Successfully reported this slideshow.
Your SlideShare is downloading. ×

MMS 2015: Secure your data and apps with the enterprise

Loading in …3

Check these out next

1 of 35 Ad

More Related Content

Slideshows for you (20)


Similar to MMS 2015: Secure your data and apps with the enterprise (20)

Recently uploaded (20)


MMS 2015: Secure your data and apps with the enterprise

  1. 1. Secure your data and apps with the Microsoft Enterprise Mobility Suite Chris Nackers @chrisnack Peter Daalmans @pdaalmans Mirko Colemberg @Mirkocolemberg
  2. 2. #MMSMOA @pdaalmans Sn. Technical Consultant, IT-Concern Breda, Netherlands Peter Daalmans
  3. 3. #MMSMOA Principal Consultant Confgimgr.chSince 1999 Solothurn, Switzerland Mirko Colemberg mirkocolemberg Configmgr_ch
  4. 4. #MMSMOA @chrisnack Consultant, Nackers Consulting Breda, Netherlands Chris Nackers 10 years
  5. 5. Agenda • App layer protection concepts • Azure AD Premium • Identity + Application Proxy • Intune • Conditional Access • MAM • Azure Rights Management • How to configure
  6. 6. App layer protection The concepts
  7. 7. Device, Application, Information Mobile Devices MDM MAM MIM Company Company Private Private Company Company Private Private Company Company Private Private Private
  8. 8. Azure AD Premium Identity
  9. 9. Identity: Cloud, Sync or Federated?     Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud B2B federated identity allows customers to securely share and collaborate with each other
  10. 10. Azure Active Directory Premium Active Directory in the cloud • Federation and identity provisioning Centrally managed identities • Synchronization • Single User Identity (SSO) Monitoring and protect access to cloud apps • Authentication and Security reports • Multi-Factor Authentication (MFA) Empower end Users • Self-Service password reset
  11. 11. Discovery from non-Windows devices • Cloud App Discovery gateway • Devices can be configured to go through gateway • Requires MDM for deployment across organization
  12. 12. Integrate on-prem apps with Azure AD End-user portal – Access Panel Azure AD authentication capabilities: • Username and password synced from on-prem AD • Federated login to on-prem or other federation servers • Multi-factor authentication • Customized login screen • Authorization based on user or groups • SSO to Office365, thousands of SaaS apps and all applications integrated with AAD Reports, auditing and security monitoring based on big data and machine learning. Azure Active Directory Resource ResourceResource Corporate Network DMZ Connector Connector Application Proxy Access Panel Portal Authentication + MFA Reporting & Auditing Security Monitoring Authorization
  13. 13. Demo Azure Active Directory Premium
  14. 14. Microsoft Intune Conditional Access
  15. 15. Conditional Access • What can we do? • Force enrollment before access to Exchange or SharePoint • Force compliance before access to Exchange or SharePoint • Much more investments coming soon (see
  16. 16. Conditional access for Office 365 7 Enrollment/compliance remediation5 If not compliant, push device into quarantine4 2 Attempt email connection 1 3 Set device management/ compliance status 6
  17. 17. Demo Setting up Conditional Access
  18. 18. Microsoft Intune Mobile Application Management
  19. 19. Mobile Application Management • What can we do? • Force compliance before access to the app and data • Secure the data within the app • Prohibit copy/paste • Prohibit screenshots • Prohibit save as • Force encryption • Secure app by PIN or corporate credentials • Secure LOB apps via App Wrapper
  20. 20. Microsoft Intune Managed Apps • See for an up to date list:
  21. 21. Mobile Application Management Maximize mobile productivity and protect corporate resources with Office mobile apps Extend these capabilities to existing line-of-business apps using the Intune app wrapper Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps Personal apps
  22. 22. Mobile Application Management Copy Paste Save Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem Save to personal storage Paste to personal app
  23. 23. Demo Configuring MAM
  24. 24. Demo Yeah, Copy Paste!
  25. 25. Azure Rights Management Protecting the data
  26. 26. Azure Rights Management “It uses encryption, identity and authorization policies to help secure your files and email, and it works across multiple devices.”
  27. 27. Azure Rights Management – Cool Features Protection stays with the file Works both inside and outside the company Easy Audit and monitoring On-prem (RMS Connector) and O365 support
  28. 28. Demo Protecting your files
  29. 29. So, what fits where? Secure your data and apps in the enterprise
  30. 30. What fits where? ITUser Enterprise Mobility Suite Identify and authorize user Apply device policies Apply application policies Apply content policies Active Directory Premium Rights Management
  31. 31. Share your ideas • Share your voice / ideas! • •
  32. 32. Questions
  33. 33. Thank you!
  34. 34. Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS! Session Title: Secure your data and apps with the Microsoft EMS Discuss… Ask your questions-real world answers! Plenty of time to engage, share knowledge. SPONSORS