This session will provide key Microsoft cloud security standards which will allow you to maximize your organization's security posture using existing licenses, align with Microsoft's cloud security strategy, and reduce attack surface from legacy technologies. The adoption of core cloud security standards included in this discussion are how to establish single sign-on, how to only allow modern authentication, what are trusted identities and trusted devices, how to classify and protect content, and how to monitor and report on security and breaches. All of this discussion will be done in mind with usage occurring on a zero trust network.
Taking conditional access to the next levelRonny de Jong
This document discusses conditional access for managing access to resources. It provides an overview of conditional access for devices and mobile apps accessing Office 365. It also covers conditional access for on-premises Exchange and SharePoint. Upcoming features are previewed. Functionality and deployment of conditional access are discussed for mobile devices, domain joined PCs, mobile apps without MDM, and advanced scenarios using ADFS. FAQs about conditional access are also addressed.
This document discusses enabling mobility and security in an enterprise environment through tools like Azure Active Directory, Intune, and Conditional Access. It covers how to configure Azure AD join and automatic MDM enrollment on Windows 10 devices, deploy applications from the Windows Store for Business using Intune, and use Conditional Access policies to control access based on device compliance and authentication strength.
Empower Enterprise Mobility with Microsoft EMSKris Wagner
This document discusses Microsoft's Enterprise Mobility Suite (EMS) solution for managing mobile devices and enabling a productive mobile workforce. EMS provides hybrid identity management, mobile device and application management, access and information protection. It allows single sign-on, self-service password reset, and centralized application access management. EMS also provides remote device management for Windows, iOS and Android devices and helps protect corporate data on devices through features like selective wiping. The solution aims to foster employee productivity through mobility while ensuring security.
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Edge Pereira
Microsoft has solution to help you to protect your data, manage mobile devices, unify environments across OSs all this while enabling seamless collaboration. In this session we will talk about the Enterprise Mobility Suite and how it plays together with the current needs of the modern workplace. This is a DEMO HEAVY session. Bring your devices. You will be part of the demo.
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
In the presentation learn what you need to do in AD FS, Active Directory, and Azure Active Directory to leverage domain joined machines in conditional access policies to O365 services.
Taking conditional access to the next levelRonny de Jong
This document discusses conditional access for managing access to resources. It provides an overview of conditional access for devices and mobile apps accessing Office 365. It also covers conditional access for on-premises Exchange and SharePoint. Upcoming features are previewed. Functionality and deployment of conditional access are discussed for mobile devices, domain joined PCs, mobile apps without MDM, and advanced scenarios using ADFS. FAQs about conditional access are also addressed.
This document discusses enabling mobility and security in an enterprise environment through tools like Azure Active Directory, Intune, and Conditional Access. It covers how to configure Azure AD join and automatic MDM enrollment on Windows 10 devices, deploy applications from the Windows Store for Business using Intune, and use Conditional Access policies to control access based on device compliance and authentication strength.
Empower Enterprise Mobility with Microsoft EMSKris Wagner
This document discusses Microsoft's Enterprise Mobility Suite (EMS) solution for managing mobile devices and enabling a productive mobile workforce. EMS provides hybrid identity management, mobile device and application management, access and information protection. It allows single sign-on, self-service password reset, and centralized application access management. EMS also provides remote device management for Windows, iOS and Android devices and helps protect corporate data on devices through features like selective wiping. The solution aims to foster employee productivity through mobility while ensuring security.
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Edge Pereira
Microsoft has solution to help you to protect your data, manage mobile devices, unify environments across OSs all this while enabling seamless collaboration. In this session we will talk about the Enterprise Mobility Suite and how it plays together with the current needs of the modern workplace. This is a DEMO HEAVY session. Bring your devices. You will be part of the demo.
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
In the presentation learn what you need to do in AD FS, Active Directory, and Azure Active Directory to leverage domain joined machines in conditional access policies to O365 services.
At Agile IT, we've been leading the trend in moving customers to the Microsoft Cloud. Along that roadmap is the need to secure and manage the devices that will access that data. The Microsoft Enterprise Mobility Suite (EMS) focuses on managing both the data that's accessible from the cloud as well as the devices that access it. In this webinar, we introduce you to EMS and focus on how cloud technologies work together to deliver a seamless solution for protecting your data.
The accompanying recording of the webinar can be found at https://youtu.be/NOWFI4xl-dM.
Getting started with the Enterprise Mobility Suite (EMS)Ronni Pedersen
This document summarizes an Enterprise Mobility Suite roadshow presentation. It discusses key topics like why mobile management is important, what EMS is and why enterprises need it, and how to configure and get started with EMS. The presentation provides an overview of EMS components like Microsoft Intune, Azure Active Directory Premium, and Azure Rights Management. It demonstrates how to set up subscriptions, configure Azure AD sync, enroll devices, and manage settings and applications with Intune.
Microsoft Enterprise Mobility Suite Launch Presentation - AtidanDavid J Rosenthal
Enterprise Mobility Suite (EMS) is Here from Atidan starting April 2015
Device Management, Access Control, Information Protection
Hybrid and Cloud Identity with Azure Active Directory Premium
Device Management, Access Control, Information Protection
Mobile Device Management with Microsoft Intune
Mobile device settings management
Mobile app management
Selective wipe
Data Protection with Azure Rights Management
Information protection
Connection to on-premises assets
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
Key components of the Enterprise Mobility Suite are Azure AD Premium, Windows Intune and Azure Rights Management.
