MMS 2015: Secure your data and apps with the enterprise

1. Secure your data and apps with the Microsoft Enterprise Mobility Suite Chris Nackers @chrisnack http://chrisnackers.com Peter Daalmans @pdaalmans http://ref.ms/aboutme Mirko Colemberg @Mirkocolemberg http://blog.colemberg.ch

2. #MMSMOA @pdaalmans Sn. Technical Consultant, IT-Concern Configmgrblog.com ref.ms/aboutme Breda, Netherlands Peter Daalmans

3. #MMSMOA Principal Consultant Confgimgr.chSince 1999 Solothurn, Switzerland Mirko Colemberg mirkocolemberg Configmgr_ch

4. #MMSMOA @chrisnack Consultant, Nackers Consulting Chrisnackers.com Breda, Netherlands Chris Nackers 10 years

5. Agenda • App layer protection concepts • Azure AD Premium • Identity + Application Proxy • Intune • Conditional Access • MAM • Azure Rights Management • How to configure

6. App layer protection The concepts

7. Device, Application, Information Mobile Devices MDM MAM MIM Company Company Private Private Company Company Private Private Company Company Private Private Private

8. Azure AD Premium Identity

9. Identity: Cloud, Sync or Federated?     Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud B2B federated identity allows customers to securely share and collaborate with each other

10. Azure Active Directory Premium Active Directory in the cloud • Federation and identity provisioning Centrally managed identities • Synchronization • Single User Identity (SSO) Monitoring and protect access to cloud apps • Authentication and Security reports • Multi-Factor Authentication (MFA) Empower end Users • Self-Service password reset

11. Discovery from non-Windows devices • Cloud App Discovery gateway • Devices can be configured to go through gateway • Requires MDM for deployment across organization

12. Integrate on-prem apps with Azure AD End-user portal – Access Panel Azure AD authentication capabilities: • Username and password synced from on-prem AD • Federated login to on-prem or other federation servers • Multi-factor authentication • Customized login screen • Authorization based on user or groups • SSO to Office365, thousands of SaaS apps and all applications integrated with AAD Reports, auditing and security monitoring based on big data and machine learning. Azure Active Directory Resource ResourceResource Corporate Network DMZ Connector Connector Application Proxy Access Panel Portal Authentication + MFA Reporting & Auditing Security Monitoring Authorization

13. Demo Azure Active Directory Premium

14. Microsoft Intune Conditional Access

15. Conditional Access • What can we do? • Force enrollment before access to Exchange or SharePoint • Force compliance before access to Exchange or SharePoint • Much more investments coming soon (see ref.ms/emsroadmap)

16. Conditional access for Office 365 7 Enrollment/compliance remediation5 If not compliant, push device into quarantine4 2 Attempt email connection 1 3 Set device management/ compliance status 6

17. Demo Setting up Conditional Access

18. Microsoft Intune Mobile Application Management

19. Mobile Application Management • What can we do? • Force compliance before access to the app and data • Secure the data within the app • Prohibit copy/paste • Prohibit screenshots • Prohibit save as • Force encryption • Secure app by PIN or corporate credentials • Secure LOB apps via App Wrapper

20. Microsoft Intune Managed Apps • See for an up to date list: http://ref.ms/mamlist

21. Mobile Application Management Maximize mobile productivity and protect corporate resources with Office mobile apps Extend these capabilities to existing line-of-business apps using the Intune app wrapper Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps Personal apps

22. Mobile Application Management Copy Paste Save Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem Save to personal storage Paste to personal app

23. Demo Configuring MAM

24. Demo Yeah, Copy Paste!

25. Azure Rights Management Protecting the data

26. Azure Rights Management “It uses encryption, identity and authorization policies to help secure your files and email, and it works across multiple devices.”

27. Azure Rights Management – Cool Features Protection stays with the file Works both inside and outside the company Easy Audit and monitoring On-prem (RMS Connector) and O365 support

28. Demo Protecting your files

29. So, what fits where? Secure your data and apps in the enterprise

30. What fits where? ITUser Enterprise Mobility Suite Identify and authorize user Apply device policies Apply application policies Apply content policies Active Directory Premium Rights Management

31. Share your ideas • Share your voice / ideas! • http://microsoftintune.uservoice.com/ • http://configurationmanager.uservoice.com/

32. Questions

33. Thank you!

34. Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS! Session Title: Secure your data and apps with the Microsoft EMS Discuss… Ask your questions-real world answers! Plenty of time to engage, share knowledge. SPONSORS

MMS 2015: Secure your data and apps with the enterprise

You are reading a preview.

Check these out next

MMS 2015: Secure your data and apps with the enterprise

More Related Content

Slideshows for you (20)

Viewers also liked (6)

Similar to MMS 2015: Secure your data and apps with the enterprise (20)

Recently uploaded (20)