Identity + Mobile Management + Security = Enterprise Mobility Suite

Similar documents
Mobile device and application management. Speaker Name Date

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Microsoft Enterprise Mobility Suite

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

Enterprise Mobility Services

Microsoft Enterprise Mobility Suite

Ondřej Výšek Sales Lead, Microsoft MVP.

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Enterprise Mobility Suite (EMS) Sean Lewis Principal Partner Technology Strategist

Andrej Zdravkovic Regional Vice President, Platform Solutions Intellinet

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

Webinar Self-service in Microsoft Azure AD Premium

Azure Active Directory

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

How To Make Your Computer System More Secure And Secure

Microsoft Enterprise Mobility and Client Futures

Centrify Cloud Connector Deployment Guide

Speeding Office 365 Implementation Using Identity-as-a-Service

AirWatch Solution Overview

Hybrid Cloud Identity and Access Management Challenges

Azure Active Directory

Identity and Access Management for the Hybrid Enterprise

NCSU SSO. Case Study

Google Identity Services for work

Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune

People-centric IT: Bedeutung für das Identity und Access Management. Uwe Lüthy Solution Sales Specialist Core Infrastructure Microsoft Schweiz Gmbh

Conditional Access and Mobile Application Management explained

Microsoft SharePoint Architectural Models

SINGLE & SAME SIGN-ON ASPECTS

WINDOWS SERVER SMALL BUSINESS SOLUTIONS. Name: Marko Drev

Mod 2: User Management

Information Rights Management in SharePoint. by André Vala

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Cloud Based Device Management Using Enterprise Mobility Suite Production Pilot Service Definition Document

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Managing Enterprise Devices and Apps using System Center Configuration Manager

How Microsoft IT manages mobile device management

Microsoft Windows Intune: Cloud-based solution

Enterprise Mobility Suite (EMS) Overview

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Enabling Enterprise Mobility Through People-Centric IT. October 2014

ForeScout MDM Enterprise

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

The ForeScout Difference

EFFECTIVE BYOD. A presentation by: Tzachy Givaty, CommuniTake

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

IBM United States Software Announcement , dated February 3, 2015

RSA Identity and Access Management 2014

New Features: What s new in Windows Intune?

Solve BYOD with! Workspace as a Service!

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Secure Collaboration within Organizations, B2B and B2C.

Driving principals of cloud adoption

Office 365 Windows Intune Administration Guide

STRONGER AUTHENTICATION for CA SiteMinder

Securing Office 365 with MobileIron

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

Security Best Practices for Microsoft Azure Applications

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Securing and Monitoring Access to Office 365

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Dell World Software User Forum 2013

AZP: Microsoft Azure Infrastructure for IT Professional

Empowering People-Centric IT. October 2013

An Overview of Samsung KNOX Active Directory-based Single Sign-On

RSA Identity Management & Governance (Aveksa)

Device Management Workshop. Enterprise Mobility

CCT Technologies Inc., dba ComputerLand of Silicon Valley Complete Technology Solutions Provider headquartered in San Jose, California Serving

Course Outline. Microsoft Azure Fundamentals Course 10979A: 2 days Instructor Led. About this Course. Audience Profile. At Course Completion

Advanced Configuration Steps

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

CONSUMERIZATION OF IT BYOD and Cloud-based File Storage

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Windows Phone 8.1 in the Enterprise

Security Overview Enterprise-Class Secure Mobile File Sharing

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Cortado Corporate Server

The Centrify Vision: Unified Access Management

Microsoft Azure for IT Professionals 55065A; 3 days

Windows Server 2012 R2 The Essentials Experience

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Which is the Right EMM: Enterprise Mobility Management. Craig Cohen - President & CEO Adam Karneboge - CTO

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Getting Started Guide: Getting the most out of your Windows Intune cloud

Ben Hall Technical Pre-Sales Manager

Sichere bewegliche Arbeitskräfte Trend Micro Safe Mobile Workforce

Transcription:

presenta Identity + Mobile Management + Security = Enterprise Mobility Suite Alessandro Appiani Founder & CTO - Pulsar IT alessandro.appiani@pulsarit.net twitter: @AlexAppiani Gabriele Tansini Partner Technical Consultant- Microsoft gtansini@microsoft.com www.wpc2015.it info@wpc2015.it - +39 02 365738.11 - #wpc15it 1

About Gabriele 18-years experience Microsoft Certified since 1998 MCT, MCITP Exchange+Office365 and MCM:Exchange 2007 12-years in Microsoft as Premier Field Engineer and Partner Technical Consultant LinkedIn: https://www.linkedin.com/in/gtansini Supporto Prevendita Partner MAPS, Silver e Gold: itpts@microsoft.com www.pulsarit.net info@pulsarit.net 2

