The Microsoft information protection strategy across EMS, Office 365, and Windows

Employees use multiple devices

Employees use both corporate and personal applications

Data is stored in various locations

Cybersecurity is a top concern

Data protection may get in the way of productivity

Compliance rules are complex and always evolving

Challenges affecting information protection

The landscape

IT

Employees CustomersBusiness partners

Devices AppsUsers Data

Other employe

es

Customers

Business partners

SaaS

Azure

Office 365

Simplify and protect access

Cloud Storage

Prevent leaks and allow collaboration

Protect your corporate assets

Stop external threats

Stay compliant

Cloud Storage

How do you empower users and enable collaboration while still protecting corporate assets?

Empower your users

Enable collaboration

80%+ of employees admit to using unapproved software-as-a-service (SaaS) applications in their jobs

75%+of all network intrusions are due to compromised user credentials

59%of organizations are projected to start some kind of BYOD initiative this year

The end of the secure perimeter

Simplify app access with integrated identities and single sign-on

Additional layer of security with Azure Multi-Factor Authentication

Protect app access with device compliance and conditional access

Simplify and protect access

Self-service Singlesign-on

•••••••••••

Username

Identity and access management

Simple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On premises

Microsoft Azure Active Directory

Windows Provable PC

Health (PPCH)

SharePointOnline

ExchangeOnline

User

Mobile device compliance and conditional access

Policy verification

Microsoft Intune

SharePointOnline

ExchangeOnline

User

Microsoft Intune

Policy compliance verification

Device management

Device compliance

Measured boot integrity status (Windows PPCH)

Advanced device compliance (antivirus, firewall, patch state, etc.)

IT

Microsoft Intune

User

Deviceenrolled

IT

MFA isA trusted additional method of authentication that offers more security with a phone call, app, or SMS

MFA preventsUnauthorized access to on-premises and cloud apps with additional authentication required

MFA offersVery flexible enforcement with user, device, or per app to reduce compliance risks

Azure Multi-Factor Authentication

• Azure AD Join and MDM auto-enrollment• Enhanced conditional access• Microsoft Passport

Even better protection with Windows 10

61% of workers mix personal and work tasks

58%of workers have accidently sent sensitive information to the wrong person

600MRecords breached (known) from April 2005 to Dec 2012

90%of data leakages can be traced back to user behavior

Collaboration is changing the game

Separation of data at app and device level

Detect, monitor, and protect sensitive data

Allow secure sharing of information

Prevent leaks and allow collaboration

User

Corporate network

Microsoft Intune&

Office Mobile Apps

Apply policies

Save

Save

Share files and enforce policies

File share

Personal storage

* Some roaming scenarios use Azure Right Management

Separate corporate and personal data

Configure and manage EDP policies with Intune and Azure Rights Management

Control app access to corporate data and prevent copy and paste-related data leaks

Protect data at rest and in motion*

Separate at the app level

Corporate versus personal data identifiable wherever it rests on the device

MAM and data protection capabilities built into the platform

Protect data at rest and in motion*

Separate at the platform level Enterprise

Data Protection

IT

Mobile application management

Maximize mobile productivity and protect corporate resources with Office mobile apps—including multi-identity support

Extend these capabilities to your existing line-of-business apps using the Intune App Wrapping ToolEnable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Managed apps

Personal appsPersonal apps

Managed apps

User

Corporate data

Personal data

Multi-identity policy

Data Loss Prevention in Office 365

Greatly enhanced security capabilities while retaining rich Office productivity experience

Identify, monitor, and protect sensitive information as they move in the organization

Educate and empower your users while they

work on sensitive content

1. Email, Outlook, OWA

2. SharePoint, OneDrive for Business

3. Office 2016, Word, Excel, PowerPoint

Policy application

Policy distributionacross workloads

DLP policy configuration

Admin

DLP system walkthrough

Centralized policy store

Contextual policy education

Backend policy evaluation

Audit content aggregation

Information workers

Configuration

Wide range of actions available to control data sharing

Transport rules

Azure Rights Management

Office 365 Message Encryption

Configure data protection policies

Use policy templates for protecting emails Alert

Encrypt

Append Override

Review

Redirect

Block

Classify

Document tracking

Access control

Data encryption

Share internally Share externally

z

On any device

Authentication and collaboration

Share protected

Demo

The frequency and sophistication of cybersecurity attacks are increasing

200+The median number of days that attackers reside within a victim’s network before detection