Learn from Peter De Tender, Microsoft Infrastructure Architect, MCT and MVP not only what the Microsoft Enterprise Mobility Suite is, but also how one can deploy it in an enterprise organization. By attending this session, you will gain the knowledge to optimize the adoption of IT, BYOD and SaaS as the core cloud solution components. Key concepts that will be covered are identity and access management, mobile device management and data protection.
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
Sparkhound Senior Infrastructure Consultant David Pechon discusses Identity Management for O365 and Azure at the 2015 SharePoint TechFest Dallas event held at the Irving Convention Center. Learn how Active Directory Federation Services and DirSync allow you to synchronize your organization’s Active Directory and use it to authenticate users to Office 365 applications, such as Exchange Online, OneDrive for Business and SharePoint Online.
The document discusses Microsoft's Enterprise Mobility Suite (EMS), which provides capabilities for hybrid identity, mobile device management, and access and information protection. EMS includes Microsoft Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management. It offers identity and access management, mobile application and device management, self-service password reset, multi-factor authentication, and information protection and rights management. Pricing for EMS starts at $4 per user per month through an Enterprise Agreement.
This document discusses how Microsoft can help with mobile transformation across five key areas: device management, content management, application management, application development, and identity and access. It provides details on Microsoft solutions like Intune, Office 365, Azure, Visual Studio, and others and how they address capabilities in each area like device management, secure access to data, managing and developing apps, and unified identity. The overall message is that Microsoft provides a comprehensive set of tools to empower enterprise mobility and secure access to corporate resources from any device.
Overview of Azure AD
Deployment lessons from the real world
Outline items that can accelerate your deployment
Avoid things that can slow you down
Deep Dive on common technical challenges and how to overcome them
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
Windows 10 is better with EMS
Windows 10 is the best Windows ever and provides a foundation for protection against modern threats and continuous management while enabling your users to be more productive. To get the most out of your mobile security and productivity strategy, integrate the Microsoft Enterprise Mobility Suite (EMS) with Windows 10 for greater protection of users, devices, apps, and data.
A key concern for you continues to be security, and rightly so. Identity is the control plane at the center of our solution helping you to be more secure. Only Microsoft offers cloud identity and access management solutions running at Internet scale and designed to help secure your IT environment. Microsoft Azure Active Directory has hundreds of millions of users, is available in 35 datacenters around the world, and has processed more than 1 trillion (yes, trillion) authentications. Our innovative new technology, Microsoft Advanced Threat Analytics is designed to help you identify advanced persistent threats in your organization before they cause damage.
KEY FEATURES
Threat detection: Detect abnormal user behavior, suspicious activities, known malicious attacks and security issues right away. Focus on what is important using a simple, convenient feed.
Conditional access: Control access to applications and other corporate resources like email and files with policy-based conditions that evaluate criteria such as device health, user location etc. This includes support for multi factor authentication (MFA).
Single sign-on: Sign in once to cloud and on-premises web apps from any device. Pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps.
Conditional access policies in Azure Active Directory control who has access to what resources and from where based on conditions. Policies consist of assignments determining scope, conditions regarding platforms/locations/apps, and controls for authentication and session behavior. Risk-based access can be configured to require multifactor authentication at certain risk levels. Policies grant or block access and optionally enforce device compliance, password strength, and other requirements. Admins create policies by defining these components and preview the access statements that will be implemented.
Key components of the Enterprise Mobility Suite are Azure AD Premium, Windows Intune and Azure Rights Management. Learn not only what the Microsoft Enterprise Mobility Suite is, but also how one can deploy it in an enterprise organization. During this session, you will gain the knowledge to optimize the adoption of IT, BYOD and SaaS as the core cloud solution components. Key concepts that will be covered are identity and access management, mobile device management and data protection.
Windows 10 A Guide to Secure Mobility in the EnterpriseGerard Konan
Windows 10 connaît croissance significative dans l'entreprise; De 150 millions de PCs aujourd'hui, les projections prévoient 1 milliard de PCs d'ici la mi-2018. Êtes-vous prêt à gérer les nouvelles fonctionnalités et de sécuriser les terminaux mobiles dotés du dernier OS de Microsoft?
Rejoignez Chuck Brown, d'IBM MaaS360 et Jimmy Tsang pour découvrir comment les amélioration de Windows 10 sont en train de changer la donne pour les entreprises:
- Des API de sécurité universel pour smartphones, tablettes et ordinateurs portables
- Les systèmes d'exploitation convergents à travers les ordinateurs de bureau, ordinateurs portables et appareils mobiles
- Gestion unifiée des points de terminaison et appareils Mobile grâce à un seul console
- Effacement sélectif des périphériques gérés pour protéger les données sensibles de l'entreprise
Nous vous présenterons également les clé de gestion de mobilité d'entreprise permettant une intégration parfaite entre la fournitures des services IT Mobiles et le contrôle des appareils Windows XP à 10, iOS, Android avec IBM MaaS360.
Identity + Mobile Management + Security
Keep your employees productive on their favorite apps and devices—and your company data protected with enterprise mobility solutions from Microsoft.
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanDavid J Rosenthal
Enterprise Mobility Suite (EMS) provides identity management, mobile device management, and information protection capabilities through Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management. EMS addresses challenges around mobile device and app management, identity and access management, and information protection. It offers a single SKU to license these Microsoft products together at a discounted rate compared to individual purchases. The presentation highlights the key components and benefits of EMS.
Review the presentation from the Next Level Learning IT Track - Windows 10 in Education. Learn about the new features of Windows 10 and what they mean for your school.
