Date post: | 15-Apr-2017 |
Category: |
Technology |
Upload: | peter-daalmans |
View: | 318 times |
Download: | 0 times |
Secure your data and appswith the Microsoft Enterprise Mobility Suite
Chris Nackers
@chrisnack
http://chrisnackers.com
Peter Daalmans
@pdaalmans
http://ref.ms/aboutme
Mirko Colemberg
@Mirkocolemberg
http://blog.colemberg.ch
#MMSMOA
@pdaalmans
Sn. Technical Consultant,
IT-ConcernConfigmgrblog.com
ref.ms/aboutme
Breda, Netherlands
Peter Daalmans
#MMSMOA
Principal Consultant Confgimgr.chSince 1999
Solothurn, Switzerland
Mirko Colemberg
mirkocolemberg
Configmgr_ch
#MMSMOA
@chrisnack
Consultant, Nackers Consulting Chrisnackers.com
Breda, Netherlands
Chris Nackers
10 years
Agenda
• App layer protection concepts
• Azure AD Premium• Identity + Application Proxy
• Intune• Conditional Access
• MAM
• Azure Rights Management• How to configure
App layer protectionThe concepts
Device, Application, Information
Mobile Devices
MDM MAM MIM
Company
Company Private
Private Company
Company Private
Private Company
Company
Private
Private
Private
Azure AD PremiumIdentity
Identity: Cloud, Sync or Federated?
Cloud identity provides a solution where all identity resides in the cloud
Federated identity allows customers to retain all authentication on-premises
Identity sync enables customers to bridge their existing identity into the cloud
B2B federated identity allows customers to securely share and collaborate with each other
Azure Active Directory Premium
Active Directory in the cloud• Federation and identity provisioning
Centrally managed identities• Synchronization• Single User Identity (SSO)
Monitoring and protect access to cloud apps• Authentication and Security reports• Multi-Factor Authentication (MFA)
Empower end Users• Self-Service password reset
Discovery from non-Windows devices
• Cloud App Discovery gateway
• Devices can be configured to go through gateway
• Requires MDM for deployment across organization
Integrate on-prem apps with Azure AD
End-user portal – Access Panel
Azure AD authentication capabilities:• Username and password synced from on-prem AD
• Federated login to on-prem or other federation servers
• Multi-factor authentication
• Customized login screen
• Authorization based on user or groups
• SSO to Office365, thousands of SaaS apps and all applications integrated with AAD
Reports, auditing and security monitoring based on big data and machine learning.
Azure Active Directory
Resource ResourceResource
Co
rpo
rate
N
etw
ork
DM
Z
Connector Connector
Application ProxyAccess Panel
Portal
Authentication +
MFA
Reporting &
Auditing
Security
MonitoringAuthorization
DemoAzure Active Directory Premium
Microsoft IntuneConditional Access
Conditional Access
• What can we do?• Force enrollment before access to Exchange or SharePoint
• Force compliance before access to Exchange or SharePoint
• Much more investments coming soon (see ref.ms/emsroadmap)
Conditional access for Office 365
7
Enrollment/compliance remediation5
If not compliant, push device into quarantine4
2
Attempt email connection
1
3 Set device management/ compliance status
6
DemoSetting up Conditional Access
Microsoft IntuneMobile Application Management
Mobile Application Management
• What can we do?• Force compliance before access to the app and data
• Secure the data within the app• Prohibit copy/paste
• Prohibit screenshots
• Prohibit save as
• Force encryption
• Secure app by PIN or corporate credentials
• Secure LOB apps via App Wrapper
Microsoft Intune Managed Apps
• See for an up to date list: http://ref.ms/mamlist
Mobile Application Management
Maximize mobile productivity and protect corporate resources with Office mobile apps
Extend these capabilities to existing line-of-business apps using the Intune app wrapper
Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Personal apps
Mobile Application Management
Copy Paste Save
Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem
Save to
personal storage
Paste to
personal
app
DemoConfiguring MAM
DemoYeah, Copy Paste!
Azure Rights ManagementProtecting the data
Azure Rights Management
“It uses encryption, identity and authorization policies to help secure your files and email, and it works across multiple devices.”
Azure Rights Management – Cool Features
Protection stays
with the file
Works both inside
and outside the
company
Easy
Audit and
monitoring
On-prem (RMS
Connector) and
O365 support
DemoProtecting your files
So, what fits where?Secure your data and apps in the enterprise
What fits where?
ITUser
Enterprise
Mobility Suite
Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
Active Directory Premium
Rights Management
Share your ideas
• Share your voice / ideas!• http://microsoftintune.uservoice.com/
• http://configurationmanager.uservoice.com/
Questions
Thank you!
Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also
download slides). One lucky winner will receive a free ticket to the next MMS!
Session Title: Secure your data and apps with the Microsoft EMS
Discuss…
Ask your questions-real world answers!
Plenty of time to engage, share knowledge.
SPONSORS