empower enterprise mobility- storylinedownload.microsoft.com/download/3/c/0/3c0cf848-169... ·...
TRANSCRIPT
Empower enterprise mobility- StorylineCloseOpening The solutionsThe goal
Hybrid identity
Access & information protection
Desktop Virtualization
Mobile device & application management
EmpowerEnterprise Mobility
Ampiga Jantarapagdee
Partner Technology Strategist
Mobility is the new normal
52% of information workers
across 17 countries report
using three or more devices
for work*
52%
90% of enterprises will have
two or more mobile operating
systems
to support in 2017**
90%
>80% of employees admit to
using non-approved software-
as-a-service (SaaS)
applications in their jobs***
>80%
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
The challenges we face today in keeping users productive while protecting company information
Devices Apps Data
Cost
Risk
Change drives complexity
VDI Solutions
Data Security Solutions
MDM Solutions
System Center
ID Solutions
?
?
?
??
New Solution
Cost
Risk
Cost
Risk
Cost
Risk
Cost
Risk
Co
mp
lexi
tyC
om
ple
xity
Co
mp
lexi
tyC
om
ple
xity Co
mp
lexi
ty Co
mp
lexi
ty
Cost
Risk
?
Microsoft’s unified approach
Cost
Risk
Co
mp
lexi
ty
Progress
Protect your data
Enable your users Unify Your Environment
People-centric approach
Devices Apps Data
Enterprise Agreement (EA) prices starting at $4 per user per monthLimited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
Microsoft Intune
Mobile device settings
management
Mobile application
management
Selective wipe
Microsoft Azure Active Directory Premium
security reports, and
audit reports, multi-
factor authentication
Self-service password
reset and group
management
Connection between
Active Directory and
Azure Active Directory
What is the Enterprise Mobility Suite?
Microsoft Azure Rights Management service
Information protection Connection to on-
premises assets
Bring your own key
Desktop Virtualization
Access & Information Protection
Mobile Device & Application
Management
HybridIdentity
Single sign-on
Self-service experiences
Common identity
Conditional access
SaaS applications
Hybrid Identity
Unify your environment
Create a centralized identity across on-premises and cloud
Use identity federation to maintain centralized authentication and securely share and collaborate with external users and businesses
Enable users
Provide users with self-service experiences to keep them productive
Enable single sign-on for users across all the resources they need access to
Protect your data
Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information
Configure single sign-on across all company applications
Ensure compliance with governance, attestation and reporting
Protect your dataEnable users
User
Unify your environment
User
Public Identity as the control point
Active Directory
User’s identity
•••••••••••••
User’s identity
•••••••••••••
Username
?
ITUser
Cloud
On-premises
User’s identity
•••••••••••••
Username
?
New app
Identity layer
ITUser
On-premises
User’s identity
•••••••••••••
Username
•••••••••••••
ITUser
Cloud
On-premises
User’s identity
•••••••••••••
Username
?
Forgot your password?
ITUser
Cloud
On-premises
User’s identity
•••••••••••••
New device
ITUser
Cloud
On-premises
Policy control
SaaS discovery
User’s identity
ITUser
Cloud
On-premises
Enriched user experience through a single, verified identity
Unified across cloud and on-premises with single sign-on
Integrated identity solution reduces risk across the business
Reduced IT burden of creating and managing multiple identities
Demo Azure AD Premium
Desktop Virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
Consistent user experience
Simplified device enrollment and registration
Single console to manage devices
Application management for Office and LOB
User and Device Management
Protect your data
Protect corporate information by selectively wiping apps and data from retired/lost devices
A common identity for accessing resources on-premises and in the cloud
Identify which mobile devices have been compromised
Enable users
Access to company resources consistently across devices
Simplified registration and enrollment of devices
Synchronized corporate data
User
Unify your environment
On-premises and cloud-based management of devices within a single console.
Simplified, user-centric application management across devices
Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles
User
Windows Intune – Standalone service
Windows PCs
(x86/64, Intel SoC)
Windows RT,
Windows Phone 8
iOS, Android
Manage up to 4,000 users and 7,000 devices
Help protect PCs from malware
Manage updates
Proactive monitoring and alerts
Provide remote assistance
Inventory hardware and software
Monitor & track licenses
Increase insight with reporting
Set security policies
Distribute software
Latest Release
Richer Mobile Device Management
Simple web-based Administration Console and a
richer experience for Information Workers
Direct management (Windows RT,
Windows Phone 8, iOS)
Platforms Windows
8/Windows RT
Windows Phone
8
iOS Android
Sideload to
install
*.appx *.xap *.ipa *.apk
Deep links to
store apps –
install from
store
ITUser
Deviceenrolled
Apply policies
Company Portal
Recommended apps for the user’s devices
ITUser
User IT
Maximize mobile productivity and protect corporate
resources with Office mobile apps
Extend these capabilities to existing line-of-business
apps using the Intune app wrapper
Enable secure viewing of content using the Managed
Browser, PDF Viewer, AV Player, and Image Viewer apps
Managed apps
Personal appsPersonal apps
Managed apps
Personal apps
Managed apps
User
Maximize productivity while preventing leakage of company
data by restricting actions such as copy/cut/paste/save in
your managed app ecosystem
Personal apps
Managed appsCompany Portal
Are you sure you want to wipe
corporate data and applications
from User’s device?