Premier Webcast - Identity Management with Windows Azure ADuberbaum
The document provides an overview of Azure Active Directory and identity management in the cloud. It begins with an agenda for the webcast and discusses how identity has changed as applications have moved to the cloud. It then covers key Azure Active Directory features like single sign-on, multi-factor authentication, access management, and its platform for developers. The document demonstrates how Azure Active Directory can provide identity services for cloud, mobile, and on-premises applications and connects directories.
Fra få til mange typer af mobile devices. Lær hvordan du administrerer dine mobile devices via SystemCenter Config Mgr og Windows Intune. Præsentation af Kent Agerlund, CoreTech
1 modern desktop - shift to a modern desktopAndrew Bettany
This document discusses shifting to a modern desktop with Microsoft 365. It notes that the modern workforce has different needs than previous generations, requiring flexibility and mobility. A modern desktop with Windows 10, Office 365, and ConfigMgr & Intune provides the most secure, productive and lowest total cost of ownership experience. It allows for findability, real-time collaboration, and AI assistance while providing strong security and manageability.
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
การเพิ่มความปลอดภัยของการ Authentication ในรูปแบบต่างๆ โดย Azure Active Directory (AAD)
เช่น MFA (Multi Factor Authentication), Conditional Access and Windows Hello for Business
โดยคุณธัญพล ษณะนาคินทร์
Microsoft MVP (Azure)
At Agile IT, we've been leading the trend in moving customers to the Microsoft Cloud. Along that roadmap is the need to secure and manage the devices that will access that data. The Microsoft Enterprise Mobility Suite (EMS) focuses on managing both the data that's accessible from the cloud as well as the devices that access it. In this webinar, we introduce you to EMS and focus on how cloud technologies work together to deliver a seamless solution for protecting your data.
The accompanying recording of the webinar can be found at https://youtu.be/NOWFI4xl-dM.
Getting started with the Enterprise Mobility Suite (EMS)Ronni Pedersen
This document summarizes an Enterprise Mobility Suite roadshow presentation. It discusses key topics like why mobile management is important, what EMS is and why enterprises need it, and how to configure and get started with EMS. The presentation provides an overview of EMS components like Microsoft Intune, Azure Active Directory Premium, and Azure Rights Management. It demonstrates how to set up subscriptions, configure Azure AD sync, enroll devices, and manage settings and applications with Intune.
Microsoft Enterprise Mobility Suite Launch Presentation - AtidanDavid J Rosenthal
Enterprise Mobility Suite (EMS) is Here from Atidan starting April 2015
Device Management, Access Control, Information Protection
Hybrid and Cloud Identity with Azure Active Directory Premium
Device Management, Access Control, Information Protection
Mobile Device Management with Microsoft Intune
Mobile device settings management
Mobile app management
Selective wipe
Data Protection with Azure Rights Management
Information protection
Connection to on-premises assets
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
Key components of the Enterprise Mobility Suite are Azure AD Premium, Windows Intune and Azure Rights Management.
Learn from Peter De Tender, Microsoft Infrastructure Architect, MCT and MVP not only what the Microsoft Enterprise Mobility Suite is, but also how one can deploy it in an enterprise organization. By attending this session, you will gain the knowledge to optimize the adoption of IT, BYOD and SaaS as the core cloud solution components. Key concepts that will be covered are identity and access management, mobile device management and data protection.
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
Sparkhound Senior Infrastructure Consultant David Pechon discusses Identity Management for O365 and Azure at the 2015 SharePoint TechFest Dallas event held at the Irving Convention Center. Learn how Active Directory Federation Services and DirSync allow you to synchronize your organization’s Active Directory and use it to authenticate users to Office 365 applications, such as Exchange Online, OneDrive for Business and SharePoint Online.
The document discusses Microsoft's Enterprise Mobility Suite (EMS), which provides capabilities for hybrid identity, mobile device management, and access and information protection. EMS includes Microsoft Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management. It offers identity and access management, mobile application and device management, self-service password reset, multi-factor authentication, and information protection and rights management. Pricing for EMS starts at $4 per user per month through an Enterprise Agreement.
This document discusses how Microsoft can help with mobile transformation across five key areas: device management, content management, application management, application development, and identity and access. It provides details on Microsoft solutions like Intune, Office 365, Azure, Visual Studio, and others and how they address capabilities in each area like device management, secure access to data, managing and developing apps, and unified identity. The overall message is that Microsoft provides a comprehensive set of tools to empower enterprise mobility and secure access to corporate resources from any device.
Overview of Azure AD
Deployment lessons from the real world
Outline items that can accelerate your deployment
Avoid things that can slow you down
Deep Dive on common technical challenges and how to overcome them
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
Windows 10 is better with EMS
Windows 10 is the best Windows ever and provides a foundation for protection against modern threats and continuous management while enabling your users to be more productive. To get the most out of your mobile security and productivity strategy, integrate the Microsoft Enterprise Mobility Suite (EMS) with Windows 10 for greater protection of users, devices, apps, and data.
A key concern for you continues to be security, and rightly so. Identity is the control plane at the center of our solution helping you to be more secure. Only Microsoft offers cloud identity and access management solutions running at Internet scale and designed to help secure your IT environment. Microsoft Azure Active Directory has hundreds of millions of users, is available in 35 datacenters around the world, and has processed more than 1 trillion (yes, trillion) authentications. Our innovative new technology, Microsoft Advanced Threat Analytics is designed to help you identify advanced persistent threats in your organization before they cause damage.
KEY FEATURES
Threat detection: Detect abnormal user behavior, suspicious activities, known malicious attacks and security issues right away. Focus on what is important using a simple, convenient feed.
Conditional access: Control access to applications and other corporate resources like email and files with policy-based conditions that evaluate criteria such as device health, user location etc. This includes support for multi factor authentication (MFA).
