View
219
Download
0
Category
Tags:
Preview:
Citation preview
The Microsoft information protection strategy across EMS, Office 365, and Windows
Employees use multiple devices
Employees use both corporate and personal applications
Data is stored in various locations
Cybersecurity is a top concern
Data protection may get in the way of productivity
Compliance rules are complex and always evolving
Challenges affecting information protection
The landscape
IT
Employees CustomersBusiness partners
Devices AppsUsers Data
Other employe
es
Customers
Business partners
SaaS
Azure
Office 365
Simplify and protect access
Cloud Storage
Prevent leaks and allow collaboration
Protect your corporate assets
Stop external threats
Stay compliant
Cloud Storage
How do you empower users and enable collaboration while still protecting corporate assets?
Empower your users
Enable collaboration
80%+ of employees admit to using unapproved software-as-a-service (SaaS) applications in their jobs
75%+of all network intrusions are due to compromised user credentials
59%of organizations are projected to start some kind of BYOD initiative this year
The end of the secure perimeter
Simplify app access with integrated identities and single sign-on
Additional layer of security with Azure Multi-Factor Authentication
Protect app access with device compliance and conditional access
Simplify and protect access
Self-service Singlesign-on
•••••••••••
Username
Identity and access management
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On premises
Microsoft Azure Active Directory
Windows Provable PC
Health (PPCH)
SharePointOnline
ExchangeOnline
User
Mobile device compliance and conditional access
Policy verification
Microsoft Intune
SharePointOnline
ExchangeOnline
User
Microsoft Intune
Policy compliance verification
Device management
Device compliance
Measured boot integrity status (Windows PPCH)
Advanced device compliance (antivirus, firewall, patch state, etc.)
IT
Microsoft Intune
User
Deviceenrolled
IT
MFA isA trusted additional method of authentication that offers more security with a phone call, app, or SMS
MFA preventsUnauthorized access to on-premises and cloud apps with additional authentication required
MFA offersVery flexible enforcement with user, device, or per app to reduce compliance risks
Azure Multi-Factor Authentication
• Azure AD Join and MDM auto-enrollment• Enhanced conditional access• Microsoft Passport
Even better protection with Windows 10
61% of workers mix personal and work tasks
58%of workers have accidently sent sensitive information to the wrong person
600MRecords breached (known) from April 2005 to Dec 2012
90%of data leakages can be traced back to user behavior
Collaboration is changing the game
Separation of data at app and device level
Detect, monitor, and protect sensitive data
Allow secure sharing of information
Prevent leaks and allow collaboration
User
Corporate network
Microsoft Intune&
Office Mobile Apps
Apply policies
Save
Save
Share files and enforce policies
File share
Personal storage
* Some roaming scenarios use Azure Right Management
Separate corporate and personal data
Configure and manage EDP policies with Intune and Azure Rights Management
Control app access to corporate data and prevent copy and paste-related data leaks
Protect data at rest and in motion*
Separate at the app level
Corporate versus personal data identifiable wherever it rests on the device
MAM and data protection capabilities built into the platform
Protect data at rest and in motion*
Separate at the platform level Enterprise
Data Protection
IT
Mobile application management
Maximize mobile productivity and protect corporate resources with Office mobile apps—including multi-identity support
Extend these capabilities to your existing line-of-business apps using the Intune App Wrapping ToolEnable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Managed apps
Personal appsPersonal apps
Managed apps
User
Corporate data
Personal data
Multi-identity policy
Data Loss Prevention in Office 365
Greatly enhanced security capabilities while retaining rich Office productivity experience
Identify, monitor, and protect sensitive information as they move in the organization
Educate and empower your users while they
work on sensitive content
1. Email, Outlook, OWA
2. SharePoint, OneDrive for Business
3. Office 2016, Word, Excel, PowerPoint
Policy application
Policy distributionacross workloads
DLP policy configuration
Admin
DLP system walkthrough
Centralized policy store
Contextual policy education
Backend policy evaluation
Audit content aggregation
Information workers
Configuration
Wide range of actions available to control data sharing
Transport rules
Azure Rights Management
Office 365 Message Encryption
Configure data protection policies
Use policy templates for protecting emails Alert
Encrypt
Append Override
Review
Redirect
Block
Classify
Document tracking
Access control
Data encryption
Share internally Share externally
z
On any device
Authentication and collaboration
Share protected
Demo
The frequency and sophistication of cybersecurity attacks are increasing
200+The median number of days that attackers reside within a victim’s network before detection
