Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
>80% >70%72%
Mobile & Cloud | Challenging Security Paradigms
72% of employees who use
smartphones for work select
their smartphones personally1
>80% of employees admit to
using non-approved
software-as-a-service (SaaS)
applications in their jobs2
>70% percent of network
intrusions exploited weak or
stolen credentials3
Source:
1: Forrester Research: “Building The Business Case For A Bring-Your-Own-Device (BYOD) Program,” Dec. 4, 2014
2: http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
3: Verizon 2013 data breach investigation report
Mobile device and app management
Access & Information protection
Enterprise Mobility Suite
RMS Protection via RMS for
O365• Protection for content stored in
Office (on-prem or O365)• Access to RMS SDK• Bring your own Key
RMS for O365+ • Protection for on-premises Windows
Server file shares
• Email notifications when sharing
documents
• Email notifications when shared
documents are forwarded
Basic Mobile Device
Management via MDM for O365• Device Settings Management
• Selective Wipe
• Built into O365 Mgmt. Console
MDM for O365+ • PC Management
• Mobile App Management (prevent
cut/copy/past/save as from
corporate apps to personal apps)
• Secure content viewers
• Certificate Provisioning
• System Center integration
Basic Identity Mgmt. via Azure
AD for O365:• Single Sign on for O365
• Basic Multifactor Authentication
(MFA) for O365
Azure AD for O365+• Single Sign on for all cloud apps
• Advanced MFA for all workloads
• Self Service group management and
password reset with write back to on
prem directory
• Advanced security reports
• MIM (Server + CAL)
Hybrid identity management
EMS benefits for O365 customers
Procurement Simplification via Enterprise Mobility Suite
Cloud / Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Ping Identity
Okta
Centrify Salesforce Identity
Google AWS
Airwatch
MobileIron
Good Kaseya
Symantec
Seclore
Fasoo
LiveCycle
is the enabler24 Regions Worldwide, 19 ONLINE…huge capacity around the world…growing every year
100+ datacenters
Top 3 networks in the world
2x AWS, 6x Google DC Regions
G Series – Largest VM in World, 32 cores, 448GB Ram, SSD…
Operational
Announced/Not Operational
Central US
Iowa
West US
California
North Europe
Ireland
East US
Virginia
East US 2
VirginiaUS Gov
Virginia
North Central US
Illinois
US Gov
Iowa
South Central US
Texas
Brazil South
Sao Paulo
West Europe
Netherlands
China North *
Beijing
China South *
Shanghai
Japan East
Saitama
Japan West
Osaka
India South
Chennai
East Asia
Hong Kong
SE Asia
Singapore
Australia South East
Victoria
Australia East
New South Wales
* Operated by 21Vianet
India Central
Pune
Canada East
Quebec City
Canada Central
Toronto
India West
Mumbai
T-Systems
Frankfurt …
Company branded, personalized application Access Panel :
e.g. http://myapps.microsoft.com
User has to login with his AD-Credentials only here.
Then he gets access to all SAAS Apps the admin has provided to him.
Single Sign On – User experience
Single Sign On for ~ 2.500 preintegrated SaaS Apps:http://www.windowsazure.com/en-us/gallery/active-directory
Enterprise Mobility Suite
Mobile device and app management
Basic mobile device management via MDM for Office 365
• Device settings management
• Selective wipe
• Built into Office 365 Management Console
MDM for Office 365 +
• PC management
• Mobile app management (prevent cutting/copying/pasting/saving from corporate apps to personal apps)
• Secure content viewers
• Certificate provisioning
• System Center integration
• Remote Device lock
• …
Mobile application management
Personal apps
Managed apps
User
Maximize productivity while preventing leakage of company
data by restricting actions such as copy/cut/paste/save in
your managed app ecosystem
- MDM pour Office 365 : Configuration des devices
Vous pouvez régler et paramétrer l’ensemble des
données sortantes de l’appareils.
- Complexité du code PIN
- Exiger l’encryption de la sauvegarde
Bloquer les captures d’écran
- Bloquer le Bluetooth
- + autres
- MDM pour Office 365 : Configuration
Gérer les paramètres d’accès aux appareils à l’échelle de l’organisation
Enterprise Mobility Suite
Information protection
RMS protection via RMS for Office 365
• Protection for content stored in Office (on-premises or Office 365)
• Access to RMS SDK
• Bring Your Own Key
RMS for Office 365 +
• Protection for on-premises Windows Server file shares
• Email notifications when sharing documents
• Email notifications when shared documents are forwarded
• Departmental templates
Mobile Device Management for
Inventory mobile devices that access corporate applications ● ● ●
Remote factory reset (full device wipe) ● ● ●
Mobile device configuration settings (PIN length, PIN required, lock time, etc.) ● ● ●
Self-service password reset (Office 365 cloud only users) ● ● ●
Provides reporting on devices that do not meet IT policy ● ●
Group-based policies and reporting (ability to use groups for targeted device configuration) ● ●
Root cert and jailbreak detection ● ●
Remove Office 365 app data from mobile devices while leaving personal data and apps intact (selective wipe) ● ●
Prevent access to corporate email and documents based upon device enrollment and compliance policies ● ●
Self-service Company Portal for users to enroll their own devices and install corporate apps ●
Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles ●
Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile application management) ●
Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune ●
Remote device lock via self-service Company Portal and via admin console ●
PC management (e.g. inventory, antimalware, patch, policies, etc.) ●
OS deployment (via System Center ConfigMgr) ●
PC software management ●
Single management console for PCs and mobile devices (through integration with System Center ConfigMgr) ●
Device management feature comparison
Azure MFA Offering Comparison
MFA for O365/Azure
Administrators
Windows Azure Multi-Factor
Authentication / EMS
Pour aller plus loinBlog technique – section Azure AD connect disponible !
http://www.cloud-generation.com/category/mdm-pour-office-365/
Ressources Microsoft en ligne : MSDN TECHNET