Single sign-on: Sign in once to cloud and on-premises web apps from any device. Pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps.
Conditional access policies in Azure Active Directory control who has access to what resources and from where based on conditions. Policies consist of assignments determining scope, conditions regarding platforms/locations/apps, and controls for authentication and session behavior. Risk-based access can be configured to require multifactor authentication at certain risk levels. Policies grant or block access and optionally enforce device compliance, password strength, and other requirements. Admins create policies by defining these components and preview the access statements that will be implemented.
Key components of the Enterprise Mobility Suite are Azure AD Premium, Windows Intune and Azure Rights Management. Learn not only what the Microsoft Enterprise Mobility Suite is, but also how one can deploy it in an enterprise organization. During this session, you will gain the knowledge to optimize the adoption of IT, BYOD and SaaS as the core cloud solution components. Key concepts that will be covered are identity and access management, mobile device management and data protection.
Windows 10 A Guide to Secure Mobility in the EnterpriseGerard Konan
Windows 10 connaît croissance significative dans l'entreprise; De 150 millions de PCs aujourd'hui, les projections prévoient 1 milliard de PCs d'ici la mi-2018. Êtes-vous prêt à gérer les nouvelles fonctionnalités et de sécuriser les terminaux mobiles dotés du dernier OS de Microsoft?
Rejoignez Chuck Brown, d'IBM MaaS360 et Jimmy Tsang pour découvrir comment les amélioration de Windows 10 sont en train de changer la donne pour les entreprises:
- Des API de sécurité universel pour smartphones, tablettes et ordinateurs portables
- Les systèmes d'exploitation convergents à travers les ordinateurs de bureau, ordinateurs portables et appareils mobiles
- Gestion unifiée des points de terminaison et appareils Mobile grâce à un seul console
- Effacement sélectif des périphériques gérés pour protéger les données sensibles de l'entreprise
Nous vous présenterons également les clé de gestion de mobilité d'entreprise permettant une intégration parfaite entre la fournitures des services IT Mobiles et le contrôle des appareils Windows XP à 10, iOS, Android avec IBM MaaS360.
Identity + Mobile Management + Security
Keep your employees productive on their favorite apps and devices—and your company data protected with enterprise mobility solutions from Microsoft.
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanDavid J Rosenthal
Enterprise Mobility Suite (EMS) provides identity management, mobile device management, and information protection capabilities through Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management. EMS addresses challenges around mobile device and app management, identity and access management, and information protection. It offers a single SKU to license these Microsoft products together at a discounted rate compared to individual purchases. The presentation highlights the key components and benefits of EMS.
Review the presentation from the Next Level Learning IT Track - Windows 10 in Education. Learn about the new features of Windows 10 and what they mean for your school.
Premier Webcast - Identity Management with Windows Azure ADuberbaum
The document provides an overview of Azure Active Directory and identity management in the cloud. It begins with an agenda for the webcast and discusses how identity has changed as applications have moved to the cloud. It then covers key Azure Active Directory features like single sign-on, multi-factor authentication, access management, and its platform for developers. The document demonstrates how Azure Active Directory can provide identity services for cloud, mobile, and on-premises applications and connects directories.
Fra få til mange typer af mobile devices. Lær hvordan du administrerer dine mobile devices via SystemCenter Config Mgr og Windows Intune. Præsentation af Kent Agerlund, CoreTech
1 modern desktop - shift to a modern desktopAndrew Bettany
This document discusses shifting to a modern desktop with Microsoft 365. It notes that the modern workforce has different needs than previous generations, requiring flexibility and mobility. A modern desktop with Windows 10, Office 365, and ConfigMgr & Intune provides the most secure, productive and lowest total cost of ownership experience. It allows for findability, real-time collaboration, and AI assistance while providing strong security and manageability.
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
การเพิ่มความปลอดภัยของการ Authentication ในรูปแบบต่างๆ โดย Azure Active Directory (AAD)
เช่น MFA (Multi Factor Authentication), Conditional Access and Windows Hello for Business
โดยคุณธัญพล ษณะนาคินทร์
Microsoft MVP (Azure)
Modern Management for Identiteter og Enheter – Azure AD, Intune og Windows 10MVP Dagen
I denne sesjonen vil vi se på hvordan hvordan vi tilrettelegger for Modern Management med Azure Active Directory, Microsoft Intune og Windows 10. Vi vil se på hvordan vi med Azure AD etablerer Identitets- og Tilgangskontroll, Selvbetjening og tilgang til Applikasjoner. Videre vil vi se på hvordan nye Azure AD sammen med Intune fungerer i […]
Slides der Präsentation von Jörg Vosse, Citrix, am Citrix Day 2014 von Digicomp:
Citrix ShareFile ist für Unternehmen konzipiert und für Mobilanwender optimiert. Im Gegensatz zu unsicheren Consumer- und anderen einfachen Dateifreigabetools bietet ShareFile Funktionen für eine sichere Synchronisierung und Freigabe von Unternehmensdateien.
- Azure provides a unified platform for modern business with compute, data, storage, networking and application services across global Azure regions and a consistent hybrid cloud.
- Azure focuses on security and privacy with an emphasis on detection, response, and protection across infrastructure, platforms and applications.
- Security is a shared responsibility between Microsoft and customers, with Microsoft providing security controls and capabilities to help protect customer data and applications.
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It provides identity management capabilities for cloud, mobile, and on-premises applications. Azure AD uses the same Active Directory that many organizations already have on-premises but extends it to cloud services. It allows single sign-on for access to Office 365, Azure, and thousands of SaaS applications. Azure AD Premium provides additional advanced capabilities for security, access management, application management, and identity protection.
