Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance

1,134 views

Published on

Delivered a session for C# Corner Bangalore Chapter Meet on the following topic : Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance.

Event Url: http://www.c-sharpcorner.com/events/learn-azure-microsoft-teams-and-office-365

Published in: Technology
  • Be the first to comment

Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance

  1. 1. Ravikumar Sathyamurthy @shakthiravi Microsoft MVP | Office Servers and Services Understanding the benefits of Azure Active Directory, Enterprise Mobility + Security (EM+S) and Tips to get prepared for GDPR Compliance. 18/11/2017 www.anywherexchange.com
  2. 2. • Identity as a Control Plane – Setting the Stage • Azure AD and EM+S an Overview • Understanding the benefits of Azure AD & EM+S • Microsoft 365 Enterprise Introduction • GDPR Overview • Tips to get Prepared for GDPR Compliance • Q&A
  3. 3. Windows Server Active Directory Azure Public cloud Microsoft Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
  4. 4. Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
  5. 5. • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
  6. 6. Every Office 365 and Microsoft Azure customer uses Azure Active Directory 272K 90%56K950M12.8M +30% YoY +45% YoY +74% YoY +200% YoY
  7. 7. Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access
  8. 8. I want to provide my employees secure and easy access to every application from any location and any device I need my customers and partners to access the apps they need from everywhere and collaborate seamlessly I want to quickly deploy applications to devices, do more with less and automate Join/Move/Leave processes I want to write applications that work with my corporate identities in Azure Active Directory I want to protect access to my resources from advanced threats I need to comply with industry regulation and national data protection laws Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access 1 2 3 4 5 6
  9. 9. ENTERPRISE MOBILITY + SECURITY Holistic, intelligent, innovative security to keep up with new threats. Identity-driven security Secure your enterprise fast – while keeping what you have and saving money. Comprehensive solution Encourage secure work habits by providing the best apps with built-in security. Managed mobile productivity
  10. 10. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5
  11. 11. Azure Protection
  12. 12. Mobile device & app management Information protection Holistic and innovative solutions for protection across users, devices, apps and data Protect at the front door Detect & remediate attacks Protect your data anywhere Azure Active Directory Premium Microsoft Intune Azure Information Protection Microsoft Cloud App Security Microsoft Advanced Threat Analytics Identity and access management Threat detection
  13. 13. Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities ● Microsoft Intune Mobile device and app management to protect corporate apps and data on any device ● ● Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking ● ● Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization ● Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications ● Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics ● ● Identity and access management Managed mobile productivity Information protection Threat Detection
  14. 14. Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Azure AD for O365+ • Advanced security reports • Single sign-on for all apps • Advanced MFA • Self-service group management & password reset & write back to on-premises, • Dynamic Groups, Group based licensing assignment MDM for O365+ • PC management • Mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps) • Secure content viewers • Certificate provisioning • System Center integration RMS for O365+ • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Advanced Security Management • Insights into suspicious activity in Office 365 Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Azure AD Premium P2 • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
  15. 15. Windows 10 Enterprise Mobility +Security • Single sign-on for business cloud apps • Device setup and registration for Windows devices • Windows Store for Business • Traditional domain join manageability • Manageability via MDM and MAM • Encryption for data at rest and generated on device • Encryption for data included in roaming settings • Conditional access policies for secure single sign-on • MDM auto-enrollment • Self-Service Bitlocker recovery • Password reset with write back to on-premises • Cloud-based advanced security reports and monitoring • Enterprise State-Roaming • Mobile device management • Mobile app management • Secure content viewer • Certificate, Wi-Fi, VPN, email profile provisioning • Agent-based management of Windows devices (domain- joined via ConfigMgr and internet-based via Intune) • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for content stored in Office and Office 365 & Windows Server on premises Windows Defender Advanced Threat Protection • Identify advanced threats focused on Windows 10 behavioral sensors Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Behavioral analytics for advanced threat detection Azure AD Premium • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
