This document discusses security concerns for organizations as more employees use personal devices for work and access cloud applications. It summarizes research finding that 50% of employers will require BYOD by 2017 and 93% of employees violate security policies. The document then outlines Microsoft's security approach of detecting threats, responding quickly, and protecting endpoints, users and data. It promotes the combination of Azure Active Directory, Intune and Azure Information Protection as an integrated solution to provide identity and access management, mobile device management and information protection across devices, applications and data.

1. Security Beyond the Firewall
Protecting Organizational Intellectual Property
through Identity, Device, and Application Security

2. Stephen Deming
Senior Technical Solutions Professional
Microsoft Corporation

3. Security Concerns
50% 90%
93% 80%
50% of employers by 2017 will
require employees to supply their
own devices for work purposes *
90% of enterprises will have two
or more mobile operating systems
to support in 2017**
93% of employees admit
to violating information
security polices ***
80% of employees admit using non-
approved software-as-a-service
applications in their jobs ****
*Gartner Press Release link
** CEB Survey of 165,000 employees
***CEB Executive Guidance - http://www.executiveboard.com/exbd/executive-guidance/index.page?cid=70180000000anZM
**** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report

4. Conversation Starters
Microsoft Confidential 4
• Are you accessing Office 365 from mobile devices?
• Are those devices provided by the user?
• Are you using OTHER online services other than
Office 365?
• Are you in a regulated industry or work with
regulated customers?

5. MICROSOFT’S
SECURITY POSTURE
!
DETECT
using targeted signals, behavioral
monitoring, and machine learning
RESPOND
closing the gap between discovery and action
PROTECT
across all endpoints, from
sensors to the datacenter

6. Is it possible to stay secure?
Employees
Business partnersCustomers
Apps
Devices
Data
Users
Data leaks Lost device
Compromised identity
Stolen credentials

7. It is possible!
Protection Detection Remediation
The Microsoft Security Vision
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integrated
Apps
Devices
Data
Users

8. Enterprise Mobility +
Security keeps employees
productive on their
favorite apps and
devices—and company
data protected.
Enterprise Mobility + Security

9. Azure Rights
Management
• Encrypts email
• Document
usage control
• Internal & ext-
ernal recipients
Microsoft
Intune
• Mobile device
management
• App and Data
management
• Selective wipe
Azure AD
Premium
• Single sign-on
• Self service
password reset
• Multi-factor
authentication
INFORMATION
PROTECTION
IDENTITY & ACCESS
MANAGEMENT
MOBILE DEVICE &
APP MANAGEMENT
Enterprise Mobility + Security

10. Comprehensive lifecycle management
Enroll
• Provide a self-service Company
Portal for users to enroll devices
• Deliver custom terms and
conditions at enrollment
• Bulk enroll devices using Apple
Configurator or service account
• Restrict access to Exchange
email if a device is not enrolled
Retire
• Revoke access to corporate
resources
• Perform selective wipe
• Audit lost and stolen devices
Provision
• Deploy certificates, email, VPN,
and WiFi profiles
• Deploy device security policy
settings
• Install mandatory apps
• Deploy app restriction policies
• Deploy data protection policies
Manage and Protect
• Restrict access to corporate
resources if policies are violated
(e.g., jailbroken device)
• Protect corporate data by
restricting actions such as
copy/cut/paste/save outside of
managed app ecosystem
• Report on device and app
compliance
User IT

11. Single Sign On Identity

12. Preintegrated SaaS apps in the application gallery

13. Mobile application
management
PC managementMobile device
management
Enterprise Mobility Management
Intune helps organizations provide their employees with access to corporate applications, data, and
resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT

14. “Container” maximizes mobile productivity and protects
corporate resources
• Multi-identity management
• No separate login to container required
Extend these capabilities to your existing line-of-business
apps using the Intune App Wrapping Tool
Enable secure viewing of content using the Managed
Browser, PDF Viewer, AV Player, and Image Viewer apps
Managed apps
Personal appsPersonal apps
Managed apps
ITUser
Corporate
data
Personal
data
Multi-identity policy

15. Personal apps
Managed apps
Maximize productivity while preventing leakage of company
data by restricting actions such as copy, cut, paste, and save
as between Intune-managed apps and unmanaged apps
User

16. Personal apps
Managed apps
Perform selective wipe via self-service
company portal or admin console
Remove managed apps and data
Keep personal apps and data intact
IT
IT

17. Manage rightsEncrypt data Enforce policy
Protect data to secure mobility
Azure Information Protection
Share internally Share externally

18. • One solution for the protection
& management of: identity,
devices, apps, and data
• Single app for personal and
corporate use
• Built-in data separation between
personal and corporate data
• Data leakage protection for
shared files
• Identity-based security to
protect against unauthorized
access, including single sign-on
and multi-factor authentication.
• Self-service password reset
Identity
Device
Application
Data

19. Security in Depth
• Advanced Threat Protection
• Advanced Security Management
• Anti-Spam / Anti-Malware
• Data Loss Prevention
Office 365
• Advanced Threat Protection
• Information Protection
• Credential Guard
• Device Guard
• Windows Hello
Windows 10
Enterprise
• Azure Active Directory Premium
• Azure Information Protection
• Intune
• Advanced Threat Analytics
• Cloud App Security
Enterprise
Mobility +
Security