Empower Enterprise Mobility with Microsoft EMS
4 likes1,408 views
This document discusses Microsoft's Enterprise Mobility Suite (EMS) solution for managing mobile devices and enabling a productive mobile workforce. EMS provides hybrid identity management, mobile device and application management, access and information protection. It allows single sign-on, self-service password reset, and centralized application access management. EMS also provides remote device management for Windows, iOS and Android devices and helps protect corporate data on devices through features like selective wiping. The solution aims to foster employee productivity through mobility while ensuring security.
Empower Enterprise Mobility with Microsoft EMS
- 1. Empower Enterprise Mobility Kris Wagner, Microsoft MVP Sr. Manager, Cloud Platforms Tahoe Partners
- 2. Companies gain an extra __ hours of work/year from employees due to mobile working?
- 3. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently work away from their desks.*** of all software will be available on a SaaS delivery by 2020.** 66% 25% 33% *CEB The Future of Corporate ITL: 203-2017. 2013. **Forrester Application Adoption Trends: The Rise Of SaaS ***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
- 4. Cost Risk Change drives complexity VDI Solutions Data Security Solutions MDM Solutions System Center ID Solutions ? ? ? ? ? New Solution Cost Risk Cost Risk Cost Risk Cost Risk ComplexityComplexityComplexityComplexityComplexityComplexity Cost Risk ? Microsoft’s unified approach Cost Risk Complexity Progress
- 6. Company Portal IT Administrator Corporate devices Personal devices Cloud services Line of business apps SaaS apps Store apps Microsoft’s Enterprise Mobility solution provides user-centric device and information management User The logos above may bethe property of their respective owners.
- 7. Single ID Single sign-on Self-service experiences Conditional/Contextual access SaaS applications Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity
- 8. What is Enterprise Mobility Suite ? Hybrid Identity Management w/AzureActiveDirectory Premium Mobile Device & Application Mgmt w/Microsoft Intune Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication(MFA) Self-servicepassword reset Group-based SaaSprovisioning Centralized application access management FIM CALs for on premise usage SLA Advanced securityreporting Cloud App Discovery Information Protection w/Azure Rights Management
- 10. User’s identity ••••••••••••• New device ITUser Cloud On-premises Policy control SaaS discovery
- 12. Discover all SaaS apps in use within your organization
- 15. Accelerate your organization. What’s next in Identity and Access Management (IAM)? Empower your users. Support end user devices and end user self-‐service. Bring Your Own Device Workplace Join End User Self-‐Service Password reset Group management Unify your environment. One user, one identity. One Identity Improve user experience Unify cloud and on-‐prem Reduce compliance risk Reduce IT overhead Many Organizations Administrative Units B2B (future) Protect your data. Maintain control while getting out of the way. Control Access Multi-‐Factor Auth Conditional Access RBAC Cloud domain join (W10) Next gen creds (W10) Encrypt Data RMS Data Protection Maintain Visibility Security reports Heuristic based analytics Deliver apps faster. Discover, manage, and develop apps faster. Discover applications Cloud app discovery Manage applications SaaS App Management Azure AD App Proxy Develop applications Secure, scalable platform Standards based APIs DevStudio integration B2C (preview) 15
- 16. Enriched user experience through a single, verified identity Unified across cloud and on-premises with single sign-on Integrated identity solution reduces risk across the business Reduced IT burden of creating and managing multiple identities
- 17. __% respondents believe their company effectively controls what can be done on the mobile device?
