You are on page 1of 48

E n a b l i n g D i g i t a l Tr a n s f o r m a t i o n

Microsoft Enterprise Mobility & Security


MICROSOFT 2016

Paul Carvouni, APAC Solutions Sales Lead, Enterprise Mobility & Security
Agenda
1. The changing Enterprise Mobility & Security market

2. Microsoft EMS strategy and vision, market position, global adoption

3. EMS business value:


• Comprehensive layered security across ALL Cloud, web, mobile services
• IT Consolidation, ONE Mobility & Security platform – ROI inside 12 months!
• Enable Digital transformation > powerful business user experience

4. Leveraging existing MS investments > AD, O365, SCCM, Windows

5. Open forum/Q&A
THE WORLD
HAS CHANGED.
Is it possible to keep up?
Is it possible to stay secure?
Lost device

Data leaks

Users Business partners

Data
Compromised identity

Customers
Apps
Employees

Stolen credentials Devices






Devices Apps Data
IDENTITY - DRIVEN SECURITY

Enterprise Mobility +Security


Extend enterprise-grade security
to your cloud and SaaS apps

Microsoft Cloud App Security

Microsoft
Intune
Azure Active Directory
Premium

Manage identity with hybrid


integration to protect application
access from identity attacks
Azure Information
Protect your data, Protection
everywhere Protect your users,
devices, and apps

Detect threats early


with visibility and Microsoft
threat analytics Advanced Threat Analytics
Identity - and access Device & App - Data - Information Identity & App –
management Managed mobile protection Identity driven
productivity security

New New
Azure Active Directory Azure Information Microsoft Cloud New
Premium P2 Protection Premium P2 App Security
Identity and access Intelligent classification and Enterprise-grade visibility,
EMS management with advanced encryption for files shared control, and protection for
E5 protection for users and inside and outside your your cloud applications
privileged identities organization
(includes all capabilities in P1) (includes all capabilities in P1)

Azure Active Directory Microsoft Intune Azure Information Microsoft Advanced


Premium P1 Protection Premium P1 Threat Analytics
Mobile device and app
Secure single sign-on to management to protect Encryption for all files and Protection from advanced
EMS 2,500+ cloud and on- corporate apps and data on storage locations targeted attacks leveraging
E3 premises apps any device Cloud-based file tracking user and entity behavioral
analytics
MFA, conditional access, and
advanced security reporting
1. Comprehensive & unique layered Security
for Cloud, Web, Mobile services
ENTERPRISE MOBILITY + SECURITY

Identity-driven Managed mobile Comprehensive


security productivity solution, 12 month ROI
IDENTITY – DRIVEN SECURITY

Identity Devices Apps & Data


Cloud apps
Shadow
IT SaaS
Azure
Employees
Partners
Customers

Data breach

Identity breach On-premises apps

Transition to New attack Current defenses


cloud & mobility landscape
not sufficient
IDENTITY – DRIVEN SECURITY

Identity is the foundation for EMS

Simple connection
Windows Server
Active Directory

Other
directories Self-service Single sign-on
SaaS
Azure

Public
cloud

On-premises Microsoft Azure Active Directory Cloud, Web, Mobile,


Custom Apps
IDENTITY – DRIVEN SECURITY

1. Protect at the front door


Safeguard your resources at the front door with innovative and
advanced risk-based conditional accesses

2. Provide layered protection > user, app,


device, data
Gain deep visibility into user, device, and data activity on-premises
and in the cloud.

3. Detect attacks before they cause damage


Uncover suspicious activity and pinpoint threats with deep
visibility and ongoing behavioral analytics.
IDENTITY – DRIVEN SECURITY

Conditions Actions
Allow access
Location Or

Device state
User Enforce MFA
User/Application per user/per
app
Risk

Block access

MFA
CLOUD-POWERED PROTECTION

Identity Protection at its best

Infected Leaked
Gain insights from a consolidated view of devices Configuration credentials
machine learning based threat detection
Brute force
vulnerabilities
Suspicious sign- Risk-based
attacks in activities
policies
Remediation recommendations MFA Challenge
Risky Logins

