Embed Size (px)
Citation preview
Enterprise Mobility + SecurityThe EMS story whiteboard
Previous / Current State
Active DirectoryActive Directory
Federation Services
DMZ
WAP WWW
HR System
Member serversFile, print, database, email, etc..
ReverseProxy
Identity and Access Management
Metaverse
Microsoft Identity Manager
Active DirectoryActive Directory
Federation Services
DMZ
WAP WWW
HR System
Member serversFile, print, database, email, etc..
ReverseProxy
Common identitySimplify identity lifecycle management with automated workflows, business rules and easy integration with heterogeneous platforms.
Enable usersAllow users to self-remediate identity issues, including group membership, smart card and password reset functions.
Protect dataDiscover and map permissions across multiple systems to individual, assignable roles.
Unify accessReduce the number of usernames and passwords needed to login. Just-in-time administration with privileged access management.
Extending identity andaccess management
Azure AD Premium
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
HR System
Member serversFile, print, database, email, etc..
ReverseProxy
Easily extend Active Directory to the cloudConnect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD.
Protecting the identityAzure AD Premium
MFA
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
Self service password resetMulti-factor authentication
Single sign-on (SSO)Azure AD Connect Health
Azure App ProxyAdvanced security reporting
Password w
riteback
to AD
HR System
Member serversFile, print, database, email, etc..
Single sign-on to any cloud and on-premises web appAzure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications.
Protect on-premises web applications Access and protect your on-premises web applications with multi-factor authentication, conditional access policies, and group-based access management.
Protect sensitive data and applicationsTake advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Reduce costs and enhance security with self-serviceProviding self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Protecting the identityadvanced threats
Azure AD Premium
MFA
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
Self service password resetMulti-factor authentication
Single sign-on (SSO)Azure AD Connect Health
Azure App ProxyAdvanced security reporting
Password w
riteback
to AD
Behavioral analyticsDetection of known attacks
Alerts for security risks
HR System
Member serversFile, print, database, email, etc..
ATA Center
ATA Gateway
Detect threats fast with behavioral analyticsPinpoint suspicious activities in your systems by profiling and knowing what to look for. Advanced Threat Analytics also identifies known advanced persistent threats and security issues.
Adapt as quickly as malicious hackersATA continuously learns from the behavior of users, devices, and resources. ATA uses behavioral analytics to adapt and respond.
Zero in on the right alertsThe attack timeline is a clear, efficient, and convenient feed. ATA also provides recommendations for investigation and remediation for each activity.
Reduce false positive fatigueSuspicious activities are contextually aggregated with other behaviors in the interaction path to give you clear, accurate alerts.
Securing the device and application
Azure AD Premium
MFA
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
Self service password resetMulti-factor authentication
Single sign-on (SSO)Azure AD Connect Health
Azure App ProxyAdvanced security reporting
Password w
riteback
to AD
Behavioral analyticsDetection of known attacks
Alerts for security risks
Mobile device management (MDM)Mobile application management (MAM)
PC management
HR System
Member serversFile, print, database, email, etc..
ATA Center
ATA Gateway
Manage all the devices in your mobile ecosystemWith support for iOS, Android, Windows, Windows Mobile and Mac OS X devices.
Management choiceUtilize Mobile Application Management (MAM) without requiring the device to be enrolled for management.
Data protectionSecure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, to managed and compliant devices.
Unparalleled management of Office mobile appsMaximize mobile productivity for your employees with access to corporate resources on Office mobile apps. Keep your corporate data safe by preventing leakage of company data all without intruding on user’s personal devices.
Securing the DataAzure AD Premium
MFA
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
Self service password resetMulti-factor authentication
Single sign-on (SSO)Azure AD Connect Health
Azure App ProxyAdvanced security reporting
Password w
riteback
to AD
Behavioral analyticsDetection of known attacks
Alerts for security risks
Mobile device management (MDM)Mobile application management (MAM)
PC management
Classification and labelingEncryption and rights management
Detailed tracking and reporting
Protected corporate data
HR System
Member serversFile, print, database, email, etc..
ATA Center
ATA Gateway
Classify your data based on sensitivityPolicies classify and label data at time of creation or modification based on source, context, and content.
Protect your data at all timesEmbed classification and protection information for persistent protection that follows your data.
Add visibility and controlTrack activities on shared data and revoke access if necessary. Powerful logging and reporting to monitor and analyze wherever it goes.
Collaborate more securely with othersShare data safely with coworkers as well as your customers and partners. Define who can access data and what they can do with it—such as allowing to view and edit files but not print or forward.
Enterprise Mobility + Security Solution
Azure AD Premium
MFA
Metaverse
Microsoft Identity Manager
Active Directory
Azure AD Connect
Active Directory Federation Services
AD to AAD id
entity syn
chroniza
tion
DMZ
WAP WWW
Self service password resetMulti-factor authentication
Single sign-on (SSO)Azure AD Connect Health
Azure App ProxyAdvanced security reporting
Password w
riteback
to AD
Behavioral analyticsDetection of known attacks
Alerts for security risks
Mobile device management (MDM)Mobile application management (MAM)
PC management
Classification and labelingEncryption and rights management
Detailed tracking and reporting
Protected corporate data
Identity risk protectionRisk based conditional access
Privileged identity managementJust-in-time administration
Advanced alerting and reporting
Data controlData loss prevention
Identification of high risk usageAbnormal user behavior
Threat prevention
Protected corporate data
Automatic classification and labeling
CAS Log Collector
HR System
Member serversFile, print, database, email, etc..
ATA Center
ATA Gateway
