At Agile IT, we've been leading the trend in moving customers to the Microsoft Cloud. Along that roadmap is the need to secure and manage the devices that will access that data. The Microsoft Enterprise Mobility Suite (EMS) focuses on managing both the data that's accessible from the cloud as well as the devices that access it. In this webinar, we introduce you to EMS and focus on how cloud technologies work together to deliver a seamless solution for protecting your data.
The accompanying recording of the webinar can be found at https://youtu.be/NOWFI4xl-dM.
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Agile IT EMS webinar series, session 1
1.
2. During this webinar, we will
introduce you to the Microsoft
Enterprise Mobility Suite (EMS)
and focus on how these cloud
technologies work together to
deliver a seamless solution for
protecting your data. We will
also provide a roadmap for
success to ensure a smooth
transition within your
organization.
IT organizations have to balance
the need to secure the data
with end-user productivity.
During this part of the webinar
series, Agile IT will demonstrate
how end-users will maintain the
high productivity found within
Office 365 but within the
policies defined by their IT
organization.
The Microsoft Enterprise
Mobility Suite (EMS) leverages
the existing infrastructure that
an IT organization has in
production (e.g. Active
Directory) while integrating with
Microsoft Cloud Services such as
Microsoft Office 365. Agile IT
will explain the core integration
points that are utilized by EMS.
Part 1
Understanding Microsoft EMS
Part 2
EMS from the End-Users
Perspective
Part 3
EMS from the Administrators
Perspective
http://www.agileit.com/landing/ems-webinar/
Oct 20, 2015, 11:00am (Pacific) Nov 03, 2015, 11:00am (Pacific) Nov 17, 2015, 11:00am (Pacific)
4. • Easily manage identities across
on-premises and cloud-based
environments
• Single sign-on and self-service
for corporate resources
Azure Active Directory
Premium
Unified identity Manage apps & devices Protect data
Microsoft Intune
Azure Rights
Management
• Leverage MDM and MAM to
protect corporate apps and data
on almost any device
• Use encryption, identity, and
authorization to secure corporate
files and email across phones,
tablets, and PCs
Enterprise Mobility Suite
5. Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
User IT
ActiveDirectoryPremium
RightsManagement
Enterprise Mobility Suite
6. Azure Active Directory Premium
Your directory in the cloud
• Connect on-premises
directories to Azure AD
• Azure AD Sync Multi-Forest
Support
• Single Sign-on to thousands
SaaS apps+ LoB and Custom
application support for over
2,400+ SAS applications!
• Enterprise SLA of 99.9
percent
Empower users
• Self-service password
change
• Self-Service password reset
• Delegated group
management
• Self-Service security settings
management
Centrally managed
identities and access
• Group-based user
assignment and provisioning
to SaaS Apps
• Company branding
Built on top of the free offering
Robust set of capabilities for empowering enterprises with
demanding identity and access management needs
Usage rights for Microsoft Identity Manager server licenses
and CALs
Monitor and protect
access to applications
• Password re-hashing
• Advanced Security reporting
and analytics with machine
learning
• Application usage reports
• Alerting
• Multi-factor authentication
• Suspend MFA from known
devices
7. Manage mobile productivity and protect data with Office
Mobile apps for iOS and Android
Manage policy for existing iOS line of business apps (so called
“app wrapping”)
Managed browser and PDF/Audio/Video viewers
Provide access to Exchange and OneDrive for Business
resources only to managed devices
Deny access if a device falls out of compliance
Enable IT to bulk enroll corporate-owned task-worker
devices
Support for Apple Configurator
Microsoft Manageability FutureManage mobile productivity without compromising compliance
Conditional Access
Policy to Email and
Documents
Enroll and Manage
Corporate-owned
Devices
Manage Mobile
Productivity and
Protect Data
with Office
Personal
Corporate
8. Protect data with rights management
Take advantage of
hybrid options across
Windows Server and
Azure Rights
Management service
Integrate Microsoft
SharePoint and
Microsoft Exchange
Server
Automatically identify
and classify data
based on content with
automatic encryption
More securely share
documents with
colleagues and
business partners
Improve ease of use
through integration
with Office 2010/13,
Windows Shell
extensions, and cross-
platform clients
9. Enterprise
Mobility
Suite
Mobile device and app
management
Information
protection
Basic identity management
via Azure AD for Office 365
Single sign-on for Office 365
Basic multifactor authentication for
Office 365
Basic mobile device
management via MDM for
Office 365
Device settings management
Selective wipe
Built into Office 365 Management
Console
RMS protection via RMS for
Office 365
Protection for content stored in
Office (on-premises or Office 365)
Access to RMS SDK
Bring Your Own Key
Azure AD for Office 365+
Single sign-on for all cloud apps
Advanced multifactor authentication
for all workloads
Self-service group management and
password reset with write back to on-
premises directory
Advanced security reports
FIM (now MIM), Server + CAL
MDM for Office 365+
PC management
Mobile app management (separate
personal and business data)
Secure content viewers
Certificate provisioning
System Center integration
Compliance Policies
Conditional Access
RMS for Office 365+
Protection for on-premises Windows
Server file shares
Email notifications when sharing
documents
Email notifications when shared
documents are forwarded
Office Integration
Managed browser, PDF, Email
Identity & Access
Management
10.
