What are Microsoft Tech Talks?

• Microsoft Tech Talks is a Technical Community event, designed to bring IT leaders in the local area together at a Microsoft facility, for deep Microsoft-technology based discussions, and

• An opportunity to network and share with local Microsoft Services Professionals and other IT professionals.

• A Microsoft Services presenter delivers a technically-rich presentation covering a product, product feature, or service that Microsoft offers,

• Our presenters are world-class Subject Matter Experts and trusted advisors to our highly-valued customers.

• Our meetings are a great opportunity to 'ask the experts' questions about their given field of expertise.

• Subjects vary from session to session and attempt to be at the leading edge, showcasing our latest features and products available.

• These communities now collectively have over 2500 members that have joined one of the local meetup groups.

• We are constantly expanding to a region near you, your friends / colleagues…..

• Join Us

• Join Other Groups

• RSVP Closed does not mean Closed!

• Look for the Microsoft Events sign-up

link!

• Tell all your friends / colleagues

• Group Review!!

http://www.meetup.com

Enterprise Mobility + Security (EMS)

Sven Hallauer

Principle Program Manager, Intune CXE CAT

Security for the productive enterprise in a mobile-first cloud-first world

of employees say mobile business apps change how they work

85%of enterprise organizations keep sensitive information in the cloud

41%

80%of employees use non-approved SaaS apps for work

On-premises

Devices AppsIdentity Data

On-premises

On-premises

THE PROBLEM

The security you need integrated with the productivity tools you want

Productivity

Secure

On-premises

OR

Security

It’s a delicate balance

Information

Rights

ManagementMobile Device

& Application

Management

Cloud Access

Security

Broker

SIEM

Data Loss

Prevention

User &

Entity

Behavioral

Analytics

Mobile

Data Loss

Prevention

Threat

Detection

Identity

governanceSingle-

sign on

Cloud

Data Loss

Prevention

Conditional

access

Discovery

Cloud

visibility

Secure

collaboration

Cloud

anomaly

detection

Identity & Access

Management

Identity & Access

Management

Mobile Device

& Application

Management

Data Loss

Prevention

User &

Entity

Behavioral

Analytics

Cloud Access

Security

Broker

Information

Rights

Management

Protect at the

front door

Detect &

remediate attacks

Protect your

data anywhere

Cloud Access Security Broker

Mobile Device &

App ManagementIdentity & Access

Management

User & Entity

Behavioral Analytics

Data Loss Prevention

Mobile device & app management

Information protection

Identity and access management

Threat protection

Holistic and innovative solutions for protection across users, devices, apps and data

Protect at the

front door

Detect &

remediate attacks

Protect your

data anywhere

of hacking breaches leverage stolen and/orweak passwords

81%Enterprise Mobility + Security

Identity – Driven Security

Verizon 2017 Data Breach Investigation Report

Identity is the foundation for enterprise mobility

IDENTITY – DRIVEN SECURITY

Single sign-onSelf-service

Simple connection

On-premises

Other directories

Windows ServerActive Directory

SaaS

Azure

Publiccloud

CloudMicrosoft Azure Active Directory

IntelligentInnovativeHolistic Identity-driven

Addresses security challenges across users

(identities), devices, data, apps, and

platforms―on-premises and in the cloud

Offers one protected common identity for secure access to all

corporate resources, on-premises and in the

cloud, with risk-based conditional access

Protects your data from new and changing

cybersecurity attacks

Enhances threat and

anomaly detection with

the Microsoft Intelligent

Security Graph driven by

a vast amount of

datasets and machine

learning in the cloud.

IDENTITY – DRIVEN SECURITY

IDENTITY – DRIVEN SECURITY

1. Protect at the front doorSafeguard your resources at the front door with innovative

and advanced risk-based conditional accesses

2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-

premises and in the cloud.

3. Detect attacks before they cause damageUncover suspicious activity and pinpoint threats with deep

visibility and ongoing behavioral analytics.

Conditions

Allow access

Or

Block access

Actions

Enforce MFA

per user/per

app

Location

Device state

User/Application

MFA

Risk

User

IDENTITY – DRIVEN SECURITY

IDENTITY – DRIVEN SECURITY

Azure Information Protection

Classify & Label

Protect

How do I control data on-premises and in the cloud

Monitor and RespondLOB app protection

DLP for Office 365 mobile apps

Optional device management

Microsoft Intune

How do I prevent data leakage from my mobile apps?

