volle power mit windows 10 und enterprise mobility suite · mobile application management mobile...

of 43/43
Johannes Nöbauer Bereichseiter Enterprise Services Volle Power mit Windows 10 und Enterprise Mobility Suite

Post on 08-Aug-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Johannes Nöbauer

    Bereichseiter Enterprise Services

    Volle Power mit Windows 10

    und Enterprise Mobility Suite

  • Arbeitsplatz 4.0

    Windows 10 &

    Microsoft Enterprise Mobility & Security

    Agenda

  • * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Forrester Research: “2013 Mobile Workforce Adoption Trends,” Feb. 4, 2013*** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115

  • $3.5MThe average cost of a data breach to a company

    Die Häufigkeit und Gewandtheit der Cyber-Angriffe werden sogar noch schlimmer

    “There are two kinds of BIG companies. Those who have been hacked, and those who don’t know they have been hacked.”

    Ernüchternte Statistik

    200+The median # of days that attackers reside within a victim’s network before detection

    75%+of all network intrusions are due to compromised user credentials

    $500BThe total potential cost of cybercrime to the global economy

  • Windows 10

    Schneller

    Besser

    Sicherer

  • Information protection

    Identity-driven security

    Managed mobile productivity

    Identity and access management

    Azure Information Protection Premium P2

    Intelligent classification and encryption for files shared inside and outside your organization

    (includes all capabilities in P1)

    Azure Information Protection Premium P1

    Encryption for all files and storage locations

    Cloud-based file tracking

    Microsoft Cloud App Security

    Enterprise-grade visibility, control, and protection for your cloud applications

    Microsoft Advanced Threat Analytics

    Protection from advanced targeted attacks leveraging user and entity behavioral analytics

    Microsoft Intune

    Mobile device and app management to protect corporate apps and data on any device

    Azure Active Directory Premium P2

    Identity and access management with advanced protection for users and privileged identities

    (includes all capabilities in P1)

    Azure Active Directory Premium P1

    Secure single sign-on to cloud and on-premises apps

    MFA, conditional access, and advanced security reporting

    EMS

    E3

    EMS

    E5

    Microsoft

    Enterprise Mobility + Security Suite

  • Azure Active Directory Premium

    Azure Information Protection

    Advanced Threat Analytics

    Microsoft Intune

    Microsoft

    Enterprise Mobility & Security

  • Azure

    Active Directory

    Self Service Password Reset

    Multifaktor Authentifizierung

    Single-Sign On über Hybrid Clouds

  • Connect and Sync on-premises directories with Azure.

    Your Directory on the cloud

    Azure Active Directory Connect*

    Microsoft AzureActive Directory

    Other Directories

    PowerShell

    LDAP v3

    SQL (ODBC)

    Web Services ( SOAP, JAVA, REST)

    *

  • Connect and Sync on-premises directories with Azure.

    Your Directory on the cloud

    SaaS appsMicrosoft AzureActive Directory

    2400+ Preintegrated popular SaaS apps.

    Other Directories

  • Azure Multi Factor Authentication Optionen

  • Demo

    Azure Active Directory

    Microsoft AzureActive Directory

  • Identity-driven Security

    Conditions

    Allow access

    Or

    Block access

    Actions

    Enforce MFA per

    user/per app

    Location (IP range)

    Device state

    User groupUser

    NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

    CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT

    MFA

    IDENTITY PROTECTION

    Risk

  • Cloud-powered Schutz

    “Risk severity” Berechnung

    Remediation Empfehlung

    Risiko-basierter „Conditional Access“ schützt automatisch vor verdächtigen Anmeldungen und gefährdeten Anmeldeinformationen

    Konsoldierte Ansicht auf die durch „machinelearning“ basierte Erkennung von Bedrohungen

    Leaked credentials

    Infected devices Configuration

    vulnerabilities Risk-

    based

    policiesMFA Challenge Risky Logins

    Block attacks

    Change bad credentials

    Machine-Learning Engine

    Brute force attacks

    Suspicious sign-in activities

  • Sign-in Risk Policy mit Tor Browser

  • Azure Active Directory Premium

    Azure Information Protection

    Advanced Threat Analytics

    Microsoft Intune

    Microsoft

    Enterprise Mobility & Security

  • Microsoft

    Azure Information Protection

    Wie kann ich sicher stellen das Dokumente nur die gewünschte Zielpersonen verschlüsselt erreichen und diese nur spezifische Rechte haben

