Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | ali-mkahal |
View: | 63 times |
Download: | 0 times |
Enterprise Mobility SuiteManaging Access and Help Protect Corporate Email Data
Employees… Productivity
IT Manager… Security
Enterprise Mobility Suite
Protecting almost everything
EMS Validates Identities
EMS helps to ensure that only authorized users are permitted to access corporate email and documents by using security features that leverage Microsoft Azure machine learning capabilities.
EMS Manages Devices
Mobile device management capabilities in EMS help organizations to manage and enforce device-level settings and resource access profiles and VPN that enable seamless access to corporate resources.
EMS Manages Applications
Mobile application management capabilities in EMS help prevent corporate data leaks by restricting actions in Office mobile apps, such as cut, copy, paste, and save as.
Employees can also use a single app (such as Outlook) for both personal and corporate use while EMS helps to ensure that the corporate data is separated and protected on devices that are both enrolled and not enrolled for management purposes.
EMS Protect Information
The information protection capabilities in EMS help to secure highly confidential documents at the file layer.
Employees can encrypt virtually any type of a file, set granular permissions, and track usage to ensure that only the right people inside and outside of the organization can access email attachments and documents, wherever the files are.
Azure Rights Management Service
Scenarios
Protecting Corporate Email
Allow only compliant devices to access company’s email Restricting access to devices that don’t use a strong password, are not
jailbroken, or not encrypted. Microsoft Intune gives you the ability to set conditions that users have to
meet to gain access to company’s resources. This is known as conditional access.
Access control flow for email Apps
Employees attempting to access Exchange Online or Outlook ApplicationTo access email the device used by the employee needs to:
Enroll with Intune
Register with Azure AD
Be compliant with the device policies set by IT admin
Access control flow for email Apps
IT admin Role:
Configure and deploy the compliance policies that are used to evaluate the compliance status of the device.
Configure the Exchange Online conditional access policy, and specify which Azure AD security groups will be affected by, or exempted from these policies.
Choose to allow or block devices that are not capable of enrolling in Intune.
Access control flow for email Apps
End-User Role:
When the user attempts to access email on the device for the first time, or sync subsequently, the device enrollment and compliance status is checked.
The process of enrolling or fixing compliance issues is a guided experience.
The end-user is shown the necessary steps to enroll their device and make it compliant without needing to call IT help desk.
Protect attachments from data leakage The content of an email can be copied, moved saved to a different
location, or shared with another user. EMS solves this problem using mobile application management policies.
Managed apps are apps that are deployed by IT admin that comply with your companies security requirements.
Protect attachments from data leakageThrough a set of mobile application management (MAM) Intune lets us: Block Copy and paste, or prevent data transfer from a managed app to an
app without MAM policy. Prevent Backup to personal cloud storage, preventing Save as, etc. Secure app access by requiring PIN/passcode or corporate credentials on a
MAM-protected app. Configure the application to open all web links inside the Intune Managed
Browser. Selectively wimulti-identity.pe only data that is associated with the
managed app. When a device is lost, stolen, or is no longer managed by IT, a selective wipe can remove all corporate data from the apps, leaving only personal app data behind. This is known as multi-identity.
Extend Email Protection with Azure RMSUsing Azure Rights Management Services: Email messages can be encrypted so only the right users can read or view the
content whether within your company or outside the company. Users can protect email messages and the recipient can read and use protected
email messages sent to them. An Administrator can set rules to:
Automatically apply the rules to a specified group of recipients or create templates for specific departments.
Automatically detect and apply rules to email messages with sensitive content. The rule can be based on sender, recipient, message subject, or content.
Detect sensitive content and alert the sender to apply the protection rules before sending the email.
Managed App Components
Operations and Incidence Response
Both Intune and Azure AD have monitoring and reporting capabilities that can help in monitoring and responding quickly in case of a security issue.
Intune reports and alerts help us monitor the status and health of devices managed by Intune.
Azure AD has auditing and activity logging. We can monitor things like password changes and user management. It includes advanced anomaly security reports and alerts.
Operations and Incidence Response
Flexible Architecture
EMS is designed to work with both cloud services and on-premises infrastructure.
Office 365 and EMS are directly integrated and designed to run in the cloud from the ground up to provide easily configurable and powerful tools for organizations.
EMS integrates with existing on-premises investments, such as AD, Exchange Server, and System Center Configuration Manager.
Key benefits
Thank YouPrepared By: Ali Moukahhal
Enterprise Mobility Suite