agenda - schedschd.ws/hosted_files/2014giantsgmisillinois/f4/microsoft...agenda • enterprise...
TRANSCRIPT
Agenda• Enterprise challenges for mobility
• How Microsoft’s Enterprise Mobility Suite Provides helps with those challenges
• Hybrid identity With Azure Active Directory and Azure Active Directory Premium
• Mobile Device Management with Microsoft Intune
• Data Protection with Azure Rights Management Services
• Enterprise Mobility Suite Offering
2
The time to address enterprise mobility is now
Data leakage resulting from device loss or theft is a top smartphone security risk –European Union Agency for Network and Information Security
29% of today’s global workforce use 3+ devices, work from multiple locations and use many apps.
67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves
80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs
The explosion of devices is eroding the standards-based approach to corporate IT.
DevicesDeploying and managing applications across platforms is difficult.
Apps
Today’s challenges
DataUsers need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Microsoft Intune
Mobile device settings management
Mobile application management
Selective wipe
Microsoft Azure Active Directory Premium
security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Introducing the Enterprise Mobility Suite -Microsoft.com/EMS
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
EMS and Office 365
Cloud and hybrid identity management
Mobile device management
Information protection
Enterprise Mobility
Suite
• Protection for O365 content• Protection for on premises Exchange SharePoint content
• Access to RMS SDK• Bring your own Key
• Protection for on-premises Windows Server file shares
• Basic Mobile Device Management via EAS
• PIN enforcement• Device wipe
• PC Management• Mobile Device Management• Mobile App Management• Certificate Provisioning• Selective wipe
• Single Sign on for O365 • Basic Multifactor Authentication (MFA) for O365
• Single Sign on for all cloud apps • Advanced MFA for all workloads• Self Service group management and password reset with write back to on premises directory
• Advanced security reports• FIM (Server + CAL)
Microsoft Intune
Mobile device settings management
Mobile application management
Selective wipe
Enterprise Mobility SuiteMicrosoft Azure Active Directory Premium
Group management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Hybrid identityBridging on-premises and Azure Active Directory
Enable your usersProvide users with self-serviceexperiences to keep them productiveEnable single sign-on for users across the resources they need access to
Protect your dataEnforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applicationsEnsure compliance with governance, attestation, and reporting
Unify your environmentCreate a centralized identity across on-premises and cloud environmentsUse identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely
Azure Active Directory Premium
Take advantage of a directory in the cloudGroup-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percent
Empower users
Self-service password resetDelegated group management
Monitor and protect access to applicationsSecurity reports based on machine learningApplication usage reportsMulti-factor authentication
Built on top of a free offeringRobust set of capabilities for empowering enterprises with demanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager server licenses and CALs
Synchronizing your active Directory
Company Portal - Sign-In Experience
Company Portal - SSO to Applications
Company Portal Profile Password Reset
Group Management
Self Service Password Reset
Multi-Factor Authentication
Advanced Reporting
Microsoft Intune
Mobile device settings management
Mobile application management
Selective wipe
Microsoft Azure Active Directory Premium
Group management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Enterprise Mobility Suite
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Manage and Secure PCs and Devices Anywhere
Help protect PCs from malware
Manage updates
Proactive monitoring and alerts
Provide remote assistance
Inventory hardware and software
Monitor & track licenses
Increase insight with reporting
Set security policies
Distribute software
Richer Mobile Device Management
Simple web-based Administration Console and a richer experience for Information Workers
Mobile Device Management with Microsoft Intune
EAS based management
Direct management (Windows RT, Windows Phone 8.x, iOS,
Android)
Microsoft Intune – Standalone service
Microsoft Intune integrated with System Center 2012 R2 Configuration Manager
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8.x
iOS, Android
Company PortalConsistent self service experience for end user across mobile platforms
Available in the Windows Store
Windows Phone iOS
Side-loaded during enrollment
Available in the Apple App store
Windows Android
Available in the Google Play Store
Mobile Device Settings in Microsoft Intune
Category Win 8.1 PC & RT WP8.1 iOS AndroidPassword
Encryption
Malware
System Settings
Cloud
Windows Server Work Folders
Browser
Applications & Gaming
Device restrictions
Store access
Roaming
* Subset of settings Note: Table applicable to direct MDM and not EAS
Mobile Device Settings in Microsoft Intune
* Subset of settings Note: Table applicable to direct MDM and not EAS
Mobile device wipe and retire
Category Windows 8.1 (x86/RT OMA-DM managed)
Windows 8 RT Windows Phone 8.1
iOS Android (EAS)
Full Wipe
Retire (Selective wipe)
Email (Email through EAS) (Email through EAS)
Company apps and associated
data installed by Microsoft Intune.
