microsoft enterprise mobility and security ems

Security for the productive enterprise in a mobile-first cloud-first world

David J. Rosenthal

VP & GM, Digital Business

Razor Technology

January 8, 2018

Microsoft MTC New York City

Enterprise Mobility + Security (EMS)

Microsoft Enterprise Mobility + Security

Digital transformation

Protect at the front door

Protect your data, anywhere

Detect and remediate attacks

Agenda

of employees say mobile business apps change how they work

80%of employees use non-approved SaaS apps for work

41%

85%of enterprise organizations keep sensitive information in the cloud

On-premises

Devices AppsIdentity Data

On-premises

On-premises

THE PROBLEM

The security you need integrated with the productivity tools you want

Productivity

Secure

On-premises

OR

Security

It’s a delicate balance

Information

Rights

ManagementMobile Device

& Application

Management

Cloud Access

Security

Broker

SIEM

Data Loss

Prevention

User &

Entity

Behavioral

Analytics

Mobile

Data Loss

Prevention

Threat

Detection

Identity

governanceSingle-

sign on

Cloud

Data Loss

Prevention

Conditional

access

Discovery

Cloud

visibility

Secure

collaboration

Cloud

anomaly

detection

Identity & Access

Management

Identity & Access

Management

Mobile Device

& Application

Management

Data Loss

Prevention

User &

Entity

Behavioral

Analytics

Cloud Access

Security

Broker

Information

Rights

Management

Protect at the

front door

Detect &

remediate attacks

Protect your

data anywhere

Cloud Access Security Broker

Mobile Device &

App ManagementIdentity & Access

Management

User & Entity

Behavioral Analytics

Data Loss Prevention

Cloud Access Security Broker

Protect at the

front door

Detect &

remediate attacks

Protect your

data anywhere

Mobile device & app management

Information protection

Identity and access management

Threat protection

Holistic and innovative solutions for protection across users, devices, apps and data

Protect at the

front door

Detect &

remediate attacks

Protect your

data anywhere

Enterprise Mobility + Security

Protect at thefront door

Detect &remediate attacks

Protect yourdata anywhere

of hacking breaches leverage stolen and/orweak passwords

81%Enterprise Mobility + Security


Verizon 2017 Data Breach Investigation Report

Who is accessing? What is their role?

Is the account compromised?

Where is the user based? From where is

the user signing in? Is the IP anonymous?

Which app is being accessed?

What is the business impact?

Is the device healthy? Is it managed?

Has it been in a botnet?

What data is being accessed?

Is it classified? Is it allowed off premises?

Bing

Xbox Live

OneDrive

Microsoft Digital

Crimes Unit

Microsoft Cyber Defense

Operations Center

Azure

Microsoft

Accounts

Skype Enterprise Mobility

+ Security

Azure Active Directory

IF

Privileged user?

Credentials found in public?

Accessing sensitive app?

Unmanaged device?

Malware detected?

IP detected in Botnet?

Impossible travel?

Anonymous client?

High

Medium

Low

User risk

10TBper day

THEN

Require MFA

Allow access

Deny access

Force password reset******

Limit access

High

Medium

Low

Session risk

Enforce on-demand, just-in-time administrative access when needed

Use Alert, Audit Reports and Access Review

DomainUser

Global Administrator

Discover, restrict, and monitor privileged identities

DomainUser

Administrator privileges expire after

a specified interval

USER

Role: Sales Account Rep

Group: London Users

Client: Mobile

Config: Corp Proxy

Location: London, UK

Last Sign-in: 5 hrs ago

CONDITIONAL

ACCESS RISK

Health: Fully patched

Config:Managed

Last seen: London, UK

High

Medium

Low Allow access

TRAVEL EXPENSE

APP

USER

Role: VP Marketing

Group: Executive Users

Client: Mobile

Config: Corp Proxy



CONDITIONAL

ACCESS RISK

Health: Fully patched

Config:Managed

Last seen: London, UK

High

Medium

Low Require MFA

CONFIDENTIAL

SALES APP

CONDITIONAL

ACCESS POLICY

User is a member of

a sensitive group.

Application is classified

High Business Impact.

USER

Role: Sales Account Representative

Group: London Users

Client: Mobile

Config: Corp Proxy



SALES APP

CONDITIONAL

ACCESS RISK

Health: Unknown

Client: Browser

Config: Anonymous

Last seen: Asia

High

Medium

Low

Anonymous IP

Unfamiliar sign-in location for this user

Block access

Force password

reset



Demo



of workers have accidentally shared sensitive data to the wrong person

58%

Stroz Friedberg

How much control do you have over data?