Unified client management session from Microsoft partner boot campOlav Tvedt
This document provides an overview and summary of unified management of clients through tools like Work Folders, DirectAccess, Intune, and Configuration Manager.
Work Folders allows syncing of files stored on file servers with PCs and devices both inside and outside the corporate network. DirectAccess enables seamless access to internal corporate resources for mobile PCs. Intune and Configuration Manager provide device management, app deployment, and policy controls for a variety of client platforms through the cloud and on-premises.
This document discusses Microsoft Azure and identity management solutions from CCS Technology Group. It provides an overview of Azure Active Directory, Azure Multi-Factor Authentication, extending Active Directory to Azure, and deploying Active Directory Federation Services in Azure or on-premises. CCS Technology Group is a Microsoft partner that offers infrastructure deployment, managed services, custom cloud solutions, and custom software development.
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
This webinar discusses Azure Active Directory Premium and how it provides a secure hybrid identity and access management platform. Azure AD Premium allows organizations to bring on-premises Active Directory identities to the cloud. It offers features like self-service password reset, application access approval workflows, and reporting on application usage. The webinar demonstrates how Azure AD Premium integrates on-premises and cloud applications and enables single sign-on. It also previews upcoming identity capabilities like Azure AD Connect for Azure VMs and expanded identity protection features.
This document discusses various Azure Active Directory and mobile device management options. It compares hash sync versus pass-through authentication in Azure AD, registering devices versus joining devices, and different multi-factor authentication options like Authenticator, YubiKey, and Hello. It also covers the differences between cloud authentication and on-premises federation, and registering devices versus joining devices in Azure AD. Lastly, it provides a decision matrix for deploying multi-factor authentication and discusses Intune registration methods.
The document provides an overview of Microsoft's Enterprise Mobility Suite (EMS) for securing access to corporate resources from mobile devices. EMS combines Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management to provide identity and access management, mobile device management, and information protection capabilities. The summary outlines the key components of EMS - using Azure AD Premium for identity management, Intune for mobile device and application management, and Azure Rights Management for data protection and rights management.
Taking conditional access to the next levelRonny de Jong
This document discusses conditional access for managing access to resources. It provides an overview of conditional access for devices and mobile apps accessing Office 365. It also covers conditional access for on-premises Exchange and SharePoint. Upcoming features are previewed. Functionality and deployment of conditional access are discussed for mobile devices, domain joined PCs, mobile apps without MDM, and advanced scenarios using ADFS. FAQs about conditional access are also addressed.
This document provides best practices for cloud security on Microsoft Azure. It discusses protecting identities with Azure Active Directory, multi-factor authentication, and privileged identity management. It also recommends securing infrastructure with virtual networks, network security groups, and security appliances. The document advises encrypting data at rest with storage service encryption and encrypting data in transit between data centers and users. It concludes by outlining tools for governance on Azure including policies, role-based access control, and the security center.
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
1) The document provides an overview of Microsoft 365 Enterprise and its key components such as Windows 10, Office 365, Enterprise Mobility + Security, and Azure Active Directory.
2) It discusses deployment strategies for Microsoft 365 including moving from on-premises to hybrid to cloud-based models and the steps involved in setting up identities, security, and applications.
3) Recommendations are provided for getting started with Microsoft 365 such as understanding Azure Active Directory, deploying Windows 10 autopilot, focusing on security best practices, and moving existing workloads to Microsoft 365 gradually rather than all at once.
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
The document discusses Microsoft's Enterprise Mobility Suite (EMS) and its components for managing user identity, protecting information, and securing mobile devices and applications. EMS includes Azure Active Directory, Microsoft Intune, Azure Rights Management, and Advanced Threat Analytics to provide single sign-on, mobile device management, information encryption, and behavioral threat detection across an organization's devices, apps, files and identity. The presentation provides an overview of each EMS component and how they work together for comprehensive enterprise mobility and security management.
Atea ems roadshow - windows 10 management i en cloud first worldPer Larsen
This document discusses how to manage Windows 10 devices in a cloud-only environment using Azure Active Directory (Azure AD) joining and Microsoft Intune mobile device management (MDM) enrollment. It covers auto-enrolling Windows 10 devices into Intune via Azure AD joining, the limitations and features of Azure AD joining and Intune MDM, and how to deploy software and configure policies remotely with tools like Open Mobile Alliance Uniform Resource Identifiers (OMA-URIs).
Enter The Matrix Securing Azure’s AssetsBizTalk360
This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.
This document discusses identity and access management solutions using Microsoft Azure Active Directory (Azure AD). It covers key capabilities of Azure AD like single sign-on, self-service password reset, directory synchronization, application management, multi-factor authentication, Windows 10 domain join, conditional access policies, and integrating with Azure Information Protection for data security. Demo sections show configuring Azure AD Connect, multi-factor authentication, Windows 10 domain join, and conditional access policies. The document promotes Azure AD Premium for comprehensive identity management, access monitoring, and data protection capabilities.
Microsoft 365 Business Premium provides advanced security across multiple layers including identity, devices, applications, email, and documents. It includes features such as multi-factor authentication, conditional access, device management with Intune, advanced threat protection for email security, data loss prevention, and Azure Information Protection for classification and encryption of documents. The suite is designed to securely enable productivity and collaboration in the cloud and on devices.
This document discusses security as a service and how it can provide identity-driven security through Azure Active Directory. It describes how Azure AD can secure devices, content, and the "front door" through risk-based conditional access policies leveraging machine learning. This allows blocking of risky logins while providing a great employee experience through single sign-on access to applications on any device with optional multi-factor authentication.
