We Drive Business Evolution Forward

På tide med litt oversikt og kontroll?

Agenda

Olav Tvedt | Principal

Global Product ManagerMobility And User Experience

MVP Cloud and Datacenter Management

Twitter: olavtwitt - Blog: olavtvedt.blogspot.com

Microsoft EMS

Enterprise Mobility SuiteBrukere Og Data

We Drive Business Evolution Forward

Grunn Oppgave For IT

Bruker Data

?

We Drive Business Evolution Forward

Grunn Oppgave For IT

Bruker DataEnheter Apper og

Lokasjoner

We Drive Business Evolution Forward

Hvordan

?

How Microsoft can help mobile transformation

Device

management

Content

management

Application

management

Application

development

Identity &

access

Microsoft

Intune

Office 365

System Center

Configuration

Manager

Microsoft Azure

RMS

Office 365

Active Directory

RMS

SharePoint

Microsoft Azure

Active Directory

Active Directory

Microsoft Intune

System Center

Configuration

Manager

Microsoft Visual

Studio

Xamarin

Microsoft Visual

Studio Online

Identity and Access Management

SaaS appsMicrosoft AzureActive DirectoryOther Directories

One common identity

Simplify management

Improve security

IDENTITY-DRIVEN SECURITY

IDENTITY-DRIVEN SECURITY

Self-service capabilities

• Password reset

• Group membership

• MyApps portal

Manage everything

• Dynamic groups

• Provisioning

• B2B collaboration

Single sign-on

• Easy connection to existing assets

• Unified experience across user devices

We Drive Business Evolution Forward

Azure Active Directory Offering Comparison

Azure MFA Offering Comparison

MFA for O365/Azure

Administrators

Windows Azure Multi-Factor

Authentication / EMS

Information Protection

Vision: Azure Rights Management

On any device

Email LOB appsFiles

Share internally Share externally (B2C)Share externally (B2B)

Policy

enforcement

Document

revocation

Document

tracking

Access

controlEncryptionClassification

and labeling

In any part of the world

• US

• EU

• APAC

• China

• Germany

Azure RMS Connectors and Connections

RMS SDKs (apps coming) on popular

mobile platforms including

Windows, iOS, Android, Windows

Phone and Mac OS

Connect to on-premises Exchange and

SharePoint for the simplest way to get

Rights Management running in your

organization

Azure RMS provides the Rights Management

capabilities for Office 365, providing easy

enablement and enforcement of information

protection policies

Connect to Windows

Server File Services for

FCI and DAC integration

Leverage a common identity across Active

Directory and Azure Active Directory

Azure RMS Offering Comparison

RMS for O365 Azure RMS (EMS)

Mobile Device And App Management

We Drive Business Evolution Forward

Microsoft MDM Options- Exchange Active Sync

- Office 365

- Intune

- (Azure)

Devic

e

co

nfi

gu

rati

on Inventory mobile devices that access corporate applications

Remote factory reset (full device wipe)

Mobile device configuration settings (PIN length, PIN required, lock time, etc.)

Self-service password reset (Office 365 cloud only users)

Off

ice 3

65

Provides reporting on devices that do not meet IT policy

Group-based policies and reporting (ability to use groups for targeted device configuration)

Root cert and jailbreak detection

Remove Office 365 app data from mobile devices while leaving personal data and apps intact (Selective

wipe)

Prevent access to corporate email and documents based upon device enrollment and compliance

policies

Pre

miu

m m

ob

ile

devic

e &

ap

p

man

ag

em

en

t

Self-service Company Portal for users to enroll their own devices and install corporate apps

Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles

Prevent cut/copy/paste/save as of data from corporate apps to personal apps (Mobile application

management)

Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune

Remote device lock via self-service Company Portal and via admin console

PC

m

an

ag

em

en

t PC management (e.g. inventory, antimalware, patch, policies, etc.)

OS deployment (via System Center ConfigMgr)

PC software management

Single management console for PCs and mobile devices (through integration with System Center

ConfigMgr)

Device management feature comparison

Mobile application management

PC managementMobile device management

ITUser

Microsoft Intune

Intune helps organizations provide their employees with access to corporate

applications, data, and resources from virtually anywhere on almost any

device, while helping to keep corporate information secure.

MANAGED MOBILE PRODUCTIVITY

Managed apps

Personal apps

Personal apps

Managed appsCorporate data

Personaldata

Multi-identity policy

Personal apps

Managed apps

Copy Paste Save

Save to

personal storage

Paste to

personal

app

Email attachment

We Drive Business Evolution Forward

MAM Partnes

DEMOInTune - Policy

Behavior-based Threat Analytics

1 Av 5

76%

246 Dager

Abnormal Behavior Anomalous logins

Remote execution

Suspicious activity

Security issues and risks

Broken trust

Weak protocols

Known protocol vulnerabilities

Malicious attacks

Pass-the-Ticket (PtT)

Pass-the-Hash (PtH)

Overpass-the-Hash

Forged PAC (MS14-068)

Golden Ticket

Skeleton key malware

Reconnaissance

BruteForce

Unknown threats

Password sharing

Lateral movement

IDENTITY-DRIVEN SECURITY

ATA

Devices

and servers

Behavioral

analytics

Forensics for

known attacks

and issues

Advanced

Threat Analytics

Profile normal

entity behavior

(normal versus

abnormal)

Search for known

security attacks

and issues

Detect suspicious

user activities,

known attacks,

and issues

SIEM Active

Directory

Enterprise Mobility +Security

Protect your users, devices, and apps

AZURE RIGHTS

MANAGEMENT

& SECURE

ISLANDS

Detect problems early with visibility

and threat analytics

Advanced

Threat

Analytics

MICROSOFT

INTUNE

Protect your data, everywhere

AZURE ACTIVE

DIRECTORY

IDENTITY

PROTECTION

Extend enterprise-grade security to your cloud and SaaS apps

Protect application access from identity attacks

MICROSOFT

CLOUD APP

SECURITY

IDENTITY-DRIVEN SECURITY

Enterprise Mobility Suite

Microsoft IntuneMicrosoft Azure Active

Directory PremiumMicrosoft Azure Rights Management Premium

Advanced Threat Analytics

Easily manage identities

across on-premises and cloud

Single sign-on and self-service

for corporate resources

Leverage MDM and MAM to

protect corporate apps and

data on almost any device

Encryption, identity, and

authorization to secure

corporate files and email across

phones, tablets, and PCs

Identify suspicious activities

and advanced threats in near

real time with simple,

actionable reporting

Behavior-based

threat analytics

Information

protection

Identity and access

management

Mobile device and

app management

Enterprise Mobility Suite

Mobile device and app management

Information protection

Basic identity mgmt.

via Azure AD for O365:

• Single sign-on for O365

• Basic multi-factor authentication (MFA)

for O365

Basic mobile device management

via MDM for O365

• Device settings management

• Selective wipe

• Built into O365 management console

RMS protection

via RMS for O365

• Protection for content stored in Office

(on-premises or O365)

• Access to RMS SDK

• Bring your own key

Azure AD for O365+

• Single sign-on for all cloud apps

• Advanced MFA for all workloads

• Self-service group management and

password reset with write back to

on-premises directory

• Advanced security reports

• FIM (Server + CAL)

MDM for O365+

• PC management

• Mobile app management

(prevent cut/copy/paste/save as from

corporate apps to personal apps)

• Secure content viewers

• Certificate provisioning

• System Center integration

RMS for O365+

• Protection for on-premises Windows

Server file shares

• Email notifications when sharing

documents

• Email notifications when shared

documents are forwarded

Identity and Access Management

Windows 10

Enterprise Mobility Suite

• Single sign-on for business cloud apps

• Device setup and registration for

Windows devices

• Windows Store for Business

• Traditional domain join manageability

• Manageability via MDM and MAM

• Encryption for data at rest and

generated on device

• Encryption for data included in

roaming settings

• Conditional access policies for

enhanced single sign-on security

• MDM auto-enrollment

• Self-service group and application

management

• Password reset with write back to

on-premises directory

• Cloud-based advanced security reports

• Microsoft Identity Manager

• Mobile device management

• Mobile app management

• Secure content viewer

• Certificate, Wi-Fi, VPN, email profile

provisioning

• Agent-based management of Windows

devices (domain-joined via ConfigMgr

and internet-based via Intune)

• Tracking and notifications for shared

documents

• Protection for content stored in Office

and Office 365

• Protection for on-premises Windows

Server file shares

• Behavioral analytics for advanced

threat detection

• Detection for known malicious attacks

and security issues

Mobile device and app management

Information protection

Identity and Access Management

We Drive Business Evolution Forward

Strategi

Protect

Serve

Twitter: olavtwitt

Blog: olavtvedt.blogspot.com

E-Post: olav.tvedt@Lumagate.comOlav Tvedt | Principal

Global Product ManagerMobility And User Experience

MVP Cloud and Datacenter Management

Microsoft EMS