enterprise mobility+security overview

Go mobile. Stay in control.Chris GenazzioDirector of Business Development

Enterprise Mobility + Security

Mobile-first, cloud-first reality

Data breaches63% of confirmed data breaches involve weak, default, or stolen passwords.

63%

0.6%IT Budget growthGartner predicts global IT spend will grow only 0.6% in 2016.

Shadow ITMore than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs.

80%

Is it possible to keep up?

Employees

Business partners

Customers

Is it possible to stay secure?

Apps

Devices

Data

Users

Data leaks

Lost device

Compromised identity

Stolen credentials

Is it possible to keep up?

Employees Business partners Customers

The Microsoft vision

Secure and protect against new threats

Maximum productivity experience

Comprehensive and integratedApps

Devices

Data

Users

User freedomSecure against new threats Do more with less

Customers needMicrosoft Enterprise Mobility + Security

Identity – driven security Productivity without

compromiseComprehensive

solutions

Microsoft solution

ENTERPRISE MOBILITY + SECURITY

Identity-drivensecurity

Comprehensive solution

Managed mobile productivity

Identity-driven Security

Data Breaches 63%

Identity is the foundation for enterprise mobility

IDENTITY – DRIVEN SECURITY

Single sign-onSelf-service

Simple connection

On-premises

Other directories

Windows ServerActive Directory

SaaSAzure

Publiccloud

CloudMicrosoft Azure Active Directory

1000s of apps,

1 identityProvide one persona to the

workforce for SSO to 1000s of cloud and on-premises apps

with multifactor authentication.

Manage access at scale

Manage identities and access at scale in the

cloud and on-premises

Enable business without bordersStay productive with universal

access to every app and collaboration capability and self service capabilities to

save money

Identity at the core of your businessIDENTITY – DRIVEN SECURITY

ShadowIT

Data breach

Security landscape has changedIDENTITY – DRIVEN SECURITY

EmployeesPartnersCustomers

Cloud apps

Identity Devices Apps & Data

Transition tocloud & mobility

New attack landscape

Current defenses not sufficient

Identity breach On-premises apps

SaaSAzure

IntelligentInnovativeHolistic Identity-driven

Addresses security challenges across users (identities),

devices, data, apps, and platforms―on-premises and in the

cloud

Offers one protected common identity for secure access to all corporate resources, on-premises and in the cloud, with risk-based conditional

access

Protects your data from new and

changing cybersecurity attacks

Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a

vast amount of datasets and machine learning in the cloud.

Identity anchors our approach to securityIDENTITY – DRIVEN SECURITY

Three steps to identity-driven security IDENTITY – DRIVEN SECURITY

1. Protect at the front doorSafeguard your resources at the front door with

innovative and advanced risk-based conditional accesses

2. Protect your data against user mistakes

Gain deep visibility into user, device, and data activity on-premises and in the cloud.

3. Detect attacks before they cause damage

Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.

Protect at the front door

ConditionsAllow access Or

Block access

Actions

Enforce MFA per user/per app

LocationDevice state

User/Application

MFA

Risk

User

Azure AD Privileged Identity Management

Azure AD Identity Protection

IDENTITY – DRIVEN SECURITY

Protect your data against user mistakesIDENTITY – DRIVEN SECURITY

Azure Information Protection

Classify & Label

Protect

How do I control data on-premises and in the cloud

Monitor and Respond

Microsoft Intune

How do I prevent data leakage from my mobile apps?

LOB app protection

DLP for Office 365 mobile apps

Optional device management

Cloud App Security

Risk scoring

Shadow IT Discovery

Policies for data control

How do I gain visibility and control of my cloud apps?

Detect attacks before they cause damageIDENTITY – DRIVEN SECURITY

Microsoft Advanced Threat Analytics (ATA)

Behavioral Analytics

Detection of known malicious attacks

Detection of known security issues

On-premises detection

Cloud App Security

Behavioral analytics

Detection in the cloud

Anomaly detection

Azure Active Directory Premium

Security reporting and monitoring (access & usage)

Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY

MicrosoftIntune

Azure Information Protection

Protect your users, devices,

and apps

Detect threats early with

visibility and threat analytics

Protect your data, everywhere

Extend enterprise-grade security to your cloud and

SaaS apps

Manage identity with hybrid integration to protect

application access from identity attacks

MicrosoftAdvanced Threat Analytics

Microsoft Cloud App Security


Identity-driven security

Protect against advanced threats


Unsecuredapps 80%

Manage and secure devicesOffice mobile appsData-level protectionUser self-service

Mobile device, application, and information protection

MANAGED MOBILE PRODUCTIVITY

Manage and secure mobile devices MANAGED MOBILE PRODUCTIVITY

• Conditional access• Device settings &

Compliance enforcement

• Multi-identity support

Access manageme

nt• Mobile app management

(w & w/o a device enrollment)

• File level classification, labeling, and encryption

Built-in security

• Office mobile apps• Familiar and trusted

Goldstandard

Mobile app managementMANAGED MOBILE PRODUCTIVITY

Managed apps

Personal apps

Personal apps

Managed apps Corporate

data

Personal data

Multi-identity policy

Personal apps

Managed apps

Copy Paste Save

Save to personal storage

Paste to personal app

Email attachment

Empower users to

make right decisions

Enable safe sharing

internally and

externally

Data level protection

Maintain visibility and

control


Protect your data at all

times

Classify and label data based on sensitivity


STRICTLY CONFIDENTIAL

CONFIDENTIAL

INTERNAL

NOT RESTRICTED

IT admin sets policies, templates, and rules

FINANCE

CONFIDENTIAL

Add persistent labels defining sensitivity to files

Classify data according to policies – automatically or by user

Manage your account, apps and groups

Company branded, personalized application Access Panel: http://myapps.microsoft.com+ iOS and Android Mobile Apps

Making the lives of users (and IT) easierMANAGED MOBILE PRODUCTIVITY

Self-service password reset

Application access requests

Integrated Office 365 app launching


Secure access to company data with maximum productivity


Global IT Budget growth 2016 0.6%

Comprehensive. Integrated. Cost Effective.

