President Convergent Computing http://www.cco.com [email protected] Start Justin 66% 66% of employees use personal devices for work purposes. 33% 33% of employees typically work on their employer’s premises yet frequently work away from their desks. 18% 18% of all software spending will be SaaS delivery by 2017 1 Enterprise Mobility Suite is a cloudbased mobile management system built around the user identity. Desktop Virtualization Employee productivity−anywhere, on any device Access & Information Protection Authenticated access to apps and data Hybrid Identity Remote device management across platforms Mobile Device & Application Management Enable your users Protect your data 8 Employee productivity−anywhere, any device Authenticated access to apps and data Empower users to do more with single sign-on, selfservice password reset, and managed access to apps Enable your mobile workforce Make sure users are who they say they are Provide single sign-on to apps and data from personal or corporate devices based on user identity *** Enable self-service password reset with multi-factor authentication Verify identity with multi-factor authentication (call, text, mobile app) Sign-on Single Sign-on Let users register personal devices and install IT-approved apps through a web-based, company-specific app store (Company Portal) Self-service password reset Download apps Company Portal Deliver an up-to-date and security-enhanced experience on nearly any device Remotely manage & help protect Windows and Windows Phone 8, Apple iOS, and Google Android devices Simplified, device management via the cloud Help protect corporate data, apps and docs Choose who can read, copy, print, save, forward, and edit−and set when these rights expire Let users download only the apps they’re authorized to use through the Company Portal Data Apps Docs Double-check identity through text, call or app Log on to any device “With Windows Azure MFA, we have a stronger level of protection for Office 365…so we have all of our external services well protected.” "With employees using the self-service password reset feature in Azure AD Premium, we’ve been able to reduce annual help-desk costs by $20,000.” Remote device management across platforms Multi-factor authentication Full Integrated Directory – Existing (AD), Cloud (AzureAD), SaaS / SAML / OAUTH Active Directory IT Handle device theft and loss with remote wipe: selectively remove corporate apps, data, and policies Better protect corporate data as users and devices travel Deploy policies and updates, and inventory HW and SW via the cloud Windows iOS Android “Now we can deploy, secure, and manage mobile apps that staff use to move faster than the competition and drive business.” 2 Private Key Passwords Microsoft Dynamics CRM http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/ Windows: Business ready devices LUMIA 625 LUMIA 520 LUMIA 1320 LUMIA 930 LUMIA 1520 LUMIA 1020 Surface Pro 3 3 Windows Phone investments for business Universal Windows Apps VPN, app aware, auto-triggered Enterprise Wi-Fi support with EAP-TLS Convergence Certificate management Assigned Access Encrypted email (S/MIME) Enhanced MDM App platform Cloud Connected Secure by design Tools A more personal, personal assistant Outlook Mobile and Office Mobile built-in Cortana learns about you and the topics you care about, people in your life, and even your routines. Cortana stores this information in her notebook (with your permission, of course) and uses it to make recommendations and suggestions tailored to you. Read and edit with Word, Excel, and PowerPoint, plus OneNote! Seamless integration with Office 365, Exchange Server, SharePoint and Lync She also works on your behalf by anticipating your needs, be it a weather update, driving directions or reminders about friends and loved ones. Integrated IRM rights management and S/MIME Cortana is powered by Bing, so your interests and alerts go with you to bing.com. Layered Mobile Security Architecture SSL 3.0 with AES128 and AES256, IPsec and SLL VPN System integrity with secure hardware and trusted boot Malware protection with application sandboxing and certification Keep data safe with full device encryption Secure Access with Wi-Fi EAP-TLS and auto triggered app specific IPsec or SSL VPN Files and data Apps User Partition 01011 001 Data protection API IRM & SMIME built-in App Containers Secure browser Device-Lock Encryption based on BitLocker technology Single source updates Fixes from MSRC Security Drivers Networking Graphics Developer platform UEFI Secure Boot Code-signed chain of trust Certified hardware TPM 2.0 – all phones 4 Workplace join and native platform enrollment Easy enrollment to access corporate resources from anywhere IT pushes enterprise collection and configures accounts, VPN, Wi-Fi, certificates, apps, and restrictions with an extensive set of policies IT monitors assets and assists user Enterprise Wipe removes all company data but preserves consumer data MDM support by Windows Intune and 3rd party vendors Enrollment Configuration Management Certificate Management Application Management Monitoring Native Clients for 10.6, 10.7, 10.8, 10.9 Supports push software distribution, settings management, and inventory Simple enrollment Enterprise Wi-Fi Virtual Private Networks CentOS 5+6, Debian 5+6, Ubuntu 10.4 LTS and 12.4 LTS, Oracle Linux 5+6 S/MIME EAS Windows Phone 8 Android 4.0+ iOS 6.0+ Empower users Allow users to work the device of their choice and provide consistent access to corporate resources. √ Unify your environment Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Protect corporate information by selectively wiping apps and data from retired/lost devices Simplified, user-centric application management across devices A common identity for accessing resources on-premises and in the cloud Easy enrollment experience Launch workplace control panel from hyperlink Web authentication broker for flexibility and security Flexible and customizable Customize with your branding Choice of authentication mechanism No MDM app needed Users can enroll devices for access to the company portal for easy access to corporate applications. IT can publish desktop virtualization resources for access to centralized resources. Protect your data On-premises and cloud-based management of devices within a single console. Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Users can work from anywhere on their devices with access to their corporate resources. Identify which mobile devices have been compromised Users can register devices for single sign on, and access to corporate data, with Workplace Join. Firewall IT can provide seamless corporate access. IT can publish access to resources with the web application proxy based on device awareness and the users identity. Device lockdown [email protected] A limited set of applications and settings experience Or: A single application experience Managed by MDM Enables controlled experience on moderately priced retail phones for task focused individuals 5 http://technet.microsoft.com/en -us/library/jj884158.aspx Completely removes all corporate data from employee owned phone Accounts (email and documents) Certificates Network Profiles Apps And all associated data Initiated by IT Administrator or user MDM policies Disable mdm un-enrollment Disable soft reset Disable hard reset IT Administrator Device Lock Restrictions App Management Corporate Lockdown Simple password Alphanumeric password Minimum password length Minimum password complexity Password expiration Password history Device wipe threshold Inactivity timeout Disable Disable Disable Disable Disable Storage Configuration App allow list App deny list Disable Microsoft Store Disable developer unlock Disable Internet Explorer Assigned Access Enable device encryption Disable removable storage card Disable desktop sync over USB Data protection Disable Microsoft Account Disable Windows device roaming Disable Cortana Disable consumer email Disable screen capture Disable copy & paste S/MIME IRM Office Documents Wi-Fi VPN Remote Remediation MDM enrollment Disable Internet Sharing Disable Wi-Fi Off loading Disable Manual Configuration Camera Bluetooth Wi-Fi Location NFC Disable VPN when Roaming Disable VPN over Cellular Full device wipe Partial enterprise wipe Enterprise Mobility Suite provides user-centric device and information management Company Portal Cloud services Line of business apps SaaS apps Store apps Disable Share Disable Save As Corporate devices Personal devices Deny un-enroll Deny soft reset Deny hard reset User The logos above may be the property of their respective owners. Deployed to user or device collections Apps can contain multiple deployment types User picks apps they want Company Portal picks best deployment method 6 Microsoft Mobile Roadmap Managed Corporate-owned Devices • • Enable IT to bulk enroll devices Device management focused on task-worker scenarios Conditional Access Policy • • Provide access to email and documents only if device is managed Exchange and OneDrive for Business Protect confidential information Ensure corporate compliance Managed Mobile Productivity and Data Protection • • • • Protect brand and reputation Managed Office Mobile Apps App Wrapper for existing iOS, Android apps Protected web browser Managed PDF, audio, video viewers anagement Scan email and attachments to look for patterns that match document templates Word, Encryption Outlook, Policy Tip Protect sensitive information where stored and in transit using DLP and rights management Ensure adherence to risk management policies via hold, block, audit, and notifications Use Rights Management to restrict access to desired users and encrypt documents Avoid and plug compliance loop holes with a comprehensive reporting of DLP policy performance Encrypt and digitally sign emails through S/MIME Data loss protection for SharePoint Online in Office 365 Encryption at rest for OneDrive for business and SharePoint Online (coming 2014*) (coming 2014*) Protect sensitive documents from being accidently shared outside your organization No coding required; simply upload sample documents to create fingerprints http://blogs.office.com/2014/05/12/enterprise-grade-cloud-services-a-high-barrequired-for-security-compliance-and-privacy/ Consume (and Protect) from any device Automatically protect emails with using Exchange Transport Rules 7 Microsoft Enterprise Mobility Suite Summary Azure Active Directory Premium Directory as a service Windows Intune Azure Rights Management Service Selective remote device wipe Consume & create RMS content with company ID User and group management SSO for pre-integrated SaaS and custom apps Mobile app management Protect content stored in Office 365 Microsoft Directory Synchronization Tool Mobile device settings management User- and Group-based access management and provisioning Self-service app installation Multi-factor authentication Protect content stored in on-premises Office (Exchange, SharePoint via RMS Connector) Self-service IT support interface Self-service group management for cloud users Self-service password change & reset for cloud users Advanced security reporting (based on machine learning) Bring your own key (hybrid protection) Get work done more easily Deploy apps RMS protection for non-Office files (PDF, .JPG) Inventory software and hardware Get the most from your device Usage reporting Company branding for logon & Access Panel Push out anti-malware updates RMS SDK Engage and excite customers Service-level agreement Policy management