
Coordinator
555-123-4567
Identity Manager creates a compilation of
these attributes with validation and keeps
this in sync with all identity realms
Manager
User
A centralized and consistent corporate identity

22. Azure AD Privileged Identity Management
helps you:
 See which users are Azure AD
administrators
 Enable on-demand, "just in time"
administrative access to Microsoft Online
Services like Office 365 and Intune
 Get reports about administrator access
history and changes in administrator
assignments
 Get alerts about access to a privileged
role
Azure AD Privileged Identity Management (E5)

23. Microsoft Intune
enable users
unify your environment
protect your data
Market-leading, familiar client management tools extended with cloud-based MDM
Simplified, user-centric application management with profile configuration
Comprehensive settings management across platforms
Consistent Company Portal experiences across devices
Simplified enrollment
Automatic connection to apps and data
Selective wipe of corporate apps and data to protect sensitive information
Email profile configuration and selective wipe
Data protection configuration settings (iOS 7)

24. Making it easy to connect and be productive with Intune

25. Intune web console
Mobile devices and PCs
IT
ConfigMgr console
Microsoft Intune
Mobile devices
System Center
ConfigMgr
IT
Domain joined PCs
ConfigMgr integrated with Intune (hybrid)Intune standalone (cloud only)
Microsoft Intune
System Center 2012 R2 Configuration
Manager with Microsoft Intune
Build on existing Configuration Manager
deployment
Full PC management (OS Deployment,
Endpoint Protection, application delivery
control, rich reporting)
Deep policy control requirements
Scale to 100,000 devices
Extensible administration tools (RBA,
PowerShell, SQL Reporting Services)
Cloud-based Management
Microsoft Intune
No existing Configuration Manager
deployment
Simplified policy control
PC+MDM: 4K users, 6K PCs, and 7K devices
MDM Only: 25k users and 50k mobile
devices
Simple web-based administration console
Management choices

26. Microsoft Azure Right Management Services
Azure
RMS
Azure
AD
Exchange
SharePoint
Windows
ServerFCI
Office 2007
Office 2010
Office 2013
ExchangeOnlin
e
SharePoint
Online
KMSP
(HSM)
Azure
KMS
Microsoft Azure Rights Management
protect your data
• Simplified data protection and
collaboration – no on-premises
infrastructure required
• Support for connection to on-premises
Exchange, SharePoint and Windows
Server FCI
• Bring your own Key with Hardware
Security Module (HSM) – hosted key
storage
• Near real-time customer-owned
logging
• Office is our “first and best” partner –
Office 2013, 2010, 2007

27. Azure Information Protection E5
Integration
BYO Key
Sync
Azure RMS
Connector

28. Behavioral analysis for advanced
threat detection
Go beyond network security
software with sophisticated and
automated behavioral analytics.
Identify suspicious activities and
advanced threats in near real time
with simple, actionable reporting.
Microsoft Advanced Threat Analytics (E3 & E5)

29. Whether or not you’re in the cloud,
your employees are. Bring the
security of your on-premises
systems to your cloud applications
for deeper visibility, comprehensive
controls, and enhanced protection
against cloud security issues.
Microsoft Cloud App Security (E5)

30. Track your data

31. Windows 10

32. Windows 10 Enterprise E3 & E5

33. One converged Windows platform

34. Built for the modern web
 Safer web browsing across your
Windows 10 devices
 Switches to Internet Explorer 11 to
support existing web apps
 Built-in note-taking & sharing
 Only browser with Cortana, to get
more done on the web
 Always up-to-date
Microsoft Edge

35. BYOD: simple security settings
Device Lockdown
Fully managed corporate device
Windows 8.1 Windows 10
Mobile Device Management

36. ORGANIZATION OWNED PERSONALLY OWNED (BYOD)
 Computer joins AD to
establish trust
 User signs on using
AD account
 Group Policy +
System Center
 Computer registers with AD or AAD via
Device Registration to establish trust for
remote resource access
 User signs in with a Microsoft account,
associates an AAD account
 Intune/MDM
 Computer joins AAD
to establish trust
 User signs on using
AAD account
 Intune/MDM
 Settings roaming
Identity Choices

37. VDI PC Laptop Tablet Phone
Azure ADAuthentication &
Storage
Devices
Settings & Data
• Personalization
• Accessibility
• Language Settings
• Windows Settings
• Credentials
OS Settings
• App settings /
preferences
• App data
Modern Apps
Azure RMS
Enterprise Roaming with Azure Active Directory

38. Unique
threat
intelligence
knowledge
base
Rich
timeline for
investigation
Behavior-
based, post-
breach
detection
Built into
Windows 10,
cloud-
powered
Windows Defender Advanced Threat Protection (E5)

39. Any Question