volle power mit windows 10 und enterprise mobility suite · mobile application management mobile...
TRANSCRIPT
Johannes Nöbauer
Bereichseiter Enterprise Services
Volle Power mit Windows 10
und Enterprise Mobility Suite
Arbeitsplatz 4.0
Windows 10 &
Microsoft Enterprise Mobility & Security
Agenda
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Forrester Research: “2013 Mobile Workforce Adoption Trends,” Feb. 4, 2013*** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115
$3.5MThe average cost of a data breach to a company
Die Häufigkeit und Gewandtheit der Cyber-Angriffe werden sogar noch schlimmer
“There are two kinds of BIG companies. Those who have been hacked, and those who don’t know they have been hacked.”
Ernüchternte Statistik
200+The median # of days that attackers reside within a victim’s network before detection
75%+of all network intrusions are due to compromised user credentials
$500BThe total potential cost of cybercrime to the global economy
Windows 10
Schneller
Besser
Sicherer
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information Protection Premium P2
Intelligent classification and encryption for files shared inside and outside your organization
(includes all capabilities in P1)
Azure Information Protection Premium P1
Encryption for all files and storage locations
Cloud-based file tracking
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your cloud applications
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user and entity behavioral analytics
Microsoft Intune
Mobile device and app management to protect corporate apps and data on any device
Azure Active Directory Premium P2
Identity and access management with advanced protection for users and privileged identities
(includes all capabilities in P1)
Azure Active Directory Premium P1
Secure single sign-on to cloud and on-premises apps
MFA, conditional access, and advanced security reporting
EMS
E3
EMS
E5
Microsoft
Enterprise Mobility + Security Suite
Azure Active Directory Premium
Azure Information Protection
Advanced Threat Analytics
Microsoft Intune
Microsoft
Enterprise Mobility & Security
Azure
Active Directory
Self Service Password Reset
Multifaktor Authentifizierung
Single-Sign On über Hybrid Clouds
Connect and Sync on-premises directories with Azure.
Your Directory on the cloud
Azure Active Directory Connect*
Microsoft AzureActive Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services ( SOAP, JAVA, REST)
*
Connect and Sync on-premises directories with Azure.
Your Directory on the cloud
SaaS appsMicrosoft AzureActive Directory
2400+ Preintegrated popular SaaS apps.
Other Directories
Azure Multi Factor Authentication Optionen
Demo
Azure Active Directory
Microsoft AzureActive Directory
Identity-driven Security
Conditions
Allow access
Or
Block access
Actions
Enforce MFA per
user/per app
Location (IP range)
Device state
User groupUser
NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES
CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY PROTECTION
Risk
Cloud-powered Schutz
“Risk severity” Berechnung
Remediation Empfehlung
Risiko-basierter „Conditional Access“ schützt automatisch vor verdächtigen Anmeldungen und gefährdeten Anmeldeinformationen
Konsoldierte Ansicht auf die durch „machinelearning“ basierte Erkennung von Bedrohungen
Leaked credentials
Infected devices Configuration
vulnerabilities Risk-
based
policiesMFA Challenge Risky Logins
Block attacks
Change bad credentials
Machine-Learning Engine
Brute force attacks
Suspicious sign-in activities
Sign-in Risk Policy mit Tor Browser
Azure Active Directory Premium
Azure Information Protection
Advanced Threat Analytics
Microsoft Intune
Microsoft
Enterprise Mobility & Security
Microsoft
Azure Information Protection
Wie kann ich sicher stellen das Dokumente nur die gewünschte Zielpersonen verschlüsselt erreichen und diese nur spezifische Rechte haben
Wie kann ich den Zugriff nachverfolgen
Wie kann ich die Berechtigungen wieder entziehen
Azure Rights Management Service
IntegrationAuthentication and
collaboration
Client integration
Rights Management 101
Secret Cola Formula
WaterHFCS
Brown #16
Secret Cola Formula
WaterHFCS
Brown #16
#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!
Use Rights +
Protect Unprotect
File is protected by an AES symmetric key
Usage rights + symmetric key stored in file as ‘license’
License protected by org-owned key
Rights Management 101
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
Use Rights +
RMS-enlightened apps enforce rights, Generic Protection offered by the RMS
App
Enlightened apps use the RMS SDK which communicates with the RMS key
management servers
File content isnever sent to the
RMS server/service
Demo
Azure Information Protection
Azure Active Directory Premium
Azure Information Protection
Advanced Threat Analytics
Microsoft Intune
Microsoft
Enterprise Mobility & Security
Microsoft
Azure Threat Analytics
Habe ich unsichere Admin Logons im internen Netz
Werde oder bin ich schon im internen Netzwerk angegriffen?
