SlideShare a Scribd company logo
1 of 40
Go mobile.
Stay in control.
Chris Genazzio
Director of Business Development
Enterprise Mobility + Security
Mobile-first, cloud-first reality
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
63% 0.6%
IT Budget growth
Gartner predicts global IT spend
will grow only 0.6% in 2016.
Shadow IT
More than 80 percent of employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
Is it possible to keep up?
Employees
Business partners
Customers
Is it possible to stay secure?
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
Is it possible to keep up?
Employees Business partners Customers
The Microsoft vision
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integrated
Apps
Devices
Data
Users
User freedomSecure against new threats Do more with less
Customers need
Identity – driven security Productivity without
compromise
Comprehensive
solutions
Microsoft solution
ENTERPRISE MOBILITY + SECURITY
Identity-driven
security
Comprehensive
solution
Managed mobile
productivity
Identity-driven
security
Comprehensive
solution
Managed mobile
productivity
ENTERPRISE MOBILITY + SECURITY
Identity-driven Security
Data
Breaches 63%
Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaS
Azure
Public
cloud
CloudMicrosoft Azure Active Directory
1000s of apps,
1 identity
Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps with
multifactor authentication.
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability and self
service capabilities to save money
Identity at the core of your business
IDENTITY – DRIVEN SECURITY
Shadow
IT
Data breach
IDENTITY – DRIVEN SECURITY
Employees
Partners
Customers
Cloud apps
Identity Devices Apps & Data
Transition to
cloud & mobility
New attack
landscape
Current defenses
not sufficient
Identity breach On-premises apps
SaaS
Azure
IntelligentInnovativeHolistic Identity-driven
Addresses security
challenges across users
(identities), devices, data,
apps, and
platforms―on-premises
and in the cloud
Offers one protected
common identity for
secure access to all
corporate resources, on-
premises and in the
cloud, with risk-based
conditional access
Protects your data from
new and changing
cybersecurity attacks
Enhances threat and
anomaly detection with
the Microsoft Intelligent
Security Graph driven by
a vast amount of
datasets and machine
learning in the cloud.
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
1. Protect at the front door
Safeguard your resources at the front door with innovative
and advanced risk-based conditional accesses
2. Protect your data against user mistakes
Gain deep visibility into user, device, and data activity on-
premises and in the cloud.
3. Detect attacks before they cause damage
Uncover suspicious activity and pinpoint threats with deep
visibility and ongoing behavioral analytics.
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data
on-premises and in
the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data
leakage from my
mobile apps?
LOB app protection
DLP for Office 365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility
and control of my
cloud apps?
IDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security
Behavioral analytics
Detection in the cloud
Anomaly detection
Azure Active Directory Premium
Security reporting and monitoring (access & usage)
Enterprise Mobility +Security
IDENTITY - DRIVEN SECURITY
Microsoft
Intune
Azure Information
Protection
Protect your users,
devices, and apps
Detect threats early
with visibility and
threat analytics
Protect your data,
everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium
Identity-driven security
Protect against
advanced threats
Identity-driven
security
Comprehensive
solution
Managed mobile
productivity
ENTERPRISE MOBILITY + SECURITY
Managed mobile productivity
Unsecured
apps 80%
Manage and secure devices
Office mobile apps
Data-level protection
User self-service
MANAGED MOBILE PRODUCTIVITY
MANAGED MOBILE PRODUCTIVITY
• Conditional access
• Device settings &
Compliance enforcement
• Multi-identity support
Access
management
• Mobile app management (w
& w/o a device enrollment)
• File level classification,
labeling, and encryption
Built-in
security
• Office mobile apps
• Familiar and trusted
Gold
standard
MANAGED MOBILE PRODUCTIVITY
Managed
apps
Personal
apps
Personal apps
Managed apps
Corporate
data
Personal
data
Multi-identity policy
Personal apps
Managed
apps
Copy Paste Save
Save to
personal storage
Paste to
personal
app
Email
attachment
Empower
users to
make right
decisions
Enable safe
sharing
internally and
externally
Maintain
visibility and
control
MANAGED MOBILE PRODUCTIVITY
Protect your
data at all
times
MANAGED MOBILE PRODUCTIVITY
STRICTLY CONFIDENTIAL
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies,
templates, and rules
FINANCE
CONFIDENTIAL
Add persistent labels defining sensitivity to filesClassify data according to policies – automatically or by user
Manage your account, apps and
groups
Company branded, personalized
application Access Panel:
http://myapps.microsoft.com
+ iOS and Android Mobile Apps
MANAGED MOBILE PRODUCTIVITY
Self-service password reset
Application access requests
Integrated Office 365 app launching
Managed mobile productivity
Secure access to
company data
with maximum
productivity
Identity-driven
security
Comprehensive
solution
Managed mobile
productivity
ENTERPRISE MOBILITY + SECURITY
Comprehensive solution
Global IT Budget
growth 2016 0.6%
COMPREHENSIVE SOLUTION
Integrates with what you have
Simple to set up
Easy to maintain
Saves you money
COMPREHENSIVE SOLUTION
Employees Business partners Customers
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integrated