Machine-Learning Engine Change bad


Risk severity calculation credentials

Block attacks

Risk-based conditional access automatically


protects against suspicious logins and
compromised credentials
CLOUD-POWERED PROTECTION

Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

Infected Leaked
devices Configuration credentials
vulnerabilities
Brute force Suspicious sign-
attacks in activities

Security/Monitoring/Reporting
Notifications Solutions

Data Extracts/Downloads

Reporting APIs

Apply Microsoft learnings to your


existing security tools
Microsoft machine - learning engine
IDENTITY – DRIVEN SECURITY

How do I gain visibility How do I prevent data How do I control data


and control of my leakage from my on-premises and in
cloud apps? mobile apps? the cloud

Cloud App Security Microsoft Intune Azure Information Protection

Shadow IT Discovery DLP for Office 365 mobile apps Classify & Label

Risk scoring Optional device management Protect

Policies for data control LOB app protection Monitor and Respond
IDENTITY – DRIVEN SECURITY

On-premises detection Detection in the cloud

Microsoft Advanced Threat Analytics (ATA) Cloud App Security + Azure Active Directory Premium

Behavioral Analytics Behavioral analytics

Detection of known malicious attacks Anomaly detection

Detection of known security issues Security reporting and monitoring


ENTERPRISE MOBILITY + SECURITY

Identity-driven Managed mobile Comprehensive


security productivity solution, 12 month ROI
MANAGED MOBILE PRODUCTIVITY

Manage and secure devices


Office mobile apps native integration
Data-level protection
User self-service
MANAGED MOBILE PRODUCTIVITY

Multi-identity policy
Managed apps
Managed Corporate Managed
Email
apps data apps
attachment

Personal Paste
data Copy Save

Paste to Save to
personal personal storage
app

Personal apps Personal apps


Personal
apps
MANAGED MOBILE PRODUCTIVITY

Protect your Enable safe Empower Maintain


data at all sharing users to visibility and
times internally and make right control
externally decisions
MANAGED MOBILE PRODUCTIVITY

IT admin sets policies,


templates, and rules

STRICTLY CONFIDENTIAL

CONFIDENTIAL FINANCE

INTERNAL
CONFIDENTIAL
NOT RESTRICTED

Classify data according to policies – automatically or by user Add persistent labels defining sensitivity to files
2. IT Consolidation, One platform for all
your Mobility and Security needs
ENTERPRISE MOBILITY + SECURITY

Identity-driven Managed mobile Comprehensive


security productivity solution, 12 month ROI
COMPREHENSIVE SOLUTION

Always Works with Simple to set


up to date what you have up and connect
• Real-time updates • Support multiple platforms • Easy, secure connections
• Keep up with new • Use existing investments • Simplified management
apps and devices
COMPREHENSIVE SOLUTION

EMS Commercial Value – Consolidation vs point solutions


For the cost of Identity & Access Management and MDM/ MAM from other vendors, EMS provides advanced
security capabilities to protect users, devices, apps and data.

Included with Available separately


Microsoft EMS E5 from other vendors

Information protection

User and Entity Behavioral Analysis 1


$$
Cloud Access Security Broker
2
Identity and access management $8
2
Mobile device and application management $10

$X Total cost (per user/month) $18+

1. Individual pricing not currently available. 2. Okta Enterprise Edition as of 3/1/2015. 3. AirWatch Orange Management Suite Cloud as of 3/1/2015.
Categories Current State Roadmap Key Benefits l Capabilities
• Lower cost and complexity
• Industry leading platform with clear roadmaps
Email & Collaboration • Richer user experience enabling more end user productivity
• Aligns with mobile first associate experience that users love
• DLP, data retention and unified EDISOVERY
• Attract new generation of talented associates

• EMS includes the following:


• Hybrid Identity via Azure AD Premium
• FIM included in EMS
• Customize and enlighten applications capability
• SDK for 3rd party developers
• Support for iOS, Android and Win Mobile Devices
• Information Protection via Azure RMS
Enterprise Mobility
• Multi Factor Authentication
• Single Management Console for all devices
• Single sign on with SaaS applications
• Increased self-service capabilities, including password reset

