Microsoft offers secure productivity solutions through its Secure Productive Enterprise (SPE) plan. SPE provides common identity, mobility management, and data protection across devices, apps, and cloud services. It includes Microsoft Azure Active Directory for identity and access management, Microsoft Intune for mobile device and application management, and Microsoft Azure Rights Management for information protection. These solutions help secure access and protect sensitive data as employees are increasingly mobile and productive outside the traditional office environment.
4. All our people…
…get the tools, expertise
and information they need…
…to do their
jobs well…
…anytime and
anywhere
Today Enterprise Vision
With all corporate
security and
compliance
6. So How to implement secure productivities in current
reality
7. Shadow
IT
Data breach
Employees
Partners
Customers
Cloud apps
Identity Devices Apps & Data
Transition to
cloud & mobility
New attack
landscape
Current defenses
not sufficient
Identity breach On-premises apps
SaaS
Azure
Because Security landscape has changed…..
security must evolve to protect
data outside the firewall
sensitive
data on
unmanaged
devices
ungoverned
access to
corporate
data in the
cloud
18. Security overview
Microsoft
Intune
Azure Information
Protection
Protect your users,
devices, and apps
Detect threats early
with visibility and
threat analytics
Protect your data,
everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium
19. Microsoft Azure AD Premium
Pre-integrated for Single Sign On (SSO) to over 2,500+ popular SaaS apps
Easily add custom cloud-based apps.
Connect to your on-premises Windows Server Active Directory
SaaS apps
many apps, one
identity repository
manage identities
and access to cloud
apps
monitor and protect
access to enterprise
apps
enable users
Comprehensive identity and access management console
Centralized management for assigning access to applications with groups
Secure business processes with advanced access management capabilities
Security reporting to track inconsistent access patterns
Included Multi-Factor authentication capabilities
Advanced machine-learning-based reporting
Consistent experience for SSO – the access panel
Tenant branded access panel
Self service password reset
20. Risk based Conditional Access
automatically protects against
suspicious logins and
compromised credentials
Detect and remediate
configuration vulnerabilities to
improve your security posture
Gain insights from a
consolidated view of machine
learning based threat detection
Brute force attacks
Leaked credentials
Infected devices
Suspicious sign-in
activities
Configuration
vulnerabilities
Risk-Based policies
MFA Challenge
Risky Logins
Block attacks
Change bad
credentials
Azure Active Directory Identity Protection (E5)
22. Azure AD Privileged Identity Management
helps you:
See which users are Azure AD
administrators
Enable on-demand, "just in time"
administrative access to Microsoft Online
Services like Office 365 and Intune
Get reports about administrator access
history and changes in administrator
assignments
Get alerts about access to a privileged
role
Azure AD Privileged Identity Management (E5)
23. Microsoft Intune
enable users
unify your environment
protect your data
Market-leading, familiar client management tools extended with cloud-based MDM
Simplified, user-centric application management with profile configuration
Comprehensive settings management across platforms
Consistent Company Portal experiences across devices
Simplified enrollment
Automatic connection to apps and data
Selective wipe of corporate apps and data to protect sensitive information
Email profile configuration and selective wipe
Data protection configuration settings (iOS 7)
25. Intune web console
Mobile devices and PCs
IT
ConfigMgr console
Microsoft Intune
Mobile devices
System Center
ConfigMgr
IT
Domain joined PCs
ConfigMgr integrated with Intune (hybrid)Intune standalone (cloud only)
Microsoft Intune
System Center 2012 R2 Configuration
Manager with Microsoft Intune
Build on existing Configuration Manager
deployment
Full PC management (OS Deployment,
Endpoint Protection, application delivery
control, rich reporting)
Deep policy control requirements
Scale to 100,000 devices
Extensible administration tools (RBA,
PowerShell, SQL Reporting Services)
Cloud-based Management
Microsoft Intune
No existing Configuration Manager
deployment
Simplified policy control
PC+MDM: 4K users, 6K PCs, and 7K devices
MDM Only: 25k users and 50k mobile
devices
Simple web-based administration console
Management choices
26. Microsoft Azure Right Management Services
Azure
RMS
Azure
AD
Exchange
SharePoint
Windows
ServerFCI
Office 2007
Office 2010
Office 2013
ExchangeOnlin
e
SharePoint
Online
KMSP
(HSM)
Azure
KMS
Microsoft Azure Rights Management
protect your data
• Simplified data protection and
collaboration – no on-premises
infrastructure required
• Support for connection to on-premises
Exchange, SharePoint and Windows
Server FCI
• Bring your own Key with Hardware
Security Module (HSM) – hosted key
storage
• Near real-time customer-owned
logging
• Office is our “first and best” partner –
Office 2013, 2010, 2007
28. Behavioral analysis for advanced
threat detection
Go beyond network security
software with sophisticated and
automated behavioral analytics.
Identify suspicious activities and
advanced threats in near real time
with simple, actionable reporting.
Microsoft Advanced Threat Analytics (E3 & E5)
29. Whether or not you’re in the cloud,
your employees are. Bring the
security of your on-premises
systems to your cloud applications
for deeper visibility, comprehensive
controls, and enhanced protection
against cloud security issues.
Microsoft Cloud App Security (E5)
34. Built for the modern web
Safer web browsing across your
Windows 10 devices
Switches to Internet Explorer 11 to
support existing web apps
Built-in note-taking & sharing
Only browser with Cortana, to get
more done on the web
Always up-to-date
Microsoft Edge
35. BYOD: simple security settings
Device Lockdown
Fully managed corporate device
Windows 8.1 Windows 10
Mobile Device Management
36. ORGANIZATION OWNED PERSONALLY OWNED (BYOD)
Computer joins AD to
establish trust
User signs on using
AD account
Group Policy +
System Center
Computer registers with AD or AAD via
Device Registration to establish trust for
remote resource access
User signs in with a Microsoft account,
associates an AAD account
Intune/MDM
Computer joins AAD
to establish trust
User signs on using
AAD account
Intune/MDM
Settings roaming
Identity Choices
37. VDI PC Laptop Tablet Phone
Azure ADAuthentication &
Storage
Devices
Settings & Data
• Personalization
• Accessibility
• Language Settings
• Windows Settings
• Credentials
OS Settings
• App settings /
preferences
• App data
Modern Apps
Azure RMS
Enterprise Roaming with Azure Active Directory