OUT OF YOUR CONTROL

Who is accessing? What is their role?

Is the account compromised?

Where is the user based? From where is

the user signing in? Is the IP anonymous?

Which app is being accessed?

What is the business impact?

Is the device healthy? Is it managed?

Has it been in a botnet?

What data is being accessed?

Is it classified? Is it allowed off premises?

How do I protect corporate

files on mobile devices?

How do I protect the data

that’s shared externally?

How do I discover and

protect data in SaaS apps?

How do I protect sensitive data

on premises and in the cloud?

OUT OF YOUR CONTROL

Classification, labeling, and

protection for sensitive data

on-premises and in the cloud

Data protection

on mobile devices

Data visibility and

protection in cloud

and SaaS applications

Protect sensitive data on-premises and in the cloud

Classification

and labelingClassify data based on

sensitivity and add labels—

manually or automatically.

ProtectionEncrypt your sensitive

data and define usage

rights or add visual

markings when

needed.

MonitoringUse detailed tracking

and reporting to see

what’s happening with

your shared data and

maintain control over it.

Gain visibility and control over data in cloud apps

Cloud discoveryDiscover cloud apps used in your

organization, get a risk assessment

and alerts on risky usage.

Data visibilityGain deep visibility into where

data travels by investigating all

activities, files and accounts for

managed apps.

Data controlMonitor and protect personal and

sensitive data stored in cloud apps

using granular policies.

Role: Finance

Group: Contoso Finance

Office: London, UK

INTERNAL

Azure information

protection

Identifies document tagged

INTERNAL being shared publicly

Move to

quarantine

Restricted

to owner

USER

Uploaded to

public share

Admin notified

about problem.

CLOUD APP

SECURITY PORTAL

Advanced device management

Enforce device encryption,

password/PIN requirements,

jailbreak/root detection, etc.

Device security configuration

Restrict access to specific

applications or URL

addresses on mobile

devices and PCs.

Restrict apps and URLs

Managed apps

Personal appsPersonal appsMDM (3rd party or Intune) optional

Managed apps

Corporate data

Personaldata

Multi-identity policy

Control company data after

it has been accessed, and

separate it from personal

data.

Data control / separation

USER

User is prompted

to create a PIN

User edits

document stored

in OneDrive for

Business

User saves

document to…

User adds

business account

to OneDrive app

Intune configures

app protection policy

OneDrive

for BusinessAllow

access

• Copy/Paste/SaveAs controls

• PIN required

• Encrypt storage

User is prompted

to enroll device

Device checked

for compliance

Business email

account is added

User adds

business account

to email app

Intune enrolls device

and applies policies

CORPORATE

EMAIL

Allow

access

• PIN required

• Encrypt storage

• Image is not jailbroken

USER



Demo



PhishMe 2016

of cyberattacks and the resulting data breach begin with a spear phishing email

91%

How quickly are you able to detect attacks?

How do I detect attackers moving

laterally in my environment?

How do I detect Pass-the-Hash?

Pass-the-Ticket?

How do I detect compromised

credentials?

Aren’t rules-based security solutions

enough?

How can I remediate in real-time?

Automatically?

Unique insights, informed by trillions of signals

On-premises abnormal behavior and advanced threat detection

Identity-based attack and threat detection

Anomaly detectionfor cloud apps

!!

!

Monitors behaviors of users and other entities by using multiple data-sources

Profiles behavior and detects anomalies by using machine learning algorithms

Evaluates the activity of users and other entities to detect advanced attacks

Credit card companies monitor cardholders’ behavior.

By observing purchases, behavioral analytics learn what behavior is typical for each buyer.

If there is any abnormal activity, they will notify the cardholder to verify charge.

$$$$

3 hours

USER

Anonymous user behavior

Unfamiliar sign-in location

ATTACKER

Phishing attack

User account

is compromised

#

Attacker attempts

lateral movement

Attacker

accesses

sensitive data

Privileged

account

compromised

Anonymous user behavior

Lateral movement attacks

Escalation of privileges

Account impersonation

Data exfiltration

Attacker steals

sensitive dataCloud data &

SaaS apps

Zero-day /

brute-force attack



Demo

Apps

Risk

MICROSOFT INTUNE

Make sure your devices are

compliant and secure, while

protecting data at the

application level

AZURE ACTIVE

DIRECTORY

Ensure only authorized

users are granted access

to personal data using

risk-based conditional

access

MICROSOFT CLOUD

APP SECURITY

Gain deep visibility, strong

controls and enhanced

threat protection for data

stored in cloud apps

AZURE INFORMATION

PROTECTION

Classify, label, protect and

audit data for persistent

security throughout the

complete data lifecycle

MICROSOFT ADVANCED THREAT ANALYTICS

Detect breaches before they

cause damage by identifying

abnormal behavior, known

malicious attacks and security

issues

!