About Alessandro 30-years experience in IT Technologies and Solutions Computer Science Master s Degree (full marks with honors) in 1989 Microsoft Certified since 1995 Microsoft TechNet speaker & Train-the-trainer since 1996 MCT, MCITP Windows+Exchange+Lync+Office365 Microsoft Windows Expert since version NT 3.51 (1995) Microsoft Exchange Expert since first product release (Exchange 4.0-1996) Microsoft Lync/Skype Expert since first product release (LCS 2003) Microsoft Office 365 Expert since first Cloud version (BPOS - 2009) Pulsar IT Founder & CTO technologies, strategy, digital transformation, advisory,... Twitter: @AlexAppiani www.pulsarit.net info@pulsarit.net 3

www.pulsarit.net info@pulsarit.net Microsoft Excellence since 1995 Involved in Skype/Lync vnext development (TAP) with Microsoft Corporation Product Team since 2009 www.pulsarit.net blogs.pulsarit.net Design, Deploy, and Support of Microsoft Solutions Unified Communications & Collaboration Exchange, Lync & SharePoint Private Cloud Virtualization & Systems Management Hybrid & Public Cloud Office 365, Azure, Active Directory Federation Smart Workplace Security, Control, Platform & Device Management

Enterprise Mobility Suite intro Identity & Authentication Information Protection / Document security Device management Let s go! Agenda www.wpc2015.it info@wpc2015.it - +39 02 365738.11 5

Enterprise Mobility Suite Identity & Access Management Mobile Device & App Management Information Protection Behavior based threat analytics Microsoft Azure Active Directory Premium Microsoft Intune Microsoft Azure Rights Management Premium Advanced Threat Analytics Easily manage identities across on-premises and cloud. Single sign-on & self-service for any application Manage and protect corporate apps and data on almost any device with MDM & MAM Encryption, identity, and authorization to secure corporate files and email across phones, tablets, and PCs Identify suspicious activities and advanced threats in near real time, with simple, actionable reporting

Firewall Firewall Typical EMM stack Standard MDM provides device configuration and management Native device MDM Mobile application management DMZ/ Perimeter network Corporate network Custom data container provides mobile productivity apps integrated with content and access systems Custom email app Custom collab app Custom file app Containers Depends on specific DMZ infrastructure Active Directory Custom SDK/wrapper enables line-of-business apps to be managed SDK/wrapper, managed browser, managed viewers Works onpremises only Exchange Server SharePoint Server

Firewall Firewall Microsoft s EMM stack Intune: Cross-platform MDM Office 365: Mobile productivity Native device MDM Managed Office productivity and more Cloud integration SharePoint Online Exchange Online Azure AD: Access control to Office 365 and SaaS apps Intune: App restrictions for Office mobile and LOB apps Azure Rights Management: Information protection at the file layer Standard on-premises integration DMZ/ Perimeter network Corporate network Active Directory Extensibility based on Azure AD and Intune Enable business apps to interoperate with Office mobile apps Intune App SDK Intune App Wrapping Tool Exchange Server SharePoint Server

Microsoft EMS key points Microsoft native technologies, no add-on Office Apps integrated on ALL Platforms Protect data at rest where it s created Work seamlessy on-prem and in Office 365 Leverage Active Directory identity www.wpc2015.it info@wpc2015.it - +39 02 365738.11 10

Identity & authentication www.wpc2015.it info@wpc2015.it - +39 02 365738.11 11

Integrated / Hybrid Identity as the control plane One common identity Simple connection Self-service Single sign on Windows Server Active Directory Other Directories Username Azure Public cloud SaaS Office 365 On-premises Microsoft Azure Active Directory Cloud

Identity Driven Security Intelligent cloud App security Detect threats 1 4 5 6 7 6 ALERT Machine learning Security reports Privileged Identity Management Conditional access Multi-factor authentication Cloud App Discovery User behavioral analysis Simple attack timeline

Azure Active Directory

Demo www.wpc2015.it info@wpc2015.it - +39 02 365738.11 16

Information Protection Document security www.wpc2015.it info@wpc2015.it - +39 02 365738.11 17

Access and information protection Keep corporate data secure Manage the data, not the user Provide access to data on any trusted device

Vision: Azure Rights Management www.wpc2015.it info@wpc2015.it - +39 02 365738.11 19

Rights management 101 Usage rights and symmetric key stored in file as license License protected by customer-owned RSA key Water Sugar Brown #16 Protect Use Rights + aezqar]ibr{qu @M]BXNoHp9nMD AtnBfrfC;jx+T g@xl2,jzu ()&(*7812(*: Unprotect Water Sugar Brown #16 Secret cola formula Each file is protected by a unique AES symmetric

Rights management 101 Local processing on PCs/devices Use Rights + SDK Use Rights + Azure RMS never sees the file content, only the license. aezqar]ibr{qu @M]BXNoHp9nMD AtnBfrfC;jx+T g@xl2,jzu ()&(*7812(*: File content is never sent to the RMS server/service. Apps protected with RMS enforce rights Apps use the SDK to communicate with the RMS service/servers

