2 Agenda Enterprise challenges for mobility How Microsoft s Enterprise Mobility Suite Provides helps with those challenges Hybrid identity With Azure Active Directory and Azure Active Directory Premium Mobile Device Management with Microsoft Intune Data Protection with Azure Rights Management Services Enterprise Mobility Suite Offering
The time to address enterprise mobility is now 29% of today s global workforce use 3+ devices, work from multiple locations and use many apps. 80%+ employees admit to using nonapproved software-as-a-service (SaaS) applications in their jobs 67% of people who use a smartphone for work and 70% of people who use a tablet for work choose the devices themselves Data leakage resulting from device loss or theft is a top smartphone security risk European Union Agency for Network and Information Security
Today s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
Introducing the Enterprise Mobility Suite -Microsoft.com/EMS Microsoft Azure Active Directory Premium security reports, and audit reports, multifactor authentication Self-service password reset and group management Connection between Active Directory and Azure Active Directory Mobile device settings management Microsoft Intune Mobile application management Selective wipe Microsoft Azure Rights Management service Information protection Connection to onpremises assets Bring your own key Enterprise Agreement (EA) prices starting at $4 per user per month Limited time EA Level A promotion pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (Core CAL Suite and Enterprise CAL Suite)
EMS and Office 365 Cloud and hybrid identity management Mobile device management Information protection Enterprise Mobility Suite Single Sign on for all cloud apps Advanced MFA for all workloads Self Service group management and password reset with write back to on premises directory Advanced security reports FIM (Server + CAL) PC Management Mobile Device Management Mobile App Management Certificate Provisioning Selective wipe Protection for on-premises Windows Server file shares Single Sign on for O365 Basic Multifactor Authentication (MFA) for O365 Basic Mobile Device Management via EAS PIN enforcement Device wipe Protection for O365 content Protection for on premises Exchange SharePoint content Access to RMS SDK Bring your own Key
Enterprise Mobility Suite Microsoft Azure Active Directory Premium Group management, security reports, and audit reports Self-service password reset and multi-factor authentication Connection between Active Directory and Azure Active Directory Mobile device settings management Microsoft Intune Mobile application management Selective wipe Microsoft Azure Rights Management service Information protection Connection to onpremises assets Bring your own key
Hybrid identity Bridging on-premises and Azure Active Directory Enable your users Provide users with self-service experiences to keep them productive Enable single sign-on for users across the resources they need access to Unify your environment Create a centralized identity across on-premises and cloud environments Use identity federation to maintain centralized authentication, and share and collaborate with external users and businesses more securely Protect your data Enforce strong authentication when users access resources and apply conditional access controls to sensitive company information Configure single sign-on across all company applications Ensure compliance with governance, attestation, and reporting
Azure Active Directory Premium Built on top of a free offering Robust set of capabilities for empowering enterprises with demanding identity and access management needs Usage rights for Microsoft Forefront Identity Manager server licenses and CALs Take advantage of a directory in the cloud Group-based application access assignment and provisioning to thousands of software-as-a-service (SaaS) applications for single sign-on Company branding Enterprise SLA of 99.9 percent Monitor and protect access to applications Security reports based on machine learning Application usage reports Multi-factor authentication Empower users Self-service password reset Delegated group management
Synchronizing your active Directory
Company Portal - Sign-In Experience
Company Portal - SSO to Applications
Company Portal Profile Password Reset
Group Management
Self Service Password Reset
Multi-Factor Authentication
Advanced Reporting
Enterprise Mobility Suite Microsoft Azure Active Directory Premium Group management, security reports, and audit reports Self-service password reset and multi-factor authentication Connection between Active Directory and Azure Active Directory Mobile device settings management Microsoft Intune Mobile application management Selective wipe Microsoft Azure Rights Management service Information protection Connection to onpremises assets Bring your own key
Manage and Secure PCs and Devices Anywhere Simple web-based Administration Console and a richer experience for Information Workers Help protect PCs from malware Manage updates Distribute software Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies Richer Mobile Device Management
