Agenda Enterprise challenges for mobility

How Microsofts Enterprise Mobility Suite Provides helps with those challenges

Hybrid identity With Azure Active Directory and Azure Active Directory Premium

Mobile Device Management with Microsoft Intune

Data Protection with Azure Rights Management Services

Enterprise Mobility Suite Offering

2

The time to address enterprise mobility is now

Data leakage resulting from device loss or theft is a top smartphone security risk European Union Agency for Network and Information Security

29% of todays global workforce use 3+ devices, work from multiple locations and use many apps.

67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves

80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs

The explosion of devices is eroding the standards-based approach to corporate IT.

DevicesDeploying and managing applications across platforms is difficult.

Apps

Todays challenges

DataUsers need to be productive while maintaining compliance and reducing risk.

Users expect to be able to work in any location and have access to all their work resources.

Users

Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)

Microsoft Intune

Mobile device settings management

Mobile application management

Selective wipe

Microsoft Azure Active Directory Premium

security reports, and audit reports, multi-factor authentication

Self-service password reset and group management

Connection between Active Directory and Azure Active Directory

Introducing the Enterprise Mobility Suite -Microsoft.com/EMS

Microsoft Azure Rights Management service

Information protection Connection to on-premises assets

Bring your own key

http://www.surface.com/http://www.surface.com/http://www.surface.com/

EMS and Office 365

Cloud and hybrid identity management

Mobile device management

Information protection

Enterprise Mobility

Suite

Protection for O365 content Protection for on premises Exchange SharePoint content

Access to RMS SDK Bring your own Key

Protection for on-premises Windows Server file shares

Basic Mobile Device Management via EAS

PIN enforcement Device wipe

PC Management Mobile Device Management Mobile App Management Certificate Provisioning Selective wipe

Single Sign on for O365 Basic Multifactor Authentication (MFA) for O365

Single Sign on for all cloud apps Advanced MFA for all workloads Self Service group management and password reset with write back to on premises directory

Advanced security reports FIM (Server + CAL)

Microsoft Intune

Mobile device settings management

Mobile application management

Selective wipe

Enterprise Mobility SuiteMicrosoft Azure Active Directory Premium

Group management, security reports, and audit reports

Self-service password reset and multi-factor authentication

Connection between Active Directory and Azure Active Directory

Microsoft Azure Rights Management service

Information protection Connection to on-premises assets

Bring your own key

http://www.surface.com/http://www.surface.com/http://www.surface.com/

Hybrid identityBridging on-premises and Azure Active Directory

Enable your usersProvide users with self-serviceexperiences to keep them productiveEnable single sign-on for users across the resources they need access to

Protect your dataEnforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applicationsEnsure compliance with governance, attestation, and reporting

Unify your environmentCreate a centralized identity across on-premises and cloud environmentsUse identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely

Azure Active Directory Premium

Take advantage of a directory in the cloudGroup-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percent

Empower users

Self-service password resetDelegated group management

Monitor and protect access to applicationsSecurity reports based on machine learningApplication usage reportsMulti-factor authentication

Built on top of a free offeringRobust set of capabilities for empowering enterprises with demanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager server licenses and CALs

Synchronizing your active Directory

Company Portal - Sign-In Experience

Company Portal - SSO to Applications

Company Portal Profile Password Reset

Group Management

Self Service Password Reset

Multi-Factor Authentication

Advanced Reporting

Microsoft Intune

Mobile device settings management

Mobile application management

Selective wipe

Microsoft Azure Active Directory Premium

Group management, security reports, and audit reports

Self-service password reset and multi-factor authentication

Connection between Active Directory and Azure Active Directory

Enterprise Mobility Suite

Microsoft Azure Rights Management service

Information protection Connection to on-premises assets

Bring your own key

http://www.surface.com/http://www.surface.com/http://www.surface.com/

Manage and Secure PCs and Devices Anywhere

Help protect PCs from malware

Manage updates

Proactive monitoring and alerts

Provide remote assistance

Inventory hardware and software

Monitor & track licenses

Increase insight with reporting

Set security policies

Distribute software

Richer Mobile Device Management

Simple web-based Administration Console and a richer experience for Information Workers

Mobile Device Management with Microsoft Intune

EAS based management

Direct management (Windows RT, Windows Phone 8.x, iOS,

Android)

Microsoft Intune Standalone service

Microsoft Intune integrated with System Center 2012 R2 Configuration Manager

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows RT, Windows Phone 8.x

iOS, Android

Company PortalConsistent self service experience for end user across mobile platforms

Available in the Windows Store

Windows Phone iOS

Side-loaded during enrollment

Available in the Apple App store

Windows Android

Available in the Google Play Store

Mobile Device Settings in Microsoft Intune

Category Win 8.1 PC & RT WP8.1 iOS AndroidPassword

Encryption

Malware

System Settings

Cloud

Windows Server Work Folders

Browser

Applications & Gaming

Device restrictions

Store access

Roaming

* Subset of settings Note: Table applicable to direct MDM and not EAS

Mobile Device Settings in Microsoft Intune

* Subset of settings Note: Table applicable to direct MDM and not EAS

Mobile device wipe and retire

Category Windows 8.1 (x86/RT OMA-DM managed)

Windows 8 RT Windows Phone 8.1

iOS Android (EAS)

Full Wipe

Retire (Selective wipe)

Email (Email through EAS) (Email through EAS)

Company apps and associated

data installed by Microsoft Intune.

