We are like other large companies IT departments

Common infrastructure for business units

• Security, Cost Reduction, Compliance

and Privacy are our Top Priorities

• Reactive and Lacks Agility

• Ubiquitous Environments

• The Challenge of Consumerization of

IT

• The Cloud Imperative

• BI & Analytics Rule the Day

• Vendor Consolidation

• IT Simplification and Optimization

• IT Talent Retention and Attraction

• IT Business Alignment, Prioritization

and Partnership

• Innovation that Drives Productivity

• Being Microsoft’s First and Best

Customer

• Perpetual Software Deployments

• CIO-Led Revenue Growth & Customer

Engagement

• Running an Enterprise on Beta

Release Software

• A Company of 95,000 CIO’s

• Biggest Target for Security Attacks

• Moving from a Code Centric to a Data

Centric Organization

• Moving from Functional Based Org to

a Process Centric Org Model

• Self Service Model

• Cloud

• Consumerization of IT

• Data Explosion

• Social Media

• Regulatory Compliance

• Security Threat Growth

IT of the Future : Evolution of MS IT

6

FY05Business Unit IT

FY07Centralized IT

FY10Standardized IT

FY12+Process-Centric IT

“Virtually everything in

business today is an

undifferentiated

commodity, except how a

company manages its

information. How you

manage information

determines whether you

win or lose.”– Bill Gates

invest

men

t

Industry Trends

Cost Reduction & Operational Efficiency

Risk Management & Compliance

Competitive Differentiation

Business Growth & Sales Performance

Business Process Simplification

Big Data

Business Intelligence & Analytics

Security

Risk Management

Mobility & Consumerization of IT

Social Media and Computing

Cloud Computing

Virtualization

ERP & CRM

Business Process Management & Alignment

Business scorecard

Overall user satisfaction (NSAT) Metric sustained at 135 but missed target mainly due to limited Direct Access deployment with Win 8 release

Identified programs/projects follow key ITLC controls: Q2 measure = 99%; recovering trend from get to green program

First and Best plan of record (+28% from FY13 Q1) - FY13 Q2 Dynamics CRM Next CRM online not released to MSIT; data sync issues from Microsoft AD and MS online services;

% Shared goals met (3 red programs, Azure, Dynamics CRM Next, Office 365 SharePoint online; one yellow, Internet Explorer 10)

Security Health Index BitLocker compliance

FY13 H1 misses

Scorecard

Top programs

SharePoint solution and collaboration platform

Q1 Q2 H1Baseline H1 Target Stretch Owner

Value Value Value

CIO scorecard

Strengthen partnerships

Business value realization (BVR) 37% 55% 55% -- 25% 25% Jim DuBois

Overall user experience (NSAT) -- -- 135 135 133 139 144 Walter Puschner

% of LOB QBRs utilizing key artifacts: (COS, ProForma, SoaP) -- -- 90% 90% 84% 85% 90% Shahla Aly

MS first and best (partnership health) -- -- -- -- Annual -- 74% 75% 77% Jim DuBois

Business partner satisfaction -- -- -- -- Annual -- 151 154 158 Walter Puschner

Enable revenue

MS first and best (plan of record) 64% 92% 92% 100% 100% 100% Jim DuBois

Aggregate revenue value addressed by MSIT engagements $401.9M $1,389M $1,389M N/A $1,290M $1,419M Walter Puschner

Deliver quality

Risk management (# of past due items) 0 0 0 0 0 0 Bret Arsenault

Identified programs/projects follow key ITLC controls 87% 99% 93% 89% 95% 97% Kurt Samuelson

Digitize process

Application reduction 1,080 1,065 1,065 1,093 1,073 1,065 Jacky Wright

Business processes base-lined 100% 100% 100% 95% 95% 100% Jacky Wright

Data models defined and implemented 100% 100% 100% N/A 95% 100% Jacky Wright

End-to-end user scenarios defined 100% 100% 100% N/A 95% 100% Kurt Samuelson

Lead with innovation

% Shared goals met 87% 87% 87% 90% 90% 92% Jim DuBois

Optimize IT

Program delivery on-time (BL-SL) 88% 94% 91% 89% 90% 92% Kurt Samuelson

Fiscal responsibility (QTD variance to budget) 1.0% 0.9% 0.9% -2.5% 3% 0% Matt Kellerhals