Cloud App Security

Risk scoring

Shadow IT Discovery

Policies for data control

How do I gain visibility and control of my cloud apps?

IDENTITY – DRIVEN SECURITY

Microsoft Advanced Threat Analytics (ATA)

Behavioral Analytics

Detection of known malicious attacks

Detection of known security issues

On-premises detection

Cloud App Security

Behavioral analytics

Detection in the cloud

Anomaly detection

Azure Active Directory Premium

Security reporting and monitoring (access & usage)

Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY

Microsoft

Intune

Azure Information

Protection

Protect your users, devices, and apps

Detect threats early with visibility and threat analytics

Protect your data, everywhere

Extend enterprise-grade security

to your cloud and SaaS apps

Manage identity with hybrid

integration to protect application

access from identity attacks

Microsoft

Advanced Threat Analytics

Microsoft Cloud App Security

Azure Active Directory

Premium

Enterprise Mobility + Security

Managed Mobile Productivity

of workers have accidentally shared sensitive data to the wrong person

58%

Stroz Friedberg

Productivity on-the-go is the new normalAs people work on their phones…

Is your corporate data

protected?

Can they get things done as

easily as when at their desks?

Can they quickly connect and

collaborate with colleagues?

>200 mobile sites & apps expose sensitive

consumer & enterprise info (3.9 billion mobile

device requests from 500+ enterprises)

93% of mobile workers use smartphone

daily, working on the phone 33% of their day

75% of the global workforce conducting

relationships with people via mobile by 2025

Manage and secure devices

Office mobile apps

Data-level protection

MANAGED MOBILE PRODUCTIVITY

Enroll devices formanagement

Provision settings, certs, profiles

Report & measure device compliance

Remove corporatedata from devices

Offer mobileapps to users

Configure andupdate apps

Report appinventory & usage

Secure & remove corporate data within mobile apps

Mobile Application

Management (MAM)

Conditional Access:Restrict which apps can be

used to access email or files

Mobile Device

Management (MDM)

Conditional Access:Restrict access to managed

and compliant devices

BYOD CORP OWNED

BYOD CORP OWNED

Managed Email Clients – User ratings and adoption

Security

Modern authentication, App

Protection, Conditional Access

Office 365 Integration

Word, Excel, PowerPoint

OneDrive and Skype for Business

Intelligence

People, org view, LinkedIn

Office Lens, Travel summary cards

Organize on the go

Scheduling Free/Busy

Time to leave reminders

Outlook Mobile –The best way to experience Office 365 on a mobile device

Outlook with EMS

APP LEVEL DATA

PROTECTION

Intune

CONDITIONAL ACCESS

Azure Active Directory

DEEP VISIBILITY &

CONTROL OF CLOUD DATA

Cloud App Security

CLASSIFY, LABEL AND

PROTECT DATA

Microsoft Information Protection

DETECT BREACHES, ANOMALIES

AND ATTACKS IN ADVANCE

Advanced Threat Analytics

!

Access granted to data

Classify

LabelAudit

Protect

!

!

Apps

Risk!

Device

CONDITIONAL

ACCESS

Location

SECURE EMAIL, SEARCH,

CALENDAR

Outlook

Encryption at rest

Selective wipe

Save as/ copy/ paste restrictions

Access control – PIN, biometrics or credentials

Managed web browsing

Controls for app access and data management

Intune app level protections

With and without mobile device enrollment (MDM)

