Pequeña presentación sobre más opciones de seguridad de Microsoft Windows 10. Esta charla está englobada dentro de un ciclo de micro-charlas de seguridad de cliente Windows.
3. Microsoft Passport & Windows Hello
3
1. Convenient multi-factor authentication
Windows 10 offers a flexible multi-factor authentication that allows users to use either biometrics or a PIN plus a
trusted device to access business networks and resources, while IT can ensure strong identity is used organization
wide instead of passwords.
2. Microsoft Passport
Microsoft Passport is the flexible two-factor authentication solution that acts as an alternative to a password, and has
enterprise grade security much like a SmartCard. Use your PC or your mobile phone, whether it’s an Windows
Phone, iOS, or even an Android device, as one of the factors. The other factor will be biometric or a PIN.
3. Windows Hello*
Windows Hello* is a biometric alternative to a PIN when unlocking a device and using your Microsoft Passport. Users
can use their face, iris or fingerprint to unlock their device, Microsoft Passport, and other types of credentials.
4. Enterprise credential protection using Virtual Secure Mode (VSM)
• Microsoft Passport provides great protection to your users credentials, however you may not be aware that your
user’s derived credentials which are used for single sign-in (SSO), may also be under attack. Windows uses hardware-
based virtualization to isolate and help protect derived credentials from malware and attackers even if Windows itself
has been compromised
External-readycopy
* Windows Hello requires specialized hardware, including fingerprint reader,
illuminated IR sensor or other biometric sensors.
4. Long Copy
Microsoft Passport and Windows Hello* together offer convenient,
enterprise grade multi-factor authentication. Microsoft Passport is an
easy to deploy two-factor password alternative that provides enterprise
grade security like a SmartCard, but is more flexible. One factor could be
your PC or your phone, and another factor could be a PIN or biometrics
enabled by Windows Hello. Users can use their face, iris or fingerprint to
unlock their device. Enterprise credential protection uses hardware-
based virtualization to isolate a user’s derived credentials so hackers are
unable to access them.
Short Copy
Microsoft Passport is an easy to deploy two-factor password
alternative that is accessible by using a PIN or Windows Hello*,
which provides enterprise grade security and supports fingerprint,
facial, and iris based recognition.
Medium Copy
Microsoft Passport is an easy to deploy two-factor password
alternative that is accessible by using a PIN or Windows Hello*,
which provides enterprise grade security, and supports fingerprint,
facial, and iris based recognition. Enterprise credential protection
uses hardware-based virtualization to isolate a user’s derived
credentials so hackers are unable to access them.
Microsoft Passport & Windows Hello
feature copy: all up
4
External-readycopy
Sound bite
“The combination of easy-to-deploy and use multi-factor authentication makes
enterprise-grade authentication accessible to everyone, not just the largest orgs
with the big budgets.
* Windows Hello requires specialized hardware, including fingerprint reader,
illuminated IR sensor or other biometric sensors.
5. Enterprise Data Protection
5
1. Enterprise Data Protection
Enterprise Data Protection (EDP) provides data separation and containment capabilities and provides a
strong foundation for DLP. With EDP, Windows can automatically identify corporate apps and data and
protect them with file level encryption while at the same time preventing corporate content from leaking
unprotected to unauthorized locations. IT has full control of keys and protected data and can remote wipe
data on demand.
2. Seamless integration into the platform
• EDP is fully integrated into the mobile and desktop platform so there is no need to switch modes, move to
secure locations, use containers, or special apps to protect data. Windows seamlessly integrates the
protection behind the scenes so users can protect data without being interrupted by the process. This
seamless integration is a major differentiator vs. 3rd party solutions that typically offer security at the
expense of the user experience. With EDP you can have both!
3. IT Control
• With EDP Windows acts as an access control broker that gates user and app access to protected data
based on the policies that you define. IT has full control of keys and data and can remote wipe corporate
data on demand while leaving personal data untouched.
External-readycopy
6. Long Copy
Enterprise Data Protection with Windows 10 gives you enterprise
ready security that’s easy to manage and use. EDP makes it easier to
perform data separation and containment of corporate data –
wherever it might be. IT has full control of keys and data and can
remote wipe data on demand. Because our solution is seamlessly
integrated into the platform you can use the same apps (e.g.: Office,
Notepad, Adobe) to interact with protected data whether it’s on the
desktop or on mobile. Users enjoy an intuitive design, keeping their
focus on getting work done. And you get the corporate data protection
you need with straightforward manageability.
Short Copy
Enterprise Data Protection with Windows 10 makes it easier to
perform data separation and containment of corporate data –
wherever it might be. Unlike most 3rd party solutions, Windows
does not require containers. Instead our solution protects data
wherever it lives on the device. Windows acts as an access control
broker that gates user and app access to protected data based on
the policies that you define.
Medium Copy
Enterprise Data Protection with Windows 10 gives you enterprise
ready security that’s easy to manage and use. EDP makes it easier
to perform data separation and containment of corporate data –
wherever it might be. And because our solution is seamlessly
integrated into the platform EDP doesn’t get in the way of users
and they can use the same apps (e.g.: Office, Notepad, Adobe) to
interact with protected data whether it’s on the desktop or on
mobile.
EDP feature copy: all up
6
External-readycopy
Sound bite
“Enterprise Data Protection from Windows 10 offers data separation and
containment of corporate data that is easy use and manage.”
7. 1. Control your environment
• Help secure your environment and prevent untrusted apps and code from running using the ultimate
form of app control. Using hardware based isolation Device Guard offers a solution more powerful
than traditional allow and deny listing products. Hardware based app control helps ensure that Device
Guards protection are well defended from tampering and bypass.
2. Hardware Rooted App Control
• Device Guard uses hardware-based virtualization to isolate and protect Device Guard features, such as
the Hyper-V Code Integrity Service, from malware and attacks even if Windows itself has been
compromised. In addition Device Guard uses virtualization to help protect kernel mode processes
from in-memory attacks offering a strong mitigation to zero days.
3. Trusted Apps
• Device Guard enables IT to decide which software vendors and apps are trustworthy within their
environment. IT can trust everything from the Windows Store, from specific software vendors, their
own LOB apps, or a combination of their choosing. Device Guard works with Windows Classic and
Universal Apps and it includes tools that make it easy to sign your legacy apps.
Device Guard
7
External-readycopy
8. Long Copy
Device Guard on Windows 10 puts you in control of your environment
– and a step ahead of malware – with rigorous access controls that
help prevent untrusted apps and executables from starting. You’ll be
able to lock down devices, granting access only to apps from trusted
sources. Device Guard uses hardware based isolation and virtualization
to help prevent tampering and bypass even in cases where the
operating system has be fully compromised.
Short Copy
Device Guard puts you in control of your environment with
rigorous access controls that help prevent malware, untrusted
apps and executables from running on devices.
Medium Copy
Device Guard puts you in control of your environment and a step
ahead of malware, with rigorous access controls that help prevent
untrusted apps and executables from starting. Device Guard works
with all of the apps in your environment and includes tools that
make it easy to sign legacy apps.
Device Guard feature copy: all up
8
External-readycopy
Sound bite
“Device Guard provides the most decisive malware defense ever shipped in
Windows and ensures that only trusted apps can start on the device.”