Go mobile. Stay in control.
Jeff Alexander
Sr. Technical Evangelist
http://about.me/jeffa36
Enterprise Mobility + Security
Mobile-first, cloud-first reality
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
63% 0.6%IT Budget growth
Gartner predicts global IT spend
will grow only 0.6% in 2016.
Shadow IT
More than 80 percent of employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
Is it possible to keep up?
Employees
Business partners
Customers
Is it possible to stay secure?
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
Is it possible to keep up?
Employees Business partners Customers
The Microsoft vision
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integratedApps
Devices
Data
Users
User freedomSecure against new threats Do more with less
Customers need
Identity – driven security Productivity without
compromise
Comprehensive
solutions
Microsoft solution
ENTERPRISE MOBILITY + SECURITY
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Identity-driven Security
Data Breaches 63%
Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other directories
Windows ServerActive Directory
SaaS
Azure
Publiccloud
CloudMicrosoft Azure Active Directory
1000s of apps, 1 identity
Provide one persona to the workforce for SSO to 1000s of
cloud and on-premises apps with multifactor authentication.
Manage access at scale
Manage identities and access at scale in the cloud
and on-premises
Enable business without borders
Stay productive with universal
access to every app and
collaboration capability and self
service capabilities to save money
Identity at the core of your businessIDENTITY – DRIVEN SECURITY
Shadow
IT
Data breach
IDENTITY – DRIVEN SECURITY
Employees
Partners
Customers
Cloud apps
Identity Devices Apps & Data
Transition tocloud & mobility
New attack landscape
Current defenses not sufficient
Identity breach On-premises apps
SaaS
Azure
IntelligentInnovativeHolistic Identity-driven
Addresses security challenges across users
(identities), devices, data, apps, and
platforms―on-premises and in the cloud
Offers one protected common identity for secure access to all
corporate resources, on-premises and in the
cloud, with risk-based conditional access
Protects your data from new and changing
cybersecurity attacks
Enhances threat and
anomaly detection with
the Microsoft Intelligent
Security Graph driven by
a vast amount of
datasets and machine
learning in the cloud.
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
1. Protect at the front doorSafeguard your resources at the front door with innovative
and advanced risk-based conditional accesses
2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-
premises and in the cloud.
3. Detect attacks before they cause damageUncover suspicious activity and pinpoint threats with deep
visibility and ongoing behavioral analytics.
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
IDENTITY – DRIVEN SECURITY
IDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data on-premises and in the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data leakage from my mobile apps?
LOB app protection
DLP for Office 365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility and control of my cloud apps?
IDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security + Azure Active Directory Premium
Behavioral analytics
Detection in the cloud
Anomaly detection
Security reporting and monitoring
Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY
Microsoft
Intune
Azure Information
Protection
Protect your users, devices, and apps
Detect threats early with visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium
Identity-driven security
Protect against advanced threats
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Managed mobile productivity
Unsecuredapps 80%
Manage and secure devices
Office mobile apps
Data-level protection
User self-service
MANAGED MOBILE PRODUCTIVITY
MANAGED MOBILE PRODUCTIVITY
• Conditional access
• Device settings & Compliance enforcement
• Multi-identity support
Access management
• Mobile app management (w & w/o a device enrollment)
• File level classification, labeling, and encryption
Built-in security
• Office mobile apps
• Familiar and trusted
Goldstandard
MANAGED MOBILE PRODUCTIVITY
Managed apps
Personal apps
Personal apps
Managed appsCorporate data
Personaldata
Multi-identity policy
Personal apps
Managed apps
Copy Paste Save
Save to
personal storage
Paste to
personal
app
Email attachment
Empower users to
make right decisions
Enable safe sharing
internally and externally
Maintain visibility and
