EMS-HPT Template-v.1.0
Transcript of EMS-HPT Template-v.1.0
Enterprise Mobility SuiteHybrid IdentityMobile Device ManagementAccess & Information Protection
Enterprise Mobility Suite
AgendaEnterprise Challenges
Enterprise Mobility Suite
EMS Benefit
EMS Pricing
Q&A
Enterprise Challenges
of employees use personal devices for work purposes.*
of employees that typically work on employer premises, also frequently work away from their desks.***
of all software will be available on a SaaS delivery by 2020.**
66% 25% 33%
*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Mobility is the new normal
User Devices Apps Data IT
What’s Driving Change?
Protect your data
Enable your users
User IT
Unify your environment
Management | Access | Protection
Devices Apps Data
Empowering Enterprise Mobility
Protect your data
Enable your users
User ITDesktop
Virtualization
Access & Informatio
n Protection
HybridIdentity
Mobile Device & Application
Management
Empowering Enterprise Mobility
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Enterprise Mobility Suite
Hybrid Identity
Connect between Active Directory and Azure Active DirectoryReport & Multi-factor AuthenticationSelf-Service Password
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Enterprise Mobility Suite
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Connect and Sync on-premises directories with Azure.
Azure Active Directory Connect*
Microsoft AzureActive Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services ( SOAP, JAVA, REST)
*
Your Directory on the cloud
Identity Synchronization with password hash sync
Identity Synchronization
AD FS
Delivering a seamless user authentication experience
User attributes are synchronized using Identity Synchronization services including a password hash, Authentication is completed against Azure Active Directory
Microsoft Azure
User attributes are synchronized using Identity Synchronization tools, Authentication is passed back through federation and completed against Windows Server Active Directory
Microsoft Azure
Pre-integrated SaaS apps in the application gallery
Microsoft Azure Active Directory2400+ Preintegrated popular SaaS apps.
Connect and Sync on-premises directories with Azure.
Easily publish on-prem web apps via Application Proxy + Custom apps through a rich standards-based platform.
Identities and applications in one place.
Web Apps (Azure Active Directory
Application Proxy)
SaaS apps Integrated custom apps
Other Directories
Your Directory on the cloud
Self-service Single sign on
•••••••••••
Username
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises
Microsoft Azure Active Directory
Hybrid IdentityBridging on-premises and Azure Active Directory
Security reporting that tracks inconsistent access patterns, analytics and alerts.
Built-in security features.
Monitor & Protect access
Security reporting that tracks inconsistent access patterns, analytics and alerts.
Built-in security features.
Step up to Multi-Factor authentication.
X X X X X
X X X X X
X X X X X
Monitor & Protect access
Any two or more of the following factors:Something you know: a password or PIN.Something you have: a phone, credit card or hardware token.Something you are: a fingerprint, retinal scan or other biometric.
Stronger when using two different channels (out-of-band).
Hardware token Certificates Smartcard Phone
0 1 2 3 4
What is Multi-factor Authentication?
An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication
Trusted by thousands of enterprises to authenticate employee, customer, and partner access.
What is Azure Multi-factor Authentication?
Mobile appsPhone callsText messages
ALERT
1 4 5 6 7 6
Azure Multi-factor AuthenticationHow it works
• Azure Multi-Factor Authentication stand-alone • Included in Azure Active Directory Premium
• Free for Azure administrators
• A subset of Azure MFA functionality included in Office 365
Where is Azure Multi-factor Authentication?
Manage your account
Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps
Empower Users
Manage your account
Self Service Password Reset and delegated group management for cloud users
Company branded, personalized application Access Panel : http://myapps.microsoft.com+ Mobile Apps
Empower Users
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Enterprise Mobility Suite
Hybrid identityHybridIdentity
Demo
Mobile Device Management
Conditional AccessMobile Device/Application ManagementSelective Wipe
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Introduction to Enterprise Mobility Suite
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Microsoft IntuneBuilt-In
Device Management
Conditional Access
Selective Wipe
Built-In Microsoft Intune
Application Management
LoB app
User-centric approach
Mobile Device Management
Before mobile devices can access Office 365 data, they must be enrolled and healthy.
1. A user downloads the public OneDrive app on a personal iPad
2. The user is shown a page that directs them to enroll the iPad
3. The user steps through the enrollment process
4. The OneDrive app is now MDM enabled
5. The user is able to access their OneDrive data
Conditional Access
Device Polices• Control what mobile devices can connect to
Office 365 Data• Set device configuration policies such as pin
lock• Enforce data encryption on devices
Admin Controls• Built-In management in Office 365 Admin
Center, and PowerShell• Configure device policies by groups• Product level granular control
Device Reporting• Device compliance reports• Mobile usage and trends in our organization• API support
Device Management
Corporate
Complete mobile application management
• Securely access corporate information using Office mobile apps, while preventing company data loss by restricting actions such as copy/cut/paste/save in your managed app ecosystem
• Extend these capabilities to existing line of business apps using the Intune app wrapper
• Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Manage all of your corporate apps and data with Intune’s mobile device and application management solution
Personal
Managed Browser & Viewer Apps
MicrosoftIntune
Mobile Application Management
Mobile device management• Deploy certificates, WiFi, VPN, and email
profiles automatically once a device is enrolled for management
• Enable bulk enrollment of task-worker devices to set policies and deploy applications on a large scale.
