Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving...
-
Upload
bernice-peters -
Category
Documents
-
view
214 -
download
0
Transcript of Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving...
![Page 1: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/1.jpg)
![Page 2: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/2.jpg)
Gordon McKennaMartyn Coupland
Inframon Ltd
Empowering Your Users and Protecting Your Corporate Data
![Page 3: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/3.jpg)
Why are we concerned about BYOD\CYOD?Enrolling devices with Windows IntuneManaging device complianceDevice securityProtecting corporate informationCompetition
Session agenda
![Page 4: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/4.jpg)
Why are we concerned?
![Page 5: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/5.jpg)
Business Needs and IT Challenges
How can IT maintain user productivity and protect against evolving threats
How can IT reduce complexity and scale back infrastructure requirements
IT NeedsLower operational
costs
Business NeedsAgility and Flexibility
![Page 6: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/6.jpg)
57% of smartphone owners use their personal device to access corporate data.
Source: OVUM/Logicalis – 3,796 responses
![Page 7: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/7.jpg)
70% of tablet owners use their personal device to access corporate data.
Source: OVUM/Logicalis – 3,796 responses
![Page 8: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/8.jpg)
46% of BYOD use is unmanaged by employers or ignored.
Source: OVUM/Logicalis – 3,796 responses
![Page 9: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/9.jpg)
46% of BYOD use is unmanaged potentially exposing corporate data.
Source: OVUM/Logicalis – 3,796 responses
![Page 10: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/10.jpg)
Anytime… anywhere
![Page 11: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/11.jpg)
Registering and Enrolling Devices
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud
Web Application Proxy
ADFS
![Page 12: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/12.jpg)
Unified Device Management
IT
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8
iOS, Android
Single AdminConsole
Microsoft System Center 2012 R2
Configuration Manager
![Page 13: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/13.jpg)
Support for email profilesiOS 7 MDM feature supportRemote lock and remote password resetApplication control – allow or deny appConditional email accessBrowser management and URL filteringBulk device enrollment
New Windows Intune Features
![Page 14: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/14.jpg)
Conditional Access Policy Managed Office Mobile Apps Protected Data Managed Corporate Devices
New Enterprise Mobility Blog http://aka.ms/Ae0ffp
Whats Next (announced today)
![Page 15: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/15.jpg)
Demo
Device Enrollment to a Unified Management Infrastructure
![Page 16: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/16.jpg)
Device Compliance
![Page 17: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/17.jpg)
Security and ComplianceSettings ManagementConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
SoftwareUpdates
File
ActiveDirectory
Baseline Configuration Items
Auto RemediateOR
Create Alert (to Service Manager)
!
Improved functionalityCopy settingsTrigger console alertsRicher reporting
Enhanced versioning and audit trackingAbility to specify versions to be used in baselinesAudit tracking includes who changed what
Pre-built industry standard baseline templates through IT Governance, Risk & Compliance(GRC) Solution Accelerator
Assignment to collections Baseline drift
![Page 18: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/18.jpg)
VPN Profile Management
Support for major SSL VPN vendors
DNS name-based initiation support for Windows 8.1 and iOSApplication ID based initiation support for Windows 8.1
Automatic VPN connection
Support for VPN standards
SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows Windows RT VPN plug-in
PPTP ,L2TP, IKEv2
![Page 19: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/19.jpg)
Wi-Fi and Certificate Profiles
Wi-Fi settings Manage and distribute certificatesDeploy trusted root certificates
Support for Security Center Endpoint Protection(SCEP) protocol
Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connectSpecify certificate to be used for Wi-Fi connection
![Page 20: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/20.jpg)
Demo
Managing Settings for Off Premise Devices
![Page 21: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/21.jpg)
Device Security
![Page 22: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/22.jpg)
Comprehensive Protection Stack Building enterprise grade platform security
MANAGEMENT
ANTIMALWARE
System Center Configuration Manager and Endpoint Protection
Windows
Available only in Windows 8.x
Endpoint Protection Management
Software Updates +
SCUP
Operating System Deployment
Settings Management
System Center 2012 Endpoint Protection
Antimalware Dynamic Translation
Behavior Monitoring
Software Distribution
Vulnerability Shielding
Windows Defender
Offline
Internet Explorer BitLockerAppLockerAddress Space
Layout Randomization
Data Execution Prevention
User Access Control
Secure Boot through UEFI
Windows Resource Protection
Measured BootEarly Launch Antimalware
(ELAM)
Exchange Connector
Enhanced in Windows 8.x (or Internet Explorer 10)
ELAM & Measured Boot
Cloud clean restore
PLATFORM
DYNAMIC CLOUD UPDATES
Mic
roso
ft M
alw
are
Pro
tect
ion C
ente
r
Dynam
ic S
ignatu
re S
erv
ice
![Page 23: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/23.jpg)
Behavior Monitoring and Dynamic Signature ServiceLive system monitoring identifies new threatsTracks behavior of unknown processes and known bad processesMultiple sensors to detect operating system anomaly
Updates for new threats delivered through the cloud in real timeReal time signature delivery with Microsoft Active Protection ServiceImmediate protection against new threats without waiting for scheduled updates
RESEARCHERS REPUTATIONREAL-TIME SIGNATURE DELIVERY
BEHAVIOR CLASSIFIERS
Properties/Behavior
Real-time signature
Samplerequest
Samplesubmit
![Page 24: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/24.jpg)
Cloud Clean Restore
Advanced system file cleaning through replacement
Replaces infected system files with clean versions from a cloud source.