- 18. Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity Consistent user experience Simplified device enrollment and registration Single console to manage devices
- 19. What is Enterprise Mobility Suite ? Hybrid Identity Management w/AzureActiveDirectory Premium Mobile Device & Application Mgmt w/Microsoft Intune Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication(MFA) Self-servicepassword reset Group-based SaaSprovisioning Centralized application access management FIM CALs for on premise usage SLA Advanced securityreporting Cross-platformmobiledevicemgmt (Windows, iOS, Android) Hardware& softwareinventory Application distribution Policy settings Full & selectivewipeof corporatedate Information Protection w/Azure Rights Management
- 21. Microsoft Intuneintegrated with System Center 2012 R2 Configuration Manager Mac OS X Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Windows RT, Windows Phone 8 iOS, Android
- 22. Manage mobile productivity andprotect data with Office Mobile apps for iOS and Android Manage policy for existing iOS line of business apps (so called “app wrapping”) Managed browser and PDF/Audio/Videoviewers Provide access to Exchange and OneDrive for Business resources only to managed devices Deny access if a device falls out of compliance Enable IT to bulk enroll corporate-owned task-worker devices Support for Apple Configurator Manage mobile productivity without compromising compliance Conditional Access Policy to Email and Documents Enroll and Manage Corporate-owned Devices Manage Mobile Productivity and Protect Data with Office Personal Corporate
- 23. Managed Browser Native E-mail 1. Susan tries to set up her new unmanaged tablet to connect to Exchange and is blocked. 2. She enrolls the tablet into Windows Intune and is then granted access to Exchange. 3. Susan tries to save attachment to OneDrive, and is blocked since OneDrive is not managed by IT. 4. She saves attachment to OneDrive for Business, which is allowed since it is managed by IT. 5. She then tries to copy/paste content into a PowerPoint slide, and is successful. 6. Susan tries to copy text from her attachment and paste it into another, unmanaged app. This action is blocked since this app is not managed by IT. 7. Susan later leaves the company, and a selective wipe is performed on her tablet, removing corporate apps and data while leaving her personal content on the device.
- 24. Native E-mail Managed Browser LoB Layer 1 – Mobile device lockdown via MDM Protects corporate data by… Gaps it leaves open Restricting device behaviors: PIN, encryption, wipe, disable screen capture and cloud backup, track compliance, etc. Provisioning credentials that enable corporate resource access control Apps may share corporate data with other apps outside IT control Apps may save corporate data to consumer cloud services Layer 2 – Application and data containers (aka “managed mobile productivity”) Protects corporate data by… Gaps it leaves open Preventing apps from sharing data with other apps outside of IT control Preventing apps from saving data to stores outside of IT control Encrypting app data to supplement device encryption Only protects corporate data that resides on devices. Cannot protect data beyond a device. Applies same protection to all data that an app touches. Does not allow for specific protection per document. Layer 3 – Data wrapping Protects corporate data by… Gaps it leaves open Protecting data wherever it resides Providing granular, content specific protection – e.g. time bomb vision docs Requires enlightened applications Requires all data to be protected if not complemented by Layers 1 and 2 LoB
- 25. This roadmap contains two Windows Intune releases. Dates are subject to change. Wave H.0 November December Wave H.1
- 26. Deployment of email profiles Deployment of certificates Deployment of VPN profiles Deployment of WiFi profiles Configure EAS email only if device is managed (Exchange on-prem) Deployment of free store apps for iOS Convenient access tointernal corporate resources via per-app VPN configurations for iOS Requiredapp install/uninstall Remote pin reset for WP 8.1 (currently supported for iOS and Android) MFA at enrollment Group filteringwithin admin console (RBAC lite) Service account enrollment Device lockdown via Supervisor mode (iOS) and Kiosk mode (KNOX) Policies andapps targetedto devices Application install allow/deny list Customizable terms of use
