Johannes Nöbauer

Bereichseiter Enterprise Services

Volle Power mit Windows 10

und Enterprise Mobility Suite

Arbeitsplatz 4.0

Windows 10 &

Microsoft Enterprise Mobility & Security

Agenda

* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Forrester Research: “2013 Mobile Workforce Adoption Trends,” Feb. 4, 2013*** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115

$3.5MThe average cost of a data breach to a company

Die Häufigkeit und Gewandtheit der Cyber-Angriffe werden sogar noch schlimmer

“There are two kinds of BIG companies. Those who have been hacked, and those who don’t know they have been hacked.”

Ernüchternte Statistik

200+The median # of days that attackers reside within a victim’s network before detection

75%+of all network intrusions are due to compromised user credentials

$500BThe total potential cost of cybercrime to the global economy

Windows 10

Schneller

Besser

Sicherer

Information protection

Identity-driven security

Managed mobile productivity

Identity and access management

Azure Information Protection Premium P2

Intelligent classification and encryption for files shared inside and outside your organization

(includes all capabilities in P1)

Azure Information Protection Premium P1

Encryption for all files and storage locations

Cloud-based file tracking

Microsoft Cloud App Security

Enterprise-grade visibility, control, and protection for your cloud applications

Microsoft Advanced Threat Analytics

Protection from advanced targeted attacks leveraging user and entity behavioral analytics

Microsoft Intune

Mobile device and app management to protect corporate apps and data on any device

Azure Active Directory Premium P2

Identity and access management with advanced protection for users and privileged identities

(includes all capabilities in P1)

Azure Active Directory Premium P1

Secure single sign-on to cloud and on-premises apps

MFA, conditional access, and advanced security reporting

EMS

E3

EMS

E5

Microsoft

Enterprise Mobility + Security Suite

Azure Active Directory Premium

Azure Information Protection

Advanced Threat Analytics

Microsoft Intune

Microsoft

Enterprise Mobility & Security

Azure

Active Directory

Self Service Password Reset

Multifaktor Authentifizierung

Single-Sign On über Hybrid Clouds

Connect and Sync on-premises directories with Azure.

Your Directory on the cloud

Azure Active Directory Connect*

Microsoft AzureActive Directory

Other Directories

PowerShell

LDAP v3

SQL (ODBC)

Web Services ( SOAP, JAVA, REST)

*

Connect and Sync on-premises directories with Azure.

Your Directory on the cloud

SaaS appsMicrosoft AzureActive Directory

2400+ Preintegrated popular SaaS apps.

Other Directories

Azure Multi Factor Authentication Optionen

Demo

Azure Active Directory

Microsoft AzureActive Directory

Identity-driven Security

Conditions

Allow access

Or

Block access

Actions

Enforce MFA per

user/per app

Location (IP range)

Device state

User groupUser

NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT

MFA

IDENTITY PROTECTION

Risk

Cloud-powered Schutz

“Risk severity” Berechnung

Remediation Empfehlung

Risiko-basierter „Conditional Access“ schützt automatisch vor verdächtigen Anmeldungen und gefährdeten Anmeldeinformationen

Konsoldierte Ansicht auf die durch „machinelearning“ basierte Erkennung von Bedrohungen

Leaked credentials

Infected devices Configuration

vulnerabilities Risk-

based

policiesMFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in activities

Sign-in Risk Policy mit Tor Browser

Azure Active Directory Premium

Azure Information Protection

Advanced Threat Analytics

Microsoft Intune

Microsoft

Enterprise Mobility & Security

Microsoft

Azure Information Protection

Wie kann ich sicher stellen das Dokumente nur die gewünschte Zielpersonen verschlüsselt erreichen und diese nur spezifische Rechte haben

Wie kann ich den Zugriff nachverfolgen

Wie kann ich die Berechtigungen wieder entziehen

Azure Rights Management Service

IntegrationAuthentication and

collaboration

Client integration

Rights Management 101

Secret Cola Formula

WaterHFCS

Brown #16

Secret Cola Formula

WaterHFCS

Brown #16

#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!

Use Rights +

Protect Unprotect

File is protected by an AES symmetric key

Usage rights + symmetric key stored in file as ‘license’

License protected by org-owned key

Rights Management 101

#!@#!#!@#!

()&)(*&)(@#!

#!@#!#!@#!

()&)(*&)(@#!

#!@#!#!@#!

()&)(*&)(@#!

Use Rights +

RMS-enlightened apps enforce rights, Generic Protection offered by the RMS

App

Enlightened apps use the RMS SDK which communicates with the RMS key

management servers

File content isnever sent to the

RMS server/service

Demo

Azure Information Protection

Azure Active Directory Premium

Azure Information Protection

Advanced Threat Analytics

Microsoft Intune

Microsoft

Enterprise Mobility & Security

Microsoft

Azure Threat Analytics

Habe ich unsichere Admin Logons im internen Netz

Werde oder bin ich schon im internen Netzwerk angegriffen?

