EMS

Jean-François Saint-Pierre I CEO I EvolusysYoan Topenot I MVP O365 I Evolusys

>80% >70%72%

Mobile & Cloud | Challenging Security Paradigms

72% of employees who use

smartphones for work select

their smartphones personally1

>80% of employees admit to

using non-approved

software-as-a-service (SaaS)

applications in their jobs2

>70% percent of network

intrusions exploited weak or

stolen credentials3

Source:

1: Forrester Research: “Building The Business Case For A Bring-Your-Own-Device (BYOD) Program,” Dec. 4, 2014

2: http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report

3: Verizon 2013 data breach investigation report

Devices Apps Data

Mobile device and app management

Access & Information protection

Enterprise Mobility Suite

RMS Protection via RMS for

O365• Protection for content stored in

Office (on-prem or O365)• Access to RMS SDK• Bring your own Key

RMS for O365+ • Protection for on-premises Windows

Server file shares

• Email notifications when sharing

documents

• Email notifications when shared

documents are forwarded

Basic Mobile Device

Management via MDM for O365• Device Settings Management

• Selective Wipe

• Built into O365 Mgmt. Console

MDM for O365+ • PC Management

• Mobile App Management (prevent

cut/copy/past/save as from

corporate apps to personal apps)

• Secure content viewers

• Certificate Provisioning

• System Center integration

Basic Identity Mgmt. via Azure

AD for O365:• Single Sign on for O365

• Basic Multifactor Authentication

(MFA) for O365

Azure AD for O365+• Single Sign on for all cloud apps

• Advanced MFA for all workloads

• Self Service group management and

password reset with write back to on

prem directory

• Advanced security reports

• MIM (Server + CAL)

Hybrid identity management

EMS benefits for O365 customers

Procurement Simplification via Enterprise Mobility Suite

Cloud / Hybrid Identity Management

Mobile Device Management

Information Protection

Key Competitors

Microsoft Differentiation

Azure AD Premium Windows Intune Azure RMS

Ping Identity

Okta

Centrify Salesforce Identity

Google AWS

Airwatch

MobileIron

Good Kaseya

Symantec

Seclore

Fasoo

LiveCycle

is the enabler24 Regions Worldwide, 19 ONLINE…huge capacity around the world…growing every year

100+ datacenters

Top 3 networks in the world

2x AWS, 6x Google DC Regions

G Series – Largest VM in World, 32 cores, 448GB Ram, SSD…

Operational

Announced/Not Operational

Central US

Iowa

West US

California

North Europe

Ireland

East US

Virginia

East US 2

VirginiaUS Gov

Virginia

North Central US

Illinois

US Gov

Iowa

South Central US

Texas

Brazil South

Sao Paulo

West Europe

Netherlands

China North *

Beijing

China South *

Shanghai

Japan East

Saitama

Japan West

Osaka

India South

Chennai

East Asia

Hong Kong

SE Asia

Singapore

Australia South East

Victoria

Australia East

New South Wales

* Operated by 21Vianet

India Central

Pune

Canada East

Quebec City

Canada Central

Toronto

India West

Mumbai

T-Systems

Frankfurt …

La solution de Microsoft pour la mobilité

Une solution… Microsoft Enterprise Mobility

Company branded, personalized application Access Panel :

e.g. http://myapps.microsoft.com

User has to login with his AD-Credentials only here.

Then he gets access to all SAAS Apps the admin has provided to him.

Single Sign On – User experience

Single Sign On for ~ 2.500 preintegrated SaaS Apps:http://www.windowsazure.com/en-us/gallery/active-directory

Phone callMobile app Single-use codes

••••••••

SMS

“ ”

cloudOn-premises

Enterprise Mobility Suite

Mobile device and app management

Basic mobile device management via MDM for Office 365

• Device settings management

• Selective wipe

• Built into Office 365 Management Console

MDM for Office 365 +

• PC management

• Mobile app management (prevent cutting/copying/pasting/saving from corporate apps to personal apps)

• Secure content viewers

• Certificate provisioning

• System Center integration

• Remote Device lock

• …

Mobile application management

Personal apps

Managed apps

User

Maximize productivity while preventing leakage of company

data by restricting actions such as copy/cut/paste/save in

your managed app ecosystem

- MDM pour Office 365

- MDM pour Office 365 : Configuration des devices

Vous pouvez régler et paramétrer l’ensemble des

données sortantes de l’appareils.

- Complexité du code PIN

- Exiger l’encryption de la sauvegarde

Bloquer les captures d’écran

- Bloquer le Bluetooth

- + autres

- MDM pour Office 365 : Contrôle d’accès pour Office 365 : email et

documents

- MDM pour Office 365 : Etape Principale

- MDM pour Office 365 : Setup pour les certificats APNs iOS (Démo)

DEMO

- MDM pour Office 365 : Setup pour les certificats APNs iOS (Démo)

- MDM pour Office 365 : Configuration

Créer des groupes de sécurité

DEMO

- MDM pour Office 365 : Configuration (Démo)

Créer des groupes de sécurité

- MDM pour Office 365 : Configuration

Nouvelle stratégie de sécurité des appareils

DEMO

- MDM pour Office 365 : Configuration (Démo)

Nouvelle stratégie de sécurité des appareils

- MDM pour Office 365 : Configuration

Gérer les paramètres d’accès aux appareils à l’échelle de l’organisation

DEMO

- MDM pour Office 365 : Inscrire ses appareils mobiles (Démo)

- MDM pour Office 365 : Manager ses appareils mobiles

- MDM pour Office 365 : Les différences entre MDM pour Office 365 et

Intune

Enterprise Mobility Suite

Information protection

RMS protection via RMS for Office 365

• Protection for content stored in Office (on-premises or Office 365)

• Access to RMS SDK

• Bring Your Own Key

RMS for Office 365 +

• Protection for on-premises Windows Server file shares

• Email notifications when sharing documents

• Email notifications when shared documents are forwarded

• Departmental templates

DEMO

Mobile Device Management for

Inventory mobile devices that access corporate applications ● ● ●

Remote factory reset (full device wipe) ● ● ●

Mobile device configuration settings (PIN length, PIN required, lock time, etc.) ● ● ●

Self-service password reset (Office 365 cloud only users) ● ● ●

Provides reporting on devices that do not meet IT policy ● ●

Group-based policies and reporting (ability to use groups for targeted device configuration) ● ●

Root cert and jailbreak detection ● ●

Remove Office 365 app data from mobile devices while leaving personal data and apps intact (selective wipe) ● ●

Prevent access to corporate email and documents based upon device enrollment and compliance policies ● ●

Self-service Company Portal for users to enroll their own devices and install corporate apps ●

Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles ●

Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile application management) ●

Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune ●

Remote device lock via self-service Company Portal and via admin console ●

PC management (e.g. inventory, antimalware, patch, policies, etc.) ●

OS deployment (via System Center ConfigMgr) ●

PC software management ●

Single management console for PCs and mobile devices (through integration with System Center ConfigMgr) ●

Device management feature comparison

Azure Active Directory Offering Comparison

Azure MFA Offering Comparison

MFA for O365/Azure

Administrators

Windows Azure Multi-Factor

Authentication / EMS

Azure RMS Offering Comparison

RMS for O365 Azure RMS (EMS)

Pour aller plus loinBlog technique – section Azure AD connect disponible !

http://www.cloud-generation.com/category/mdm-pour-office-365/

Ressources Microsoft en ligne : MSDN TECHNET