Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2

Share

Download to read offline

Microsoft EMS and Office 365 - Better Together

Download to read offline

EMS extends the capabilities of Office 365 in three key areas:

Deliver and manage access to all your apps. With Office 365, users get convenient single sign to Office Mobile apps. EMS extends this convenience to all apps to 1000’s of cloud and on-premises apps with a single identity managed and protected.

Manage your mobile apps and empower collaboration. Its not enough to simply control access to apps. To better protect data, EMS also enables you to control how users actually share data within these apps with people inside and outside the company.

Secure against on-premises and cloud-based threats. EMS protects your organization at the front door by managing and protecting users identities. It also works to detect internal threats uses cutting-edge behavioral analytics and anomaly detection technologies to uncover suspicious activity and pinpoint threats—on-premises and in the cloud.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Microsoft EMS and Office 365 - Better Together

  1. 1. Enterprise Mobility + Security Why should Office365 customers consider EMS? David J. Rosenthal, VP & GM, Digital Business Solutions Razor Technology Microsoft Briefing Center, NYC February 23, 2017
  2. 2. Secure access Single sign-on experience augmented by self-service capabilities. Mobile management Control how data within Office Mobile apps (and other apps) is shared. Advanced security Protect against identity breaches that can result in data loss. Extending Office 365 capabilities through EMS
  3. 3. Secure access
  4. 4. Conditions Device state • Allow • Remediate • Block access • Wipe device Actions User MFA Microsoft Azure Location (IP range) User group Risk On-premises applications • Enforce MFA
  5. 5. Ensure the right people have access to apps and files under the right conditions. On-premises applications Microsoft Azure Enable compliant users with easy access to all resources. Adjust access policies in real time with machine learning. Empower users with self-service options.
  6. 6. EMS connects your workforce to 1000s of cloud and on-premises applications using one unified identity. Single sign-on to Office 365 and all other applications User SINGLE SIGN- ON TO ALL APPS On-premises applications Microsoft Azure
  7. 7. Cloud HR Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps HR and other directories 2500+ popular SaaS apps Connect and sync on-premises directories with Azure Easily publish on-premises web apps via Application Proxy + Custom apps through a rich standards-based platform Microsoft Azure AD
  8. 8. Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials. Gain insights from a consolidated view of machine learning based threat detection. Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Leaked credentials Infected devices Configuration vulnerabilities Brute force attacks Suspicious sign- in activities
  9. 9. Enforce on-demand, just-in-time administrative access when needed. Gain more visibility through alerts, audit reports, and access reviews. Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
  10. 10. Account, apps and group management Self-service password reset Application access requests Integrated Office 365 app launching Self-service capabilities in EMS include:
  11. 11. Mobile management
  12. 12. Protect Office Mobile app data with • App encryption at rest • App access control – PIN or credentials • Save as/copy/paste restrictions • App-level selective wipe Extend protection to line of business and third-party apps Personal apps Corporate apps MDM policies MAM policies MDM – optional (Intune or third party) Azure Rights Management Microsoft Intune Corporate data Personal data Multi-identity policy
  13. 13. Intune gives you the option to manage the data, without the need to manage the device. A great option for BYOD scenarios where your end users may be reluctant to enroll their personal devices. Protect with and without enrollment
  14. 14. SECRET CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin can set policies, templates, and rules. Classifications, labels and encryption can be applied automatically based on file source, context, and content. EMS extends Office 365 manual protection of files with automatic protection to ensure policy compliance. User can build on policies. User can track file and revoke access if needed.
  15. 15. Revoke access in the case of unexpected sharing Track who accessed the data, when, and where Sue Bob Jane Jane Competitors Jane’s access is revoked Bob accessed from South America Jane accessed from India Joe blocked in North America Jane blocked in Africa Sue Map View
  16. 16. Advanced security
  17. 17. Shadow IT Data breach Employees Partners Customers Cloud apps Identity Devices Apps & Data Transition to cloud & mobility New attack landscape Current defenses not sufficient Identity breach On-premises apps SaaS Azure
  18. 18. Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users. An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection
  19. 19. Shadow IT Sanctioned App Security Visibility and control Compliance and regulations Integration with existing systems and workflows Cloud security expertise Cloud Discovery
  20. 20. Cross-SaaS solution • Shadow IT discovery • Advanced visibility, data control, and protection • Threat detection and prevention Office 365 Advanced Security Management Enhanced visibility and control for Office 365 • Discovery for apps with similar functionality to Office 365 • App permissions and control • Advanced security alerts Cloud App Security
  21. 21. Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Advanced Security Management • Insights into suspicious activity in Office 365 Azure Active Directory • Risk based conditional access • Advanced security reports • Single sign-on for all apps • Advanced MFA • Dynamic Groups, Group based licensing assignment • Privileged identity management Identity and access management Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Identity-driven security Intune • Mobile app management • Users self-service management • Certificate provisioning • PC management Azure Information Protection • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Information protection Managed mobile productivity
  22. 22. Capabilities and features - details
  23. 23. Directory as a service (no object limit) ● ● User and group management ● ● Single sign-on for pre-integrated SaaS and custom applications ● ● Security/usage reports ● ● Self-service password reset for cloud users ● ● Company branding (logon pages/access panel customization) ● ● Application proxy ● ● SLA 99.9% ● ● Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups ● ● Self-service password reset/change/unlock with write-back to on-premises directories ● ● Multi-Factor Authentication (cloud and on-premises (MFA server)) ● Limited cloud-only for Office 365 Apps ● MDM auto-enrollment, Self-service BitLocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming ● ● Group-based access management/provisioning ● MIM CAL + MIM Server*** ● Cloud app discovery ● Connect Health ● Conditional Access based on group/location/device state ● Identity Protection ● Privileged Identity Management ● Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator BitLocker recovery ● *Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune, or any other Microsoft paid online service that relies on Azure Active Directory for directory services. **With Azure AD Free and Azure AD Basic, end-users are entitled to get single sign-on access for up to 10 applications. ***Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
  24. 24. RMS for O365* Azure RMS (EMS) Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content ● ● Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 ● ● Custom templates, including departmental templates ● ● Protection for on-premises Exchange and SharePoint content via Rights Management Services (RMS) connector ● ● RMS software developer kit for all platforms: Windows, Windows Mobile, iOS, Mac OSX, and Android ● ● Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection) ●** ● RMS content consumption by using work or school accounts from RMS policy-aware apps and services ● ● RMS content creation by using work or school accounts ●*** ● Manual document classification and consumption of classified documents ● ● Automated data classification and administrative support for automated rule sets ● Hold Your Own Key (HYOK) that spans Azure RMS and Active Directory RMS for highly regulated scenarios ● RMS connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector ● Document tracking and revocation ● *Some Office 365 subscriptions also include data protection using Microsoft Azure RMS. For information on those Office 365 subscriptions and the data protection capabilities they include, refer to Azure Information Protection licensing datasheet. **Azure subscription required to use configured key for Bring Your Own Key (BYOK). ***Currently, you can also use this free subscription to help protect documents and create new email messages with enhanced protection. However, the ability to author new protected content is intended for trial use only and might be removed in the future.
  25. 25. Cloud-based management for iOS, Android, and Windows Phone. ● ● ● Device configuration Inventory mobile devices that access corporate applications ● ● ● Remote factory reset (full device wipe) ● ● ● Mobile device configuration settings (PIN length, PIN required, lock time, etc.) ● ● ● Self-service password reset (Office 365 cloud only users) ● ● ● Office365 Provides reporting on devices that do not meet IT policy ● ● Group-based policies and reporting (ability to use groups for targeted device configuration) ● ● Root cert and jailbreak detection ● ● Remove Office 365 app data from mobile devices while leaving personal data and apps intact (Selective wipe) ● ● Prevent access to corporate email and documents based upon device enrollment and compliance policies ● ● Premiummobile device&appmanagement Self-service Company Portal for users to enroll their own devices and install corporate apps ● Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles ● Prevent cut/copy/paste/save as of data from corporate apps to personal apps (Mobile application management) ● Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune ● Remote device lock via self-service Company Portal and via admin console ● Enroll and manage collections of corporate-owned devices, simplifying policy and app deployment. ● Deploy your internal line-of-business apps and apps in stores to users. ● Enable more secure web browsing using the Intune Managed Browser app ● PC management Cloud-based management for Mac OS X and Windows PCs. ● PC management (e.g. inventory, antimalware, patch, policies, etc.) ● OS deployment (via System Center ConfigMgr) ● PC software management ● Single management console for PCs and mobile devices (through integration with System Center ConfigMgr) ●
  26. 26. Contact us for additional information & deployment offers David.Rosenthal@razor-tech.com
  • thetootall

    Apr. 26, 2017
  • ssuseradfed3

    Apr. 15, 2017

EMS extends the capabilities of Office 365 in three key areas: Deliver and manage access to all your apps. With Office 365, users get convenient single sign to Office Mobile apps. EMS extends this convenience to all apps to 1000’s of cloud and on-premises apps with a single identity managed and protected. Manage your mobile apps and empower collaboration. Its not enough to simply control access to apps. To better protect data, EMS also enables you to control how users actually share data within these apps with people inside and outside the company. Secure against on-premises and cloud-based threats. EMS protects your organization at the front door by managing and protecting users identities. It also works to detect internal threats uses cutting-edge behavioral analytics and anomaly detection technologies to uncover suspicious activity and pinpoint threats—on-premises and in the cloud.

Views

Total views

1,875

On Slideshare

0

From embeds

0

Number of embeds

6

Actions

Downloads

155

Shares

0

Comments

0

Likes

2

×