1. 1. Briforum London 2015 How to Get Started with the Microsoft Enterprise Mobility Suite
2. 2. Key Takeaways Why is managing your mobile workforce important? What is EMS and why do you need it is your Enterprise? How do we get started with EMS? How to Get Started with the Microsoft Enterprise Mobility Suite 2
3. 3. Peter Daalmans Senior Technical Consultant Peter.Daalmans@it-concern.nl How to Get Started with the Microsoft Enterprise Mobility Suite https://twitter.com/pdaalmans https://www.linkedin.com/in/pdaalmans http://configmgrblog.com
4. 4. Kenny Buntinx Managing Consultant Kenny.Buntinx@kbsolutions.be How to Get Started with the Microsoft Enterprise Mobility Suite https://twitter.com/KennyBuntinx http://be.linkedin.com/KennyBuntinx http://scug.be/blogs/sccm
5. 5. Enterprise Mobility Suite
6. 6. 2015 Enterprise Mobility Predictions Say goodbye to BOYD Say Hello to Data Protection Organizations will generally have three types of devices Employee Owned, Company Managed (EOCM) Company Owned, Company Managed (COCM) Company Owned, Company Dictated (COOD) Source: http://simon-may.com/yet-another-predictions-post-mobility-2015/ How to Get Started with the Microsoft Enterprise Mobility Suite 6
7. 7. SCCM is undisputed winner of PC Mgmt w/ >70% share You need to look into a MDM solution today We believe Microsoft is the long-term winner How to Get Started with the Microsoft Enterprise Mobility Suite Growth is all in Mobile Devices 349 315 296 294 293 292 725 1,010 1,131 1,283 1,434 1,579 162 231 270 308 340 368 0 500 1,000 1,500 2,000 2,500 2012 2013 2014 2015 2016 2017 Tablet Smartphone PC Devices Shipments (MM) Source: IDC
8. 8. Licensing Microsoft Intune (Standalone) Enterprise Mobility Suite Microsoft Intune Azure Active Directory Premium Azure Rights Management Enterprise Cloud Suite Enterprise Mobility Suite Office 365 Enterprise E3 Windows Software Assurance http://www.microsoft.com/licensing/about- licensing/briefs/enterprise-cloud-suite.aspx How to Get Started with the Microsoft Enterprise Mobility Suite 10
9. 9. Azure AD Premium Identity
10. 10. Azure Active Directory Premium Active Directory in the cloud Federation and identity provisioning Centrally managed identities Synchronization Single User Identity (SSO) Monitoring and protect access to cloud apps Authentication and Security reports Multi-Factor Authentication (MFA) Empower end Users Self-Service password reset How to Get Started with the Microsoft Enterprise Mobility Suite 12
11. 11. Azure Active Directory free and premium offerings feature comparison
12. 12. Identity: Cloud, Sync or Federated? Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud B2B federated identity allows customers to securely share and collaborate with each other
13. 13. Common Identity with Sync and Federation User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory Synchronization Federation AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication *Write back of attributes to support cloud first and co-existence
14. 14. Azure Active Directory Identity Demo
15. 15. Enabling users Self-service password reset Self-service Profile access
16. 16. Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the users attributes. Users can reset their passwords significantly reducing help desk burden and costs. Users can edit their profile details to update and add missing information Provide users with self-service experiences
17. 17. Self-service password reset Demo
18. 18. Security Reports Self-service Profile access Multi Factor Authentication
19. 19. Multi-Factor Authentication
20. 20. How to Get Started with the Microsoft Enterprise Mobility Suite 25 What is multi-factor authentication? Any two or more of the following factors: Something you know: a password or PIN. Something you have: a phone, credit card or hardware token. Something you are: a fingerprint, retinal scan or other biometric. Stronger when using two different channels (out-of-band).
21. 21. Security Reports Demo
22. 22. Microsoft Intune
23. 23. Microsoft Intune Mobile Device Management Windows, Windows Phone, IOS and Android Policy and Application Management Compliance reporting Conditional Access to resources Selective Wipe Devices Hybrid / Cloud solution How to Get Started with the Microsoft Enterprise Mobility Suite 30
24. 24. Single management console for IT admins Configuration Manager console (hybrid)Intune web console (cloud only)
25. 25. Comprehensive lifecycle management Enroll Provide a self-service Company Portal for users to enroll devices Deliver custom terms and conditions at enrollment Bulk enroll devices using Apple Configurator or service account Restrict access to Exchange email if a device is not enrolled Retire Revoke access to corporate resources Perform selective wipe Audit lost and stolen devices Provision Deploy certificates, email, VPN, and WiFi profiles Deploy device security policy settings Install mandatory apps Deploy app restriction policies Deploy data protection policies Manage and Protect Restrict access to corporate resources if policies are violated (e.g., jailbroken device) Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem Report on device and app compliance User IT
26. 26. Company Portal(s)
27. 27. Company portal self-service experience Consistent experience across: Windows Windows Phone Android iOS Discover and install corporate apps Manage devices and data Customizable terms and conditions Ability to contact IT Force the Policy refresh How to Get Started with the Microsoft Enterprise Mobility Suite 3434
28. 28. Mobile Device Portals All portals offer the same experience (except for Windows Phone)
29. 29. Device Enrolment The new way Conditional access
30. 30. Enrolling Devices Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on- premises and in the cloud Dirsync w Pwd Sync Connector Internal Connector
31. 31. Conditional access for Office 365 7 5 4 2 1 3 6
32. 32. Device Enrolment The new way Conditional access DEMO
33. 33. Application Management
34. 34. Mobile Application Management How to Get Started with the Microsoft Enterprise Mobility Suite 43 Personal apps
35. 35. Mobile Application Management How to Get Started with the Microsoft Enterprise Mobility Suite 44
36. 36. Mobile Application Management DEMO
37. 37. Rights Management
38. 38. Microsoft Rights Management Encrypt and control Documents Mails Prevent unwanted viewing/printing or access to Corporate data How to Get Started with the Microsoft Enterprise Mobility Suite 47
39. 39. Integrating RMS into workflows
40. 40. Sharing documents securely
41. 41. Rights Management Demo
42. 42. Corporate Data Removal Full Wipe vs. Selective Wipe
43. 43. Options for corporate data removal How to Get Started with the Microsoft Enterprise Mobility Suite 53
44. 44. Selective/Full Wipe DEMO
45. 45. Questions How to Get Started with the Microsoft Enterprise Mobility Suite 56
46. 46. How to Get Started with the Microsoft Enterprise Mobility Suite 57