agenda - schedschd.ws/hosted_files/2014giantsgmisillinois/f4/microsoft...agenda • enterprise...

of 46 /46

Author: nguyenhanh

Post on 28-Jun-2018

214 views

Category:

Documents


0 download

Embed Size (px)

TRANSCRIPT

  • Agenda Enterprise challenges for mobility

    How Microsofts Enterprise Mobility Suite Provides helps with those challenges

    Hybrid identity With Azure Active Directory and Azure Active Directory Premium

    Mobile Device Management with Microsoft Intune

    Data Protection with Azure Rights Management Services

    Enterprise Mobility Suite Offering

    2

  • The time to address enterprise mobility is now

    Data leakage resulting from device loss or theft is a top smartphone security risk European Union Agency for Network and Information Security

    29% of todays global workforce use 3+ devices, work from multiple locations and use many apps.

    67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves

    80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs

  • The explosion of devices is eroding the standards-based approach to corporate IT.

    DevicesDeploying and managing applications across platforms is difficult.

    Apps

    Todays challenges

    DataUsers need to be productive while maintaining compliance and reducing risk.

    Users expect to be able to work in any location and have access to all their work resources.

    Users

  • Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)

    Microsoft Intune

    Mobile device settings management

    Mobile application management

    Selective wipe

    Microsoft Azure Active Directory Premium

    security reports, and audit reports, multi-factor authentication

    Self-service password reset and group management

    Connection between Active Directory and Azure Active Directory

    Introducing the Enterprise Mobility Suite -Microsoft.com/EMS

    Microsoft Azure Rights Management service

    Information protection Connection to on-premises assets

    Bring your own key

    http://www.surface.com/http://www.surface.com/http://www.surface.com/

  • EMS and Office 365

    Cloud and hybrid identity management

    Mobile device management

    Information protection

    Enterprise Mobility

    Suite

    Protection for O365 content Protection for on premises Exchange SharePoint content

    Access to RMS SDK Bring your own Key

    Protection for on-premises Windows Server file shares

    Basic Mobile Device Management via EAS

    PIN enforcement Device wipe

    PC Management Mobile Device Management Mobile App Management Certificate Provisioning Selective wipe

    Single Sign on for O365 Basic Multifactor Authentication (MFA) for O365

    Single Sign on for all cloud apps Advanced MFA for all workloads Self Service group management and password reset with write back to on premises directory

    Advanced security reports FIM (Server + CAL)

  • Microsoft Intune

    Mobile device settings management

    Mobile application management

    Selective wipe

    Enterprise Mobility SuiteMicrosoft Azure Active Directory Premium

    Group management, security reports, and audit reports

    Self-service password reset and multi-factor authentication

    Connection between Active Directory and Azure Active Directory

    Microsoft Azure Rights Management service

    Information protection Connection to on-premises assets

    Bring your own key

    http://www.surface.com/http://www.surface.com/http://www.surface.com/

  • Hybrid identityBridging on-premises and Azure Active Directory

    Enable your usersProvide users with self-serviceexperiences to keep them productiveEnable single sign-on for users across the resources they need access to

    Protect your dataEnforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applicationsEnsure compliance with governance, attestation, and reporting

    Unify your environmentCreate a centralized identity across on-premises and cloud environmentsUse identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely

  • Azure Active Directory Premium

    Take advantage of a directory in the cloudGroup-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percent

    Empower users

    Self-service password resetDelegated group management

    Monitor and protect access to applicationsSecurity reports based on machine learningApplication usage reportsMulti-factor authentication

    Built on top of a free offeringRobust set of capabilities for empowering enterprises with demanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager server licenses and CALs

  • Synchronizing your active Directory

  • Company Portal - Sign-In Experience

  • Company Portal - SSO to Applications

  • Company Portal Profile Password Reset

  • Group Management

  • Self Service Password Reset

  • Multi-Factor Authentication

  • Advanced Reporting

  • Microsoft Intune

    Mobile device settings management

    Mobile application management

    Selective wipe

    Microsoft Azure Active Directory Premium

    Group management, security reports, and audit reports

    Self-service password reset and multi-factor authentication

    Connection between Active Directory and Azure Active Directory

    Enterprise Mobility Suite

    Microsoft Azure Rights Management service

    Information protection Connection to on-premises assets

    Bring your own key

    http://www.surface.com/http://www.surface.com/http://www.surface.com/

  • Manage and Secure PCs and Devices Anywhere

    Help protect PCs from malware

    Manage updates

    Proactive monitoring and alerts

    Provide remote assistance

    Inventory hardware and software

    Monitor & track licenses

    Increase insight with reporting

    Set security policies

    Distribute software

    Richer Mobile Device Management

    Simple web-based Administration Console and a richer experience for Information Workers

  • Mobile Device Management with Microsoft Intune

    EAS based management

    Direct management (Windows RT, Windows Phone 8.x, iOS,

    Android)

  • Microsoft Intune Standalone service

  • Microsoft Intune integrated with System Center 2012 R2 Configuration Manager

    Mac OS X

    Windows PCs(x86/64, Intel SoC),

    Windows to GoWindows Embedded

    Windows RT, Windows Phone 8.x

    iOS, Android

  • Company PortalConsistent self service experience for end user across mobile platforms

    Available in the Windows Store

    Windows Phone iOS

    Side-loaded during enrollment

    Available in the Apple App store

    Windows Android

    Available in the Google Play Store

  • Mobile Device Settings in Microsoft Intune

    Category Win 8.1 PC & RT WP8.1 iOS AndroidPassword

    Encryption

    Malware

    System Settings

    Cloud

    Windows Server Work Folders

    Browser

    Applications & Gaming

    Device restrictions

    Store access

    Roaming

    * Subset of settings Note: Table applicable to direct MDM and not EAS

  • Mobile Device Settings in Microsoft Intune

    * Subset of settings Note: Table applicable to direct MDM and not EAS

  • Mobile device wipe and retire

    Category Windows 8.1 (x86/RT OMA-DM managed)

    Windows 8 RT Windows Phone 8.1

    iOS Android (EAS)

    Full Wipe

    Retire (Selective wipe)

    Email (Email through EAS) (Email through EAS)

    Company apps and associated

    data installed by Microsoft Intune.