Apps DevicesDataUsers
Always
up to date
• Real-time updates
• Keep up with new
apps and devices
Works with
what you have
• Support multiple platforms
• Use existing investments
Simple to set
up and connect
• Easy, secure connections
• Simplified management
COMPREHENSIVE SOLUTION
Simple set up with FastTrack
FastTrack will:
Retain control of sensitive documents locally and
over email
Automatically protect mail containing privileged
information
Ensure files stored in SharePoint are rights
protected
Envision
Azure Rights Management
FastTrack will:
Setup and deploy mobile app management
policies to help prevent Office 365 data leakage
Setup and deploy device security policies like pin
or device encryption
Integrate on-premises System Center
Configuration Manager with Intune
Enable conditional access and compliance
policies to control access to data
FastTrack will:
Get organizational identities to the cloud
Set up single sign-on for test apps (including
Azure Active Directory Application Proxy apps)
Configure self-service options like password
reset and Azure Multi-Factor Authentication in
the MyApps site
Azure Active Directory
Premium
Microsoft Intune
Onboard Drive Value
FastTrack is included with EMS to accelerate your deployments
COMPREHENSIVE SOLUTION
Comprehensive solution
Stay secure and
maximize your budget
COMPREHENSIVE SOLUTION
ENTERPRISE MOBILITY + SECURITY
Holistic, intelligent,
innovative security to keep
up with new threats.
Identity-driven
security
Secure your enterprise fast –
while keeping what you have
and saving money.
Comprehensive
solution
Encourage secure work habits
by providing the best apps
with built-in security.
Managed mobile
productivity
Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
Azure Information
Protection Premium P2
Intelligent classification and
encryption for files shared
inside and outside your
organization
(includes all capabilities in P1)
Azure Information
Protection Premium P1
Encryption for all files and
storage locations
Cloud-based file tracking
Microsoft Cloud
App Security
Enterprise-grade visibility,
control, and protection for
your cloud applications
Microsoft Advanced
Threat Analytics
Protection from advanced
targeted attacks leveraging
user and entity behavioral
analytics
Microsoft Intune
Mobile device and app
management to protect
corporate apps and data on
any device
Azure Active Directory
Premium P2
Identity and access
management with advanced
protection for users and
privileged identities
(includes all capabilities in P1)
Azure Active Directory
Premium P1
Secure single sign-on to
cloud and on-premises apps
MFA, conditional access, and
advanced security reporting
EMS
E3
EMS
E5
IntelligenceCollaborationTrust Mobility
Empower your employees by creating
a secure productive enterprise
Office 365
Enterprise Mobility + Security
Windows 10 Enterprise
Delivered through enterprise cloud services
Enterprise
Mobility
+ Security
Basic identity mgmt.
via Azure AD for O365:
• Single sign-on for O365
• Basic multi-factor
authentication (MFA) for O365
Basic mobile device
management
via MDM for O365
• Device settings management
• Selective wipe
• Built into O365 management
console
RMS protection
via RMS for O365
• Protection for content stored in
Office (on-premises or O365)
• Access to RMS SDK
• Bring your own key
Azure AD for O365+
• Advanced security reports
• Single sign-on for all apps
• Advanced MFA
• Self-service group management
& password reset & write back
to on-premises,
• Dynamic Groups, Group based
licensing assignment
MDM for O365+
• PC management
• Mobile app management
(prevent cut/copy/paste/save as
from corporate apps to
personal apps)
• Secure content viewers
• Certificate provisioning
• System Center integration
RMS for O365+
• Automated intelligent
classification and labeling of
data
• Tracking and notifications for
shared documents
• Protection for on-premises
Windows Server file shares
Advanced Security
Management
• Insights into suspicious activity in
Office 365
Cloud App Security
• Visibility and control for all cloud
apps
Advanced Threat Analytics
• Identify advanced threats in on
premises identities
Azure AD Premium P2
• Risk based conditional access
Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
Windows
10
Enterprise
Mobility
+Security
• Single sign-on for business
cloud apps
• Device setup and registration
for Windows devices
• Windows Store for Business
• Traditional domain join
manageability
• Manageability via MDM and
MAM
• Encryption for data at rest and
generated on device
• Encryption for data included in
roaming settings
• Conditional access policies for
secure single sign-on
• MDM auto-enrollment
• Self-Service Bitlocker recovery
• Password reset with write back
to on-premises
• Cloud-based advanced security
reports and monitoring
• Enterprise State-Roaming
• Mobile device management
• Mobile app management
• Secure content viewer
• Certificate, Wi-Fi, VPN, email
profile provisioning
• Agent-based management of
Windows devices (domain-
joined via ConfigMgr and
internet-based via Intune)
• Automated intelligent
classification and labeling of
data
• Tracking and notifications for
shared documents
• Protection for content stored in
Office and Office 365 &
Windows Server on premises
Windows Defender Advanced
Threat Protection
• Identify advanced threats focused
on Windows 10 behavioral sensors
Cloud App Security
• Visibility and control for all cloud
apps
Advanced Threat Analytics
• Behavioral analytics for advanced
threat detection
Azure AD Premium
• Risk based conditional access
Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
Enterprise Mobility+Security Overview

