Six steps to control the uncontrollable

Similar documents
Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

MD-101: Modern Desktop Administrator Part 2

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Office 365: Modern Workplace

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

At Course Completion After completing this course, students will be able to:

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

33% 18% 66% President Convergent Computing

Mobility Windows 10 Bootcamp

Use EMS to protect your mobile data and mobile app

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Go mobile. Stay in control.

Microsoft. MS-101 EXAM Microsoft 365 Mobility and Security. m/ Product: Demo File

Managing Devices and Corporate Data on ios

Maximize your move to Microsoft in the cloud

Enterprise Mobile Management (EMM) Policies

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

TIS/App Delivery Mobility Job Aid: Install and Configure Microsoft Outlook on Your Android Phone. Overview. Job Aid: Outlook for Mobile - Android

Apple Device Management

Hybrid Identity de paraplu in de cloud

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012

Windows 10 Azure AD / EMS

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Mobile Security using IBM Endpoint Manager Mobile Device Management

AirWatch for Android Devices for AirWatch InBox

Mobile Device Management: A Real Need for the Mobile World

Phil Schwan Technical

Securing Office 365 with MobileIron

Administering System Center Configuration Manager and Intune

White Paper Securing and protecting enterprise data on mobile devices

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Your Guide to EMS. Applied Tech: Your Guide to EMS. Contents

Securing Today s Mobile Workforce

Augmenting security and management of. Office 365 with Citrix XenMobile

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

The security challenge in a mobile world

: 20696C: Administering System Center Configuration Manager and Intune

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Apple OS Deployment Guide for the Enterprise

Duo Travel Guide. duo.com

NE Administering System Center Configuration Manager and Intune

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Crash course in Azure Active Directory

Skype for Business. Improve your team s productivity

Windows 10. Tech Note. Open the Window to Endless Possibilities. Windows for the Enterprise. Universal App Experience

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

TIS/App Delivery Mobility Job Aid: Install and Configure Microsoft Outlook on Your iphone. Overview. Job Aid: Outlook for Mobile - iphone

PCI DSS Compliance. White Paper Parallels Remote Application Server

Managing Windows 8.1 Devices with XenMobile

Apple ios Enterprise Mobility Management (cloud based)

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Six Ways to Protect your Business in a Mobile World

SECURE, CENTRALIZED, SIMPLE

Streamline IT with Secure Remote Connection and Password Management

VIRTUSA BYOD PROGRAM

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

Administering System Center Configuration Manager and Intune

About us. How we help?

Configuring Windows 10 Devices (697)

Hosted Exchange. Presented by Joseph Lee

Google Identity Services for work

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

COURSE OUTLINE: B Deploying and Managing Windows 10 Using Enterprise Services. Course Name. Course Duration Course Structure Course Overview

The Future of Mobile Device Management

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

AirWatch for ios Devices

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

PLATFORM CONVERGENCE JOURNEY

Administering System Center Configuration Manager and Intune

The office for the anywhere worker!!! Your LCB SOFTPHONE: A powerful new take on the all-in-one for a more immersive experience.

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Why is Office 365 the right choice?

Deploying and Managing Windows 10 Using Enterprise Services

AirWatch Container. VMware Workspace ONE UEM

Set up Your Corporate or Personal (BYOD) iphone for Office 365 (Cloud)

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

Windows 10 for enterprise. Pramiti Bhatnagar

Microsoft 365. A complete, intelligent, secure solution to empower employees. Integrated for simplicity. Built for teamwork. Unlocks creativity

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Centrify for Dropbox Deployment Guide

XenApp, XenDesktop and XenMobile Integration

Integrated Access Management Solutions. Access Televentures

Android Enterprise Device Management with ZENworks 2017 Update 2

The SAP Concur mobile app (Android / iphone / ipad)

Exam /Course C or B Configuring Windows Devices

Azure Active Directory and Microsoft Intune Setup for In- House ios version of Lookout for Work

President Interlink Cloud Advisors. Mike Wilson Vice President Interlink Cloud Advisors. Kirk Terrell Consultant Interlink Cloud Advisors

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

BYOD: BRING YOUR OWN DEVICE.