- 27. Configure EAS email only if device is managed (O365) Configure MOWA email only if device is managed Configure documents only if device is managed ** Restrict access ifdevice falls out of compliance policy ManagedOffice mobile apps – Word, Excel,PowerPoint App wrapper for existingiOS line-of-business apps * Managedbrowser PDF viewer,AV player, Image viewer Selective wipe of managed apps and data Support for Apple Configurator Device lockdown via AssignedAccess mode (WP 8.1) URL allow/deny (via Managedbrowser) * SSO not supported in December release ** OD4B team dependency – possible delay
- 41. Today’s MAM Containers Protected Mobile Productivity
- 42. Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity Dynamic Access Control Rights management Secure access to work files FPO
- 43. What is Enterprise Mobility Suite ? Hybrid Identity Management w/AzureActiveDirectory Premium Mobile Device & Application Mgmt w/Microsoft Intune Single-sign on to over 2,400 SaaS Applications Multi-factor Authentication(MFA) Self-servicepassword reset Group-based SaaSprovisioning Centralized application access management FIM CALs for on premise usage SLA Advanced securityreporting Cross-platformmobiledevicemgmt (Windows, iOS, Android) Hardware& softwareinventory Application distribution Policy settings Full & selectivewipeof corporatedate Information Protection w/Azure Rights Management Share RMSprotected documents with anyoneon any device On-premiseusefor hybrid scenarios with no infrastructure
- 44. v ITUser
- 45. v ITUser
- 47. Productivity SecurityMobility Businesses must keep up by fostering productivity, enabling mobility and ensuring security. Microsoft can help. EMS
- 48. Employee productivity−anywhere, any device "With employees using the self-service password reset feature in Azure AD Premium, we’ve been able to reduce annual help-desk costs by $20,000.” Empowerusers to do more with single sign-on, self-service password reset, and managed access to apps è Provide single sign-on to apps and data from personal or corporate devices based on user identity è Enable self-service password reset with multi-factor authentication è Let users register personal devices and install IT-approved apps through a web-based, company-specific app store (Company Portal) Sign-on Single Sign-on Self-service password reset Company Portal *** Download apps Enable your mobile workforce
- 49. “With Windows Azure MFA, we have a stronger level of protection for Office 365…so we have all of our external services well protected.” Authenticated access to apps and data Make sure users are who they say they are è Verify identity with multi-factor authentication (call, text, mobile app) è Choose who can read, copy, print, save, forward, and edit−and set when these rights expire è Let users download only the apps they’re authorized to use through the Company Portal Multi-factor authentication Data Apps Docs Double-check identity through text, call or app Log on to any device Help protect corporate data, apps and docs
- 50. “Now we can deploy, secure, and manage mobile apps that staff use to move faster than the competition and drive business.” Remote device management across platforms Deliveran up-to-dateand security-enhanced experience on nearly any device è Remotely manage & help protect Windows, iOS, and Android devices è Handle device theft and loss with remote wipe: selectively remove corporate apps, data, and policies è Better protect corporate data as users and devices travel è Deploy policies and updates, and inventory HW and SW via the cloud AndroidiOSWindows IT Simplified, device management via the cloud
- 51. Company Portal IT Administrator Corporate devices Personal devices Cloud services Line of business apps SaaS apps Store apps Microsoft’s Mobile Management solution provides user-centric device and information management User The logos above may bethe property of their respective owners.
- 52. 66%of enterprise seats covered with System Center Configuration Manager 240mUser accounts in Microsoft AzureActiveDirectory …lets you build on your investments 14B+Microsoft AzureActive Directory authentications per week
- 53. Sunil Tahilramani Find a partner link
- 54. PLA would like to help your organization gain clarity on how to manage your mobile workforce Bring Your Own Device (BYOD) challenges. Microsoft’s Enterprise Mobility Suite can help make this dream a reality and allow you to proactively control your evolving mobile users and their devices. Topics include: q End-User Mobility q Implementing Hybrid Identity Management q Mobile Device & Application Management q Access & Information Protection q Self-service Password reset For more information contact PLA at EMS@projectleadership.net or call (877) 752-0451 Enterprise Mobility Suite ½ Day Strategy Assessment Each person that completes a ½ day EMS Strategy Assessment by 12/31 will be entered into a drawing to win a Surface Pro 3
- 55. Online Survey Link - http://1drv.ms/1s2YnMl Thank you!