Program delivery (on budget) -- -- 47% 47% 44% 40% 42% Matt Kellerhals

Hard benefits and cost avoidance $14.8M $27.8M $27.8M $57M $20M $26M Jacky Wright

Application availability 99.97% 99.97% 99.97% 99.93% 99.90% 99.95% Jacky Wright

Stay current - OS 94% 95% 95% 92% 80% 85% Walter Puschner

Security health index 96% 92% 94% 97% 95% 100% Bret Arsenault

Windows Server 2012 adoption 1% 3% 3% N/A 15% 17% Walter Puschner

Invest in our people

IT WHI -- -- -- -- Annual -- 74% 76% 77% John Williams

Top programs for FY13 Overall Scope Schedule Budget Adoption

BI business self service

DAX phase 1

Enterprise job automation

Enterprise security platform

Enterprise service bus

Incentive compensation – ENTICE next gen platform

Laminar

Lotus – phase 1

MS Cloud

MS Sales

MSCOM analytics and reporting

OA 3.0 – Windows client – quarterly release

One plan – Channel Incentives

Project Tiger

SharePoint solution and collaboration platform

Updated EA

6

107Countries

586 Buildings

94kMobiles Sync

2,400

1,300

17,000

Wireless

access points

Low bandwidth Internet

Connected Office (ICO2)

Corp Net Connected via

tunnel

Products file share only

Mix of Wired and Wireless

Native Connection

When Mobile – DA and

VPN

Good bandwidth

Internet or ICO1

Products file share only

Mix of Wired and Wireless

Native Connection

Always Mobile - DA and

VPN

Metered Networks -

possible poor bandwidth

Internet or ICO1

Products file share only

Mix of Wired and Wireless

Native Connection

Always Mobile - VPN to

control network usage

Good bandwidth

Corp Net Connected

WDS, OSD, and Products

file share

Mix of Wired (WDS &

OSD) and Wireless

(Products file share)

Native Connection

When Mobile - DA

preferred solution

56% a monthMisplace a Device

1 in 30 minsiPhone is lost

Secu

rity

of

Dig

ita

l Ass

ets

Time

Anywhere Access

• Full Network access,

requires Strong

AuthNIdentity

Device

Location

Data /

Application

0 – 100%

• Live ID vs. Active Directory

• Strong Auth vs. Username/

Password

0 – 100%

• Approved / Authenticated

• Managed, Self-Managed,

unmanaged

0 – 100%

• IPv4 vs. US

• Internal vs. External

• Country Location

LBI/MBI/

HBI

• LBI, MBI, HBI Data

• Applications (Corporate,

Consumer, Signed)

FactorsAssurance

Level Examples Variable User Experience (VUE)

• Full access , but no

local data, Strong

Auth required

• Linked Network,

Web Apps, simple

AuthN

• No Access, Guest

Internet

Co

mp

ute

d

Access

Secure the Network Perimeter

Secure the Network Interior

Secure Key Assets

Monitor and Audit

HBI

MBI

LBI

IPSec Boundary

Domain joined systems

(Secure Net)

Remote access

clients/dial-up

Non-Corp

domain

machines Labs

~70.000

All Devices

~800,000Domain

Joined

Devices

~320,000

Devices managed

through Config Mgr:

~330,000

Datacenter : ~31,500

Separate

Config Mgr

Hierarchies

Cooperative computer management modelMSIT & users working together

10 languages support for patching

Completely Centralized Administration

IPSec

Microsoft IT EnvironmentManaging Everything that Should be Managed

Strong

Password

Requirements

Passwords expire every 70 days

Administrator-level passwords are 15 alphanumeric

characters in length

User passwords are at least eight alphanumeric

characters in length

Passwords contain uppercase and lowercase

characters, digits, and punctuation

Passwords do not contain slang, dialect, or jargon in

any language, or are not based on personal

information such as family names

New passwords vary significantly from prior

passwords

DA / VPN

EASOWA

Smart Cards for

RAS

CARD

MANAGEMENTCard Issuance

Cert approvals

Distribution & Support

Policy & Exception

Management

DELEGATES

Submits Certificate

requests on user’s

behalf

Distribution

USERS

PIN resets

Certificate renewal

•

•

• Seamless connectivity experience across a plethora of devices

• TPM chip

• Smart card with a valid certificate and a smart card reader

Transistion Services

ISATAP, NAP-PT, Teredo, 6to4

2 Factor Authentication (2FA)

IPSec encryption & authentication

GPO for Client configuration

Network Access Protection (IPSec-WSHA) for Security.