Similar to Cloud Security Fundamentals - St. Louis O365 Users Group (20)
What SharePoint Admins need to know about SQL-CinncinatiJ.D. Wade
Does you know there are numerous settings changes you should be making on your SQL Server for your SharePoint farm? Do you know there are settings in SharePoint that you should never change if you wish to maintain SQL performance? This session reviews how to properly setup and maintain SQL Server for a SharePoint farm. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
Connected at the hip for MS BI: SharePoint and SQLJ.D. Wade
This document summarizes a presentation about connecting SharePoint and SQL using Microsoft Business Intelligence (BI) tools. It discusses SQL Reporting Services and SQL Analysis Services integrated with SharePoint, including supported versions. It also covers topics like delegation and Kerberos authentication required to share data across servers and domains. The presentation provides an overview of configurations and components involved in setting up these Microsoft BI solutions integrated with SharePoint and SQL.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
What SQL DBA's need to know about SharePointJ.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
- Kerberos is an authentication protocol that allows clients to prove their identity to servers in a secure manner.
- The logon process involves a client requesting a Ticket Granting Ticket from the Key Distribution Center, which can then be used to request service tickets for specific servers.
- Accessing a web site involves the client sending its Ticket Granting Ticket to the Ticket Granting Service to request a service ticket for the web server, which is then used to authenticate to that server.
- Common issues that can break Kerberos authentication include time synchronization problems, missing or duplicate service principal names, and expired client tickets.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
- Kerberos is an authentication protocol that allows clients to prove their identity to servers in a secure manner. It uses tickets and encryptions to authenticate users and allows authorized access to resources.
- The logon process involves a client getting a ticket-granting ticket from the key distribution center after proving their identity, which can then be used to request service tickets to access specific resources.
- Common issues that can break Kerberos authentication include time synchronization problems, incorrect service principal name configurations, expired tickets, and non-default port configurations.
SharePoint Saturday St. Louis 2014: What SharePoint Admins need to know about...J.D. Wade
You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
SPS St. Louis: SharePoint 2013 upgrades: Notes from the FieldJ.D. Wade
The document summarizes a presentation on SharePoint 2013 upgrades. It includes an agenda that covers cleaning up the existing environment, conversion work, testing upgrades, resolving issues, and detective work. It also provides information on how to evaluate sessions using a mobile app and thanks sponsors of the SharePoint Saturday event.
SharePoint Saturday Kansas City - SharePoint 2013's Dirty Little SecretsJ.D. Wade
The document discusses several "dirty little secrets" about configuring and setting up SharePoint 2013. It notes that SharePoint 2013 has optional software that must be installed for certain features to work properly. It also discusses how to configure SharePoint 2013 to search Exchange and Lync messages and support Access 2013 databases, but that these require non-trivial configurations. The document outlines several other requirements for properly configuring services, workflows, and other elements of a SharePoint 2013 implementation.
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
SPS Kansas City: What SharePoint Admin need to know about SQLJ.D. Wade
You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
Horizons' Event: SharePoint 2013 upgrades-Notes from the FieldJ.D. Wade
This document summarizes best practices for upgrading a SharePoint 2013 environment, including cleaning up before upgrading, performing conversion work, testing the upgrade, resolving any issues, and not forgetting important steps like upgrading content databases. It was presented by JD Wade, a lead SharePoint consultant, at the SharePoint Saturday St. Louis event on January 11, 2014.
What SQL DBAs need to know about SharePoint-Kansas City, Sept 2013J.D. Wade
This document provides an overview and guidance for SQL DBAs on key topics related to managing databases for SharePoint. It covers SharePoint database types and schema, performance considerations like server setup, database management, and operations. It also discusses high availability and disaster recovery options like clustering, mirroring and AlwaysOn availability groups. Other sections address the SharePoint kitchen sink of applications, business intelligence integration, and remote blob storage.
What SQL DBAs need to know about SharePoint-Indianapolis 2013J.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, supported methods for providing high availability and disaster recovery, and the part SharePoint and SQL each play in the Microsoft Business Intelligence story.
What SQL DBA's need to know about SharePoint-St. Louis 2013J.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, supported methods for providing high availability and disaster recovery, and the part SharePoint and SQL each play in the Microsoft Business Intelligence story.
This document provides an overview and agenda for a Kerberos survival guide presentation. The presentation will cover Kerberos logon process, accessing a web site using Kerberos, miscellaneous Kerberos information, and complex Kerberos configurations. It includes dependencies, service principal names (SPNs), and troubleshooting tools for Kerberos. The presentation aims to provide essential information about Kerberos without overcomplicating details.
This document provides an overview and guide to Kerberos authentication. It begins with introductions and an agenda. The agenda covers Kerberos overview, the logon process, accessing a website, troubleshooting Kerberos, and delegation. It then discusses Kerberos details such as dependencies, service principal names, and references. It concludes with a Q&A section and appendix.