    Wie kann ich den Zugriff nachverfolgen

    Wie kann ich die Berechtigungen wieder entziehen

  • Azure Rights Management Service

    IntegrationAuthentication and

    collaboration

    Client integration

  • Rights Management 101

    Secret Cola Formula

    WaterHFCS

    Brown #16

    Secret Cola Formula

    WaterHFCS

    Brown #16

    #[email protected]#!#[email protected]#!()&)(*&)(@#!#[email protected]#!#[email protected]#!()&)(*&)(@#!#[email protected]#!#[email protected]#!()&)(*&)(@#!

    Use Rights +

    Protect Unprotect

    File is protected by an AES symmetric key

    Usage rights + symmetric key stored in file as ‘license’

    License protected by org-owned key

  • Rights Management 101

    #[email protected]#!#[email protected]#!

    ()&)(*&)(@#!

    #[email protected]#!#[email protected]#!

    ()&)(*&)(@#!

    #[email protected]#!#[email protected]#!

    ()&)(*&)(@#!

    Use Rights +

    RMS-enlightened apps enforce rights, Generic Protection offered by the RMS

    App

    Enlightened apps use the RMS SDK which communicates with the RMS key

    management servers

    File content isnever sent to the

    RMS server/service

  • Demo

    Azure Information Protection

  • Azure Active Directory Premium

    Azure Information Protection

    Advanced Threat Analytics

    Microsoft Intune

    Microsoft

    Enterprise Mobility & Security

  • Microsoft

    Azure Threat Analytics

    Habe ich unsichere Admin Logons im internen Netz

    Werde oder bin ich schon im internen Netzwerk angegriffen?

    Wie finde Account Credentials Angriffe

  • Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

    Compromising user credentials in the vast majority of attacks

    Die Muster der Cyber-Security-

    Angriffe ändern sich

    Using legitimate IT tools rather than malware – harder to detect

    Staying in the network an average of eight months before detection

    Today’s cyber attackers are:

  • Using legitimate IT tools rather than malware – harder to detect

    Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

    Compromising user credentials in the vast majority of attacks

    Staying in the network an average of eight months before detection

    Today’s cyber attackers are:

    Die Muster der Cyber-Security-

    Angriffe ändern sich

  • Staying in the network an average of eight months before detection

    Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

    Die Muster der Cyber-Security-

    Angriffe ändern sich

    Compromising user credentials in the vast majority of attacks

    Using legitimate IT tools rather than malware – harder to detect

    Today’s cyber attackers are:

  • Problemstellung

    Traditional IT Security Lösungen sind typischerweise :

    Ausgelegt für den

    “perimeter” Schutz

    Komplex Neigen zu

    “false positives”

    Wenn Benutzerlogin

    Informationen gestohlen

    wurden und Angreifer sich

    bereits im Netz befinden,

    bietet Ihre aktuelle Abwehr

    nur mehr eingeschränkten

    Schutz.

    Ersteinrichtung,

    Feinabstimmung, Erstellen

    von Regeln für

    Schwellwerte/Baselines

    können lange dauern.

    Sie erhalten zu viele Berichte

    an einem Tag mit mehreren

    "false positives", die wertvolle

    Zeit erfordern, die Sie nicht

    haben.

  • Eine lokale Lösung um fortschrittliche Sicherheits Angriffe zu identifizieren, bevor diese Schaden anrichten

    Kreditkartenunternehmen

    überwachen das Verhalten

    der Karteninhaber

    Gibt es ungewöhnlich

    Aktivitäten, wird der

    Karteninhaber benachrichtigt um die

    Transaktionen zu überprüfen

    Microsoft Advanced Threat Analytics bringt dieses Konzept

    zur IT und Anwender einer bestimmten OrganisationVergleich:

    Übersicht Microsoft Advanced

    Threat Analytics

  • Alert4

    Wie Microsoft Advanced Threat

    Analytics arbeitet

    ATA reports all suspicious

    activities on a simple,

    functional, actionable

    attack timeline

    ATA identifies

    Who?