• Provide a self-service Company Portal for users to enroll their own devices and install corporate apps
PC management• Provide lightweight, agentless management
from the cloud• Connect Intune to System Center 2012 R2
Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers, and mobile devices from a single management console
• Provide real-time protection against malware threats on managed computers
• Collect information about hardware configurations and software installed on managed computers
• Deploy software based upon policies set by the administrator
User
Additional Intune Capabilities
Managed Browser
Native E-mail
denied
Pasted1. Sara tries to set up her new unmanaged
tablet to connect to Exchange and is blocked.
2. She enrolls the tablet into Microsoft Intune and is then granted access to Exchange.
3. Sara tries to save attachment to OneDrive, and is blocked since OneDrive is not managed by IT.
4. She saves attachment to OneDrive for Business, which is allowed since it is managed by IT.
5. She tries to copy/paste content into a PowerPoint slide and is successful.
6. Sara tries to copy text from her attachment and paste it into another, unmanaged app. This action is blocked since this app is not managed by IT.
7. Sara later leaves the company, and a selective wipe is done on her tablet, removing corporate apps and data, while leaving her personal content on the device.
saved
PDF Viewer
Line of Business
App
AV Player
denied
How it works
1. An employee uses Office 365 apps and data on a mobile
device. The employee leaves the company.
2. The IT admin logins into Office 365 Admin Center to perform a
selective wipe
3. The Office 365 data is removed from the Office applications leaving
personal information intact
The IT admin can wipe Office 365 data from the user’s device. When they trigger the wipe, all of the data cached or stored by the apps will be deleted, while all of the user’s personal content remains intact.
Selective/Retire Wipe
Consistent Company Portal experiences across mobile platforms
Native Windows app package (.appx)
Available in the Windows Store
Windows Phone 8 Company Portal
iOS/Android Company Portal
Native Windows Phone 8 app (.xap)
Available in the Windows Store
Native iOS app
Available in the Apple Appstore™
WindowsCompany Portal
End User Experience
Platforms Windows 8 /Windows RT
Windows Phone 8 iOS Android
Line-of business apps (sideloaded)
*.appx *.xap *.ipa *.apk
Deep links to store apps – install from store
Web-shortcuts installed on device desktop
Yes Yes Yes Yes
Application Management on Mobile Dev
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Introduction to Enterprise Mobility Suite
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
MDM
Demo
Access & Information Protection
Azure Rights Management Service
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Introduction to Enterprise Mobility Suite
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Take advantage of hybrid options across Windows Server and Azure Rights Management service.
Integrate Microsoft SharePoint and Microsoft Exchange Server.
Automatically identify and classify data based on content with automatic encryption.
More securely share documents with colleagues and business partners.
Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and cross-platform clients.
ServerFiles Services
ServerRights Management
Protect data with Rights Management
Integration with Office 2010/13
Across devices – Windows, iOS, Android
Windows Shell Extensions
Native Applications and Generic protection using Protected File (PFILE)
Custom administrator defined policies
I can protect and share information securely across device types
End User Experience with Rights Management
Sharing files using Azure RMS
Use Microsoft Azure RMS to securely share documents with colleagues and business partners Consuming Azure RMS protected files
Consuming RMS protected documents in Office 2013
Sharing documents securely
Email Receiver
Quartely_Sales_Report.xslxQuartely_Sales_Report.ppdf
A protected PDF copy is sent for easy access on all platforms
Sharing protected files with anyone
Choosing to get email notifications
Notification about unauthorized user
Notification about authorized user
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetwithCharts.xlsx.pdf
Getting email notifications for document use
Apply access control Require authentication
Protect in transit
Protect at rest
Read/write/editScenario
Inte
grat
ed N
ative
App
s
Read only experience, but
still secure
Shar
ing
with
Pr
otec
ted
Application Integrate with RMS
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Introduction to Enterprise Mobility Suite
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Azure Rights Mgmt
Demo
EMS Benefits
Desktop EADomain-based identity management (single sign-on for on-premises applications).
Centralized PC management.
Information protection for on-premises Office deployments.
Desktop EA + Office 365Hybrid identity and single sign-on for Office 365.
Multi-factor authentication for Office 365.
Cloud-based information protection for Office 365.
Enterprise Mobility SuiteSecurity reports and multi-factor authentication.
Self-service password reset and group management.
Connection between Active Directory and Azure Active Directory.
Mobile device settings management.
Mobile application management.
Selective wipe.
Information protection.
Connection to on-premises assets.
ON-PREMISES SOLUTION CLOUD SOLUTION
EMS IT Manageability benefitsfor existing customers
CLOUD AND HYBRID IDENTITY MANAGEMENT
MOBILE DEVICE MANAGEMENT
INFORMATION PROTECTION
• Protection for O365 content• Protection for on-premises
Exchange SharePoint content
• Access to RMS SDK• Bring your own key
• Basic mobile device management via EAS• PIN enforcement• Device wipe
• Single sign-on for O365 • Basic multi-factor
authentication (MFA) for O365
• Protection for on-premises Windows Server file shares
• PC management• Mobile device management• Mobile app management• Certificate provisioning• Selective wipe
• Single sign-on for all cloud apps
• Advanced MFA for all workloads
• Self-service group management and password reset with write back to on-premises directory
• Advanced security reports• FIM (Server + CAL)
Enterprise Mobility Suite
EMS IT Manageability benefits for O365 customers
EMS Pricing
EMS Pricing
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Mobile device management
Windows Intune
Mobile device settings management
Mobile application management
Selective wipe
Hybrid identity
Microsoft Azure Active Directory Premium
Security reports, and audit reports, multi-factor authentication
Self-service password reset and group management
Connection between Active Directory and Azure Active Directory
Access & Information protection
Microsoft Azure Rights Management service
Information protection Connection to on-premises assets
Bring your own key
Introduction to Enterprise Mobility Suite
Question?