empower enterprise mobility with microsoft ems
TRANSCRIPT
of employees use personal devices for work purposes.*
of employees that typically work on employer premises, also frequently work away from their desks.***
of all software will be available on a SaaS delivery by 2020.**
66% 25% 33%
*CEB The Future of Corporate ITL: 203-2017. 2013.**Forrester Application Adoption Trends: The Rise Of SaaS***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Cost
Risk
Change drives complexityVDI Solutions
Data Security Solutions
MDM Solutions
System Center
ID Solutions
?
?
?
??
New Solution
Cost
Risk
Cost
Risk
Cost
Risk
Cost
Risk
Com
plex
ityCo
mpl
exity
Com
plex
ity Com
plex
ity Com
plex
ity Com
plex
ity
Cost
Risk
?
Microsoft’s unified approach
Cost
Risk
Com
plex
ity
Progress
Company Portal
IT Administrator
Corporate devices Personal devices
Cloud services Line of business apps SaaS apps Store apps
Microsoft’s Enterprise Mobility solution
provides user-centric device and information
management
UserThe logos above may be the property of their respective owners.
Single ID
Single sign-on
Self-service experiences
Conditional/Contextual access
SaaS applications
Desktop Virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
What is Enterprise Mobility Suite ?
Hybrid Identity Management w/Azure Active Directory Premium
Mobile Device & Application Mgmt w/Microsoft Intune
Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication (MFA)Self-service password reset Group-based SaaS provisioningCentralized application access managementFIM CALs for on premise usageSLAAdvanced security reportingCloud App Discovery
Information Protection w/Azure Rights Management
Accelerate your organization.
What’s next in Identity and Access Management (IAM)?
Empower your users.Support end user devices and end user self-‐service.
Bring Your Own DeviceWorkplace Join
End User Self-‐ServicePassword resetGroup management
Unify your environment.One user, one identity.
One IdentityImprove user experienceUnify cloud and on-‐premReduce compliance riskReduce IT overhead
Many OrganizationsAdministrative UnitsB2B (future)
Protect your data.Maintain control while getting out of the way.
Control AccessMulti-‐Factor AuthConditional AccessRBACCloud domain join (W10)Next gen creds (W10)
Encrypt DataRMS Data Protection
Maintain VisibilitySecurity reportsHeuristic based analytics
Deliver apps faster.Discover, manage, and develop apps faster.
Discover applicationsCloud app discovery
Manage applicationsSaaS App ManagementAzure AD App Proxy
Develop applicationsSecure, scalable platformStandards based APIsDevStudio integrationB2C (preview)
15
Enriched user experience through a single, verified identity
Unified across cloud and on-premises with single sign-on
Integrated identity solution reduces risk across the business
Reduced IT burden of creating and managing multiple identities
Desktop Virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
Consistent user experience
Simplified device enrollment and registration
Single console to manage devices
What is Enterprise Mobility Suite ?
Hybrid Identity Management w/Azure Active Directory Premium
Mobile Device & Application Mgmt w/Microsoft Intune
Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication (MFA)Self-service password reset Group-based SaaS provisioningCentralized application access managementFIM CALs for on premise usageSLAAdvanced security reporting
Cross-platform mobile device mgmt (Windows, iOS, Android)
Hardware & software inventoryApplication distributionPolicy settingsFull & selective wipe of corporate date
Information Protection w/Azure Rights Management
Microsoft Intune integrated with System Center 2012 R2 Configuration Manager
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8
iOS, Android
Manage mobile productivity and protect data with Office Mobile apps for iOS and AndroidManage policy for existing iOS line of business apps (so called “app wrapping”)Managed browser and PDF/Audio/Video viewers
Provide access to Exchange and OneDrive for Business resources only to managed devicesDeny access if a device falls out of compliance
Enable IT to bulk enroll corporate-owned task-worker devicesSupport for Apple Configurator
Manage mobile productivity without compromising compliance
Conditional Access Policy to Email and Documents
Enroll and Manage Corporate-owned Devices
Manage Mobile Productivity and Protect Datawith Office
Personal
Corporate
ManagedBrowser
Native E-mail
1. Susan tries to set up her new unmanaged tablet to connect to Exchange and is blocked.
2. She enrolls the tablet into Windows Intune and is then granted access to Exchange.
3. Susan tries to save attachment to OneDrive, and is blocked since OneDrive is not managed by IT.
4. She saves attachment to OneDrive for Business, which is allowed since it is managed by IT.
5. She then tries to copy/paste content into a PowerPoint slide, and is successful.
6. Susan tries to copy text from her attachment and paste it into another, unmanaged app. This action is blocked since this app is not managed by IT.
7. Susan later leaves the company, and a selective wipe is performed on her tablet, removing corporate apps and data while leaving her personal content on the device.
Native E-mail
ManagedBrowser
LoB
Layer 1 – Mobile device lockdown via MDM
Protects corporate data by…
Gaps it leaves open
Restricting device behaviors: PIN, encryption, wipe, disable screen capture and cloud backup, track compliance, etc.
Provisioning credentials that enable corporate resource access control
Apps may share corporate data with other apps outside IT control
Apps may save corporate data to consumer cloud services
Layer 2 – Application and data containers (aka “managed mobile productivity”)
Protects corporate data by…
Gaps it leaves open
Preventing apps from sharing data with other apps outside of IT control
Preventing apps from saving data to stores outside of IT control
Encrypting app data to supplement device encryption
Only protects corporate data that resides on devices. Cannot protect data beyond a device.