Split-Tunnel Configuration (less traffic on proxy servers)

Remediation Servers

Authentication on- Identity

- Group and role

- Across perimeter, internal

network, host

Governance and risk

management- Central policy defines

‘healthy’

- Compliance reported,

tracked

- Compliance used for

authorization

On Premises

On Cloud

Extranet

CorpNet

Web Role

Worker

Role

Azure Storage

App Fabric

Transport Connectivity

(Ex. Azure Connect, Custom Plug-In/extension)

Data Connectivity(Ex. Azure Data Sync, Custom

Plug-In/Extension)

ClientSQL

Server

Web ServicesCorp STS

ADFS

SQL Azure

Web Role

App Monitoring

Keynote (monitoring)

System Monitoring

Accesses Control Service

Cache

Service BusEmployees

Partners

Customers

Azu

re C

DN

IdentityProviders

ExternalPartners

WindowsLive ID

Org ID

20%

30%

% Vulnerable Clients

48hrs 5 Days – SMS Forced patching begins for normal cycle 24 Days

2%

HighClient Impact

LowClient Impact

Current days to exploit = 3 days

24 days average to 98% secured

24hrs

5%

7 Days – Port shutdowns begin

3%

Microsoft Update; E-mail & ITWeb Notification (Optional)

SCCM Updates Management (Voluntary > Forced)

SER Scanning & Scripted Updating

Port Shutdowns

Users can install and run non-standard applications

Even standard users can install some types of software

Unauthorized applications may:

Introduce malware

Increase helpdesk calls

Reduce user productivity

Undermine compliance efforts

Block unauthorized P2P applications

Easily create and manage flexible rules using Group Policy

Built-in feature of Windows 7 and Windows Server 2008 R2

Improved system management

Improved legal compliance

Reduced support costs

Microsoft IT awareness campaign

Open Methodology based on MS Culture.

1.5 % Exception request

Build an isolated reference machine when deploying AppLocker

Using Audit-only mode to test enforcement settings

Exported the GPO from reference machine

Protection of intellectual

property

Greater sharing of sensitive

information

Simple tools for users

using any RMS-enabled

application

Verification of usage

policies is transparent to

users

Powerful document

protection features

Persistent file-level

protection extends and

enhances security efforts

Ease of implementation for IT

http://NowYouKnow - What you will find

3

1

Domain Joined Non Domain Joined

MSIT Standards PC with TPM PC w/o TPM PC MS Phone Non-PC Device

MSIT StandardsEnterprise Class

PCs with TPMConsumer PCs MSIT Standards Windows Mobile Windows 8 RT

Sony, ASUS…Acer

Enterprise Class

and Consumer

PCs

Android and

Future Chrome

OS devices

Apple Mac with

Bootcamp

Apple Mac with

Bootcamp

Apple Mac with

Mac OS X

iPhone & iPad

MSIT Services

Helpdesk Hardware Support Yes Best Effort Best Effort Maybe No No

Helpdesk Software Support Yes Yes Yes Yes Yes

LOB Applications Yes Yes Yes Yes Yes No

Patching Yes Yes Yes No No No

Driver support in MSIT

ImagesYes No No Maybe No No

Bit-Locker+ TPM Yes Manually No * No No No *

UEFI BIOS Pending Pending Pending Pending No No

Direct Access Yes Probably No No No No

VPN with Smartcard Yes Yes Yes Yes No No

WIFI Yes Yes Yes Yes Yes No-Android

Exchange Yes Yes Yes Yes Yes Limited

Corporate Access Yes Yes Yes Limited Limited Limited

Lync / UC Yes Yes Yes Yes Yes No

* Concerns with PII / HBI data loss