  16. 16. Microsoft 365 A complete, intelligent, secure solution to empower employees Intelligent security Unlocks creativity Built for teamwork Integrated for simplicity Microsoft 365 powered device The best way to deliver Microsoft 365 to your employees. Office 365 + Windows 10 + Enterprise Mobility + Security
  17. 17. Office 365 Enterprise Chat- centric workspace Email & Calendar Voice, Video & Meetings Office applications/ co-authoring Sites & Content Management Analytics Advanced Security & Compliance Enterprise Mobility+ Security Identity & Access Management Managed Mobile Productivity Information Protection Identity Driven Security Windows 10 Enterprise Advanced Endpoint Security Designed For Modern IT More Productive Powerful, Modern devices Microsoft 365 Enterprise
  18. 18. https://docs.microsoft.com/en-us/microsoft-365-enterprise/
  19. 19. FastTrack for Microsoft 365 Move to the cloud with confidence Migrate email, content, and light up Microsoft 365 services Deploy and securely manage devices Enable your business and gain end-user adoption Delivered by Microsoft engineers as part of your subscription Tight integration with qualified partners for additional services Maximized ROI Faster Deployment Higher Adoption FastTrack.microsoft.com
  20. 20. The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. EU General Data Protection Regulation Enhanced personal privacy rights Increased duty to protect data Mandatory breach reporting Significant penalties for non-compliance
  21. 21. When must we be compliant? What if we are not compliant? Who needs to be compliant? Organizations inside or outside of the EU that process personal data of EU residents. Companies can be fined up to €20m or 4% of annual global turnover, whichever is greater, for failure to meet GDPR requirements. The European Parliament approved and adopted the GDPR in April 2016 and enforcement begins on May 25, 2018.
  22. 22. 2012 May 25 2018Spring 2014 April 27 2016 2016/20172015 EU Council reaches agreement Separate negotiations within Council and European parliament European Commission publishes legislative proposal EP reaches agreement Negotiations and approval among the three institutions Regulation published in the Official Journal Two-year implementation phase EU general data protection regulation European Commission European Parliament Regulation applies going forward
  23. 23. What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Organizations will need to: • Train privacy personnel & employees • Audit and update data policies • Employ a Data Protection Officer (if required) • Create & manage compliant vendor contracts Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Individuals have the right to: • Access their personal data • Correct errors in their personal data • Erase their personal data • Object to processing of their personal data • Export personal data Organizations must: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies
  24. 24. Personal data Any information related to an identified or identifiable natural person including direct and indirect identification. Examples include: • Name • Identification number (e.g., SSN) • Location data (e.g., home address) • Online identifier (e.g., e-mail address, screen names, IP addresses, device IDs) Sensitive personal data Personal data afforded enhanced protections: • Genetic data (e.g., an individual’s gene sequence) • Biometric Data (e.g., fingerprints, facial recognition, retinal scans) • Sub categories of personal data including: • Racial or ethnic origin • Political opinions, religious or philosophical beliefs • Trade union membership • Data concerning health • Data concerning a person’s sex life or sexual orientation How the EU GDPR defines personal data
  25. 25. Protecting customer privacy with GDPR What does this mean for my data?
  26. 26. 31 Microsoft Confidential – for internal only use by partners. Discover Identify what personal data you have and where it resides1 Manage Govern how personal data is used and accessed2 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches3 Report Keep required documentation, manage data requests and breach notifications4 Step-by-Step GDPR Compliance
  27. 27. Bing Xbox Live OneDrive Microsoft Digital Crimes Unit Microsoft Cyber Defense Operations Center Azure Microsoft Accounts Skype Enterprise Mobility + Security Azure Active Directory
  28. 28. Access granted to data Apps Risk MICROSOFT INTUNE AZURE ACTIVE DIRECTORY MICROSOFT CLOUD APP SECURITY AZURE INFORMATION PROTECTION MICROSOFT ADVANCED THREAT ANALYTICS ! Device ! CONDITIONAL ACCESS Location Classify Audit Protect Label ! !
  29. 29. DEMOS!
  30. 30. IF Privileged user? Credentials found in public? Accessing sensitive app? Unmanaged device? Malware detected? IP detected in Botnet? Impossible travel? Anonymous client? High Medium Low User risk 10TB per day THEN Require MFA Allow access Deny access Force password reset****** Limit access High Medium Low Session risk Azure Bing OneDrive Microsoft Cyber Defense Operations Center Microsoft Cybercrime Center Xbox Live Microsoft Accounts Skype
  31. 31. Enforce on-demand, just-in-time administrative access when needed Use Alert, Audit Reports and Access Review Domain User Global Administrator Discover, restrict, and monitor privileged identities Domain User Administrator privileges expire after a specified interval
  32. 32. https://servicetrust.microsoft.com/
  33. 33. Microsoft.com/GDPR Microsoft Online Services and GDPR • Microsoft Azure • Office and Office 365 • Microsoft Dynamics 365 • Enterprise Mobility Suite • Windows and Windows Server • SQL Server
  34. 34. Q&A

×