More Related Content

What's hot

Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
Lai Yoong Seng
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 

What's hot (20)

Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018Microsoft Intune - Global Azure Bootcamp 2018
Microsoft Intune - Global Azure Bootcamp 2018
 
Microsoft 365
Microsoft 365Microsoft 365
Microsoft 365
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
 
2 Modern Security - Microsoft Information Protection
2   Modern Security - Microsoft Information Protection2   Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
EPC Group Intune Practice and Capabilities Overview
EPC Group Intune Practice and Capabilities OverviewEPC Group Intune Practice and Capabilities Overview
EPC Group Intune Practice and Capabilities Overview
 
Azure Active Directory - An Introduction
Azure Active Directory  - An IntroductionAzure Active Directory  - An Introduction
Azure Active Directory - An Introduction
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
5 modern desktop - windows autopilot
5   modern desktop - windows autopilot5   modern desktop - windows autopilot
5 modern desktop - windows autopilot
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 Business
 

Viewers also liked

EMS Diagram Click Through Web
EMS Diagram Click Through WebEMS Diagram Click Through Web
EMS Diagram Click Through Web
Eric Inch
 

Viewers also liked (20)

Enterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizonEnterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizon
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
EMS Diagram Click Through Web
EMS Diagram Click Through WebEMS Diagram Click Through Web
EMS Diagram Click Through Web
 
Data-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD SecurityData-Centric Protection: The Future of BYOD Security
Data-Centric Protection: The Future of BYOD Security
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le point
 
Community day the power of certification
Community day  the power of certificationCommunity day  the power of certification
Community day the power of certification
 
Mct summit 2013 Windows RT in the enterprise
Mct summit 2013  Windows RT in the enterpriseMct summit 2013  Windows RT in the enterprise
Mct summit 2013 Windows RT in the enterprise
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMS
 
Mct summit 2013 rt in the enterprise
Mct summit 2013   rt in the enterpriseMct summit 2013   rt in the enterprise
Mct summit 2013 rt in the enterprise
 
Mct summit na exchange 2010 sp2 - what to expect
Mct summit na   exchange 2010 sp2 - what to expectMct summit na   exchange 2010 sp2 - what to expect
Mct summit na exchange 2010 sp2 - what to expect
 