Apps originally installed through the company portal
are uninstalled and sideloading keys are removed. Apps using Windows Selective Wipe will have the encryption key revoked and data will no
longer be accessible.
Sideloading keys are removed but apps remain installed.
Apps originally installed through the company portal are uninstalled. Company app data is
removed.
Apps are uninstalled. Company app data is
removed.
Apps and data remain installed.
Settings Requirements removed Requirements removed Requirements removed Requirements removed Requirements removed
Management Client
Not applicable. Management agent is built-in
Not applicable. Management agent is
built-in
Not applicable. Management agent is
built-in
Management profile is removed
Device Administrator privilege is revoked.
Selective Wipe
Microsoft Intune
Mobile device settings management
Mobile application management
Selective wipe
Microsoft Azure Active Directory Premium
Group management, security reports, and audit reports
Self-service password reset and multi-factor authentication
Connection between Active Directory and Azure Active Directory
Enterprise Mobility Suite
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
What is Azure Rights Management?• Data Loss Prevention through the use of a cloud based
encryption/decryption solution
• Allows you to secure data regardless of location, enabling
you to share data securely internally and externally
• Secures content on Windows Server File Shares
• Access Secure content on mobile devices
What problems does Azure RMS solve?
• Protect All File Types
• Protect Files Anywhere
• Share Files Securely by Email
• Auditing and Monitoring
• Support for all commonly used devices, not just windows computers
• Support for business to business collaboration
37
Protect data with rights management
Take advantage of hybrid options across Windows Server and Azure Rights Management service
Integrate Microsoft SharePoint and Microsoft Exchange Server
Automatically identify and classify data based on content with automatic encryption
More securely share documents with colleagues and business partners
Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients
Protecting Files Locally
39
Sharing Protected Files
40
RMS Integration with SharePoint Online
41
Cloud and hybrid identity management
Simplified procurement
Mobile device management
Information protection
Other options in the market
Azure Active Directory Premium Microsoft Intune Azure Rights Management service
Ping Identity
Okta
Centrify
Salesforce Identity
Amazon Web Services
AirWatch MobileIron
Good
KaseyaSymantec SecloreFasooAdobe LiveCycle
EMS: One Vendor, One Contract, One SKUWhy Microsoft?
$4.50
60-percent discount and introductory promotion
Enterprise Mobility Suite add-on promotion4
People-centric IT with one license suite and one vendor
*60-percent discount over list pricing with limited time promotion if purchased before 12/31/2014
Add-on SKU requires Core CAL, ECAL, or Bridge CAL
Microsoft solution value
1. Seclore assumes blended cost across 500 authors ($7 per user) , 1000 consumers (no cost).2. AirWatch per device per month Cloud Hosted MDM Suite List pricing. Management of multiple devices per user requires additional licensing.3. Salesforce Identity per user per month list pricing , included for existing Salesforce customers.. Okta list price $10 per user per month.4. Per user per month Open NL price $4.5/u/m. EA pricing starts at $4/u/m. Promo requires 250 minimum purchase and qualifying CAL Suite license.
Microsoft Confidential 46
Questions?
Appendix
Support options
http://www.windowsazure.com/en-us/support/plans/
https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1
http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx