Secure your data and appswith the Microsoft Enterprise Mobility Suite

Chris Nackers

@chrisnack

http://chrisnackers.com

Peter Daalmans

@pdaalmans

http://ref.ms/aboutme

Mirko Colemberg

@Mirkocolemberg

http://blog.colemberg.ch

#MMSMOA

@pdaalmans

Sn. Technical Consultant,

IT-ConcernConfigmgrblog.com

ref.ms/aboutme

Breda, Netherlands

Peter Daalmans

#MMSMOA

Principal Consultant Confgimgr.chSince 1999

Solothurn, Switzerland

Mirko Colemberg

mirkocolemberg

Configmgr_ch

#MMSMOA

@chrisnack

Consultant, Nackers Consulting Chrisnackers.com

Breda, Netherlands

Chris Nackers

10 years

Agenda

• App layer protection concepts

• Azure AD Premium• Identity + Application Proxy

• Intune• Conditional Access

• MAM

• Azure Rights Management• How to configure

App layer protectionThe concepts

Device, Application, Information

Mobile Devices

MDM MAM MIM

Company

Company Private

Private Company

Company Private

Private Company

Company

Private

Private

Private

Azure AD PremiumIdentity

Identity: Cloud, Sync or Federated?

Cloud identity provides a solution where all identity resides in the cloud

Federated identity allows customers to retain all authentication on-premises

Identity sync enables customers to bridge their existing identity into the cloud

B2B federated identity allows customers to securely share and collaborate with each other

Azure Active Directory Premium

Active Directory in the cloud• Federation and identity provisioning

Centrally managed identities• Synchronization• Single User Identity (SSO)

Monitoring and protect access to cloud apps• Authentication and Security reports• Multi-Factor Authentication (MFA)

Empower end Users• Self-Service password reset

Discovery from non-Windows devices

• Cloud App Discovery gateway

• Devices can be configured to go through gateway

• Requires MDM for deployment across organization

Integrate on-prem apps with Azure AD

End-user portal – Access Panel

Azure AD authentication capabilities:• Username and password synced from on-prem AD

• Federated login to on-prem or other federation servers

• Multi-factor authentication

• Customized login screen

• Authorization based on user or groups

• SSO to Office365, thousands of SaaS apps and all applications integrated with AAD

Reports, auditing and security monitoring based on big data and machine learning.

Azure Active Directory

Resource ResourceResource

Co

rpo

rate

N

etw

ork

DM

Z

Connector Connector

Application ProxyAccess Panel

Portal

Authentication +

MFA

Reporting &

Auditing

Security

MonitoringAuthorization

DemoAzure Active Directory Premium

Microsoft IntuneConditional Access

Conditional Access

• What can we do?• Force enrollment before access to Exchange or SharePoint

• Force compliance before access to Exchange or SharePoint

• Much more investments coming soon (see ref.ms/emsroadmap)

Conditional access for Office 365

7

Enrollment/compliance remediation5

If not compliant, push device into quarantine4

2

Attempt email connection

1

3 Set device management/ compliance status

6

DemoSetting up Conditional Access

Microsoft IntuneMobile Application Management

Mobile Application Management

• What can we do?• Force compliance before access to the app and data

• Secure the data within the app• Prohibit copy/paste

• Prohibit screenshots

• Prohibit save as

• Force encryption

• Secure app by PIN or corporate credentials

• Secure LOB apps via App Wrapper

Microsoft Intune Managed Apps

• See for an up to date list: http://ref.ms/mamlist

Mobile Application Management

Maximize mobile productivity and protect corporate resources with Office mobile apps

Extend these capabilities to existing line-of-business apps using the Intune app wrapper

Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Personal apps

Mobile Application Management

Copy Paste Save

Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem

Save to

personal storage

Paste to

personal

app

DemoConfiguring MAM

DemoYeah, Copy Paste!

Azure Rights ManagementProtecting the data

Azure Rights Management

“It uses encryption, identity and authorization policies to help secure your files and email, and it works across multiple devices.”

Azure Rights Management – Cool Features

Protection stays

with the file

Works both inside

and outside the

company

Easy

Audit and

monitoring

On-prem (RMS

Connector) and

O365 support

DemoProtecting your files

So, what fits where?Secure your data and apps in the enterprise

What fits where?

ITUser

Enterprise

Mobility Suite

Identify and authorize user

Apply device policies

Apply application policies

Apply content policies

Active Directory Premium

Rights Management

Share your ideas

• Share your voice / ideas!• http://microsoftintune.uservoice.com/

• http://configurationmanager.uservoice.com/

Questions

Thank you!

Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also

download slides). One lucky winner will receive a free ticket to the next MMS!

Session Title: Secure your data and apps with the Microsoft EMS

Discuss…

Ask your questions-real world answers!

Plenty of time to engage, share knowledge.

SPONSORS