Professional Documents
Culture Documents
Paul Carvouni, APAC Solutions Sales Lead, Enterprise Mobility & Security
Agenda
1. The changing Enterprise Mobility & Security market
5. Open forum/Q&A
THE WORLD
HAS CHANGED.
Is it possible to keep up?
Is it possible to stay secure?
Lost device
Data leaks
Data
Compromised identity
Customers
Apps
Employees
•
•
•
Devices Apps Data
IDENTITY - DRIVEN SECURITY
Microsoft
Intune
Azure Active Directory
Premium
New New
Azure Active Directory Azure Information Microsoft Cloud New
Premium P2 Protection Premium P2 App Security
Identity and access Intelligent classification and Enterprise-grade visibility,
EMS management with advanced encryption for files shared control, and protection for
E5 protection for users and inside and outside your your cloud applications
privileged identities organization
(includes all capabilities in P1) (includes all capabilities in P1)
Data breach
Simple connection
Windows Server
Active Directory
Other
directories Self-service Single sign-on
SaaS
Azure
Public
cloud
Conditions Actions
Allow access
Location Or
Device state
User Enforce MFA
User/Application per user/per
app
Risk
Block access
MFA
CLOUD-POWERED PROTECTION
Infected Leaked
Gain insights from a consolidated view of devices Configuration credentials
machine learning based threat detection
Brute force
vulnerabilities
Suspicious sign- Risk-based
attacks in activities
policies
Remediation recommendations MFA Challenge
Risky Logins
Block attacks
Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Infected Leaked
devices Configuration credentials
vulnerabilities
Brute force Suspicious sign-
attacks in activities
Security/Monitoring/Reporting
Notifications Solutions
Data Extracts/Downloads
Reporting APIs
Shadow IT Discovery DLP for Office 365 mobile apps Classify & Label
Policies for data control LOB app protection Monitor and Respond
IDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA) Cloud App Security + Azure Active Directory Premium
Multi-identity policy
Managed apps
Managed Corporate Managed
Email
apps data apps
attachment
Personal Paste
data Copy Save
Paste to Save to
personal personal storage
app
STRICTLY CONFIDENTIAL
CONFIDENTIAL FINANCE
INTERNAL
CONFIDENTIAL
NOT RESTRICTED
Classify data according to policies – automatically or by user Add persistent labels defining sensitivity to files
2. IT Consolidation, One platform for all
your Mobility and Security needs
ENTERPRISE MOBILITY + SECURITY
Information protection
1. Individual pricing not currently available. 2. Okta Enterprise Edition as of 3/1/2015. 3. AirWatch Orange Management Suite Cloud as of 3/1/2015.
Categories Current State Roadmap Key Benefits l Capabilities
• Lower cost and complexity
• Industry leading platform with clear roadmaps
Email & Collaboration • Richer user experience enabling more end user productivity
• Aligns with mobile first associate experience that users love
• DLP, data retention and unified EDISOVERY
• Attract new generation of talented associates
• Per user licensing model supports BYOD by freeing associates to use or access
Windows Ent across all devices, including iOS and Android
• Flexibility to deliver Windows Ent across devices through local install, Virtual
Device Strategy Desktop Infrastructure (VDI), or Windows To GoPatch Management
• Provide a secure device environment with the latest security threat
management solutions (N-1)
• Transition away from VDI to published app model
COMPREHENSIVE SOLUTION
FastTrack will:
FastTrack will: FastTrack will:
Setup and deploy mobile app management
Get organizational identities to the cloud policies to help prevent Office 365 data leakage Retain control of sensitive documents locally and
Set up single sign-on for test apps (including over email
Setup and deploy device security policies like pin
Azure Active Directory Application Proxy apps) or device encryption Automatically protect mail containing privileged
Configure self-service options like password information
Integrate on-premises System Center
reset and Azure Multi-Factor Authentication in Configuration Manager with Intune Ensure files stored in SharePoint are rights
the MyApps site protected
Enable conditional access and compliance
policies to control access to data
3. Enabling Digital Transformation >
Powerful Business User experience, across all
cloud/web/mobile services
> Drive rapid adoption of business apps & services across any mobile
platforms
http://myapps.microsoft.com
http://myapps.microsoft.com
Identity and access Managed mobile Information Identity-driven
management productivity protection security
Enterprise Azure AD for O365 + Cloud, MDM for O365+ RMS for O365+ Cloud App Security
Web, Mobile Apps • Automated intelligent
Mobility • PC management
classification and labeling of
• Visibility and control for all cloud
& Security • Advanced security reports
• Mobile app management data
apps
• Single sign-on for all apps (prevent cut/copy/paste/save as Advanced Threat Analytics
from corporate apps to • Tracking and notifications for
Cloud, Web, • Advanced MFA
personal apps) shared documents • Identify advanced threats in on
premises identities
Mobile Apps • Self-service group management
• Secure content viewers • Protection for on-premises
& password reset & write back Azure AD Premium P2
> beyond to on-premises • Certificate provisioning
Windows Server file shares
• Risk based conditional access
O365 • Dynamic Groups, licensing • System Center integration
assignment
Basic identity mgmt. Basic mobile device RMS protection Advanced Security
via Azure AD for O365: management via RMS for O365 Management
• Single sign-on for O365 via MDM for O365 • Protection for content stored in • Insights into suspicious activity in
• Device settings management Office (on-premises or O365) Office 365
• Basic multi-factor
authentication (MFA) for O365 • Selective wipe • Access to RMS SDK
• Built into O365 management • Bring your own key
console
Identity and access Managed mobile Information Identity-driven
management productivity protection security
• Conditional access policies for • Mobile device management • Automated intelligent Cloud App Security
secure single sign-on • Mobile app management classification and labeling of • Visibility and control for all cloud
• MDM auto-enrollment Secure content viewer data apps
Enterprise
•
• Self-Service Bitlocker recovery • Certificate, Wi-Fi, VPN, email • Tracking and notifications for
shared documents Advanced Threat Analytics
Mobility • Password reset with write back
to on-premises
profile provisioning
• Agent-based management of • Protection for content stored in
• Behavioral analytics for advanced
threat detection
+Security • Cloud-based advanced security Windows devices (domain- Office and Office 365 &
reports and monitoring joined via ConfigMgr and Windows Server on premises Azure AD Premium
• Enterprise State-Roaming internet-based via Intune) • Risk based conditional access
• Single sign-on for business • Windows Store for Business • Encryption for data at rest and Windows Defender Advanced
cloud apps • Traditional domain join generated on device Threat Protection
10 MAM