mtug - på tide med litt oversikt og kontroll?
TRANSCRIPT
Agenda
Olav Tvedt | Principal
Global Product ManagerMobility And User Experience
MVP Cloud and Datacenter Management
Twitter: olavtwitt - Blog: olavtvedt.blogspot.com
Microsoft EMS
How Microsoft can help mobile transformation
Device
management
Content
management
Application
management
Application
development
Identity &
access
Microsoft
Intune
Office 365
System Center
Configuration
Manager
Microsoft Azure
RMS
Office 365
Active Directory
RMS
SharePoint
Microsoft Azure
Active Directory
Active Directory
Microsoft Intune
System Center
Configuration
Manager
Microsoft Visual
Studio
Xamarin
Microsoft Visual
Studio Online
IDENTITY-DRIVEN SECURITY
Self-service capabilities
• Password reset
• Group membership
• MyApps portal
Manage everything
• Dynamic groups
• Provisioning
• B2B collaboration
Single sign-on
• Easy connection to existing assets
• Unified experience across user devices
Azure MFA Offering Comparison
MFA for O365/Azure
Administrators
Windows Azure Multi-Factor
Authentication / EMS
Vision: Azure Rights Management
On any device
Email LOB appsFiles
Share internally Share externally (B2C)Share externally (B2B)
Policy
enforcement
Document
revocation
Document
tracking
Access
controlEncryptionClassification
and labeling
In any part of the world
• US
• EU
• APAC
• China
• Germany
Azure RMS Connectors and Connections
RMS SDKs (apps coming) on popular
mobile platforms including
Windows, iOS, Android, Windows
Phone and Mac OS
Connect to on-premises Exchange and
SharePoint for the simplest way to get
Rights Management running in your
organization
Azure RMS provides the Rights Management
capabilities for Office 365, providing easy
enablement and enforcement of information
protection policies
Connect to Windows
Server File Services for
FCI and DAC integration
Leverage a common identity across Active
Directory and Azure Active Directory
We Drive Business Evolution Forward
Microsoft MDM Options- Exchange Active Sync
- Office 365
- Intune
- (Azure)
Devic
e
co
nfi
gu
rati
on Inventory mobile devices that access corporate applications
Remote factory reset (full device wipe)
Mobile device configuration settings (PIN length, PIN required, lock time, etc.)
Self-service password reset (Office 365 cloud only users)
Off
ice 3
65
Provides reporting on devices that do not meet IT policy
Group-based policies and reporting (ability to use groups for targeted device configuration)
Root cert and jailbreak detection
Remove Office 365 app data from mobile devices while leaving personal data and apps intact (Selective
wipe)
Prevent access to corporate email and documents based upon device enrollment and compliance
policies
Pre
miu
m m
ob
ile
devic
e &
ap
p
man
ag
em
en
t
Self-service Company Portal for users to enroll their own devices and install corporate apps
Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles
Prevent cut/copy/paste/save as of data from corporate apps to personal apps (Mobile application
management)
Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune
Remote device lock via self-service Company Portal and via admin console
PC
m
an
ag
em
en
t PC management (e.g. inventory, antimalware, patch, policies, etc.)
OS deployment (via System Center ConfigMgr)
PC software management
Single management console for PCs and mobile devices (through integration with System Center
ConfigMgr)
Device management feature comparison
Mobile application management
PC managementMobile device management
ITUser
Microsoft Intune
Intune helps organizations provide their employees with access to corporate
applications, data, and resources from virtually anywhere on almost any
device, while helping to keep corporate information secure.