Azure Right Management vs AD RMS Azure RMS has additional features compared to on-prem AD RMS RMS available in Microsoft infrastructure since Windows Server 2003 Simplify collaboration with partners & customers Enable external-people collaboration (consumer identity) Manage cloud content Document tracking report web site available to users AD Premium integration (Multi-Factor authentication,...) Simplified deployment (cloud-based, less servers required) Comparing Azure Rights Management and AD RMS https://technet.microsoft.com/en-us/library/jj739831.aspx www.wpc2015.it info@wpc2015.it - +39 02 365738.11 22

Topology Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with onpremises assets with minimal effort RMS connector Authentication & collaboration AAD Connect ADFS BYO Key Authorization requests go to a federation service

Demo www.wpc2015.it info@wpc2015.it - +39 02 365738.11 24

Device management www.wpc2015.it info@wpc2015.it - +39 02 365738.11 25

Mobile device & application management Consistent user experience across device platforms Secure access to corporate apps and data Single management console for mobile devices and PCs

Enterprise Mobility Management with Microsoft Intune User Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure. Mobile Device Management (MDM) Provide access to Exchange email based upon device enrollment and compliance policies Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled for management Enable bulk enrollment of task-worker devices to set policies and deploy applications on a large scale Provide a self-service Company Portal for users to enroll their own devices and install corporate apps Mobile Application Management (MAM) Maximize mobile productivity and protect corporate resources with Office mobile apps Extend these capabilities to existing line of business apps using the Intune app wrapper Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps PC Management Provide lightweight, agentless management from the cloud Connect Intune to System Center 2012 R2 Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers, and mobile devices from a single management console Provide real-time protection against malware threats on managed computers Collect information about hardware configurations and software installed on managed computers Deploy software based upon policies set by the administrator

Demo www.wpc2015.it info@wpc2015.it - +39 02 365738.11 33

Let s go! Useful info www.wpc2015.it info@wpc2015.it - +39 02 365738.11 34

Empowering enterprise mobility Devices Apps Data Management. Access control. Information protection.

EMS benefits for O365 customers Hybrid identity management Mobile device and app management Access & Information protection Enterprise Mobility Suite Azure AD for O365+ Single Sign on for all cloud apps Advanced MFA for all workloads Self Service group management and password reset with write back to on prem directory Advanced security reports MIM (Server + CAL) MDM for O365+ PC Management Mobile App Management (prevent cut/copy/past/save as from corporate apps to personal apps) Secure content viewers Certificate Provisioning System Center integration RMS for O365+ Protection for on-premises Windows Server file shares Email notifications when sharing documents Email notifications when shared documents are forwarded Basic Identity Mgmt. via Azure AD for O365: Single Sign on for O365 Basic Multifactor Authentication (MFA) for O365 Basic Mobile Device Management via MDM for O365 Device Settings Management Selective Wipe Built into O365 Mgmt. Console RMS Protection via RMS for O365 Protection for content stored in Office (on-prem or O365) Access to RMS SDK Bring your own Key GA Dec 2014

EMS benefits for Windows Identity and access management Mobile device and app management Information protection Enterprise Mobility Suite Conditional access policies for enhanced single sign on security MDM auto enrollment Self-service group and application management Password reset with write-back to on-premises directory Cloud based advanced security reports Microsoft Identity Manager Mobile device management Mobile app management Secure content viewer Certificate, WiFi, VPN, email profile provisioning Agent-based management of Windows devices (domain joined via ConfigMgr and internet-based via Intune) Tracking and notifications for shared documents Protection for content stored in Office & Office 365 Protection for on-premises Windows Server file shares Behavioral analytics for advanced threat detection Detection for known malicious attacks and security issues Windows 10 Single sign-on for business cloud apps Device set up and registration for Windows devices Windows Store for Business Traditional domain join manageability Manageability via MDM and MAM Encryption for data at rest and generated on device Encryption for data included in roaming settings

Tips & Best Practice Se si consente il reset con le domande di sicurezza è consigliabile richiedere almeno un secondo metodo di SSPR Abilitare MFA per gli Admin è gratuito per tutte le Azure AD Per fare admin via Powershell con MFA abilitata serve nuova versione (in preview) Azure AD PowerShell: Public Preview of support for Azure MFA + new Device Management Commands http://blogs.technet.com/b/ad/archive/2015/10/20/azure-ad-powershell-public-previewof-support-for-azure-mfa-new-device-management-commands.aspx www.wpc2015.it info@wpc2015.it - +39 02 365738.11 43

Demo www.wpc2015.it info@wpc2015.it - +39 02 365738.11 44

Domande e Risposte Q & A Grazie! www.wpc2015.it info@wpc2015.it - +39 02 365738.11 - #wpc15it 45

MOCxxx - Titolo MOCxxx - Titolo Corsi consigliati www.wpc2015.it info@wpc2015.it - +39 02 365738.11 - #wpc15it 46

OverNet Education info@overneteducation.it www.overneteducation.it Tel. 02 365738 Contatti OverNet Education @overnete www.facebook.com/overneteducation www.linkedin.com/company/overnet-solutions www.wpc2015.it www.wpc2015.it info@wpc2015.it - +39 02 365738.11 - #wpc15it 47

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information