Online werkplek Drenthe College
Online werkplek Drenthe CollegeOnline werkplek Drenthe College
Online werkplek Drenthe College
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
NICConf 2015 - azure disaster recovery in 60min
NICConf 2015 -  azure disaster recovery in 60minNICConf 2015 -  azure disaster recovery in 60min
NICConf 2015 - azure disaster recovery in 60min
 
Enterprise Mobility Suite
Enterprise Mobility SuiteEnterprise Mobility Suite
Enterprise Mobility Suite
 
Taking an agile approach to the digital workplace
Taking an agile approach to the digital workplaceTaking an agile approach to the digital workplace
Taking an agile approach to the digital workplace
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....
 
Secure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and AtidanSecure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and Atidan
 
Cross Device Tracking - An FTC Staff Report
Cross Device Tracking - An FTC Staff ReportCross Device Tracking - An FTC Staff Report
Cross Device Tracking - An FTC Staff Report
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 

Similar to Enterprise Mobility+Security Overview

Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
David J Rosenthal
 

Similar to Enterprise Mobility+Security Overview (20)

Gestión de identidad
Gestión de identidadGestión de identidad
Gestión de identidad
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Getting secure in a mobile-first world with EMS
Getting secure in a mobile-first world with EMSGetting secure in a mobile-first world with EMS
Getting secure in a mobile-first world with EMS
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Primendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suitePrimendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suite
 
Sikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verdenSikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verden
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
 