    What?

    When?

    How?

    For each suspicious

    activity, ATA provides

    recommendations for

    the investigation and

    remediation.

    ?

  • Topology

  • Captures and analyzes DC network traffic via port mirroring

    Listens to multiple DCs from a single Gateway

    Receives events from SIEM

    Retrieves data about entities from the domain

    Performs resolution of network entities

    Transfers relevant data to the ATA Center

    Topology - Gateway

  • Manages ATA Gateway configuration settings

    Receives data from ATA Gateways and stores in the database

    Detects suspicious activity and abnormal behavior (machine learning)

    Provides Web Management Interface

    Supports multiple Gateways

    Topology - Center

  • Video Demo

    Azure Advanced Threat Analytics

  • Azure Active Directory Premium

    Azure Information Protection

    Advanced Threat Analytics

    Microsoft Intune

    Microsoft

    Enterprise Mobility & Security

  • Microsoft

    Intune

    Bring Your Own Device Mobiles Device Management MIT IT-Kontrolle OHNE private Enteignung

    App-Management für mobile Unternehmens-Apps Schön Êigener App-Store

    PC-Management und MDM integriertManaged Antivirus ist wieder

  • Today’s challenges

    The explosion of devices is eroding the standards-based approach to corporate IT.

    Devices

    Deploying and managing applications across platforms is difficult.

    Apps Data

    Users need to be productive while maintaining compliance and reducing risk.

    Users expect to be able to work in any location and have access to all their work resources.

    Users

  • Empowering people with our Enterprise

    Mobility Suite

    Devices AppsUsers

    Enable users

    Allow users to work on the devices of their choice and provide consistent access to corporate resources.

    Protect your data

    Help protect corporate information and manage risk.Management. Access. Protection.

    Data

    Unify your environment

    Deliver a unified application and device management on-premises and in the cloud.

  • Mobile application management

    PC managementMobile device management

    Enterprise mobility management

    with Intune

    Intune helps organizations provide their employees with access to corporate applications, data, and

    resources from virtually anywhere on almost any device, while helping to keep corporate information secure.

    User IT

  • Device Lifecycle Management

    Enroll• Provide a self-service Company

    Portal for users to enroll devices

    • Deliver custom terms and conditions at enrollment

    • Bulk enroll devices using Apple Configurator or service account

    • Restrict access to Exchange email if a device is not enrolled

    Retire• Revoke access to corporate

    resources

    • Perform selective wipe

    • Audit lost and stolen devices

    Provision• Deploy certificates, email, VPN,

    and WiFi profiles

    • Deploy device security policy settings

    • Install mandatory apps

    • Deploy app restriction policies

    • Deploy data protection policies

    Manage and Protect• Restrict access to corporate

    resources if policies are violated (e.g., jailbroken device)

    • Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem

    • Report on device and app compliance

    User IT

  • Deployment Option 1:

    Intune only

    Manage and Protect

    • No existing infrastructure necessary

    • No existing Configuration Manager deployment required

    • Simplified policy control

    • Simple web-based administration console

    • Faster cadence of updates

    • Always up-to-date

    Devices Supported

    • Windows PCs (x86/64, Intel SoC)

    • Windows RT

    • Windows Phone 8.x

    • iOS

    • Android

    Mobile devices and PCs

    Intune standalone (cloud only)

    IT

    Intune web console

  • Deployment Option 2:

    SCCM + Intune MDM

    System Center 2012 R2 Configuration Manager with Microsoft Intune

    • Build on existing Configuration Manager deployment

    • Full PC management (OS deployment, endpoint protection, application delivery control, custom reporting)

    • Deep policy control requirements

    • Greater scalability

    • Extensible administration tools (RBA, PowerShell, SQL reporting services)

    Devices Supported

    • Windows PCs (x86/64, Intel SoC)

    • Windows to Go

    • Windows Server

    • Linux

    • Mac OS X

    • Windows RT

    • Windows Phone 8.x

    • iOS

    • Android

    Mobile devices

    System Center Configuration

    Manager

    Domain joined PCs

    Configuration Manager integrated with Intune (hybrid)

    IT

    Configuration Manager console

  • Demo

    Microsoft Intune

  • Danke!

    für Ihre Aufmerksamkeit