Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
of employees say mobile business
apps change how they work
80%
of employees use non-approved
SaaS apps for work
50%
85%
of...
Devices AppsIdentity Data
On-premises
On-premises
THE PROBLEM
The security you need integrated
with the productivity tools you want
Productivity
Secure
On-premises
OR
Apps and Data
SaaS
Malware Protection Center Hunting Teams Security Response Center
Device
CERTs and
other partners
Infras...
Microsoft Intelligent Security Graph
Unique insights, informed by trillions of signals
Windows Server
Active Directory
Azure
Public cloud
Azure
Active Directory
Commercial
IdPs
Consumer
IdPs
Partners
Customers...
1. Single-sign On to thousands of 3rd
party SaaS application from any device
2. More options for authentication than any o...
— Identity and access management for employees, partners, and customers —
Conditional
Access
Multi-Factor
Authentication
A...
Securing Identity
Modern “identity & access management
as a service”
Spans cloud and on-premises
Provides full spectrum of...
Conditional Access
Application
Per app policy
Type of client
(Web, mobile rich app)
Cloud and On-premises
applications
Mic...
Azure Multi-Factor Authentication (MFA)
Privileged identity management
Enforce on-demand, just-in-time administrative access when needed
Use Alert, Audit Reports ...
What is your favorite food?
Self Service Password Reset for WW use with a handful of click
Default or custom security ques...
Corporate
network
Microsoft Azure
Active Directory
Connectors are deployed usually on
corpnet next to resources
Multiple c...
SharePoint Online
& Office 365 apps
Assign B2B users access to any app
or service your organization owns
Add B2B users wit...
Securely authenticate your
customers using their preferred
identity provider
Capture login, preference, and
conversion dat...
Data Protection with
AIP - Azure Information
Protection
Enterprise Mobility + Security
Protect your
data anywhere
of workers have
accidentally shared
sensitive data to
the wrong ...
How much control do
you have over data?
OUT OF YOUR CONTROL
MICROSOFT’S APPROACH TO INFORMATION PROTECTION
Detect ProtectClassify Monitor
C L O U DD E V I C E S O N P R E M I S E S
C...
The evolution of Azure RMS
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
&...
Reclassification
You can override a
classification and
optionally be required to
provide a justification
Automatic
Policie...
Configure policies to discover, classify,
label and protect on premises data
Periodically scan on premises repositories
to...
Automatic classification - example
Due Diligence Documentation
Due Diligence
Category Documentation Task Owner Status
Busi...
Recommended classification - example
Reclassification and justification - example
User-driven classification - example
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Upcoming SlideShare
Loading in …5
×

Identity and Data protection with Enterprise Mobility Security in ottica GDPR

Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Identity and Data protection with Enterprise Mobility Security in ottica GDPR