Applies same protection to all data that an app touches. Does not allow for specific protection per document.
Layer 3 – Data wrapping
Protects corporate data by…
Gaps it leaves open
Protecting data wherever it resides
Providing granular, content specific protection – e.g. time bomb vision docs
Requires enlightened applications
Requires all data to be protected if not complemented by Layers 1 and 2
LoB
This roadmap contains two Windows Intune releases. Dates are subject to change.
Wave H.0
November December
Wave H.1
Deployment of email profilesDeployment of certificatesDeployment of VPN profiles Deployment of WiFi profilesConfigure EAS email only if device is managed (Exchange on-prem)
Deployment of free store apps for iOSConvenient access to internal corporate resources via per-app VPN configurations for iOSRequired app install/uninstall
Remote pin reset for WP 8.1 (currently supported for iOS and Android)MFA at enrollmentGroup filtering within admin console (RBAC lite)
Service account enrollment
Device lockdown via Supervisor mode (iOS) and Kiosk mode (KNOX)Policies and apps targeted to devicesApplication install allow/deny list
Customizable terms of use
Configure EAS email only if device is managed (O365)Configure MOWA email only if device is managedConfigure documents only if device is managed **Restrict access if device falls out of compliance policy
Managed Office mobile apps – Word, Excel, PowerPointApp wrapper for existing iOS line-of-business apps *
Managed browserPDF viewer, AV player, Image viewerSelective wipe of managed apps and data
Support for Apple Configurator
Device lockdown via Assigned Access mode (WP 8.1)URL allow/deny (via Managed browser)
* SSO not supported in December release** OD4B team dependency – possible delay
Desktop Virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
Dynamic Access Control
Rights management
Secure access to work files
FPO
What is Enterprise Mobility Suite ?
Hybrid Identity Management w/Azure Active Directory Premium
Mobile Device & Application Mgmt w/Microsoft Intune
Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication (MFA)Self-service password reset Group-based SaaS provisioningCentralized application access managementFIM CALs for on premise usageSLAAdvanced security reporting
Cross-platform mobile device mgmt (Windows, iOS, Android)
Hardware & software inventoryApplication distributionPolicy settingsFull & selective wipe of corporate date
Information Protection w/Azure Rights Management
Share RMS protected documents with anyone on any deviceOn-premise use for hybrid scenarios with no infrastructure
Productivity
SecurityMobility
Businesses must keep up by fostering productivity, enabling mobility and ensuring security.Microsoft can help.
EMS
Employee productivity−anywhere, any device
"With employees using the self-service password reset feature in Azure AD Premium, we’ve been able to reduce annual help-desk costs by $20,000.”
Empower users to do more with single sign-on, self-service password reset, and managed access to appsèProvide single sign-on to apps and
data from personal or corporate devices based on user identity
è Enable self-service password resetwith multi-factor authentication
è Let users register personal devices and install IT-approved apps through a web-based, company-specific app store (Company Portal)
Sign-on
Single Sign-on Self-service password reset Company
Portal
***Download
apps
Enable your mobile workforce
“With Windows Azure MFA, we have a stronger level of protection for Office 365…so we have all of our external services well protected.”
Authenticated access to apps and data Make sure users are who they say they areèVerify identity with multi-factor
authentication (call, text, mobile app)
èChoose who can read, copy, print, save, forward, and edit−and set when these rights expire
è Let users download only the apps they’re authorized to use through the Company Portal
Multi-factor authentication
Data Apps Docs
Double-check identity through text, call or app
Log on to any device
Help protect corporate data, apps and docs
“Now we can deploy, secure, and manage mobile apps that staff use to move faster than the competition and drive business.”
Remote device management across platformsDeliver an up-to-date andsecurity-enhanced experience on nearly any deviceèRemotely manage & help protect
Windows, iOS, and Android devices
èHandle device theft and loss withremote wipe: selectively removecorporate apps, data, and policies
èBetter protect corporate data as users and devices travel
èDeploy policies and updates, andinventory HW and SW via the cloud
AndroidiOSWindows
IT
Simplified, device management via the cloud
Company Portal
IT Administrator
Corporate devices Personal devices
Cloud services Line of business apps SaaS apps Store apps
Microsoft’s Mobile Management solution provides user-centric
device and information management
UserThe logos above may be the property of their respective owners.
66%of enterprise seats covered with System Center Configuration Manager
240mUser accounts in Microsoft Azure Active Directory
…lets you build on your investments
14B+Microsoft Azure Active Directory authentications per week
PLA would like to help your organization gain clarity on how to manage your mobile workforce Bring Your Own Device (BYOD) challenges. Microsoft’s Enterprise Mobility Suite can help make this dream a reality and allow you to proactively control your evolving mobile users and their devices.
Topics include:
q End-User Mobilityq Implementing Hybrid Identity Managementq Mobile Device & Application Managementq Access & Information Protectionq Self-service Password reset
For more information contact PLA at [email protected] or call (877) 752-0451
Enterprise Mobility Suite½ Day Strategy Assessment
Each person that completes a ½ day EMS Strategy Assessment by 12/31 will be entered into a
drawing to win a Surface Pro 3