windows server 2016 tp5 microsoft tech talks · 2019. 3. 4. · microsoft intune azure information...
TRANSCRIPT
What are Microsoft Tech Talks?
• Microsoft Tech Talks is a Technical Community event, designed to bring IT leaders in the local area together at a Microsoft facility, for deep Microsoft-technology based discussions, and
• An opportunity to network and share with local Microsoft Services Professionals and other IT professionals.
• A Microsoft Services presenter delivers a technically-rich presentation covering a product, product feature, or service that Microsoft offers,
• Our presenters are world-class Subject Matter Experts and trusted advisors to our highly-valued customers.
• Our meetings are a great opportunity to 'ask the experts' questions about their given field of expertise.
• Subjects vary from session to session and attempt to be at the leading edge, showcasing our latest features and products available.
• These communities now collectively have over 2500 members that have joined one of the local meetup groups.
• We are constantly expanding to a region near you, your friends / colleagues…..
• Join Us
• Join Other Groups
• RSVP Closed does not mean Closed!
• Look for the Microsoft Events sign-up
link!
• Tell all your friends / colleagues
• Group Review!!
http://www.meetup.com
Enterprise Mobility + Security (EMS)
Sven Hallauer
Principle Program Manager, Intune CXE CAT
Security for the productive enterprise in a mobile-first cloud-first world
of employees say mobile business apps change how they work
85%of enterprise organizations keep sensitive information in the cloud
41%
80%of employees use non-approved SaaS apps for work
On-premises
Devices AppsIdentity Data
On-premises
On-premises
THE PROBLEM
The security you need integrated with the productivity tools you want
Productivity
Secure
On-premises
OR
Security
It’s a delicate balance
Information
Rights
ManagementMobile Device
& Application
Management
Cloud Access
Security
Broker
SIEM
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Mobile
Data Loss
Prevention
Threat
Detection
Identity
governanceSingle-
sign on
Cloud
Data Loss
Prevention
Conditional
access
Discovery
Cloud
visibility
Secure
collaboration
Cloud
anomaly
detection
Identity & Access
Management
Identity & Access
Management
Mobile Device
& Application
Management
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Cloud Access
Security
Broker
Information
Rights
Management
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Cloud Access Security Broker
Mobile Device &
App ManagementIdentity & Access
Management
User & Entity
Behavioral Analytics
Data Loss Prevention
Mobile device & app management
Information protection
Identity and access management
Threat protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
of hacking breaches leverage stolen and/orweak passwords
81%Enterprise Mobility + Security
Identity – Driven Security
Verizon 2017 Data Breach Investigation Report
Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other directories
Windows ServerActive Directory
SaaS
Azure
Publiccloud
CloudMicrosoft Azure Active Directory
IntelligentInnovativeHolistic Identity-driven
Addresses security challenges across users
(identities), devices, data, apps, and
platforms―on-premises and in the cloud
Offers one protected common identity for secure access to all
corporate resources, on-premises and in the
cloud, with risk-based conditional access
Protects your data from new and changing
cybersecurity attacks
Enhances threat and
anomaly detection with
the Microsoft Intelligent
Security Graph driven by
a vast amount of
datasets and machine
learning in the cloud.
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
1. Protect at the front doorSafeguard your resources at the front door with innovative
and advanced risk-based conditional accesses
2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-
premises and in the cloud.
3. Detect attacks before they cause damageUncover suspicious activity and pinpoint threats with deep
visibility and ongoing behavioral analytics.
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data on-premises and in the cloud
Monitor and RespondLOB app protection
DLP for Office 365 mobile apps
Optional device management
Microsoft Intune
How do I prevent data leakage from my mobile apps?
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility and control of my cloud apps?
IDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security
Behavioral analytics
Detection in the cloud
Anomaly detection
Azure Active Directory Premium
Security reporting and monitoring (access & usage)
Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY
Microsoft
Intune
Azure Information
Protection
Protect your users, devices, and apps
Detect threats early with visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium
Enterprise Mobility + Security
Managed Mobile Productivity
of workers have accidentally shared sensitive data to the wrong person
58%
Stroz Friedberg
Productivity on-the-go is the new normalAs people work on their phones…
Is your corporate data
protected?
Can they get things done as
easily as when at their desks?
Can they quickly connect and
collaborate with colleagues?