Man

ag

ed

ap

ps

Perso

nal a

pp

s

Restrict features, sharing and downloads

Multi-identity policy

Personal data

Corporate data

Control what happens after data has been accessed

Corporatedata

Personal data

Multi-identity policy

Azure Information Protection

(AIP) empowers you to

control how data is accessed

from employee devices

Separate company managed

apps from personal apps, and

set policies on how data is

accessed from managed apps

Intune APP ensure corporate

data can’t be copied and

pasted to personal apps within

the device

Email attachment

Copy Paste Save

Save to

personal storage

Paste to

personal app

Secure access to apps containing company data

PIN enforcement

Set requirements

Data sharing between apps

Manage contacts data

Wipe company data

Lost or Stolen devices

Manage how data moves between apps

Clip board

Block copy/paste

Calendar switching

Manage calendar edits

Work / Personal accounts

Protect email distribution

Stay secure with Microsoft Edge for iOS and Android

SecurityConditional Access

App Protection Policies

Designed for best secure browsing with Microsoft Intune policies

ProductivityPersonal & Corporate

Identity Support

App Proxy, SSO

ManageabilityManaged Favorites

& Home Shortcut

Blocked Sites

Locations

Device OS

Client Apps

Identity

Cloud ServiceEnforce

MFA

Enforce

Device Health*

Require

Outlook

*Device Enrollment required

Control data access via app based conditional access

EMS E5 enhancements add risk based conditional access

Locations

Device OS

Client Apps

Sign-in Risk

Identity

Cloud Service Enforce

MFA

Enforce

Device Health*

Require

OutlookSuspicious sign-in attempts

Leaked credentials Force password reset

*Device Enrollment required

Enterprise Mobility + Security

Managed Mobile Productivity

Demo

USER

User is prompted

to create a PIN

User edits

document stored

in OneDrive for

Business

User saves

document to…

User adds

business account

to OneDrive app

Intune configures

app protection policy

OneDrive

for BusinessAllow

access

• Copy/Paste/SaveAs controls

• PIN required

• Encrypt storage

User is prompted

to enroll device

Device checked

for compliance

Business email

account is added

User adds

business account

to email app

Intune enrolls device

and applies policies

CORPORATE

EMAIL

Allow

access

• PIN required

• Encrypt storage

• Image is not jailbroken

USER

Apps

Risk

MICROSOFT INTUNE

Make sure your devices are

compliant and secure, while

protecting data at the

application level

AZURE ACTIVE

DIRECTORY

Ensure only authorized

users are granted access

to personal data using

risk-based conditional

access

MICROSOFT CLOUD

APP SECURITY

Gain deep visibility, strong

controls and enhanced

threat protection for data

stored in cloud apps

AZURE INFORMATION

PROTECTION

Classify, label, protect and

audit data for persistent

security throughout the

complete data lifecycle

MICROSOFT ADVANCED THREAT ANALYTICS

Detect breaches before they

cause damage by identifying

abnormal behavior, known

malicious attacks and security

issues

!

Device

!

Access granted to data

CONDITIONAL

ACCESS

Classify

LabelAudit

Protect

!

!

Location

Create Intune app protection policies for Android and

iOS

Follow the steps to set conditional access policies for

Exchange Online with Azure Active Directory

Start using Outlook for iOS or Outlook for Android

Provide your users with instructions on how to

optimize Outlook for iOS and Android

Get deployment and adoption support from FastTrack

Give us feedback in-product or at UserVoice

Next Steps

Activate Enterprise Mobility & Security (EMS)

5 days

WorkshopPLUS - Enterprise Mobile Device

Management with Microsoft Intune

3 days

https://aka.ms/VegasSurvey2March2019

VERY Short 10 questions!

Please be aware that your feedback is extremely

valued and important to us, as in addition to

improving the quality of our events, it helps us to

justify the time, effort and money in hosting, funding

and organizing these events.

Simple set up with FastTrack for

FastTrack will:

Retain control of sensitive documents locally and

over email

Automatically protect mail containing privileged

information

Ensure files stored in SharePoint are rights

protected

Envision

Azure Rights Management

FastTrack will:

Setup and deploy mobile app management

policies to help prevent Office 365 data leakage

Setup and deploy device security policies like pin

or device encryption

Integrate on-premises System Center

Configuration Manager with Intune

Enable conditional access and compliance

policies to control access to data

FastTrack will:

Get organizational identities to the cloud

Set up single sign-on for test apps (including

Azure Active Directory Application Proxy apps)

Configure self-service options like password

reset and Azure Multi-Factor Authentication in

the MyApps site

Azure Active Directory Premium

Microsoft Intune

Onboard Drive Value

FastTrack is included with EMS to accelerate your deployments