COMPREHENSIVE SOLUTION

Integrates with what you haveSimple to set upEasy to maintainSaves you money

Protect users, apps, data, and devicesCOMPREHENSIVE SOLUTION

Employees Business partners Customers

Secure and protect against new threats

Maximum productivity experience

Comprehensive and integrated

Apps DevicesDataUsers

Always up to date• Real-time updates• Keep up with new

apps and devices

Works with what you

have• Support multiple platforms

• Use existing investments

Simple to set

up and connect

• Easy, secure connections

• Simplified management

Flexible architecture that just worksCOMPREHENSIVE SOLUTION

Simple set up with FastTrack

FastTrack will:Retain control of sensitive documents locally and over emailAutomatically protect mail containing privileged informationEnsure files stored in SharePoint are rights protected

EnvisionDefine your vision and plan for a successful rollout

Azure Rights Management

FastTrack will:Setup and deploy mobile app management policies to help prevent Office 365 data leakageSetup and deploy device security policies like pin or device encryptionIntegrate on-premises System Center Configuration Manager with IntuneEnable conditional access and compliance policies to control access to data

FastTrack will: Get organizational identities to the cloudSet up single sign-on for test apps (including Azure Active Directory Application Proxy apps)Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site


Microsoft Intune

OnboardMove to EMS smoothly and with confidence

Drive ValueBoost user engagement and manage change

FastTrack is included with EMS to accelerate your deployments



Stay secure and maximize your budget



Holistic, intelligent, innovative security to keep up with new threats.


Secure your enterprise fast – while keeping what you have and saving money.


Encourage secure work habits by providing the best apps with built-in security.


Enterprise Mobility + SecurityInformation protection



Identity and access management

Azure Information Protection Premium P2Intelligent classification and encryption for files shared inside and outside your organization(includes all capabilities in P1)

Azure Information Protection Premium P1Encryption for all files and storage locationsCloud-based file tracking

Microsoft Cloud App SecurityEnterprise-grade visibility, control, and protection for your cloud applications

Microsoft Advanced Threat AnalyticsProtection from advanced targeted attacks leveraging user and entity behavioral analytics

Microsoft IntuneMobile device and app management to protect corporate apps and data on any device

Azure Active Directory Premium P2Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1)

Azure Active Directory Premium P1Secure single sign-on to cloud and on-premises appsMFA, conditional access, and advanced security reporting

EMS E3

EMS E5

Provide insights to drive better business decisions faster

IntelligenceCreate a productive workplace to embrace diverse workstyles

CollaborationProtect your organization,

data and people

TrustEnable your people to get

things done anywhere

Mobility

Empower your employees by creating

a secure productive enterprise

Secure Productive Enterprise

Office 365Enterprise Mobility + SecurityWindows 10 Enterprise

Delivered through enterprise cloud services

Enterprise Mobility + Security

Basic identity mgmt. via Azure AD for O365:• Single sign-on for O365 • Basic multi-factor

authentication (MFA) for O365

Basic mobile device management via MDM for O365• Device settings

management• Selective wipe• Built into O365

management console

RMS protection via RMS for O365• Protection for content

stored in Office (on-premises or O365)• Access to RMS SDK• Bring your own key

Azure AD for O365+• Advanced security reports• Single sign-on for all apps • Advanced MFA• Self-service group

management & password reset & write back to on-premises, • Dynamic Groups, Group

based licensing assignment

MDM for O365+ • PC management• Mobile app management

(prevent cut/copy/paste/save as from corporate apps to personal apps)• Secure content viewers• Certificate provisioning• System Center integration

RMS for O365+ • Automated intelligent

classification and labeling of data• Tracking and notifications

for shared documents• Protection for on-premises

Windows Server file shares

Advanced Security Management• Insights into suspicious

activity in Office 365

Cloud App Security• Visibility and control for all

cloud appsAdvanced Threat Analytics• Identify advanced threats in

on premises identities Azure AD Premium P2• Risk based conditional access

Information protection




EMS Benefits for O365 customers

Windows 10

Enterprise Mobility +Security

• Single sign-on for business cloud apps• Device setup and

registration for Windows devices

• Windows Store for Business• Traditional domain join

manageability• Manageability via MDM and

MAM

• Encryption for data at rest and generated on device• Encryption for data

included in roaming settings

• Conditional access policies for secure single sign-on• MDM auto-enrollment• Self-Service Bitlocker

recovery • Password reset with write

back to on-premises• Cloud-based advanced

security reports and monitoring• Enterprise State-Roaming

• Mobile device management• Mobile app management • Secure content viewer• Certificate, Wi-Fi, VPN,

email profile provisioning• Agent-based management

of Windows devices (domain-joined via ConfigMgr and internet-based via Intune)

• Automated intelligent classification and labeling of data• Tracking and notifications

for shared documents• Protection for content

stored in Office and Office 365 & Windows Server on premises

Windows Defender Advanced Threat Protection• Identify advanced threats

focused on Windows 10 behavioral sensors

Cloud App Security• Visibility and control for all

cloud appsAdvanced Threat Analytics• Behavioral analytics for

advanced threat detectionAzure AD Premium• Risk based conditional access

Information protection




EMS benefits for Windows 10 customers

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

enterprise mobility+security overview

Documents