peters event - do you know your security risks? - …...2018/11/10  · office 365 atp –email...

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2017 Peters & Associates, Inc. All rights reserved.

Windows 10

October 25, 2018

Bruce Ward, VP of Business StrategyDan Sharp, Senior ConsultantAdam Gassensmith, Manager of Client Engagement

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPeters & Associates Security Wheel

DATAControls surround Data

+EMS E5

Azure AD Basic:

• Single sign-on (SSO) for O365

• Basic multi-factor authentication (MFA) for O365

• SSO for Cloud Apps

MDM for O365

• Device settings management

• Selective wipe

• Built into O365 management console

RMS for O365

• Protection for content stored in Office (on-premises or O365)

• Access to RMS SDK

Activity Logs

Azure Active Directory P2

• Risk based conditional access

• Identity Protection Portal

Identity and access management

Azure Active Directory P1

• Single sign-on (SSO) for all apps

• Conditional MFA, Password Self Service, Dynamic Groups

Cloud App Security - ALL

• Visibility and control for all cloud apps

Identity-driven security

Advanced Threat Analytics

• Identify advanced threats in on premises identities

Azure Information Protection Plan 2

• Automated intelligent classification and labeling of data + AIP Scanner

Information protection

Managed mobile productivity

Intune

• App management (MAM)

• Device management (MDM)

• PC management

Azure Information Protection Plan 1

• Tracking and notifications for shared documents

Office 365 ATP – email links, attachments, phishing

Skype/Teams Extension

• Voice

• Conferencing

Power BI

Advanced eDiscovery–search

Compliance

• Customer Lockbox, Customer Key, Privileged Access

Cloud App Security - O365

Portal with anomalous activity

+EMS E3

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Agenda

• Introduction

• Why Windows 10

• Licensing and Features

• Design and Deploy

• Tools of the Trade

• Demo Time

• Wrap and Q&A

© 2018 Peters & Associates, Inc. All rights reserved.

Why Windows 10

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsSome Reasons

Top Employee Features Top Admin Features

Boot up MUCH faster NOT 10-year old code

Search = Find Security Prevention

Touch Ready Provisioning options and ease

Surface, Windows Hello Bitlocker, Direct Access

Modern, Everywhere Secure Edge Browser

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsThe Real Reason

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsThe Reality Today

https://www.netmarketshare.com

Windows 10

96% of enterprise customers piloting

15% desktop management time savings*

33% reduction in security issues and time to resolve*

*“The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of

Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.

Traditional on-prem

Active Directory

Domain Join

Group Policy

System Center Configuration

Manager

Azure Active Directory

Azure AD Join

MDM Policies

Microsoft Intune

and other MDM

Traditional on-premCloud

Active Directory

Domain Join

Group Policy

System Center Configuration

Manager

Windows 10 designed for modern IT

Modern IT

Traditional IT Cloud

© 2018 Peters & Associates, Inc. All rights reserved.

Licensing & Features

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsLicensing

https://www.microsoft.com/en-us/WindowsForBusiness/Compare

“No Pro if you want these…

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows 10 “Features”

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows 10 “Features”

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRemember: 18 Months!

https://www.peters.com/end-life-beginning-loss/

Version History:• Version 1507.• Version 1511 (November Update).• Version 1607 (Anniversary Update).• Version 1703 (Creators Update) EOL on October 9, 2018

Current Versions:• Version 1709 (Fall Creators Update).• Version 1803 (April 2018 Update).• Version 1809

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows Defender ATP

• Behavior-based, cloud-powered breach detection• Forensic tools, rollback capabilities• Operates independent of AV/Malware protection

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows Virtual Desktop

• Announced Sept 18th, Private Preview

• Azure-based. Rapid deploy / scale.

• Office 365 functionality. EMS security. Windows 10 capability.

• Individual apps or full desktop.

• Extend service via partners including: Citrix, Liquidware, and ThinPrint

© 2018 Peters & Associates, Inc. All rights reserved.

Design & Deploy

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsDesign Questions

UEFI

Disk Encryption

AAD Join / Co-Manage

Windows Defender

Bitlocker / MBAM

ManagementNew

Hardware

Telemetry

Secure / Lockdown

You’re in control

Security – Minimum data to keep your device secure

Basic – Simple device and quality data

Enhanced – Detailed activity data

Full – Enhanced Diagnostics

Choose the level right for your organization

Granularly configured by device or user.

Risk level determined by your business.

©2018 Microsoft Corporation. Content is subject to change. See https://technet.microsoft.com/library/mt577208(v=vs.85).aspx for more information.

“Windows Modern Deployment”

QUICKLY PREPARE NEW DEVICES FOR USER PRODUCTIVITY

Refresh – (Bare Metal, same hardware) -

Keeping the same device but deploying a fresh

image with user settings, data, and apps.

In-Place Upgrade –automated OS update

including apps, settings, and data. Rollback data is saved in Windows.old.

Replace – (Bare Metal, new hardware) -

Deploy a new device with a fresh image and

transition user settings, data, and apps from old

device.

Subscription Activation - Switch from Windows

10 Pro to Enterprise

Unique situations: • Lab refresh /

multicasting• Internet-managed• Road Warrior devices• Kiosk machines

AutoPilot – self-managed, cloud-directed device image upgrades.

© 2018 Peters & Associates, Inc. All rights reserved.

Tools of the Trade

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsTools of the Trade

User State Migration Tool (USMT)

Task Sequence – used via SCCM or WDS

Upgrade Readiness

Application Compatibility

Microsoft Deployment Toolkit (MDT)

Notable Security Mentions…

Group Policies (GPO)

Software Updates (WSUS)

Bitlocker Admin (MBAM)

Local Account Passwords (LAPS)

© 2018 Peters & Associates, Inc. All rights reserved.

Demo Time!

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Reminder – Free XBOX Raffle

http://www.peters.com/events http://www.peters.com/blog/

Events, Webinars & Blogs

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Offers:

© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.

To ask questions, either:

1) Take phone off mute, ask.

2) Type question in IM Window

1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181

(630) 832-0075

Thank you!

© 2018 Peters & Associates, Inc. All rights reserved.

Bruce Ward

Bruce.Ward@peters.com

© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Windows 10 Roadmap (can be tested with Insider Builds for IT personnel) - https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap

• Windows 10 AutoPilot Provisioning (leverages Intune/Azure AD licensing not owned and SCCM) -https://www.peters.com/leveraging-windows-autopilot-device-provisioning/

Important URL’s

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Microsoft Security Compliance Toolkit 1.0 - set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.

• Windows 10 – using a script to check for versions 1507/1511 (currently not getting updates) or 1607 (stopping in March 2018) -https://www.peters.com/end-life-beginning-loss/

• LAPS (Local Administrator Password Solution) -https://www.peters.com/manage-windows-local-administrator-passwords-laps/

Discussion Areas with URL’s