Mobile Device Management with Microsoft Intune Direct management (Windows RT, Windows Phone 8.x, ios, Android) EAS based management
Microsoft Intune Standalone service
Microsoft Intune integrated with System Center 2012 R2 Configuration Manager Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8.x ios, Android
Company Portal Consistent self service experience for end user across mobile platforms Windows Windows Phone Android ios Available in the Windows Store Side-loaded during enrollment Available in the Google Play Store Available in the Apple App store
Mobile Device Settings in Microsoft Intune Category Win 8.1 PC & RT WP8.1 ios Android Password Encryption Malware System Settings Cloud Windows Server Work Folders Browser Applications & Gaming Device restrictions Store access Roaming * Subset of settings Note: Table applicable to direct MDM and not EAS
Mobile Device Settings in Microsoft Intune * Subset of settings Note: Table applicable to direct MDM and not EAS
Mobile device wipe and retire Category Windows 8.1 (x86/rt OMA-DM managed) Windows 8 RT Windows Phone 8.1 ios Android (EAS) Full Wipe Email (Email through EAS) (Email through EAS) Retire (Selective wipe) Company apps and associated data installed by Microsoft Intune. Apps originally installed through the company portal are uninstalled and sideloading keys are removed. Apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible. Sideloading keys are removed but apps remain installed. Apps originally installed through the company portal are uninstalled. Company app data is removed. Apps are uninstalled. Company app data is removed. Apps and data remain installed. Settings Requirements removed Requirements removed Requirements removed Requirements removed Requirements removed Management Client Not applicable. Management agent is built-in Not applicable. Management agent is built-in Not applicable. Management agent is built-in Management profile is removed Device Administrator privilege is revoked.
Selective Wipe
Enterprise Mobility Suite Microsoft Azure Active Directory Premium Group management, security reports, and audit reports Self-service password reset and multi-factor authentication Connection between Active Directory and Azure Active Directory Mobile device settings management Microsoft Intune Mobile application management Selective wipe Microsoft Azure Rights Management service Information protection Connection to onpremises assets Bring your own key
What is Azure Rights Management? Data Loss Prevention through the use of a cloud based encryption/decryption solution Allows you to secure data regardless of location, enabling you to share data securely internally and externally Secures content on Windows Server File Shares Access Secure content on mobile devices
What problems does Azure RMS solve? Protect All File Types Protect Files Anywhere Share Files Securely by Email Auditing and Monitoring Support for all commonly used devices, not just windows computers Support for business to business collaboration 37
Protect data with rights management Take advantage of hybrid options across Windows Server and Azure Rights Management service Integrate Microsoft SharePoint and Microsoft Exchange Server Automatically identify and classify data based on content with automatic encryption More securely share documents with colleagues and business partners Improve ease of use through integration with Office 2010/13, Windows Shell extensions, and crossplatform clients
Protecting Files Locally 39
Sharing Protected Files 40
RMS Integration with SharePoint Online 41
Simplified procurement Other options in the market Cloud and hybrid identity management Mobile device management Information protection Okta Salesforce Identity Ping Identity Google AirWatch Symantec MobileIron Kaseya Adobe LiveCycle Seclore Fasoo Amazon Web Services Good Centrify Why Microsoft? EMS: One Vendor, One Contract, One SKU Azure Active Directory Premium Microsoft Intune Azure Rights Management service
Microsoft solution value People-centric IT with one license suite and one vendor 60-percent discount and introductory promotion Enterprise Mobility Suite add-on promotion 4 *60-percent discount over list pricing with limited time promotion if purchased before 12/31/2014 Add-on SKU requires Core CAL, ECAL, or Bridge CAL $4.50 1. Seclore assumes blended cost across 500 authors ($7 per user), 1000 consumers (no cost). 2. AirWatch per device per month Cloud Hosted MDM Suite List pricing. Management of multiple devices per user requires additional licensing. 3. Salesforce Identity per user per month list pricing, included for existing Salesforce customers.. Okta list price $10 per user per month. 4. Per user per month Open NL price $4.5/u/m. EA pricing starts at $4/u/m. Promo requires 250 minimum purchase and qualifying CAL Suite license.
Questions? Microsoft Confidential 46
Appendix
Support options http://www.windowsazure.com /en-us/support/plans/ https://support.microsoftonlin e.com/default.aspx?productke y=intunesupp&scrx=1 http://office.microsoft.com/en -us/support/contact-us- FX103894077.aspx