>200 mobile sites & apps expose sensitive
consumer & enterprise info (3.9 billion mobile
device requests from 500+ enterprises)
93% of mobile workers use smartphone
daily, working on the phone 33% of their day
75% of the global workforce conducting
relationships with people via mobile by 2025
Manage and secure devices
Office mobile apps
Data-level protection
MANAGED MOBILE PRODUCTIVITY
Enroll devices formanagement
Provision settings, certs, profiles
Report & measure device compliance
Remove corporatedata from devices
Offer mobileapps to users
Configure andupdate apps
Report appinventory & usage
Secure & remove corporate data within mobile apps
Mobile Application
Management (MAM)
Conditional Access:Restrict which apps can be
used to access email or files
Mobile Device
Management (MDM)
Conditional Access:Restrict access to managed
and compliant devices
BYOD CORP OWNED
BYOD CORP OWNED
Managed Email Clients – User ratings and adoption
Security
Modern authentication, App
Protection, Conditional Access
Office 365 Integration
Word, Excel, PowerPoint
OneDrive and Skype for Business
Intelligence
People, org view, LinkedIn
Office Lens, Travel summary cards
Organize on the go
Scheduling Free/Busy
Time to leave reminders
Outlook Mobile –The best way to experience Office 365 on a mobile device
Outlook with EMS
APP LEVEL DATA
PROTECTION
Intune
CONDITIONAL ACCESS
Azure Active Directory
DEEP VISIBILITY &
CONTROL OF CLOUD DATA
Cloud App Security
CLASSIFY, LABEL AND
PROTECT DATA
Microsoft Information Protection
DETECT BREACHES, ANOMALIES
AND ATTACKS IN ADVANCE
Advanced Threat Analytics
!
Access granted to data
Classify
LabelAudit
Protect
!
!
Apps
Risk!
Device
CONDITIONAL
ACCESS
Location
SECURE EMAIL, SEARCH,
CALENDAR
Outlook
Encryption at rest
Selective wipe
Save as/ copy/ paste restrictions
Access control – PIN, biometrics or credentials
Managed web browsing
Controls for app access and data management
Intune app level protections
With and without mobile device enrollment (MDM)
Man
ag
ed
ap
ps
Perso
nal a
pp
s
Restrict features, sharing and downloads
Multi-identity policy
Personal data
Corporate data
Control what happens after data has been accessed
Corporatedata
Personal data
Multi-identity policy
Azure Information Protection
(AIP) empowers you to
control how data is accessed
from employee devices
Separate company managed
apps from personal apps, and
set policies on how data is
accessed from managed apps
Intune APP ensure corporate
data can’t be copied and
pasted to personal apps within
the device
Email attachment
Copy Paste Save
Save to
personal storage
Paste to
personal app
Secure access to apps containing company data
PIN enforcement
Set requirements
Data sharing between apps
Manage contacts data
Wipe company data
Lost or Stolen devices
Manage how data moves between apps
Clip board
Block copy/paste
Calendar switching
Manage calendar edits
Work / Personal accounts
Protect email distribution
Stay secure with Microsoft Edge for iOS and Android
SecurityConditional Access
App Protection Policies
Designed for best secure browsing with Microsoft Intune policies
ProductivityPersonal & Corporate
Identity Support
App Proxy, SSO
ManageabilityManaged Favorites
& Home Shortcut
Blocked Sites
Locations
Device OS
Client Apps
Identity
Cloud ServiceEnforce
MFA
Enforce
Device Health*
Require
Outlook
*Device Enrollment required
Control data access via app based conditional access
EMS E5 enhancements add risk based conditional access
Locations
Device OS
Client Apps
Sign-in Risk
Identity
Cloud Service Enforce
MFA
Enforce
Device Health*
Require
OutlookSuspicious sign-in attempts
Leaked credentials Force password reset
*Device Enrollment required
Enterprise Mobility + Security
Managed Mobile Productivity
Demo
USER
User is prompted
to create a PIN
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures
app protection policy
OneDrive
for BusinessAllow
access
• Copy/Paste/SaveAs controls
• PIN required
• Encrypt storage
User is prompted
to enroll device
Device checked
for compliance
Business email
account is added
User adds
business account
to email app
Intune enrolls device
and applies policies
CORPORATE
Allow
access
• PIN required
• Encrypt storage
• Image is not jailbroken
USER
Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access granted to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location
Create Intune app protection policies for Android and
iOS
Follow the steps to set conditional access policies for
Exchange Online with Azure Active Directory
Start using Outlook for iOS or Outlook for Android
Provide your users with instructions on how to
optimize Outlook for iOS and Android
Get deployment and adoption support from FastTrack
Give us feedback in-product or at UserVoice
Next Steps
Activate Enterprise Mobility & Security (EMS)
5 days
WorkshopPLUS - Enterprise Mobile Device
Management with Microsoft Intune
3 days
https://aka.ms/VegasSurvey2March2019
VERY Short 10 questions!
Please be aware that your feedback is extremely
valued and important to us, as in addition to
improving the quality of our events, it helps us to
justify the time, effort and money in hosting, funding
and organizing these events.
Simple set up with FastTrack for
FastTrack will:
Retain control of sensitive documents locally and
over email
Automatically protect mail containing privileged
information
Ensure files stored in SharePoint are rights
protected
Envision
Azure Rights Management
FastTrack will:
Setup and deploy mobile app management
policies to help prevent Office 365 data leakage
Setup and deploy device security policies like pin
or device encryption
Integrate on-premises System Center
Configuration Manager with Intune
Enable conditional access and compliance
policies to control access to data
FastTrack will:
Get organizational identities to the cloud
Set up single sign-on for test apps (including
Azure Active Directory Application Proxy apps)
Configure self-service options like password
reset and Azure Multi-Factor Authentication in
the MyApps site
Azure Active Directory Premium
Microsoft Intune
Onboard Drive Value
FastTrack is included with EMS to accelerate your deployments