Forefront Identity Manager CAL & Forefront Identity Manager Server1 Single console for on-prem & cloud device management (when used with Configuration Manager)2 RMS On-Prem Connector for Windows Server shares3 43 Mobile first, cloud first: Office for iPad Office apps on any device Seamlessly switch devices and keep the rich experience using Office Mobile, Office Online, Office for iPad Familiar Office experience designed for iPad with Word, PowerPoint, Excel Fantastic touch experience built from the ground up for iPad Create professional output even without your own machine, using any browser Get your personalized Office experience on all your devices with Office 365 ProPlus Edit, create, and collaborate to create beautifully designed documents Be instantly productive in a new location by streaming Office to any Internet-connected PC Anywhere access to your up-to-date documents in SharePoint and OneDrive for Business Full, rich Office experience, even offline with Office 365 ProPlus Excel 2013 for PC Office Mobile Office Online Office for iPad Touch, ink and voice OneNote on PC Work in real-time with colleagues to finish a report, sales presentation, or financial plan Work naturally on mobile devices using Touch Optimal experience for each task; touchfirst or keyboard/mouse with touch Work on digital content like you would on paper - annotate or draw using inking OneNote on Windows 8 tablet Accelerate an RFP response by distributing sections to topic experts wherever they are located OWA for iOS, push notifications Multi-task with voice-activation; read your voice mail or respond to an email Lync Mobile Stay informed with Exchange alerts and notifications pushed to your device Real-time co-authoring lets you work from the Web, desktop, a Windows tablet or iPad, a mobile device, offline or online Office for iPad, co-authoring Continue an ongoing conversation with team members or get help, even when you’re traveling OWA for Android - http://blogs.office.com/2014/03/31/the-evolution-of-email/ 8 Cloud storing & sharing Work in real-time with colleagues to finish a report, sales presentation, or financial plan OneDrive for Business via browser OneDrive for Business app for iOS OneDrive for Business Enable employees to work remotely, with easy access to documents, reports, policies from virtually any device Avoid delays by ensuring everyone is working on the most current documents on their PC, tablet, or phone Enable employees to catch up on mail or use Office even when offline, on their tablet, laptop, or phone Accelerate an RFP response by distributing sections to topic experts wherever they are located Real-Time coauthoring with Office Online File fidelity, including formatting, stays intact Share business files selectively and securely with colleagues, suppliers, and customers Familiar consumer experience makes it easy to use Support for major browsers Lync HD Video Conferencing on PPI Quickly set up or join conference calls from your Windows, Android or iOS device Increased storage limits 1TB by default ‘Shared with me’ View OneDrive for Business for iOS Post to Yammer Simple Controls Lync Meeting, multiparty conversations Pro Purchasable storage Increased file upload size (10GB) Automatic Versioning Easy access from iOS, Mac OS X, Android, Windows and Windows RT Remote to: o Personal and pooled VMs o Session based desktops o RemoteApp programs o Azure RemoteApp o User PCs Office Mobile on Android & iPhones | Office for iPad Smart Search Accelerate innovation by bringing together the right people from multiple locations Add attendees or presenters on the fly with integrated presence On-premises • Built-to-order infrastructure • On-premises infrastructure • Deployed and managed with Server Manager Meet virtually face-to-face more frequently with customers and partners without the travel costs Azure IaaS • No upfront capital investment • Customizable • Requires deployment, capacity planning and management Increased control and customization Higher complexity Azure RemoteApp • No upfront capital investment • Simple, high-level administration • Built-in Secure WAN access from any device • Dynamic scale, global presence, fault-tolerance from Azure Turn-key service Reduced complexity 9 Azure RemoteApp: Cloud Deployment Azure RemoteApp: Hybrid Deployment Windows Server session-based applications hosted in Azure Windows Server session-based applications hosted in Azure Cloud deployment: Hybrid deployment: IT can quickly provision access to pre-built app collections IT can bring their own session host to deliver access to LOB Windows applications Easy access from devices people love with Microsoft Remote Desktop Apps • Office 2013 ProPlus preinstalled • Rapid provisioning: apps quickly available • Automatic maintenance: OS and apps always up-to-date, Microsoft anti-malware • Users can logon with Microsoft Account or with corporate credentials federated with Azure AD Questions? Users can access Azure RemoteApp from anywhere and anytime. Users can login in with their Microsoft accounts or organizational accounts (optional) Easy access from devices people love with Microsoft Remote Desktop Apps • Apps, OS and settings are fully customizable • IT can manage template images and apply updates via Azure Portal • Full access to on-premises network • User logon with corporate credentials federated with Azure AD VPN Users can access Azure RemoteApp from anywhere and anytime. Users can login in with their organizational accounts Microsoft’s Mobility Strategy: Securely Supporting Microsoft and non-Microsoft Endpoints Created and Presented by: Rand Morimoto, Ph.D., MCITP, CISSP Author, “Unleashed”-series / Sams Publishing President, Convergent Computing http://www.cco.com [email protected] 10
© Copyright 2024 ExpyDoc