OK Cancel
IT
Perform selective wipe via self-service company portal or admin console
Remove managed apps and data
Keep personal apps and data intact
Managed apps
Consistent user experience across device platforms
Secure access to corporate apps and data
Single management console for mobile devices and PCs
Demo Windows Intune
Desktop Virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
Dynamic Access Control
Rights management
Secure access to work files
87% of senior managers admit
to regularly uploading work
files to a personal email or
cloud account.*
87%
58% have accidentally sent
sensitive information to the
wrong person.*
58%
Focus on data leak prevention
for personal devices, but
ignore the issue on corporate
owned devices where the risks
are the same
? %
Enabling data to flow from one organization to another
Sharing data
Securely share any file type, from within common user experiences
Maintain control
Enlightened applications such as Office and PDF readers offer the ability to enforce rights.
Between organizations
Authenticate users from other organizations (without having to implement point to point federation)
Our approach
Protect any file type
Delight with Office docs, PDF, Text, and Images.
Important applications and services are enlightened
Delight with Office docs, PDF, Text, and Images.
CSOs and Services can ‘reason over data’
Delegated access to datawith bring-your-own-key
Protect in place, and in flight
Data is protected all the time
Share with anyone
B2B sharing is most important with
B2Consumer on the rise
Meet the varied organizational needs
Protection enforced in the cloud, or on-premises; with
data in both places.
Azure RMS Connectors and Connections
RMS SDKs (apps coming) on popular
mobile platforms including
Windows, iOS, Android, Windows
Phone and Mac OS
Connect to on-premises Exchange and
SharePoint for the simplest way to get
Rights Management running in your
organization
Azure RMS provides the Rights Management
capabilities for Office 365, providing easy
enablement and enforcement of information
protection policies
Connect to Windows
Server File Services for
FCI and DAC integration
Leverage a common identity across Active
Directory and Azure Active Directory
DEMO: RMS ApplicationsNative Applications and Generic
protection using Protected File (PFILE)
Custom administrator
defined policies
I can protect and share information
securely across device types
Sharing documents securely
Use Microsoft Azure RMS to securely share
documents with colleagues and business
partners
Email Receiver
Quartely_Sales_Report.xslx
Quartely_Sales_Report.ppdf
Sharing protected files with anyone
A protected PDF copy is sent for easy access
on all platforms
Getting email notifications for document use
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetwithCharts.xlsx.pdf
Keep corporate data secure
Manage the data, not the user
Provide access to data on any trusted device
Demo Azure RMS
Azure Active Directory Offering Comparison
MFA for O365/Azure
Administrators
Windows Azure Multi-Factor
Authentication / EMS
RMS for O365 Azure RMS (EMS)
Devic
e
co
nfi
gu
rati
on Inventory mobile devices that access corporate applications
Remote factory reset (full device wipe)
Mobile device configuration settings (PIN length, PIN required, lock time, etc.)
Self-service password reset (Office 365 cloud only users)
Off
ice 3
65
Provides reporting on devices that do not meet IT policy
Group-based policies and reporting (ability to use groups for targeted device configuration)
Root cert and jailbreak detection
Remove Office 365 app data from mobile devices while leaving personal data and apps intact (Selective
wipe)
Prevent access to corporate email and documents based upon device enrollment and compliance policies
Pre
miu
m m
ob
ile
devic
e &
ap
p
man
ag
em
en
t
Self-service Company Portal for users to enroll their own devices and install corporate apps
Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles
Prevent cut/copy/paste/save as of data from corporate apps to personal apps (Mobile application
management)
Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune
Remote device lock via self-service Company Portal and via admin console
PC
m
an
ag
em
en
t PC management (e.g. inventory, antimalware, patch, policies, etc.)
OS deployment (via System Center ConfigMgr)
PC software management
Single management console for PCs and mobile devices (through integration with System Center
ConfigMgr)
Device management feature comparison