This document provides an overview and guide to Kerberos authentication including:
- The logon process involving the KDC and TGTs
- Accessing a web site using Kerberos and the request for a service ticket
- Common troubleshooting steps like checking SPNs and time sync
- Demos of delegation and forms-based authentication
- References for further Kerberos reading
Kerberos Survival Guide - St. Louis Day of .NetJ.D. Wade
This document provides an overview and introduction to Kerberos authentication. It discusses the logon process, accessing a web site, troubleshooting Kerberos, and delegation. The presenter JD Wade is a SharePoint consultant who will demonstrate how Kerberos works and common troubleshooting techniques. The agenda includes details on the Kerberos protocol, dependencies, service principal names, and references for further reading.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
8. Only Allow Secure (Modern) Authentication
by Disabling Legacy (Basic) Authentication
9. Problems with Legacy Authentication
• Password is sent repeatedly, for each request (larger attack
window)
• Password is cached by the web browser
• Password may be stored permanently in the browser
• Vulnerable to man-in-the-middle SSL exploit
• Access cannot be security trimmed
10. Problems with Legacy Authentication
• Worked well behind corporate firewall but present many security
issues for cloud access
• Legacy protocols can circumvent security conditional access
settings and should be disabled. For example:
• POP3 and IMAP circumvent Intune conditional access to Exchange
• Azure AD conditional access is not supported with Basic Authentication
• Exchange Active Sync relies on Basic Authentication
11. Modern Authentication
• Modern Authentication allows customers to enable many modern security
features, such as Azure Active Directory Conditional Access or multi-
factor authentication.
• Authentication using Azure AD
• Leverages token based authentication (OAuth)
• Tokens and not passwords sent
• Access can be security trimmed
• Validation can be done by 3rd Party
• Access token has limited Time-To-Live (1 hour)
• Access can be revoked
• Applications must be written to support Modern Authentication
• Microsoft automation tools almost finished transitioning to Modern Auth
(PowerShell)
• It is Microsoft’s way forward for secure cloud access
12. Service Preparation
• SharePoint & OneDrive for Business: On by default
• Exchange Online: Off by default
• Skype for Business: Off by default
13. Client Preparation
• Desktop Office 2013 (GPO enabled but out of support in 2018)
• Desktop Office 2016
• Example Mobile Apps
• Outlook Mobile
• SharePoint & OneDrive
• Word / PowerPoint / Excel
• Workday, Salesforce and etc.
• Unsupported
• Desktop Office 2010
• Native Email Clients (except for IOS 11+ Native Mail)
• Exchange Activesync
14. Multifactor Authentication
• By default, organizations cannot leverage MFA despite being
licensed.
• Without it, susceptible to phishing attacks and stolen credentials.
• Services must be configured and clients must be deployed in order
to support MFA enablement (Modern Authentication clients).
• Can be based on IP location (on or off corporate network).
• Globally enabling MFA will disable Exchange Activesync
17. AAD Registration
• AAD can block based on “status” of the device
• Is the device known (registered with Azure AD)
• Examples
• Block all untrusted devices (non-AAD registered)
• Only allow OneDrive syncing on devices joined to certain
domains
• Block OWA on personal devices
18. AAD Registration vs AAD Domain Join
IMPORTANT: AAD Registration is NOT AAD Domain Join
• Both
• Device identity and authentication
• Device-based conditional access for ADFS, AAD and Intune MDM
• Provide SSO to cloud applications
• Provide strong authentication with AAD (Microsoft Passport)
• AAD Domain Join:
• Cannot be local AD joined and AAD Domain Joined
• Automatic Intune MDM Enrollment
• BitLocker Recovery Key in AAD
• Targets temporary, remote and BYOD (or organizations without local AD)
• Self-Service Password Reset on Windows Logon
• AutoPilot
20. Automatic Device Registration
Platform Steps
Windows 10
Windows Server 2016
Non-ADFS: Automatically synced via AD Connect.
ADFS Scenarios: Use a Group Policy.
Registration will then occur in the next reboot or user sign-in to
Windows.
Windows 7
Windows 8.0
Windows 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Must be federated (ADFS).
Windows Installer package needs to be deployed to other older
computers (SCCM).
Task silently registers device.
26. • Create a Better End User Experience
• Enroll one time versus PIN every time
• Install apps automatically (Outlook, Authenticator, AIP, SharePoint)
• Advertise apps
• Zero touch configuration
• Company support info and branding
• Multiple Platform Support
• White/Black Listing Apps
• Security Hardening and Stolen Device Support
• Better Lifecycle Check-ins than MAM
• Deep Cloud Security Conditional Access (AIP/MCAS/DLP/Azure AD)
• Deep O365 Conditional Access (SharePoint/OneDrive/Exchange)
• Innovation from Apple and Google
27. Requirement Corporate PC Personal PC with Intune MDM
Authentication Kerberos
Certificate(s)
• AAD Modern Auth
• AAD Device Cert / NDES Certificate(s)
Domain Join Local Domain Join
(AAD Device Registered)
AAD Domain Join
(AAD Device Registered)
Device Health Group Policies / SCCM / SCOM • AAD Reports
• Device Attestation
(Firewall, Antivirus, Encryption)
Device Security Group Policies / SCCM
• Firewall
• Antivirus
• PIN/Password Complexity
• Device / Credential / Application Guard
• Windows Defender
• BitLocker (CSPs)
• PIN/Password Complexity
• Windows Hello
• Application Guard
• Windows Information Protection
Updates WSUS/SCCM Windows Update for Business
Applications Group Policies / SCCM • Windows Store
• MSI Deployments
Onboarding Imaging / Wipe & Load
Provisioning Packages
Company Portal / OOBE / AutoPilot
Provisioning Packages
28. Intune Mobile Device Management
Enroll
• Provide a self-service Company
Portal for users to enroll devices
• Deliver custom terms and
conditions at enrollment
• Bulk enroll devices using Apple
Configurator or service account
• Restrict access to Exchange
email if a device is not enrolled
Retire
• Revoke access to corporate
resources
• Perform selective wipe
• Audit lost and stolen devices
Provision
• Deploy certificates, email, VPN,
and WiFi profiles
• Deploy device security policy
settings
• Install mandatory apps
• Deploy app restriction policies
• Deploy data protection policies
Manage and Protect
• Restrict access to corporate
resources if policies are violated
(e.g., jailbroken device)
• Protect corporate data by
restricting actions such as copy, cut,
paste, and save as between Intune-
managed apps and personal apps
• Report on device and app
compliance
User IT
30. • User Convenience (SSO, roaming, less MFA)
• Conditional Access Integration
• Device Authentication (Another MFA)
• Always On Protection (on or off corporate network)
• Breach Prevention, Detection and Response
• Password-less Authentication (Biometrics)
• Device Health Attestation
• Wake of Innovation
31. Enforce corporate data
access requirements
Prevent data leakage
on the device
Enforce encryption
of app data at rest
App-level
selective wipe
32. Azure AD Join makes it possible to connect
work-owned Windows 10 devices to your
company’s Azure Active Directory.