  1. 1. of employees say mobile business apps change how they work 80% of employees use non-approved SaaS apps for work 50% 85% of enterprise organizations keep sensitive information in the cloud On-premises
  2. 2. Devices AppsIdentity Data On-premises
  3. 3. On-premises
  4. 4. THE PROBLEM The security you need integrated with the productivity tools you want Productivity Secure On-premises OR
  5. 5. Apps and Data SaaS Malware Protection Center Hunting Teams Security Response Center Device CERTs and other partners Infrastructure Antivirus Network PaaS IaaS Identity INTELLIGENT SECURITY GRAPH Cyber Defense Operations Center Law Enforcement Digital Crimes Unit
  6. 6. Microsoft Intelligent Security Graph Unique insights, informed by trillions of signals
  7. 7. Windows Server Active Directory Azure Public cloud Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
  8. 8. 1. Single-sign On to thousands of 3rd party SaaS application from any device 2. More options for authentication than any other vendor. 3. Unmatched Office 365 Integration. 4. Secure remote access to on-premises apps. Remote Access to on-premises apps SSO to SaaS Office 365 App Launcher Azure AD Connect
  9. 9. — Identity and access management for employees, partners, and customers — Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access
  10. 10. Securing Identity Modern “identity & access management as a service” Spans cloud and on-premises Provides full spectrum of services • Hybrid Identity • Federation & SSO • Identity management • Device registration • User provisioning • Conditional Access control • Data protection • B2B & B2C • App integration • MFA and security features Apps in MS Cloud Third-party web apps & SaaS clouds Microsoft Cloud Microsoft Identity Manager (MIM) Web Apps on-premises AAD App Proxy Web App Proxy (DMZ) Azure AD App Proxy Connectors Employees Everywhere access Partners Everywhere access AAD B2B Customers Everywhere access B2C Azure AD Connect Other ID stores Other Active Directories Active Directory Federation Services (ADFS)
  11. 11. Conditional Access Application Per app policy Type of client (Web, mobile rich app) Cloud and On-premises applications Microsoft, 3rd party and LOB User attributes User identity Group memberships Devices Are domain-joined Are compliant Platform type (Windows, iOS, Android) Lost or stolen Other Location (IP Range) Risk profile (with Azure Identity Protection) ENFORCE MFA ALLOW BLOCK IDENTITY-DRIVEN SECURITY
  12. 12. Azure Multi-Factor Authentication (MFA)
  13. 13. Privileged identity management Enforce on-demand, just-in-time administrative access when needed Use Alert, Audit Reports and Access Review Domain User Global Administrator Discover, restrict, and monitor privileged identities Domain User Administrator privileges expire after a specified interval
  14. 14. What is your favorite food? Self Service Password Reset for WW use with a handful of click Default or custom security questions Email to external verified mail Mobile phone call or TXT Office phone call Self-service password change: The user knows their password but wants to change it to something new. Self-service password reset: The user is unable to sign in and wants to reset their password by using one or more of the following validated authentication methods. Self-service account unlock: The user is unable to sign in with their password and has been locked out. The user wants to unlock their account without administrator intervention by using their authentication methods.
  15. 15. Corporate network Microsoft Azure Active Directory Connectors are deployed usually on corpnet next to resources Multiple connectors can be deployed for redundancy, scale, multiple sites, and different resources Users connect to the cloud service that routes their traffic to resources via the connectors A connector that auto-connects to the cloud service Azure Active Directory Application Proxy 1000s OF APPS, 1 IDENTITY DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1
  16. 16. SharePoint Online & Office 365 apps Assign B2B users access to any app or service your organization owns Add B2B users with accounts in other Azure AD organizations Other organizations Add B2B users with MSA or other Identity Provider accounts Other Identity Providers* Microsoft Account On- premises Microsoft Azure Active Directory
  17. 17. Securely authenticate your customers using their preferred identity provider Capture login, preference, and conversion data for customers Provide branded (white-label) registration and login experiences Social IDs Business & Government IDs contoso Customers Analytics Apps Microsoft Azure Active Directory
  18. 18. Data Protection with AIP - Azure Information Protection
  19. 19. Enterprise Mobility + Security Protect your data anywhere of workers have accidentally shared sensitive data to the wrong person 58% Stroz Friedberg
  20. 20. How much control do you have over data? OUT OF YOUR CONTROL
  21. 21. MICROSOFT’S APPROACH TO INFORMATION PROTECTION Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Comprehensive protection of sensitive data throughout the lifecycle – inside and outside the organization Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation
  22. 22. The evolution of Azure RMS DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT
  23. 23. Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
  24. 24. Configure policies to discover, classify, label and protect on premises data Periodically scan on premises repositories to label and protect data Run in discovery or enforce modes Critical for migration scenarios and compliance with regulations such as GDPR Azure Information Protection scanner
  25. 25. Automatic classification - example Due Diligence Documentation Due Diligence Category Documentation Task Owner Status Business Plan, Corporate Structure, Financing Business plan Current five-year business plan Prior business plan Corporate organization Articles of incorporation Bylaws Recent changes in corporate structure Parent, subsidiaries, and affiliates Shareholders’ agreements Minutes from board meetings
  26. 26. Recommended classification - example
  27. 27. Reclassification and justification - example
  28. 28. User-driven classification - example

×