modern workplace summit 2015 - management
TRANSCRIPT
olavtwitt
Chief Consultant Blogs:
olavtvedt.blogspot.com
blogs.technet.com/technetnorge
MVP – CSIS
Cloud & Server Installation and Servicing
• The Third Blues Brother
Olav Tvedt
52% of information workers
across 17 countries report
using three or more devices
for work*
>80% of employees admit to
using non-approved software-
as-a-service (SaaS) applications
in their jobs***
90% of enterprises will have
two or more mobile operating
systems to support in 2017**
Mobility is the new normal
52% 90% >80%
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
• Identity And Access
• Device Management
• Application Management
• Content Management
@olavtwitt
Key Points
Identity And Access
Microsoft apps
Non-MS cloud-based apps
Active Directory
Active Directory
Microsoft
Account
(Personal)
Other
Accounts
(Personal)
Capabilities• Single Sign on Identity
• Multifactor Authentication
• High Value Asset Protection
• Single Console Device Management
PERIMETER
Other Directories
Custom LOB apps
ISV/CSVapps
PCs and devices
Azure Active Directory
Self-service Singlesign on
•••••••••••
Username
Simple connection
Cloud
SaaSAzure
Office 365Intune
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Device & Application Management
Capabilities• Hybrid Identity
• Single Console Device Management
• Deploy and manage apps
• Deploy and manage devices
Active Directory
Identity
Microsoft
Intune Azure AD
Enterprise
Certificate Services
System Center 2012 R2
Configuration Manager
CLOUD PERIMETER
MicrosoftAzure
Unified device management
Application management
Comprehensive Windows, Linux, and Mac management
Mobile device management
User IT
System Center Configuration Manager
Content management
Capabilities• Hybrid Identity / SSO
• Multifactor Authentication
• High Value Asset Protection
• Single Console Device Management
Active Directory
Identity
Azure Rights
Management System
Microsoft
Intune
Trusted Platform Module
Encryption File System
Encrypting Hard Drives
Azure AD
Premium
Enterprise
Certificate Services
Securing the BootUEFI
TPM
Trusted Boot
Measured Boot
Securing the Code and CoreSecurity Development Lifecycle (SDL)
Address space layout randomization (ASLR)
Data Execution Prevention (DEP)
System Center 2012 R2
Configuration Manager
CLOUD PERIMETER
MicrosoftAzure
Email profile management
Corporate email server
ITUser
Deploy email profile on enrollment• Configure account settings and security restrictions• Enable certificate authentication• Synchronize email, task, contacts, and calendar• Support for iOS, Samsung KNOX, and Windows Phone
Any email service supported by Exchange ActiveSync
Microsoft Intune
Conditional access to email
Policy verification
•••••••••
Username Microsoft Intune
Required settings defined by IT admin:
Enrolled device
Encrypted device
Passcode set
Admin console
Not jailbroken/rooted
ITITUser
Conditional access to email
Policy verification
•••••••••
Username Microsoft Intune
Required settings defined by IT admin:
Enrolled device
Encrypted device
Passcode set
Admin console
Not jailbroken/rooted
ITITUser
Mobile data protection
Protect corporate data accessed from devices
On-premises
Protect corporate data cached on devices
User IT
• Patch Management
• Application
• Configuration• Windows Firewall Settings
• Custom Configuration
• General Configuration
• SCEP Certificate Profile
• Trusted Certificate Profile
• VPN Profile
• Email Profile (Phones)
• Wi-Fi Import
• Self Service Portal• Password reset
• Device Management
User Benefits