Wie finde Account Credentials Angriffe

Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

Compromising user credentials in the vast majority of attacks

Die Muster der Cyber-Security-

Angriffe ändern sich

Using legitimate IT tools rather than malware – harder to detect

Staying in the network an average of eight months before detection

Today’s cyber attackers are:

Using legitimate IT tools rather than malware – harder to detect

Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

Compromising user credentials in the vast majority of attacks

Staying in the network an average of eight months before detection

Today’s cyber attackers are:

Die Muster der Cyber-Security-

Angriffe ändern sich

Staying in the network an average of eight months before detection

Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs

Die Muster der Cyber-Security-

Angriffe ändern sich

Compromising user credentials in the vast majority of attacks

Using legitimate IT tools rather than malware – harder to detect

Today’s cyber attackers are:

Problemstellung

Traditional IT Security Lösungen sind typischerweise :

Ausgelegt für den

“perimeter” Schutz

Komplex Neigen zu

“false positives”

Wenn Benutzerlogin

Informationen gestohlen

wurden und Angreifer sich

bereits im Netz befinden,

bietet Ihre aktuelle Abwehr

nur mehr eingeschränkten

Schutz.

Ersteinrichtung,

Feinabstimmung, Erstellen

von Regeln für

Schwellwerte/Baselines

können lange dauern.

Sie erhalten zu viele Berichte

an einem Tag mit mehreren

"false positives", die wertvolle

Zeit erfordern, die Sie nicht

haben.

Eine lokale Lösung um fortschrittliche Sicherheits Angriffe zu identifizieren, bevor diese Schaden anrichten

Kreditkartenunternehmen

überwachen das Verhalten

der Karteninhaber

Gibt es ungewöhnlich

Aktivitäten, wird der

Karteninhaber benachrichtigt um die

Transaktionen zu überprüfen

Microsoft Advanced Threat Analytics bringt dieses Konzept

zur IT und Anwender einer bestimmten OrganisationVergleich:

Übersicht Microsoft Advanced

Threat Analytics

Alert4

Wie Microsoft Advanced Threat

Analytics arbeitet

ATA reports all suspicious

activities on a simple,

functional, actionable

attack timeline

ATA identifies

Who?

What?

When?

How?

For each suspicious

activity, ATA provides

recommendations for

the investigation and

remediation.

?

Topology

Captures and analyzes DC network traffic via port mirroring

Listens to multiple DCs from a single Gateway

Receives events from SIEM

Retrieves data about entities from the domain

Performs resolution of network entities

Transfers relevant data to the ATA Center

Topology - Gateway

Manages ATA Gateway configuration settings

Receives data from ATA Gateways and stores in the database

Detects suspicious activity and abnormal behavior (machine learning)

Provides Web Management Interface

Supports multiple Gateways

Topology - Center

Video Demo

Azure Advanced Threat Analytics

Azure Active Directory Premium

Azure Information Protection

Advanced Threat Analytics

Microsoft Intune

Microsoft

Enterprise Mobility & Security

Microsoft

Intune

Bring Your Own Device Mobiles Device Management MIT IT-Kontrolle OHNE private Enteignung

App-Management für mobile Unternehmens-Apps Schön Êigener App-Store

PC-Management und MDM integriertManaged Antivirus ist wieder

Today’s challenges

The explosion of devices is eroding the standards-based approach to corporate IT.

Devices

Deploying and managing applications across platforms is difficult.

Apps Data

Users need to be productive while maintaining compliance and reducing risk.

Users expect to be able to work in any location and have access to all their work resources.

Users

Empowering people with our Enterprise

Mobility Suite

Devices AppsUsers

Enable users

Allow users to work on the devices of their choice and provide consistent access to corporate resources.

Protect your data

Help protect corporate information and manage risk.Management. Access. Protection.

Data

Unify your environment

Deliver a unified application and device management on-premises and in the cloud.

Mobile application management

PC managementMobile device management

Enterprise mobility management

with Intune

Intune helps organizations provide their employees with access to corporate applications, data, and

resources from virtually anywhere on almost any device, while helping to keep corporate information secure.

User IT

Device Lifecycle Management

Enroll• Provide a self-service Company

Portal for users to enroll devices

• Deliver custom terms and conditions at enrollment

• Bulk enroll devices using Apple Configurator or service account

• Restrict access to Exchange email if a device is not enrolled

Retire• Revoke access to corporate

resources

• Perform selective wipe

• Audit lost and stolen devices

Provision• Deploy certificates, email, VPN,

and WiFi profiles

• Deploy device security policy settings

• Install mandatory apps

• Deploy app restriction policies

• Deploy data protection policies

Manage and Protect• Restrict access to corporate

resources if policies are violated (e.g., jailbroken device)

• Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem

• Report on device and app compliance

User IT

Deployment Option 1:

Intune only

Manage and Protect

• No existing infrastructure necessary

• No existing Configuration Manager deployment required

• Simplified policy control

• Simple web-based administration console

• Faster cadence of updates

• Always up-to-date

Devices Supported

• Windows PCs (x86/64, Intel SoC)

• Windows RT

• Windows Phone 8.x

• iOS

• Android

Mobile devices and PCs

Intune standalone (cloud only)

IT

Intune web console

Deployment Option 2:

SCCM + Intune MDM

System Center 2012 R2 Configuration Manager with Microsoft Intune

• Build on existing Configuration Manager deployment

• Full PC management (OS deployment, endpoint protection, application delivery control, custom reporting)

• Deep policy control requirements

• Greater scalability

• Extensible administration tools (RBA, PowerShell, SQL reporting services)

Devices Supported

• Windows PCs (x86/64, Intel SoC)

• Windows to Go

• Windows Server

• Linux

• Mac OS X

• Windows RT

• Windows Phone 8.x

• iOS

• Android

Mobile devices

System Center Configuration

Manager

Domain joined PCs

Configuration Manager integrated with Intune (hybrid)

IT

Configuration Manager console

Demo

Microsoft Intune

Danke!

für Ihre Aufmerksamkeit