Olav Tvedt

MVP Cloud & Server installation and servicing

@olavtwitt

olavtvedt.blogspot.com

olavtwitt

Chief Consultant Blogs:

olavtvedt.blogspot.com

blogs.technet.com/technetnorge

MVP – CSIS

Cloud & Server Installation and Servicing

• The Third Blues Brother

Olav Tvedt

• Past, Present And The Future

• Management

• User Benefits

@olavtwitt

Agenda

5

Tools For Business

Tools For Productivity

52% of information workers

across 17 countries report

using three or more devices

for work*

>80% of employees admit to

using non-approved software-

as-a-service (SaaS) applications

in their jobs***

90% of enterprises will have

two or more mobile operating

systems to support in 2017**

Mobility is the new normal

52% 90% >80%

* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report

Goal Is Too Attract, Enable And Motivate

But Still Remain Control

• Identity And Access

• Device Management

• Application Management

• Content Management

@olavtwitt

Key Points

Olav Tvedt

@olavtwitt

olavtvedt.blogspot.com

Identity And Access

Microsoft apps

Non-MS cloud-based apps

Active Directory

Active Directory

Microsoft

Account

(Personal)

Other

Accounts

(Personal)

Capabilities• Single Sign on Identity

• Multifactor Authentication

• High Value Asset Protection

• Single Console Device Management

PERIMETER

Other Directories

Custom LOB apps

ISV/CSVapps

PCs and devices

Azure Active Directory

Self-service Singlesign on

•••••••••••

Username

Simple connection

Cloud

SaaSAzure

Office 365Intune

Other Directories

Windows ServerActive Directory

On-premises Microsoft Azure Active Directory

MonitoringUsers Activity

https://remote.modern.ie/

Azure SideNew Installation ExperienceExisting PC ExperienceForgotten Password

#olavtwitt

Olav Tvedt

@olavtwitt

olavtvedt.blogspot.com

Device & Application Management

Capabilities• Hybrid Identity

• Single Console Device Management

• Deploy and manage apps

• Deploy and manage devices

Active Directory

Identity

Microsoft

Intune Azure AD

Enterprise

Certificate Services

System Center 2012 R2

Configuration Manager

CLOUD PERIMETER

MicrosoftAzure

Unified device management

Application management

Comprehensive Windows, Linux, and Mac management

Mobile device management

User IT

System Center Configuration Manager

Installing The AgentConfiguring InTunePolicies

#olavtwitt

Olav Tvedt

@olavtwitt

olavtvedt.blogspot.com

Content management

Capabilities• Hybrid Identity / SSO

• Multifactor Authentication

• High Value Asset Protection

• Single Console Device Management

Active Directory

Identity

Azure Rights

Management System

Microsoft

Intune

Trusted Platform Module

Encryption File System

Encrypting Hard Drives

Azure AD

Premium

Enterprise

Certificate Services

Securing the BootUEFI

TPM

Trusted Boot

Measured Boot

Securing the Code and CoreSecurity Development Lifecycle (SDL)

Address space layout randomization (ASLR)

Data Execution Prevention (DEP)

System Center 2012 R2

Configuration Manager

CLOUD PERIMETER

MicrosoftAzure

Email profile management

Corporate email server

ITUser

Deploy email profile on enrollment• Configure account settings and security restrictions• Enable certificate authentication• Synchronize email, task, contacts, and calendar• Support for iOS, Samsung KNOX, and Windows Phone

Any email service supported by Exchange ActiveSync

Microsoft Intune

Conditional access to email

Policy verification

•••••••••

Username Microsoft Intune

Required settings defined by IT admin:

Enrolled device

Encrypted device

Passcode set

Admin console

Not jailbroken/rooted

ITITUser

Conditional access to email

Policy verification

•••••••••

Username Microsoft Intune

Required settings defined by IT admin:

Enrolled device

Encrypted device

Passcode set

Admin console

Not jailbroken/rooted

ITITUser

Mobile data protection

Protect corporate data accessed from devices

On-premises

Protect corporate data cached on devices

User IT

Installing The AgentConfiguring InTunePolicies

#olavtwitt

Goal Is Too Attract, Enable And Motivate

But Still Remain Control

• Patch Management

• Application

• Configuration• Windows Firewall Settings

• Custom Configuration

• General Configuration

• SCEP Certificate Profile

• Trusted Certificate Profile

• VPN Profile

• Email Profile (Phones)

• Wi-Fi Import

• Self Service Portal• Password reset

• Device Management

User Benefits

Thank you to the exhibitors!Make sure to visit the booths