MANAGED MOBILE PRODUCTIVITY
Managed apps
Personal apps
Personal apps
Managed appsCorporate data
Personaldata
Multi-identity policy
Personal apps
Managed apps
Copy Paste Save
Save to
personal storage
Paste to
personal
app
Email attachment
Abnormal Behavior Anomalous logins
Remote execution
Suspicious activity
Security issues and risks
Broken trust
Weak protocols
Known protocol vulnerabilities
Malicious attacks
Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Skeleton key malware
Reconnaissance
BruteForce
Unknown threats
Password sharing
Lateral movement
IDENTITY-DRIVEN SECURITY
ATA
Devices
and servers
Behavioral
analytics
Forensics for
known attacks
and issues
Advanced
Threat Analytics
Profile normal
entity behavior
(normal versus
abnormal)
Search for known
security attacks
and issues
Detect suspicious
user activities,
known attacks,
and issues
SIEM Active
Directory
Enterprise Mobility +Security
Protect your users, devices, and apps
AZURE RIGHTS
MANAGEMENT
& SECURE
ISLANDS
Detect problems early with visibility
and threat analytics
Advanced
Threat
Analytics
MICROSOFT
INTUNE
Protect your data, everywhere
AZURE ACTIVE
DIRECTORY
IDENTITY
PROTECTION
Extend enterprise-grade security to your cloud and SaaS apps
Protect application access from identity attacks
MICROSOFT
CLOUD APP
SECURITY
IDENTITY-DRIVEN SECURITY
Enterprise Mobility Suite
Microsoft IntuneMicrosoft Azure Active
Directory PremiumMicrosoft Azure Rights Management Premium
Advanced Threat Analytics
Easily manage identities
across on-premises and cloud
Single sign-on and self-service
for corporate resources
Leverage MDM and MAM to
protect corporate apps and
data on almost any device
Encryption, identity, and
authorization to secure
corporate files and email across
phones, tablets, and PCs
Identify suspicious activities
and advanced threats in near
real time with simple,
actionable reporting
Behavior-based
threat analytics
Information
protection
Identity and access
management
Mobile device and
app management
Enterprise Mobility Suite
Mobile device and app management
Information protection
Basic identity mgmt.
via Azure AD for O365:
• Single sign-on for O365
• Basic multi-factor authentication (MFA)
for O365
Basic mobile device management
via MDM for O365
• Device settings management
• Selective wipe
• Built into O365 management console
RMS protection
via RMS for O365
• Protection for content stored in Office
(on-premises or O365)
• Access to RMS SDK
• Bring your own key
Azure AD for O365+
• Single sign-on for all cloud apps
• Advanced MFA for all workloads
• Self-service group management and
password reset with write back to
on-premises directory
• Advanced security reports
• FIM (Server + CAL)
MDM for O365+
• PC management
• Mobile app management
(prevent cut/copy/paste/save as from
corporate apps to personal apps)
• Secure content viewers
• Certificate provisioning
• System Center integration
RMS for O365+
• Protection for on-premises Windows
Server file shares
• Email notifications when sharing
documents
• Email notifications when shared
documents are forwarded
Identity and Access Management
Windows 10
Enterprise Mobility Suite
• Single sign-on for business cloud apps
• Device setup and registration for
Windows devices
• Windows Store for Business
• Traditional domain join manageability
• Manageability via MDM and MAM
• Encryption for data at rest and
generated on device
• Encryption for data included in
roaming settings
• Conditional access policies for
enhanced single sign-on security
• MDM auto-enrollment
• Self-service group and application
management
• Password reset with write back to
on-premises directory
• Cloud-based advanced security reports
• Microsoft Identity Manager
• Mobile device management
• Mobile app management
• Secure content viewer
• Certificate, Wi-Fi, VPN, email profile
provisioning
• Agent-based management of Windows
devices (domain-joined via ConfigMgr
and internet-based via Intune)
• Tracking and notifications for shared
documents
• Protection for content stored in Office
and Office 365
• Protection for on-premises Windows
Server file shares
• Behavioral analytics for advanced
threat detection
• Detection for known malicious attacks
and security issues
Mobile device and app management
Information protection
Identity and Access Management
Twitter: olavtwitt
Blog: olavtvedt.blogspot.com
E-Post: [email protected] Tvedt | Principal
Global Product ManagerMobility And User Experience
MVP Cloud and Datacenter Management
Microsoft EMS