control
MANAGED MOBILE PRODUCTIVITY
Protect your data at all
times
MANAGED MOBILE PRODUCTIVITY
STRICTLY CONFIDENTIAL
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies,
templates, and rules
FINANCE
CONFIDENTIAL
Add persistent labels defining sensitivity to filesClassify data according to policies – automatically or by user
Manage your account, apps and groups
Company branded, personalized application Access Panel:
http://myapps.microsoft.com
+ iOS and Android Mobile Apps
Self-service password reset
Application access requests
Integrated Office 365 app launching
MANAGED MOBILE PRODUCTIVITY
Managed mobile productivity
Secure access to company data with maximum productivity
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
ENTERPRISE MOBILITY + SECURITY
Comprehensive solution
Global IT Budget growth 2016 0.6%
COMPREHENSIVE SOLUTION
Integrates with what you have
Simple to set up
Easy to maintain
Saves you money
COMPREHENSIVE SOLUTION
Employees Business partners Customers
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integrated
Apps DevicesDataUsers
Always
up to date
• Real-time updates
• Keep up with new apps and devices
Works with
what you have
• Support multiple platforms
• Use existing investments
Simple to set
up and connect
• Easy, secure connections
• Simplified management
COMPREHENSIVE SOLUTION
Simple set up with FastTrack
FastTrack will:
Retain control of sensitive documents locally and
over email
Automatically protect mail containing privileged
information
Ensure files stored in SharePoint are rights
protected
Envision
Azure Rights Management
FastTrack will:
Setup and deploy mobile app management
policies to help prevent Office 365 data leakage
Setup and deploy device security policies like pin
or device encryption
Integrate on-premises System Center
Configuration Manager with Intune
Enable conditional access and compliance
policies to control access to data
FastTrack will:
Get organizational identities to the cloud
Set up single sign-on for test apps (including
Azure Active Directory Application Proxy apps)
Configure self-service options like password
reset and Azure Multi-Factor Authentication in
the MyApps site
Azure Active Directory Premium
Microsoft Intune
Onboard Drive Value
FastTrack is included with EMS to accelerate your deployments
COMPREHENSIVE SOLUTION
$15
Information protection
User and Entity Behavioral Analysis
Cloud Access Security Broker
Identity and access management
Mobile device and application management
Total cost (per user/month)
COMPREHENSIVE SOLUTION
For the cost of Identity & Access Management and MDM/ MAM from other vendors, EMS provides advanced
security capabilities to protect users, devices, apps and data.
1. Individual pricing not currently available. 2. Okta Enterprise Edition as of 3/1/2015. 3. AirWatch Orange Management Suite Cloud as of 3/1/2015.
Included with
Microsoft EMS E5
$82
$18+
Available separately
from other vendors
$$1
$102
Comprehensive solution
Stay secure and maximize your budget
COMPREHENSIVE SOLUTION
ENTERPRISE MOBILITY + SECURITY
Holistic, intelligent,
innovative security to keep
up with new threats.
Identity-drivensecurity
Secure your enterprise fast –
while keeping what you have
and saving money.
Comprehensive solution
Encourage secure work habits
by providing the best apps
with built-in security.
Managed mobile productivity
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information
Protection Premium P2
Intelligent classification and
encryption for files shared
inside and outside your
organization
(includes all capabilities in P1)
Azure Information
Protection Premium P1
Encryption for all files and
storage locations
Cloud-based file tracking
Microsoft Cloud
App Security
Enterprise-grade visibility,
control, and protection for
your cloud applications
Microsoft Advanced
Threat Analytics
Protection from advanced
targeted attacks leveraging
user and entity behavioral
analytics
Microsoft Intune
Mobile device and app
management to protect
corporate apps and data on
any device
Azure Active Directory
Premium P2
Identity and access
management with advanced
protection for users and
privileged identities
(includes all capabilities in P1)
Azure Active Directory
Premium P1
Secure single sign-on to
cloud and on-premises apps
MFA, conditional access, and
advanced security reporting
EMS
E3
EMS
E5
IntelligenceCollaborationTrust Mobility
Empower your employees by creating a secure productive enterprise
Office 365
Enterprise Mobility + Security
Windows 10 Enterprise
Delivered through enterprise cloud services