• Type 1 Communications Cost Savings (Handset hardware, PBX Elimination, R&M,


Unified Communications Telco, Conferencing, Travel, Training)
• Single associate experience for Voice, Video, IM l Presence, Conferencing, Remote
Desktop, File Sharing

• Per user licensing model supports BYOD by freeing associates to use or access
Windows Ent across all devices, including iOS and Android
• Flexibility to deliver Windows Ent across devices through local install, Virtual
Device Strategy Desktop Infrastructure (VDI), or Windows To GoPatch Management
• Provide a secure device environment with the latest security threat
management solutions (N-1)
• Transition away from VDI to published app model
COMPREHENSIVE SOLUTION

Simple set up with FastTrack


Envision Onboard Drive Value

FastTrack is included with EMS to accelerate your deployments

Azure Active Directory Microsoft Intune Azure Rights Management


Premium

FastTrack will:
FastTrack will: FastTrack will:
Setup and deploy mobile app management
Get organizational identities to the cloud policies to help prevent Office 365 data leakage Retain control of sensitive documents locally and
Set up single sign-on for test apps (including over email
Setup and deploy device security policies like pin
Azure Active Directory Application Proxy apps) or device encryption Automatically protect mail containing privileged
Configure self-service options like password information
Integrate on-premises System Center
reset and Azure Multi-Factor Authentication in Configuration Manager with Intune Ensure files stored in SharePoint are rights
the MyApps site protected
Enable conditional access and compliance
policies to control access to data
3. Enabling Digital Transformation >
Powerful Business User experience, across all
cloud/web/mobile services
> Drive rapid adoption of business apps & services across any mobile
platforms

http://myapps.microsoft.com
http://myapps.microsoft.com
Identity and access Managed mobile Information Identity-driven
management productivity protection security

Enterprise Azure AD for O365 + Cloud, MDM for O365+ RMS for O365+ Cloud App Security
Web, Mobile Apps • Automated intelligent
Mobility • PC management
classification and labeling of
• Visibility and control for all cloud
& Security • Advanced security reports
• Mobile app management data
apps
• Single sign-on for all apps (prevent cut/copy/paste/save as Advanced Threat Analytics
from corporate apps to • Tracking and notifications for
Cloud, Web, • Advanced MFA
personal apps) shared documents • Identify advanced threats in on
premises identities
Mobile Apps • Self-service group management
• Secure content viewers • Protection for on-premises
& password reset & write back Azure AD Premium P2
> beyond to on-premises • Certificate provisioning
Windows Server file shares
• Risk based conditional access
O365 • Dynamic Groups, licensing • System Center integration
assignment

Basic identity mgmt. Basic mobile device RMS protection Advanced Security
via Azure AD for O365: management via RMS for O365 Management
• Single sign-on for O365 via MDM for O365 • Protection for content stored in • Insights into suspicious activity in
• Device settings management Office (on-premises or O365) Office 365
• Basic multi-factor
authentication (MFA) for O365 • Selective wipe • Access to RMS SDK
• Built into O365 management • Bring your own key
console
Identity and access Managed mobile Information Identity-driven
management productivity protection security

• Conditional access policies for • Mobile device management • Automated intelligent Cloud App Security
secure single sign-on • Mobile app management classification and labeling of • Visibility and control for all cloud
• MDM auto-enrollment Secure content viewer data apps
Enterprise

• Self-Service Bitlocker recovery • Certificate, Wi-Fi, VPN, email • Tracking and notifications for
shared documents Advanced Threat Analytics
Mobility • Password reset with write back
to on-premises
profile provisioning
• Agent-based management of • Protection for content stored in
• Behavioral analytics for advanced
threat detection
+Security • Cloud-based advanced security Windows devices (domain- Office and Office 365 &
reports and monitoring joined via ConfigMgr and Windows Server on premises Azure AD Premium
• Enterprise State-Roaming internet-based via Intune) • Risk based conditional access

• Single sign-on for business • Windows Store for Business • Encryption for data at rest and Windows Defender Advanced
cloud apps • Traditional domain join generated on device Threat Protection

Windows • Device setup and registration


for Windows devices
manageability
• Manageability via MDM and
• Encryption for data included in
roaming settings
• Identify advanced threats focused
on Windows 10 behavioral sensors

10 MAM

You might also like