Device

!

Access granted to data

CONDITIONAL

ACCESS

Classify

LabelAudit

Protect

!

!

Location

Mobile device & app management


Holistic and innovative solutions for protection across users, devices, apps and data


Premium

Microsoft

Intune

Azure Information

Protection

Microsoft Cloud

App Security

Microsoft Advanced

Threat Analytics


Threat protection

Technology Benefit E3 E5


Premium P1Secure single sign-on to cloud and on-premises app

MFA, conditional access, and advanced security reporting ● ●


Premium P2

Identity and access management with advanced protection for

users and privileged identities ●

Microsoft IntuneMobile device and app management to protect corporate apps

and data on any device ● ●

Azure Information Protection P1Encryption for all files and storage locations

Cloud-based file tracking● ●

Azure Information Protection P2Intelligent classification and encryption for files shared inside

and outside your organization ●

Microsoft Cloud App SecurityEnterprise-grade visibility, control, and protection for your

cloud applications ●

Microsoft Advanced Threat AnalyticsProtection from advanced targeted attacks leveraging user

and entity behavioral analytics ● ●


Managed mobileproductivity


Threat protection

FastTrack experts work remotelywith you and your partner

Microsoft Virtual Academyand Immersion

Demos, videos and labs

Self-service resources

Success Plans tospeed-up deployment

EMS Success Workshop

Quick Start guides

How To’s andpersonalized videos

Trial: Experience EMS before

you subscribe

Proof of Concept (POC):

Model your deployment by

combining a trial and a

Success Plan

Assess: Determine the setup of your existing

environment and identify any issues

Remediate: Clean up any issues that might

prevent your preferred deployment approach

Enable: Set up EMS services, users, and

integration with your environment

Use: Help your users get their

work done better with EMS

Enhancements: Integrate your

environment with custom apps

and new capabilities

Drive ValueOnboardEnvision

..

Schedule a deep-dive session onEnterprise Mobility + Security

Get a free 90-day trial, evaluateEnterprise Mobility + Security

Deploy with Razor Technology

https://www.microsoft.com/cloud-platform/enterprise-mobility-security-trial

https://info.microsoft.com/RequestEMSDemoRegistration.html?ls=Website

https://www.microsoft.com/cloud-platform/enterprise-mobility-security-trial

https://fasttrack.microsoft.com/ems

https://fasttrack.microsoft.com/ems

https://info.microsoft.com/RequestEMSDemoRegistration.html?ls=Website

[email protected]

866.797.3282

www.razor-tech.com

http://www.razor-tech.com/

Analyze Learn Detect

Analyze the traffic and

identity traffic and data

related activities across the

network including relevant

events from SIEM and in

real-time.

Uses the organizational

security graph to detect

abnormal behavior, file

activity, protocol

attacks, and weak

security configurations.

Automatically learn the

common behaviors for users

and entities on the network

to build an organizational

security graph.

Alert

Intelligently use the learned

context to prevent false

positives and prioritize

alerts, remediate problems

automatically, and present

attack timelines.

Apps

Risk

MICROSOFT INTUNE

Make sure your devices are

compliant and secure, while

protecting data at the

application level

AZURE ACTIVE

DIRECTORY

Ensure only authorized

users are granted access

to personal data using

risk-based conditional

access

MICROSOFT CLOUD

APP SECURITY

Gain deep visibility, strong

controls and enhanced

threat protection for data

stored in cloud apps

AZURE INFORMATION

PROTECTION

Classify, label, protect and

audit data for persistent

security throughout the

complete data lifecycle

MICROSOFT ADVANCED THREAT ANALYTICS

Detect breaches before they

cause damage by identifying

abnormal behavior, known

malicious attacks and security

issues

!

Device

!

Access granted to data

CONDITIONAL

ACCESS

Classify

LabelAudit

Protect

!

!

Location