Enterprise Mobility+Security Overview

  • 1. Go mobile. Stay in control. Chris Genazzio Director of Business Development Enterprise Mobility + Security
  • 2. Mobile-first, cloud-first reality Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. 63% 0.6% IT Budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs. 80%
  • 3. Is it possible to keep up? Employees Business partners Customers Is it possible to stay secure? Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
  • 4. Is it possible to keep up? Employees Business partners Customers The Microsoft vision Secure and protect against new threats Maximum productivity experience Comprehensive and integrated Apps Devices Data Users
  • 5. User freedomSecure against new threats Do more with less Customers need Identity – driven security Productivity without compromise Comprehensive solutions Microsoft solution ENTERPRISE MOBILITY + SECURITY Identity-driven security Comprehensive solution Managed mobile productivity
  • 8. Identity is the foundation for enterprise mobility IDENTITY – DRIVEN SECURITY Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaS Azure Public cloud CloudMicrosoft Azure Active Directory
  • 9. 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps with multifactor authentication. Manage access at scale Manage identities and access at scale in the cloud and on-premises Enable business without borders Stay productive with universal access to every app and collaboration capability and self service capabilities to save money Identity at the core of your business IDENTITY – DRIVEN SECURITY
  • 10. Shadow IT Data breach IDENTITY – DRIVEN SECURITY Employees Partners Customers Cloud apps Identity Devices Apps & Data Transition to cloud & mobility New attack landscape Current defenses not sufficient Identity breach On-premises apps SaaS Azure
  • 11. IntelligentInnovativeHolistic Identity-driven Addresses security challenges across users (identities), devices, data, apps, and platforms―on-premises and in the cloud Offers one protected common identity for secure access to all corporate resources, on- premises and in the cloud, with risk-based conditional access Protects your data from new and changing cybersecurity attacks Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a vast amount of datasets and machine learning in the cloud. IDENTITY – DRIVEN SECURITY
  • 12. IDENTITY – DRIVEN SECURITY 1. Protect at the front door Safeguard your resources at the front door with innovative and advanced risk-based conditional accesses 2. Protect your data against user mistakes Gain deep visibility into user, device, and data activity on- premises and in the cloud. 3. Detect attacks before they cause damage Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
  • 13. Conditions Allow access Or Block access Actions Enforce MFA per user/per app Location Device state User/Application MFA Risk User IDENTITY – DRIVEN SECURITY
  • 14. IDENTITY – DRIVEN SECURITY Azure Information Protection Classify & Label Protect How do I control data on-premises and in the cloud Monitor and Respond Microsoft Intune How do I prevent data leakage from my mobile apps? LOB app protection DLP for Office 365 mobile apps Optional device management Cloud App Security Risk scoring Shadow IT Discovery Policies for data control How do I gain visibility and control of my cloud apps?
  • 15. IDENTITY – DRIVEN SECURITY Microsoft Advanced Threat Analytics (ATA) Behavioral Analytics Detection of known malicious attacks Detection of known security issues On-premises detection Cloud App Security Behavioral analytics Detection in the cloud Anomaly detection Azure Active Directory Premium Security reporting and monitoring (access & usage)
  • 16. Enterprise Mobility +Security IDENTITY - DRIVEN SECURITY Microsoft Intune Azure Information Protection Protect your users, devices, and apps Detect threats early with visibility and threat analytics Protect your data, everywhere Extend enterprise-grade security to your cloud and SaaS apps Manage identity with hybrid integration to protect application access from identity attacks Microsoft Advanced Threat Analytics Microsoft Cloud App Security Azure Active Directory Premium
  • 20. Manage and secure devices Office mobile apps Data-level protection User self-service MANAGED MOBILE PRODUCTIVITY
  • 21. MANAGED MOBILE PRODUCTIVITY • Conditional access • Device settings & Compliance enforcement • Multi-identity support Access management • Mobile app management (w & w/o a device enrollment) • File level classification, labeling, and encryption Built-in security • Office mobile apps • Familiar and trusted Gold standard
  • 22. MANAGED MOBILE PRODUCTIVITY Managed apps Personal apps Personal apps Managed apps Corporate data Personal data Multi-identity policy Personal apps Managed apps Copy Paste Save Save to personal storage Paste to personal app Email attachment
  • 23. Empower users to make right decisions Enable safe sharing internally and externally Maintain visibility and control MANAGED MOBILE PRODUCTIVITY Protect your data at all times