$500BThe total potential cost of cybercrime for the global economy

$3.5MThe average cost of a data breach for a company

Attacks are getting more sophisticated

Stop malicious codes

Protect against identity theft

Detect and block threats

Stop external threats

Prevent attacks with an end-to-end defense and in-depth approach

Prevent via email/web browsing with Exchange

Online Protection/Advanced

Threat Protection

Run insights on compromises with ATA

and Azure AD to detect compromises

and Malicious link tracking

Prevent with Windows SmartScreen technology,

end-point security services, such as app control, antivirus, and vulnerability migration

Prevent attacks Detect and respond to potential attacksEOP/ATP SmartScree

n

• Block spam• Block known

malware

• Block Unknown Malware

• Time-of-click protection

• URL tracking and reporting

• Block malicious links on browser

Strong interior

Strong Perimeter

Exchange Online Protection Exchange Online Advanced Threat Protection SmartScreen

• Enables a Windows desktop to be locked down to only run trusted apps, just like many mobile OS’s (e.g. Windows Phone)

• Resistant to tampering by an administrator or malware

Device guard

Detect attacks

Digital crime unitsmonitoring the dark web

Azure Active Directory telemetry

Event logs and SIEM

Monitor and respond

Built-in security features

Security reporting that tracks inconsistent access patterns, analytics, and alerts

Reporting API

ATA

Devices and

servers

Behavioral Analytics

Forensics for known attacks and issues

Advanced Threat Analytics

Profile normal entity

behavior (normal vs. abnormal)

Search for known

security attacks &

issues

Detect suspicious user

activities, known attacks, and

issues

SIEMActive DirectoryActive Directory

Microsoft Advanced Threat Analytics

Demo

90%U.S. corporations currently engaged in litigation

147Average number of active lawsuits for companies larger than $1 billion

$1MAverage per case cost of eDiscovery

Industry regulations and standards are evolving

Analytics for eDiscovery

Legal hold Archiving and retention

Stay compliant

Productivity firstEducate and empower end users to be compliant without affecting productivity

Built-in featuresDeliver rich, low-cost compliance via built-in features

Operate across suitesEasily apply consistent compliance controls, reports, and UX across Office 365

Bring your own device

Get compliant fast

Educate and empower

people

Discover and act on risk

Microsoft vision for compliance

Integrated tools to help you import, store, preserve, and expire data

Office 365 Archiving

IN-PLACENo need to maintain a separate, duplicate store

UNIFIEDUnified policy across Exchange, SharePoint, and Skype for Business

EXTENSIBLEMigrated data from third-party stores and with more formats

Broad and deep service insights and forensics about customer data

Office 365 Auditing

CENTRALIZEDTenant-based Office 365 wide experiences, no silos

CONSISTENTLogging across SharePoint, Exchange, OneDrive for Business, and Azure

COMPLETEOne API to extract audit data out of Office 365

Office 365 eDiscovery

IN-PLACE HOLDRetain content in place, in real time

SEARCH, ANALYTICS AND EXPORTFind up-to-date and relevant content quickly and export for review

UNIFIEDSharePoint, Skype for Business, and OneDrive for Business and Exchange

Applies machine learning to enable users to explore large, unstructured sets of data in order to quickly find what is relevant

Equivio Analytics

THEMATIC ANALYSISClustering technology to identify data relationships; reducing data sent for review

PREDICTIVE CODINGTrains the system to identify relevant documents

EMAIL THREADINGReconstruct email threads from unstructured data

Office 365 compliance investment areas

Engagement

Security

Operations

Compliance

Report/dashboards

ISVs

Showcase partner solutions available today—learn more in this blogInterested customers and partners sign up here for Private Preview starts this Summer

Users

Admins

Microsoft

ActivityAPI

Security and compliance signals

Simplify and protect access

Simplify app access with integrated identities and SSO

Additional layer of security with MFA

Allow secure sharing of information

Allow collaboration while preventing data lossSeparation of data at app and device level

Detect, monitor, and protect sensitive data

Allow secure sharing of information

Stop external threats

Stop malicious codes

Prevent identity theft

Detect and block threats

Stay compliant

Analytics for eDiscovery

Legal hold

Archiving and retention

What we’ve learned about information protection

SaaS

Azure

Office 365

Simplify and protect access

Cloud Storage

Prevent leaks and allow collaboration

Microsoft solutions can help you stay protected Stop external

threatsStay compliant

Cloud Storage

Enterprise Mobility Suite

Other employees

Customers

Business partners

Empower your users

Enable collaboration

Next steps

To explore• Try Enterprise Mobility now• http://www.microsoft.com/ems• TechNet @

http://technet.microsoft.com/• MSDN @ http://www.msdn.com/

To doRate the session

Q&AAccelerate your journey to the cloud with integrated identity

© 2015 Microsoft Corporation. All rights reserved.