Apps originally installed through the company portal

are uninstalled and sideloading keys are removed. Apps using Windows Selective Wipe will have the encryption key revoked and data will no

longer be accessible.

Sideloading keys are removed but apps remain installed.

Apps originally installed through the company portal are uninstalled. Company app data is

removed.

Apps are uninstalled. Company app data is

removed.

Apps and data remain installed.

Settings Requirements removed Requirements removed Requirements removed Requirements removed Requirements removed

Management Client

Not applicable. Management agent is built-in

Not applicable. Management agent is

built-in

Not applicable. Management agent is

built-in

Management profile is removed

Device Administrator privilege is revoked.

Selective Wipe

Microsoft Intune

Mobile device settings management

Mobile application management

Selective wipe

Microsoft Azure Active Directory Premium

Group management, security reports, and audit reports

Self-service password reset and multi-factor authentication

Connection between Active Directory and Azure Active Directory

Enterprise Mobility Suite

Microsoft Azure Rights Management service

Information protection Connection to on-premises assets

Bring your own key

http://www.surface.com/http://www.surface.com/http://www.surface.com/

What is Azure Rights Management? Data Loss Prevention through the use of a cloud based

encryption/decryption solution

Allows you to secure data regardless of location, enabling

you to share data securely internally and externally

Secures content on Windows Server File Shares

Access Secure content on mobile devices

What problems does Azure RMS solve?

Protect All File Types

Protect Files Anywhere

Share Files Securely by Email

Auditing and Monitoring

Support for all commonly used devices, not just windows computers

Support for business to business collaboration

37

Protect data with rights management

Take advantage of hybrid options across Windows Server and Azure Rights Management service

Integrate Microsoft SharePoint and Microsoft Exchange Server

Automatically identify and classify data based on content with automatic encryption

More securely share documents with colleagues and business partners

Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients

Protecting Files Locally

39

Sharing Protected Files

40

RMS Integration with SharePoint Online

41

Cloud and hybrid identity management

Simplified procurement

Mobile device management

Information protection

Other options in the market

Azure Active Directory Premium Microsoft Intune Azure Rights Management service

Ping Identity

Okta

Centrify

Salesforce Identity

Google

Amazon Web Services

AirWatch MobileIron

Good

KaseyaSymantec SecloreFasooAdobe LiveCycle

EMS: One Vendor, One Contract, One SKUWhy Microsoft?

$4.50

60-percent discount and introductory promotion

Enterprise Mobility Suite add-on promotion4

People-centric IT with one license suite and one vendor

*60-percent discount over list pricing with limited time promotion if purchased before 12/31/2014

Add-on SKU requires Core CAL, ECAL, or Bridge CAL

Microsoft solution value

1. Seclore assumes blended cost across 500 authors ($7 per user) , 1000 consumers (no cost).2. AirWatch per device per month Cloud Hosted MDM Suite List pricing. Management of multiple devices per user requires additional licensing.3. Salesforce Identity per user per month list pricing , included for existing Salesforce customers.. Okta list price $10 per user per month.4. Per user per month Open NL price $4.5/u/m. EA pricing starts at $4/u/m. Promo requires 250 minimum purchase and qualifying CAL Suite license.

Microsoft Confidential 46

Questions?

Appendix

Support options

http://www.windowsazure.com/en-us/support/plans/

https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1

http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx

http://www.windowsazure.com/en-us/support/plans/https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx

Enterprise Mobility Suite Overview Slide Number 2The time to address enterprise mobility is nowTodays challengesSlide Number 5Slide Number 6Hybrid identitySlide Number 8Slide Number 9Slide Number 10Azure Active Directory PremiumSynchronizing your active DirectoryCompany Portal - Sign-In ExperienceCompany Portal - SSO to ApplicationsCompany Portal Profile Password ResetGroup ManagementSelf Service Password ResetMulti-Factor AuthenticationAdvanced ReportingMobile device managementSlide Number 23Manage and Secure PCs and Devices AnywhereMobile Device Management with Microsoft IntuneMicrosoft Intune Standalone serviceMicrosoft Intune integrated with System Center 2012 R2 Configuration ManagerCompany PortalMobile Device Settings in Microsoft IntuneMobile Device Settings in Microsoft IntuneMobile device wipe and retireSelective WipeData protectionSlide Number 35What is Azure Rights Management?Slide Number 37Slide Number 38Slide Number 39Slide Number 40Slide Number 41Offering detailsSlide Number 44Slide Number 45Slide Number 46Slide Number 47Enterprise Mobility Suite Overview AppendixSlide Number 50