Employees
Partners
Customers
Identity
Devices
MFA
CONNECT
ANY WHERE
AN YTIME
ANY DEVICE
RESTRICT
HERE
CONDITIONAL ACCESS
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
PROTECT
AT THIS LAYER
IDENTITY PROTECTION
Users
Stolen credentials
Compromised identity
Devices
Lost device
Data
Data leaks
Securityreporting and
monitoring(access & usage)
Behavioral analytics
Anomaly detection
Microsoft Azure
MANAGE
HERE
AZURE AD SERVICES
Single sign-onSelf-service
Simple connection
SaaS
SaaS
Azure
Public
cloud
Cloud
CLDOU APPS
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility
and control of my
cloud apps?
Apps
Shadow IT
Azure AD Premium
Self Password Reset
Group Management
Multi Factor Auth
1000s of Apps, 1 Identity
DATA LAYER
DATA
Azure Information Protection
Classify& Label
Protect
How do I control data
on-premises and in
the cloud
Monitor and Respond
Prevent data leakage
How do I prevent data
leakage from my
mobile apps?
Audit and Reports
DLP for Office 365 mobile apps
Mobile App Policies
DEFINE
COMPLIANCE
FORMULA
INTUNE
Managed
apps
Personal
apps
Personal apps
Managed apps
Intune Management
Device Compliance
App Policies
Push Apps
PC Management
Provide insights to drive better
business decisions faster
Intelligence
Create a productive workplace
to embrace diverse workstyles
Collaboration
Protect your organization,
data and people
Trust
Enable your people to get
things done anywhere
Mobility
Empower your employees by creating
a secure productive enterprise
Enterprise
Cloud
Solution
BY AMMAR HASAYEN
On-premises
Windows Server
Active Directory
WEB APPLICATION PROXY
PROTECT ON-
PREMISES
IDENTITY DRIVEN SECURITY : NEW FIREWALL
USER
[Group Membership]
DEVICE STATE
Registered, Managed by Intune, Compliant,
domain joined,...
APPLICATION
What application? Business Sensitivity
NETWORK LOCATION
Inside Corporate, Outside Corporate
RISK SCORE [IDENTITY PROTECTION]
User at risk, session at risk?
DEFENSEINDEPTH

Microsoft EMS Enterprise Mobility and Security Architecture Poster

  • 1.
    Employees Partners Customers Identity Devices MFA CONNECT ANY WHERE AN YTIME ANYDEVICE RESTRICT HERE CONDITIONAL ACCESS Allow access Or Block access Actions Enforce MFA per user/per app PROTECT AT THIS LAYER IDENTITY PROTECTION Users Stolen credentials Compromised identity Devices Lost device Data Data leaks Securityreporting and monitoring(access & usage) Behavioral analytics Anomaly detection Microsoft Azure MANAGE HERE AZURE AD SERVICES Single sign-onSelf-service Simple connection SaaS SaaS Azure Public cloud Cloud CLDOU APPS Cloud App Security Risk scoring Shadow IT Discovery Policies for data control How do I gain visibility and control of my cloud apps? Apps Shadow IT Azure AD Premium Self Password Reset Group Management Multi Factor Auth 1000s of Apps, 1 Identity DATA LAYER DATA Azure Information Protection Classify& Label Protect How do I control data on-premises and in the cloud Monitor and Respond Prevent data leakage How do I prevent data leakage from my mobile apps? Audit and Reports DLP for Office 365 mobile apps Mobile App Policies DEFINE COMPLIANCE FORMULA INTUNE Managed apps Personal apps Personal apps Managed apps Intune Management Device Compliance App Policies Push Apps PC Management Provide insights to drive better business decisions faster Intelligence Create a productive workplace to embrace diverse workstyles Collaboration Protect your organization, data and people Trust Enable your people to get things done anywhere Mobility Empower your employees by creating a secure productive enterprise Enterprise Cloud Solution BY AMMAR HASAYEN On-premises Windows Server Active Directory WEB APPLICATION PROXY PROTECT ON- PREMISES IDENTITY DRIVEN SECURITY : NEW FIREWALL USER [Group Membership] DEVICE STATE Registered, Managed by Intune, Compliant, domain joined,... APPLICATION What application? Business Sensitivity NETWORK LOCATION Inside Corporate, Outside Corporate RISK SCORE [IDENTITY PROTECTION] User at risk, session at risk? DEFENSEINDEPTH