    Apps originally installed through the company portal

    are uninstalled and sideloading keys are removed. Apps using Windows Selective Wipe will have the encryption key revoked and data will no

    longer be accessible.

    Sideloading keys are removed but apps remain installed.

    Apps originally installed through the company portal are uninstalled. Company app data is

    removed.

    Apps are uninstalled. Company app data is

    removed.

    Apps and data remain installed.

    Settings Requirements removed Requirements removed Requirements removed Requirements removed Requirements removed

    Management Client

    Not applicable. Management agent is built-in

    Not applicable. Management agent is

    built-in

    Not applicable. Management agent is

    built-in

    Management profile is removed

    Device Administrator privilege is revoked.

  • Selective Wipe

  • Microsoft Intune

    Mobile device settings management

    Mobile application management

    Selective wipe

    Microsoft Azure Active Directory Premium

    Group management, security reports, and audit reports

    Self-service password reset and multi-factor authentication

    Connection between Active Directory and Azure Active Directory

    Enterprise Mobility Suite

    Microsoft Azure Rights Management service

    Information protection Connection to on-premises assets

    Bring your own key

    http://www.surface.com/http://www.surface.com/http://www.surface.com/

  • What is Azure Rights Management? Data Loss Prevention through the use of a cloud based

    encryption/decryption solution

    Allows you to secure data regardless of location, enabling

    you to share data securely internally and externally

    Secures content on Windows Server File Shares

    Access Secure content on mobile devices

  • What problems does Azure RMS solve?

    Protect All File Types

    Protect Files Anywhere

    Share Files Securely by Email

    Auditing and Monitoring

    Support for all commonly used devices, not just windows computers

    Support for business to business collaboration

    37

  • Protect data with rights management

    Take advantage of hybrid options across Windows Server and Azure Rights Management service

    Integrate Microsoft SharePoint and Microsoft Exchange Server

    Automatically identify and classify data based on content with automatic encryption

    More securely share documents with colleagues and business partners

    Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients

  • Protecting Files Locally

    39

  • Sharing Protected Files

    40

  • RMS Integration with SharePoint Online

    41

  • Cloud and hybrid identity management

    Simplified procurement

    Mobile device management

    Information protection

    Other options in the market

    Azure Active Directory Premium Microsoft Intune Azure Rights Management service

    Ping Identity

    Okta

    Centrify

    Salesforce Identity

    Google

    Amazon Web Services

    AirWatch MobileIron

    Good

    KaseyaSymantec SecloreFasooAdobe LiveCycle

    EMS: One Vendor, One Contract, One SKUWhy Microsoft?

  • $4.50

    60-percent discount and introductory promotion

    Enterprise Mobility Suite add-on promotion4

    People-centric IT with one license suite and one vendor

    *60-percent discount over list pricing with limited time promotion if purchased before 12/31/2014

    Add-on SKU requires Core CAL, ECAL, or Bridge CAL

    Microsoft solution value

    1. Seclore assumes blended cost across 500 authors ($7 per user) , 1000 consumers (no cost).2. AirWatch per device per month Cloud Hosted MDM Suite List pricing. Management of multiple devices per user requires additional licensing.3. Salesforce Identity per user per month list pricing , included for existing Salesforce customers.. Okta list price $10 per user per month.4. Per user per month Open NL price $4.5/u/m. EA pricing starts at $4/u/m. Promo requires 250 minimum purchase and qualifying CAL Suite license.

  • Microsoft Confidential 46

    Questions?

  • Appendix

  • Support options

    http://www.windowsazure.com/en-us/support/plans/

    https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1

    http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx

    http://www.windowsazure.com/en-us/support/plans/https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx

    Enterprise Mobility Suite Overview Slide Number 2The time to address enterprise mobility is nowTodays challengesSlide Number 5Slide Number 6Hybrid identitySlide Number 8Slide Number 9Slide Number 10Azure Active Directory PremiumSynchronizing your active DirectoryCompany Portal - Sign-In ExperienceCompany Portal - SSO to ApplicationsCompany Portal Profile Password ResetGroup ManagementSelf Service Password ResetMulti-Factor AuthenticationAdvanced ReportingMobile device managementSlide Number 23Manage and Secure PCs and Devices AnywhereMobile Device Management with Microsoft IntuneMicrosoft Intune Standalone serviceMicrosoft Intune integrated with System Center 2012 R2 Configuration ManagerCompany PortalMobile Device Settings in Microsoft IntuneMobile Device Settings in Microsoft IntuneMobile device wipe and retireSelective WipeData protectionSlide Number 35What is Azure Rights Management?Slide Number 37Slide Number 38Slide Number 39Slide Number 40Slide Number 41Offering detailsSlide Number 44Slide Number 45Slide Number 46Slide Number 47Enterprise Mobility Suite Overview AppendixSlide Number 50