Wie finde Account Credentials Angriffe
Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs
Compromising user credentials in the vast majority of attacks
Die Muster der Cyber-Security-
Angriffe ändern sich
Using legitimate IT tools rather than malware – harder to detect
Staying in the network an average of eight months before detection
Today’s cyber attackers are:
Using legitimate IT tools rather than malware – harder to detect
Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs
Compromising user credentials in the vast majority of attacks
Staying in the network an average of eight months before detection
Today’s cyber attackers are:
Die Muster der Cyber-Security-
Angriffe ändern sich
Staying in the network an average of eight months before detection
Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs
Die Muster der Cyber-Security-
Angriffe ändern sich
Compromising user credentials in the vast majority of attacks
Using legitimate IT tools rather than malware – harder to detect
Today’s cyber attackers are:
Problemstellung
Traditional IT Security Lösungen sind typischerweise :
Ausgelegt für den
“perimeter” Schutz
Komplex Neigen zu
“false positives”
Wenn Benutzerlogin
Informationen gestohlen
wurden und Angreifer sich
bereits im Netz befinden,
bietet Ihre aktuelle Abwehr
nur mehr eingeschränkten
Schutz.
Ersteinrichtung,
Feinabstimmung, Erstellen
von Regeln für
Schwellwerte/Baselines
können lange dauern.
Sie erhalten zu viele Berichte
an einem Tag mit mehreren
"false positives", die wertvolle
Zeit erfordern, die Sie nicht
haben.
Eine lokale Lösung um fortschrittliche Sicherheits Angriffe zu identifizieren, bevor diese Schaden anrichten
Kreditkartenunternehmen
überwachen das Verhalten
der Karteninhaber
Gibt es ungewöhnlich
Aktivitäten, wird der
Karteninhaber benachrichtigt um die
Transaktionen zu überprüfen
Microsoft Advanced Threat Analytics bringt dieses Konzept
zur IT und Anwender einer bestimmten OrganisationVergleich:
Übersicht Microsoft Advanced
Threat Analytics
Alert4
Wie Microsoft Advanced Threat
Analytics arbeitet
ATA reports all suspicious
activities on a simple,
functional, actionable
attack timeline
ATA identifies
Who?
What?
When?
How?
For each suspicious
activity, ATA provides
recommendations for
the investigation and
remediation.
?
Topology
Captures and analyzes DC network traffic via port mirroring
Listens to multiple DCs from a single Gateway
Receives events from SIEM
Retrieves data about entities from the domain
Performs resolution of network entities
Transfers relevant data to the ATA Center
Topology - Gateway
Manages ATA Gateway configuration settings
Receives data from ATA Gateways and stores in the database
Detects suspicious activity and abnormal behavior (machine learning)
Provides Web Management Interface
Supports multiple Gateways
Topology - Center
Video Demo
Azure Advanced Threat Analytics
Azure Active Directory Premium
Azure Information Protection
Advanced Threat Analytics
Microsoft Intune
Microsoft
Enterprise Mobility & Security
Microsoft
Intune
Bring Your Own Device Mobiles Device Management MIT IT-Kontrolle OHNE private Enteignung
App-Management für mobile Unternehmens-Apps Schön Êigener App-Store
PC-Management und MDM integriertManaged Antivirus ist wieder
Today’s challenges
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps Data
Users need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Empowering people with our Enterprise
Mobility Suite
Devices AppsUsers
Enable users
Allow users to work on the devices of their choice and provide consistent access to corporate resources.
Protect your data
Help protect corporate information and manage risk.Management. Access. Protection.
Data
Unify your environment
Deliver a unified application and device management on-premises and in the cloud.
Mobile application management
PC managementMobile device management
Enterprise mobility management
with Intune
Intune helps organizations provide their employees with access to corporate applications, data, and
resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT
Device Lifecycle Management
Enroll• Provide a self-service Company
Portal for users to enroll devices
• Deliver custom terms and conditions at enrollment
• Bulk enroll devices using Apple Configurator or service account
• Restrict access to Exchange email if a device is not enrolled
Retire• Revoke access to corporate
resources
• Perform selective wipe
• Audit lost and stolen devices
Provision• Deploy certificates, email, VPN,
and WiFi profiles
• Deploy device security policy settings
• Install mandatory apps
• Deploy app restriction policies
• Deploy data protection policies
Manage and Protect• Restrict access to corporate
resources if policies are violated (e.g., jailbroken device)
• Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem
• Report on device and app compliance
User IT
Deployment Option 1:
Intune only
Manage and Protect
• No existing infrastructure necessary
• No existing Configuration Manager deployment required
• Simplified policy control
• Simple web-based administration console
• Faster cadence of updates
• Always up-to-date
Devices Supported
• Windows PCs (x86/64, Intel SoC)
• Windows RT
• Windows Phone 8.x
• iOS
• Android
Mobile devices and PCs
Intune standalone (cloud only)
IT
Intune web console
Deployment Option 2:
SCCM + Intune MDM
System Center 2012 R2 Configuration Manager with Microsoft Intune
• Build on existing Configuration Manager deployment
• Full PC management (OS deployment, endpoint protection, application delivery control, custom reporting)
• Deep policy control requirements
• Greater scalability
• Extensible administration tools (RBA, PowerShell, SQL reporting services)
Devices Supported
• Windows PCs (x86/64, Intel SoC)
• Windows to Go
• Windows Server
• Linux
• Mac OS X
• Windows RT
• Windows Phone 8.x
• iOS
• Android
Mobile devices
System Center Configuration
Manager
Domain joined PCs
Configuration Manager integrated with Intune (hybrid)
IT
Configuration Manager console
Demo
Microsoft Intune
Danke!
für Ihre Aufmerksamkeit