Uses a trusted Microsoft cloud source for the replacement file
Restart requirements orchestrated on system and wired to client UI (for in use file replacement).
System file compromise detected
(RTP or scan)
Compromised file
replaced
Request new file
Download replacement
file
![Page 25: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/25.jpg)
Windows 7
Malware is able to boot before Windows and Anti-malwareMalware able to hide and remain undetectedSystems can be compromised before AM starts
Secure Boot loads Anti-Malware early in the boot processEarly Load Anti-Malware (ELAM) driver is specially signed by MicrosoftWindows starts AM software before any 3rd party boot driversMalware can no longer bypass AM inspection
Trusted Boot: Early Load Anti-Malware
BIOSOS Loader (Malware)
3rd Party Drivers
(Malware)
Anti-Malware Software
Start
Windows Logon
Windows 8 Native UEFIWindows 8OS Loader
Anti-Malware Software
Start
3rd Party Drivers
Windows Logon
![Page 26: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/26.jpg)
For Windows 8 and Windows Server 2012Windows 8.1 and Windows Server 2012 R2 SupportAlert toasts on the Modern UXSupports Resilient File System (ReFS) and Cluster Shared Volumes (CSV)Support for scanning and remediating modern apps
Engine improvements now available in SCEP:
Latest Common Anti-Malware Platform (CAMP)Automatic RemediationEarly Launch Anti-Malware (ELAM) detection supportImproved performanceEnhanced telemetryImproved rootkit remediation with Windows Defender OfflineImproved hardening
Enhancements in R2
![Page 27: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/27.jpg)
Demo
Overview of System Center Endpoint Protection
![Page 28: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/28.jpg)
Protecting Corporate Information
![Page 29: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/29.jpg)
Encrypt a computer before a user receives it
Microsoft Deployment Toolkit (MDT)System Center Configuration Manager
Enable users to encrypt their computers after policy
Simplifies TPM InitializationGroup Policy drivenExclude specific hardware
PolicyHardware Compatibility
Simplify BitLocker Deployment
![Page 30: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/30.jpg)
MBAM System Overview
Recovery Password Data
Compliance Data
HTTPS
MBAM Client
Group Policy:
AD, AGPM
Key Recovery Service
Helpdesk UX for Key Recovery
Compliance ReportsCentral Administration
Compliance Service
![Page 31: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/31.jpg)
User claimsUser.Department = Finance
User.Clearance = High
ACCESS POLICY
Applies to: @File.Impact = HighAllow | Read, Write | if (@User.Department == @File.Department) AND
(@Device.Managed == True)
Device claimsDevice.Department = Finance
Device.Managed = True
Resource propertiesResource.Department =
FinanceResource.Impact = High
AD DS
31
Rights management access policies File
Server
![Page 32: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/32.jpg)
Expression based access controlManage fewer security groups by using conditional expressions
x 50Country
50 GroupsBranch x 20 1000 Groups
Customers
100,000 Groups!
Flexible access control lists based on document classification and multiple identities (security groups).
Centralized access control lists using Central Access Policies.
Expression based access conditions
100,000 groups170 groups with conditional expressionsMemberOf(US) AND MemberOf(Seattle_Branch) AND MemberOf(Contoso_Customer)
x 100
![Page 33: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/33.jpg)
Hybrid identity managementMobile device managementAzure rights managementSelf-service password resetsMulti-factor authenticationSelective wipe of applicationsSync between cloud and on-premises directories
Enterprise Mobility Suite – PCIT In a Box
![Page 34: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/34.jpg)
Demo
Azure Rights Management
![Page 35: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/35.jpg)
BYOD/CYOD is happening, if you don’t have a plan make one now.Microsoft offer device and corporate data protection through “defense in depth”System Center Configuration Manager, Intune and Azure provide the “complete solution”Protect your organisation today
Session summary
![Page 36: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/36.jpg)
Competition time…
![Page 37: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/37.jpg)
Three volunteers: Windows Phone, iOS and AndroidDownload the company portal from your app storeEnroll your device using these credentials:
Username: [email protected]: Pa$$w0rd
When the portal finishes loading, raise your handThe quickest person wins, simple!
On your marks… Prizes to be won
![Page 38: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/38.jpg)
We are around all week@mrcoups@gordodamom
We blog as wellwww.martyncoupland.co.ukblogs.Inframon.com
Reach out…
![Page 39: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/39.jpg)
Related content
PCIT-B212 Design Considerations for BYOD
PCIT-B214 Using Dynamic Access Control and Rights Management for Information Protection
PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure
PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2
DCIM-IL201 Implementing Desired State configuration
Breakout Sessions and Hands on labs
![Page 40: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/40.jpg)
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
![Page 41: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/41.jpg)
Complete an evaluation and enter to win!
![Page 42: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/42.jpg)
Evaluate this session
Scan this QR code to evaluate this session.
![Page 43: Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dd45503460f94accc5a/html5/thumbnails/43.jpg)
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.