  • 24. MANAGED MOBILE PRODUCTIVITY STRICTLY CONFIDENTIAL CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin sets policies, templates, and rules FINANCE CONFIDENTIAL Add persistent labels defining sensitivity to filesClassify data according to policies – automatically or by user
  • 25. Manage your account, apps and groups Company branded, personalized application Access Panel: http://myapps.microsoft.com + iOS and Android Mobile Apps MANAGED MOBILE PRODUCTIVITY Self-service password reset Application access requests Integrated Office 365 app launching
  • 26. Managed mobile productivity Secure access to company data with maximum productivity
  • 28. Comprehensive solution Global IT Budget growth 2016 0.6%
  • 29. COMPREHENSIVE SOLUTION Integrates with what you have Simple to set up Easy to maintain Saves you money
  • 30. COMPREHENSIVE SOLUTION Employees Business partners Customers Secure and protect against new threats Maximum productivity experience Comprehensive and integrated Apps DevicesDataUsers
  • 31. Always up to date • Real-time updates • Keep up with new apps and devices Works with what you have • Support multiple platforms • Use existing investments Simple to set up and connect • Easy, secure connections • Simplified management COMPREHENSIVE SOLUTION
  • 32. Simple set up with FastTrack FastTrack will: Retain control of sensitive documents locally and over email Automatically protect mail containing privileged information Ensure files stored in SharePoint are rights protected Envision Azure Rights Management FastTrack will: Setup and deploy mobile app management policies to help prevent Office 365 data leakage Setup and deploy device security policies like pin or device encryption Integrate on-premises System Center Configuration Manager with Intune Enable conditional access and compliance policies to control access to data FastTrack will: Get organizational identities to the cloud Set up single sign-on for test apps (including Azure Active Directory Application Proxy apps) Configure self-service options like password reset and Azure Multi-Factor Authentication in the MyApps site Azure Active Directory Premium Microsoft Intune Onboard Drive Value FastTrack is included with EMS to accelerate your deployments COMPREHENSIVE SOLUTION
  • 33. Comprehensive solution Stay secure and maximize your budget COMPREHENSIVE SOLUTION
  • 34. ENTERPRISE MOBILITY + SECURITY Holistic, intelligent, innovative security to keep up with new threats. Identity-driven security Secure your enterprise fast – while keeping what you have and saving money. Comprehensive solution Encourage secure work habits by providing the best apps with built-in security. Managed mobile productivity
  • 35. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5
  • 36. IntelligenceCollaborationTrust Mobility Empower your employees by creating a secure productive enterprise
  • 37. Office 365 Enterprise Mobility + Security Windows 10 Enterprise Delivered through enterprise cloud services
  • 38. Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Azure AD for O365+ • Advanced security reports • Single sign-on for all apps • Advanced MFA • Self-service group management & password reset & write back to on-premises, • Dynamic Groups, Group based licensing assignment MDM for O365+ • PC management • Mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps) • Secure content viewers • Certificate provisioning • System Center integration RMS for O365+ • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Advanced Security Management • Insights into suspicious activity in Office 365 Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Azure AD Premium P2 • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
  • 39. Windows 10 Enterprise Mobility +Security • Single sign-on for business cloud apps • Device setup and registration for Windows devices • Windows Store for Business • Traditional domain join manageability • Manageability via MDM and MAM • Encryption for data at rest and generated on device • Encryption for data included in roaming settings • Conditional access policies for secure single sign-on • MDM auto-enrollment • Self-Service Bitlocker recovery • Password reset with write back to on-premises • Cloud-based advanced security reports and monitoring • Enterprise State-Roaming • Mobile device management • Mobile app management • Secure content viewer • Certificate, Wi-Fi, VPN, email profile provisioning • Agent-based management of Windows devices (domain- joined via ConfigMgr and internet-based via Intune) • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for content stored in Office and Office 365 & Windows Server on premises Windows Defender Advanced Threat Protection • Identify advanced threats focused on Windows 10 behavioral sensors Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Behavioral analytics for advanced threat detection Azure AD Premium • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management