With Azure AD Join, you can auto enroll
devices in Microsoft Intune for management.
Azure AD Join for Windows 10
Windows 10 Azure AD
Joined Devices
Intune/MDM
auto enrollment
Intune auto enrollment
Enterprise-compliant strong auth /
services / CA
Support for hybrid environments
Single sign-on from the desktop to cloud
and on-premises applications with no VPN
Windows 10 Cloud Integration
33.
34. Windows 10 + Intune MDM
• Selective Wipe and Remote Management
• Auto-Registration and Auto-Enrollment
• AAD Conditional Access
• Policies
• Windows Defender
• Windows Hello for Business
• Windows Update for Business
• Windows Information Protection
• Deploy applications and MSIs
• Upgrade Windows 10
• BitLocker Management
• Device Health Attestation
36. Reasons to Classify and Protect
• Identify and label sensitive data
• Track data type locations &
repositories
• Protect data in-transit and at rest
• Auditing and eDiscovery
38. Data Loss Prevention
• Cloud detection of users sharing Exchange, SharePoint and OneDrive content
• Generate reports to track users who shared info
• Leverage the 80+ sensitivity types and other types (18 apply to GDPR)
• Policy tips who share sensitive information
• Email alerts when data is shared
• Detect AIP metadata classification using custom sensitivity types
41. ADFS
Authentication occurs on-premises
Single Check-Point for security
Conditional access based on:
• User identity or group membership
• Network location
• Device (domain joined)
• Authentication state (MFA)
42. Azure AD Conditional Access
Requires Azure AD Premium (EMS).
Legacy authentication not supported (Basic Auth, EAS, POP3, IMAP).
48. Enterprise Mobility +Security
Microsoft
Intune
Azure Information
Protection
Protect your users,
devices, and apps
Detect threats early
with visibility and
threat analytics
Protect your data,
everywhere
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Azure Active Directory
Premium
49. Broad Scope
Limited Scope
What to implement first? Questions?
File Classification & Protection
Azure Information Protection, Data Loss Prevention,
CASB
Trusted Identity
(Active Directory + Azure Active Directory), Single Sign-On, Azure MFA, Modern Auth
Trusted Devices
Corporate PC’s, Azure AD Registration, Intune MDM Enrolled
Trusted Cloud Applications
Azure AD for Cloud Apps + Conditional Access policies (e.g. – Box)
Trusted Cloud Applications
Azure AD for Cloud Apps + Conditional Access policies
Trusted Native Applications
Intune MAM + Office Mobile Apps
Azure AD is the Control Plane
Editor's Notes
Security is a blurred line between Office 365 features, Azure AD features, many other security products, Enterprise Mobility Suite, and Microsoft 365.
My goal is to equip you to be able to choose priorities and to help you make purchasing decisions
Less MFA – if on a trusted device, no MFA
Less Passwords – Trusted Applications SSO, Trusted Devices Desktop SSO
Less VPN – Trusted Application proxies
Always On – Intune MDM
DLP Training -
Password is cached by the web browser, at a minimum for the length of the window / process. (Can be silently reused by any other request to the server, e.g. CSRF).
Password may be stored permanently in the browser, if the user requests. (Same as previous point, in addition might be stolen by another user on a shared machine).
Access cannot be security trimmed. With Basic Auth, your account is either enabled or disabled. With Oauth, a token containing access claims can be sent and processed by application.
Goal is the AAD Registered + Local AD Joined: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access#device-based-conditional-access
ADFS
- Is Registered User
- Azure AD Premium for Device Writeback
- Is Local Domain Joined
- Security Group
AAD
- AAD Conditional Access: Registered and locally domain joined
Intune MDM
- Registered with O365 services
Microsoft Passport is a key based authentication system built into Windows 10. To use Microsoft Passport users create a gesture that they use to login to their Windows 10 device. The user gesture unlocks the device and it’s TPM. The TPM protects a private key that is used to sign authentication requests to Azure AD, eliminating the need to authenticate using a password.
Conditional Access – only allow domain joined and/or compliant PCs.
Domain Join
@RuleName = "Issue account type for domain-joined computers"
c:[
Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
Value =~ "-515$",
Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"
]
=> issue(
Type = "http://schemas.microsoft.com/ws/2012/01/accounttype",
Value = "DJ"
);
The user accesses the application through the Application Proxy service and is directed to the Azure AD sign-in page to authenticate.
After a successful sign-in, a token is generated and sent to the client device.
The client sends the token to the Application Proxy service, which retrieves the user principal name (UPN) and security principal name (SPN) from the token, then directs the request to the Application Proxy connector.
If you have configured single sign-on, the connector performs any additional authentication required on behalf of the user.
The connector sends the request to the on-premises application.
The response is sent through Application Proxy service and connector to the user.