My slide deck from the MWS summit. Device security and management with tools like EMS, Intune, Azure Active Directory and Office 365
http://mwssummit.com/agenda/windows-10-summit-agenda/
8. 52% of information workers
across 17 countries report
using three or more devices
for work*
>80% of employees admit to
using non-approved software-
as-a-service (SaaS) applications
in their jobs***
90% of enterprises will have
two or more mobile operating
systems to support in 2017**
Mobility is the new normal
52% 90% >80%
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013
** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115
*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
12. Identity And Access
Microsoft apps
Non-MS
cloud-based apps
Active Directory
Active Directory
Microsoft
Account
(Personal)
Other
Accounts
(Personal)
Capabilities
• Single Sign on Identity
• Multifactor
Authentication
• High Value Asset
Protection
• Single Console
Device Management
PERIMETER
Other
Directories
Custom
LOB apps
ISV/CSV
apps
PCs and devices
13. Azure Active Directory
Self-service Single
sign on
•••••••••••
Username
Simple
connection
Cloud
SaaS
Azure
Office 365Intune
Other
Directories
Windows Server
Active Directory
On-premises Microsoft Azure Active Directory
18. Device & Application Management
Capabilities
• Hybrid Identity
• Single Console
Device Management
• Deploy and
manage apps
• Deploy and
manage devices
Active Directory
Identity
Microsoft
Intune Azure AD
Enterprise
Certificate Services
System Center 2012 R2
Configuration Manager
CLOUD PERIMETER
Microsoft
Azure
22. Content management
Capabilities
• Hybrid Identity / SSO
• Multifactor
Authentication
• High Value Asset
Protection
• Single Console Device
Management
Active Directory
Identity
Azure Rights
Management System
Microsoft
Intune
Trusted Platform Module
Encryption File System
Encrypting Hard Drives
Azure AD
Premium
Enterprise
Certificate Services
Securing the Boot
UEFI
TPM
Trusted Boot
Measured Boot
Securing the Code and Core
Security Development Lifecycle (SDL)
Address space layout
randomization (ASLR)
Data Execution Prevention (DEP)
System Center 2012 R2
Configuration Manager
CLOUD PERIMETER
Microsoft
Azure
23. Email profile management
Corporate email server
ITUser
Deploy email profile on enrollment
• Configure account settings and security restrictions
• Enable certificate authentication
• Synchronize email, task, contacts, and calendar
• Support for iOS, Samsung KNOX, and Windows Phone
Any email service supported by Exchange ActiveSync
Microsoft Intune
24. Conditional access to email
Policy
verification
•••••••••
Username
Microsoft Intune
Required settings
defined by IT admin:
Enrolled device
Encrypted device
Passcode set
Admin console
Not jailbroken/rooted
IT
ITUser
25. Conditional access to email
Policy
verification
•••••••••
Username
Microsoft Intune
Required settings
defined by IT admin:
Enrolled device
Encrypted device
Passcode set
Admin console
Not jailbroken/rooted
IT
ITUser
26. Mobile data protection
Protect corporate data
accessed from devices
On-premises
Protect corporate data
cached on devices
User IT