Editor's Notes

  1. 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 Data Breach Report) 70% of the 10 most commonly used devices have serious vulnerabilities (HP 2014) More than 80% of employees admit using non-approved SaaS apps for work purposes (Stratecast, December 2013) 33% of user breaches come from user error (VansonBourne February 2014) 88% organizations who are no longer confident in their ability to detect and prevent threats to their sensitive files and emails 0.6% http://www.gartner.com/newsroom/id/3186517
  2. IT cannot afford to live in the past. Successful businesses of today (and tomorrow) realize the power of mobility to support employee productivity and collaboration. You need to prepare to mitigate the risks of providing freedom and space to your employees. You need to meet compliance and regulatory standards, maintain company security policies and requirements, and detect threats — all the while giving workers a better and more productive experience, so that they’re motivated to follow protocol. You need an enterprise mobility partner that can help you achieve all of this, so that everyone is a winner, and your business stays out of the headlines. Microsoft’s vision includes management and protection across four key layers: users, device, app, and data – for both your employees, business partners, and customers. Our strategy is to ensure management across these layers while ensuring your employees, business partners, and customers by providing access to everything they need from everything; protecting corporate data across email and collaboration apps all while integrating these new capabilities with what customers already have like Active Directory and System Center.
  3. Mobility tools are often point solutions that address specific security needs, but even multiple point solutions are still disconnected from one another, leaving cracks. Microsoft believes you should have an integrated mobility solution that provides security across multiple layers. You should have a comprehensive set of tolls that use identity as a control plane, provide the visibility and insights required to quickly pinpoint and resolve issues or threats, and simplify mobile device and application management. Identity-driven security. Microsoft simplifies identity management by creating a single set of credentials for each worker, making it easier for IT to apply identity-based security measures, including conditional access policies and multi-factor authentication. Identity based security reporting, auditing, and alerting offer greater visibility so you can spot potential issues. 200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Managed mobile productivity. Encourage your workers to use secure applications for work — even on personal devices — by providing the Office tools they know and love. Management capabilities built into Office make it easier for IT to protect company information. Conditional access policies restrict actions such as copy, paste, edit, and save —ensuring that workers only access corporate files through approved, managed apps and not personal workarounds where information can be corrupted or leaked. Nobody manages Office better than Microsoft. Sharing is a mainstay of collaboration for the mobile workforce, but poses a serious challenge to security. Microsoft gives you another integrated approach to information protection with a layer of security at the file level. Encryption, rights management, and authorization policies can be applied to any file type and remain with the data, wherever it goes and even in motion. Only authorized users can access protected files, and only on the sender’s terms. Comprehensive Solution: Meet new business challenges with the flexibility of a cloud-first mobility solution. Microsoft cloud services are designed to work seamlessly with your on-premises infrastructure and existing investments. Stay ahead of your BYOD workers with rapid release cycles to support the latest devices and apps. Scale quickly to onboard new hires, devices, apps, and more. It’s fast, it’s cost-effective, and it’s always up-to-date. Manage across multiple OS types (iOS, Android, Windows) and thousands of cloud apps.
  4. Identity-driven security. Identity is the new control plane for security and management in the mobile-first, cloud-first world. Microsoft simplifies identity management by creating a single set of credentials for each worker, making it easier for IT to apply identity-based security measures, including conditional access policies and multi-factor authentication. Identity based security reporting, auditing, and alerting offer greater visibility so you can spot potential issues.
  5. 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 Data Breach Report) 200+ days. That’s the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.
  6. Microsoft has a solution for this [Click] Traditional identity and access management solutions providing sing-sign on to on-premises applications and directory services such as Active Directory and others are used from the vast majority of organizations and huge investments were made to deploy and maintain them. These solutions are perfect for the on-premises world. [Click] Now, as we have discussed, there are new pressing requirements to provide the same experience to cloud applications hosted in any public cloud. [Click] Azure Active Directory can be the solution to this new challenge by extending the reach of on-premises identities to the cloud in a secure and efficient way. [Click] In order to do that, one simple connection is needed from on-premises directories to Azure AD. [Click] and everything else will be handled by Azure AD. Secure single sign-on to thousands of SaaS applications hosted in any cloud by using the same credentials that exist on-premises [Click] And we don’t forget the users. Azure AD provides Self-service capabilities and easy access to all the application, consumer or business, they need. in the cloud but on-premises too (Application Proxy)
  7. Safeguard your resources at the front door. Our solution calculates risk severity for every user and sign-in attempt, so risk-based conditional access rules can be applied to protect against suspicious logins. Protect your data against users mistakes: Gain deeper visibility into user, device, and data activity on-premises and in the cloud to create more effective, granular-level policies. Classify and label files at creation, track their usage, and change permissions when necessary. Detect attacks before they cause damage: Identify attackers in your organization using innovative behavioral analytics and anomaly detection technologies – all driven by vast amounts of Microsoft threat intelligence and security research data.
  8. Microsoft’s enterprise & security solutions provide a holistic framework to protect your corporate assets across, on prem, cloud and mobile devices Advanced Threat Analytics helps IT detect threats early and provide forensic investigation to keep cybercriminals out Azure Active Directory Premium security reports help identify risky log ins. That paired with Azure Active Directory Identity Protection gives IT the ability to automatically block access to apps based on real time risk scoring of identities and log ins. Microsoft Cloud App Security provides deep visibility and control of data inside cloud applications Microsoft Intune manages and secures corporate data on mobile devices and collaborated within corporate apps. Azure Information Protection helps keep data secure and encrypted throughout a customers environment and extends security when data is shared outside the organization.
