Successfully reported this slideshow.
Your SlideShare is downloading. ×

MMS 2015: What is ems and how to configure it


Check these out next

1 of 52 Ad

More Related Content

Slideshows for you (20)

Similar to MMS 2015: What is ems and how to configure it (20)


Recently uploaded (20)

MMS 2015: What is ems and how to configure it

  1. 1. What is Microsoft Enterprise Mobility Suite and how to configure it Peter Daalmans @pdaalmans Mirko Colemberg @mirkocolemberg
  2. 2. #MMSMOA @pdaalmans Sn. Technical Consultant, IT-Concern Breda, Netherlands Peter Daalmans
  3. 3. #MMSMOA @mirkocolemberg Principal Consultant Solothurn, Switzerland Mirko Colemberg
  4. 4. Agenda • EMS Components • Azure AD Premium • Microsoft Intune • Azure RMS • How to get started?
  5. 5. Enterprise Mobility Suite
  6. 6. What is MS EMS? • Enterprise Mobility Suite • Azure Active Directory Premium • Microsoft Intune • Azure Rights Management
  7. 7. Identity Azure AD Premium
  8. 8. Making hybrid identity simple – 6 clicks to the cloud Azure AD Connect Consolidated deployment assistant for your identity bridge components (The difference is the Password) ADFS use cases Tighter AD integration Security Policy Conditional Access Smart Card Authentication DirSync Azure AD Sync FIM+Azure AD Connector Azure AD Connect
  9. 9. Identity: Cloud, Sync or Federated?     Cloud identity provides a solution where all identity resides in the cloud Federated identity allows customers to retain all authentication on-premises Identity sync enables customers to bridge their existing identity into the cloud B2B federated identity allows customers to securely share and collaborate with each other
  10. 10. Azure Active Directory Premium Active Directory in the cloud • Federation and identity provisioning Centrally managed identities • Synchronization • Single User Identity (SSO) Monitoring and protect access to cloud apps • Authentication and Security reports • Multi-Factor Authentication (MFA) Empower end Users • Self-Service password reset
  11. 11. No Object Limit No Object Limit No Limit Advanced Security Reports Yes(Advanced)** Premium + Basic Features Group-based access management/provisioning Yes Yes Self-Service Password Reset for cloud users Yes Yes Company Branding (Logon Pages/Access Panel customization) Yes Yes SLA Yes Yes AAD editions comparison
  12. 12. Other premium features
  13. 13. Self-service group management, including dynamic membership calculation in these groups and distribution lists, based on the user’s attributes. Users can reset their passwords significantly reducing help desk burden and costs. Users can edit their profile details to update and add missing information Self service experience for users
  14. 14. Monitor and protect access on go-anywhere devices Security reporting that tracks inconsistent access patterns, analytics and alerts. Built-in security features, like “you cant be in two places at once”. Ensure secure access by enabling MFA XXXXX XXXXX XXXXX
  15. 15. Multi-factor authentication Any two or more of the following factors:  Something you know: a password or PIN.  Something you have: a phone, credit card or hardware token.  Something you are: a fingerprint, retinal scan or other biometric. Stronger when using two different channels (out-of-band).
  16. 16. Premium Reports Premium reports: • Advanced application usage reporting • Password reset activity • Selfservice activity • Identify unexpected logon behavior
  17. 17. Premium Reports
  18. 18. Discovery from non-Windows devices • Cloud App Discovery gateway • Devices can be configured to go through gateway • Requires MDM for deployment across organization
  19. 19. Integrate on-prem apps with Azure AD End-user portal – Access Panel Azure AD authentication capabilities: • Username and password synced from on-prem AD • Federated login to on-prem or other federation servers • Multi-factor authentication • Customized login screen • Authorization based on user or groups • SSO to Office365, thousands of SaaS apps and all applications integrated with AAD Reports, auditing and security monitoring based on big data and machine learning. Azure Active Directory Resource ResourceResource Corporate Network DMZ Connector Connector Application Proxy Access Panel Portal Authentication + MFA Reporting & Auditing Security Monitoring Authorization
  20. 20. Demo Azure Active Directory Premium
  21. 21. Microsoft Intune MDM, MAM and more
  22. 22. Microsoft Intune • Mobile Device Management • Windows, Windows Phone, IOS and Android • Policy and Application Management • Compliance reporting • Conditional Access to resources • Selective Wipe Devices • Hybrid / Cloud solution
  23. 23. Single management console for IT admins Configuration Manager console (hybrid)Intune web console (cloud only)
  24. 24. Comprehensive lifecycle management Enroll • Provide a self-service Company Portal for users to enroll devices • Deliver custom terms and conditions at enrollment • Bulk enroll devices using Apple Configurator or service account • Restrict access to Exchange email if a device is not enrolled Retire • Revoke access to corporate resources • Perform selective wipe • Audit lost and stolen devices Provision • Deploy certificates, email, VPN, and WiFi profiles • Deploy device security policy settings • Install mandatory apps • Deploy app restriction policies • Deploy data protection policies Manage and Protect • Restrict access to corporate resources if policies are violated (e.g., jailbroken device) • Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem • Report on device and app compliance User IT
  25. 25. Microsoft Intune Company Portal(s)
  26. 26. Company portal self-service experience • Consistent experience across: • Windows • Windows Phone • Android • iOS • Discover and install corporate apps • Manage devices and data • Customizable terms and conditions • Ability to contact IT • Force the Policy refresh
  27. 27. Mobile Device – Portals All portals offer the same experience (except for Windows Phone)
  28. 28. Microsoft Intune Device Enrolment – The new way Conditional access
  29. 29. Enrolling Devices Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on-premises and in the cloud Dirsync w Pwd Sync Connector Internal Connector
  30. 30. Conditional access for Office 365 7 Enrollment/compliance remediation5 If not compliant, push device into quarantine4 2 Attempt email connection 1 3 Set device management/ compliance status 6
  31. 31. Demo Device Enrolment – The new way Conditional access
  32. 32. Microsoft Intune Application Management
  33. 33. Mobile Application Management Maximize mobile productivity and protect corporate resources with Office mobile apps Extend these capabilities to existing line-of-business apps using the Intune app wrapper Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps Personal apps
  34. 34. Mobile Application Management Copy Paste Save Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem Save to personal storage Paste to personal app
  35. 35. Mobile App Config Policy • Preconfigure iOS Apps with settings • App need to support iOS App Config Policy • See for more info:
  36. 36. Demo Mobile Application Management
  37. 37. Microsoft Intune Soon available: Mac OS X management 37
  38. 38. Mac OS X support for • Enrollment • Deploying policies • Deploying profiles • Remote actions • Reporting
  39. 39. Demo Mac OS X
  40. 40. Rights Management Protecting the data
  41. 41. Microsoft Rights Management • Encrypt and control • Documents • Mails • Prevent unwanted viewing/printing or access to Corporate data
  42. 42. Protect data with Rights Management File Services Rights Management
  43. 43. Integrating RMS into workflows
  44. 44. Sharing documents securely
  45. 45. Demo Rights Management
  46. 46. How to get started? With Microsoft EMS
  47. 47. How to get started? Go to > Try now • Sign up • Setup AAD Connect (synchronize accounts) • Set MDM authority • Configure platforms • Enroll!
  48. 48. Share your ideas • Share your voice / ideas! • •
  49. 49. Questions
  50. 50. Thank you!
  51. 51. Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS! Session Title: What is Microsoft Enterprise Mobility Suite and how to configure it Discuss… Ask your questions-real world answers! Plenty of time to engage, share knowledge. SPONSORS