11. • What it is
• Predefined and Focused Proof of Concept deployment
• 100% Cloud Infrastructure
• Provide a “Full” experience to administrators and end users with the Microsoft EMS solution
deployed.
• Allows an organization to effectively evaluate and plan for an EMS solution
• What it is NOT
• Production deployment for an entire organization
• One to many training for administrators and end users
• Customized architecture and deployment to closely meet your explicit business objectives
• What you’ll need
• 3 Workstations
• 2 non-PC Devices (iPad, iPhone, Android, or Windows Phone)
• Existing Office 365 deployment
12. • Sign up for the next Webinar (next slide)
• Get an AgileEMS POC going in your
environment to start experiencing the benefits
of EMS firsthand. (Trial Licenses Available)
• Sales@agileit.com
13. During this webinar, we will
introduce you to the Microsoft
Enterprise Mobility Suite (EMS)
and focus on how these cloud
technologies work together to
deliver a seamless solution for
protecting your data. We will
also provide a roadmap for
success to ensure a smooth
transition within your
organization.
IT organizations have to balance
the need to secure the data
with end-user productivity.
During this part of the webinar
series, Agile IT will demonstrate
how end-users will maintain the
high productivity found within
Office 365 but within the
policies defined by their IT
organization.
The Microsoft Enterprise
Mobility Suite (EMS) leverages
the existing infrastructure that
an IT organization has in
production (e.g. Active
Directory) while integrating with
Microsoft Cloud Services such as
Microsoft Office 365. Agile IT
will explain the core integration
points that are utilized by EMS.
Part 1
Understanding Microsoft EMS
Part 2
EMS from the End-Users
Perspective
Part 3
EMS from the Administrators
Perspective
http://agileit.co/agile-ems
Oct 20, 2015, 11:00am (Pacific) Nov 03, 2015, 11:00am (Pacific) Nov 17, 2015, 11:00am (Pacific)
Editor's Notes
Microsoft has 4 layers to protect the data cached on the device. First, we have Azure Active Directly that can identify and authorize the user to access corporate data including features like single sign-on and multi-factor authentication. Next, Intune can protect the device by enforcing corporate policies on the device. Intune also provides the next layer of protection by directly managing apps and data on the device with Intune MAM. Finally, Azure RMS protects the files when they roam inside or outside of the organization. Azure RMS protected files can independently identify the users who do or do not have access to the files.
Identify & Authorize User
Apply Device Policies
- Policies to restrict device behaviors. E.g., PIN, Encryption, Camera etc.
Apply Application & Information Policies
- App specific policies to restrict data leakage, enforce corporate data protection, data encryption at rest and App level selective wipe
Apply Content Policies
- Rights management policies to protect data when it roams inside or outside the organization boundaries.
Discuss how the existing on-prem AD is extended to the cloud. Once that happens we now have an “internet connected ID” that allows us;
to use SSO with thousands of SaaS applications
Monitor logons
Enable MFA
Self Service Password change and reset
And more
All of this can happen without ever needing to connect to the tradition LAN or use of a VPN
Microsoft has offered data level protection for over 10 years through Active Directory Rights Management. This service was based only on-premises and limited to the Windows platform and Office.
At the end of 2013, we released Azure Rights Management service (RMS), which brings data level protection to all the major platforms and any document type from a cloud-based service.
Azure RMS has:
Hybrid options across Active Directory RMS and Azure RMS
Integration with on-premises Exchange and SharePoint through connectors
Integration with Windows Server File Services for DAC/FCI scenarios with a connector
The ability to securely share with colleagues and partners
Integration with Windows, Office, and cross-platform mobile applications
Additionally, with Azure RMS customers have the option to “bring their own key” for data encryption.