  9. Enterprise Mobility Suite (EMS) helps to provide employees with secure and seamless access to corporate email and documents as well as familiar email and productivity experiences with Office mobile apps such, as Outlook, Word, Excel, and PowerPoint. EMS helps protect corporate data on the device itself and beyond with four layers of protection—all without affecting the personal data on the device. IT can even manage these apps without requiring the device to be enrolled for management.
  10. Unsecured apps pose a serious risk for IT. EMS can ensure that you provide your end users great apps that are secure and manageable. More than 80% of employees admit to using non-approved software as a service (SaaS) applications in their jobs. http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
  11. Protect your Office Mobile apps without compromising your Office experience: EMS is the only solution built with and for Microsoft Office. This means that email and other Office files can be secured without compromising the Office experience – the gold standard of productivity. Enable easy access to resources: Sign in once for secure access to all corporate resources, on-premises and in the cloud, from any device. This includes pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps. Enable users to protect and control data: Employees can encrypt virtually any type of file, set granular permissions, and track usage. With Office files, encryption can be applied with just one click. The encryption stays with the file where it goes, enabling more secure file sharing, internally and externally. Empower users with self-service capabilities: Users can update passwords and join and manage groups via a single portal to help save your IT helpdesk time and money. This applies across all iOS, Android, and Windows devices in your mobile ecosystem.
  12. If we take a closer look at our user’s newly enrolled device which is now compliant and ready to go, we can see that she is still able to maintain a personal experience on her device. She has organized her applications the way she wants, with all of her apps available on one screen. She has her managed corporate apps—the Office mobile apps she knows and loves and personal apps that she uses outside of work and may even consider using these personal apps to try to boost her productivity at work. Even though our user has all of her apps at hand on her personal device, IT is able to enjoy unparalleled management of the Office mobile apps, so that with Microsoft Intune, our IT pro has a different perspective on the organization of our user’s personal device. With the new multi-identity management feature, you an enable users to access both their personal and work accounts using the same Office mobile apps while only applying the MAM policies to their work account – providing a seamless experience while employees are on-the-go. For our IT pro, there is still a clear separation of the managed corporate apps and our user’s personal apps. But, this doesn’t affect the user’s access to apps. By applying policy at the app level, our IT pro can support mobile productivity while maintaining user preferences, and still have the ability to protect corporate data and resources with the Intune-managed Office mobile apps. The Intune App Wrapping Tool also allows IT to apply similar policies to your existing line-of-business applications so that these resources are equally protected through the organization’s proprietary apps. You can enable users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune as well. Let’s now take a closer look at how app-level policies can help keep company data and information secure. Our user receives a work email through her managed Outlook account with an attached Excel spreadsheet containing information she needs for a report. Our user opens the attachment in her Excel mobile application to find the information she needs. She then wants to copy the info to add to her report. But when she tries to paste it into her personal notepad, it doesn’t work—the personal notepad is not a managed app and our IT pro has applied policies that restrict copy, paste, and cut functions to only apps that are part of the managed app ecosystem (for Intune enrolled devices). So our user opens her Microsoft Word mobile app which is managed by Intune and she is successfully able to paste her information. Now our user wants to save the working copy of her report to her personal OneDrive account so that she can access it from her home computer. Because her personal OneDrive account is not one of the managed applications, she’s unable to save it here. IT has applied policies restricting the ability to save to only apps that are part of the managed app ecosystem. So our user must save her working copy to her managed OneDrive for Business account, which means when she does want to work on this report from another device, this device will have to be an enrolled for management . By using the mobile application management capabilities of Intune, the IT pro can help prevent leakage of important company data and make sure that this information doesn’t get into the wrong hands. 
  13. With Microsoft Azure Information Protection, you can: Provide persistent protection Data itself carries the protection. This ensures data is always protected – regardless of where its stored or with whom its shared Enable safe sharing Access to shared data is identity driven. This enables safe sharing with internal employees as well as customers and partners. Empower users Deep integration with Office 365 enables users to apply protection easily without interrupting your employees normal course of work. In product notifications empower users to make right decisions and tools such as document tracking help them gain visibility into use of shared data Maintain control Different key management and deployment options are available to fit your requirements. IT can use powerful logging and reporting to monitor, analyze and reason over data. Classify your data based on sensitivity Policies classify and label data at time of creation or modification based on source, context, and content. Classification can be fully automatic, driven by users, or based on recommendation. Protect your data at all times Embed classification and protection information for persistent protection that follows your data—ensuring it remains protected regardless of where it’s stored or who it’s shared with. Add visibility and control Users can track activities on shared files and revoke access if they encounter unexpected activities. Your IT team can use powerful logging and reporting to monitor, analyze, and reason over data.
  14. 0.6% http://www.gartner.com/newsroom/id/3186517 IT is continually being asked to do “more with less”. As business embraces a mobile first cloud first world IT budgets aren’t increasing. Finding a vendor that offers a comprehensive, cost effective, integrated solution is key to maximizing limited budgets.
  15. Microsoft’s vision for Enterprise Mobility expands the boundaries of current thinking. Managing devices with MDM or Identities with IAM is not enough. Microsoft EMS protects holistically across users, devices, apps, and data with a comprehensive solution that no other vendor provides.
  16. Our unique approach
  17. Our unique approach