$500BThe total potential cost of cybercrime for the global economy
$3.5MThe average cost of a data breach for a company
Attacks are getting more sophisticated
Stop malicious codes
Protect against identity theft
Detect and block threats
Stop external threats
Prevent attacks with an end-to-end defense and in-depth approach
Prevent via email/web browsing with Exchange
Online Protection/Advanced
Threat Protection
Run insights on compromises with ATA
and Azure AD to detect compromises
and Malicious link tracking
Prevent with Windows SmartScreen technology,
end-point security services, such as app control, antivirus, and vulnerability migration
Prevent attacks Detect and respond to potential attacksEOP/ATP SmartScree
n
• Block spam• Block known
malware
• Block Unknown Malware
• Time-of-click protection
• URL tracking and reporting
• Block malicious links on browser
Strong interior
Strong Perimeter
Exchange Online Protection Exchange Online Advanced Threat Protection SmartScreen
• Enables a Windows desktop to be locked down to only run trusted apps, just like many mobile OS’s (e.g. Windows Phone)
• Resistant to tampering by an administrator or malware
Device guard
Detect attacks
Digital crime unitsmonitoring the dark web
Azure Active Directory telemetry
Event logs and SIEM
Monitor and respond
Built-in security features
Security reporting that tracks inconsistent access patterns, analytics, and alerts
Reporting API
ATA
Devices and
servers
Behavioral Analytics
Forensics for known attacks and issues
Advanced Threat Analytics
Profile normal entity
behavior (normal vs. abnormal)
Search for known
security attacks &
issues
Detect suspicious user
activities, known attacks, and
issues
SIEMActive DirectoryActive Directory
Microsoft Advanced Threat Analytics
Demo
90%U.S. corporations currently engaged in litigation
147Average number of active lawsuits for companies larger than $1 billion
$1MAverage per case cost of eDiscovery
Industry regulations and standards are evolving
Analytics for eDiscovery
Legal hold Archiving and retention
Stay compliant
Productivity firstEducate and empower end users to be compliant without affecting productivity
Built-in featuresDeliver rich, low-cost compliance via built-in features
Operate across suitesEasily apply consistent compliance controls, reports, and UX across Office 365
Bring your own device
Get compliant fast
Educate and empower
people
Discover and act on risk
Microsoft vision for compliance
Integrated tools to help you import, store, preserve, and expire data
Office 365 Archiving
IN-PLACENo need to maintain a separate, duplicate store
UNIFIEDUnified policy across Exchange, SharePoint, and Skype for Business
EXTENSIBLEMigrated data from third-party stores and with more formats
Broad and deep service insights and forensics about customer data
Office 365 Auditing
CENTRALIZEDTenant-based Office 365 wide experiences, no silos
CONSISTENTLogging across SharePoint, Exchange, OneDrive for Business, and Azure
COMPLETEOne API to extract audit data out of Office 365
Office 365 eDiscovery
IN-PLACE HOLDRetain content in place, in real time
SEARCH, ANALYTICS AND EXPORTFind up-to-date and relevant content quickly and export for review
UNIFIEDSharePoint, Skype for Business, and OneDrive for Business and Exchange
Applies machine learning to enable users to explore large, unstructured sets of data in order to quickly find what is relevant
Equivio Analytics
THEMATIC ANALYSISClustering technology to identify data relationships; reducing data sent for review
PREDICTIVE CODINGTrains the system to identify relevant documents
EMAIL THREADINGReconstruct email threads from unstructured data
Office 365 compliance investment areas
Engagement
Security
Operations
Compliance
Report/dashboards
ISVs
Showcase partner solutions available today—learn more in this blogInterested customers and partners sign up here for Private Preview starts this Summer
Users
Admins
Microsoft
ActivityAPI
Security and compliance signals
Simplify and protect access
Simplify app access with integrated identities and SSO
Additional layer of security with MFA
Allow secure sharing of information
Allow collaboration while preventing data lossSeparation of data at app and device level
Detect, monitor, and protect sensitive data
Allow secure sharing of information
Stop external threats
Stop malicious codes
Prevent identity theft
Detect and block threats
Stay compliant
Analytics for eDiscovery
Legal hold
Archiving and retention
What we’ve learned about information protection
SaaS
Azure
Office 365
Simplify and protect access
Cloud Storage
Prevent leaks and allow collaboration
Microsoft solutions can help you stay protected Stop external
threatsStay compliant
Cloud Storage
Enterprise Mobility Suite
Other employees
Customers
Business partners
Empower your users
Enable collaboration
Next steps
To explore• Try Enterprise Mobility now• http://www.microsoft.com/ems• TechNet @
http://technet.microsoft.com/• MSDN @ http://www.msdn.com/
To doRate the session
Q&AAccelerate your journey to the cloud with integrated identity
© 2015 Microsoft Corporation. All rights reserved.
Recommended