Go Ahead Bring Your Own Device to Work... 1 Requirements... 1

Microsoft 365 Business FAQs

COURSE B: DEPLOYING AND MANAGING WINDOWS 10 USING ENTERPRISE SERVICES

Transcription:

Six steps to control the uncontrollable Learn how to use Microsoft Enterprise Mobility Suite to protect cloud apps, manage devices, and guard against advanced threats today

Introduction Employees today are on the move. Whether they re in a conference room, in line for a latte, or using Wi-Fi on a plane at 30,000 feet, workers expect to be able to access apps and data to make them productive. In this challenging new environment, existing technology is no longer enough to protect sensitive corporate information. It just doesn t work. Microsoft Enterprise Mobility Suite (EMS) was created to address this transformation and develop effective, coordinated identity, management and security services across platforms, networks, and locations. Its core components Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management were built from the start as cloud services and created to work together as an integrated technology family. Using EMS, you can empower your people to be productive on the devices and apps they love while protecting your company s data. Here are 6 key elements of controlling the uncontrollable. 02 Introduction

Table of Contents Page 04 Step One: Application policy Page 08 Step Two: Application deployment Page 11 Step Three: Device configuration policies Page 15 Step Four: Authentication Page 18 Step Five: Conditional access Page 21 Step Six: Enrollment Page 24 Conclusion 03 Table of Contents

Step One: Application policy (and how it relates to providing secure email)

Step One: Application policy If you re running an enterprise IT environment today, email is likely one of the busiest workloads in your organization, and there s a good chance you re using Outlook to manage it. There s also a good chance that Outlook plays a major role in your mobility strategy. Most mobile devices have access to the Outlook app, and it s currently the No. 1 email app for both Android and ios. But no matter what email platform you re using, your users will need to view and edit documents outside of that application, most likely in the Microsoft Office apps. This means that to protect sensitive information as employees access it in the field, you have to not only manage the devices, but any applications that touch corporate assets. If you want your organization to be secure, you must have a solution that takes all of this into account. That s where Microsoft Enterprise Mobility Suite comes in. At a high level, here s how application policy works in Microsoft EMS: Microsoft Intune offers management of apps on both enrolled and un-enrolled devices. Mobile Application Management (MAM) policy encrypts the data that is stored within a managed app on the device. Access to corporate-managed apps can require a PIN. Personal data in the managed apps is kept separate from corporate. Upon selective wipe of a device (or wipe of the apps), the corporate data is removed and the personal user data is left intact along with the app to access it. Policy also gives IT the ability to prevent relocation of the data through cut-copy-paste, save-as dialogues or cloud-based backups. For managed devices, it also allows control over which apps can be used to open files. (For example, any links in managed Microsoft Word must be opened in the managed browser, or any Word documents attached to a corporate email in managed Outlook will open in managed Wordook will open in managed Word.). 05 Application policy

What makes application policy so important are the scenarios it enables for secure email on ios and Android. With the MAM policy features, there are two significant scenarios immediately available: With Intune, you can create a MAM policy that applies to specific users that prevents cut-copy-paste, enables encryption, and defines the apps that can be opened by any given corporate identity. This ensures that only authenticated users and man can access company information. In the past, a user may have lost all personal data on his phone when IT remote-wiped the device. The only obvious way to avoid it was to have two separate phones, which feels really Y2K. Now, with Intune, IT can selectively manage corporate data without deleting the user s personal photos. 06 Application policy

Get started: Watch this short demo to see how easy it is to define MAM policies using Intune. Video: 10 ways to secure Identity with Azure AD If you re new to Azure Active Directory, get acquainted with its capabilities in this video primer. Microsoft Virtual Academy: Intune and System Center Configuration Manager Core Skills In this 30-minute course, Microsoft experts teach you how to enable BYOD in your organization by deploying a mobile device management solution that is effective across all the major platforms, affecting only the information you care about. 07 Application policy

Step Two: Application deployment

Step Two: Application deployment While the app deployment life cycle on mobile devices is much the same as PCs, there are several modern user interactions that must be addressed. Since most people use their devices for both their personal lives and work, policies must be able to consider which apps and data are corporate, and which are personal. With Intune, you have the ability to deploy apps to Windows, ios, and Android and manage those apps with policies that control how they operate, and how they use or distribute corporate data. Remember that Outlook, Office 365, and the Enterprise Mobility Suite are designed to be used together to maximize user empowerment while protecting company assets. Intune is especially valuable for this, because it is directly integrated with Office 365 via Azure Active Directory. Understanding that any device will be used for both work and personal purposes, IT can initiate a selective wipe or, in the case of MAM without device enrollment (discussed later), wipe just the corporate app. In the event that a company-owned device is lost or stolen, a full wipe is always an option. The actual process of app deployment is fairly straightforward. Just like you d expect, Intune app deployment installs the app to the device from the respective app store. If you have your own line-of-business app, you can upload that to Intune for deployment as well. It s also important to consider the apps that workers will use to open files. This is another scenario where app deployment is important. You might want to deploy the Managed Browser on ios, or a PDF viewer on Android. Planning for these types of apps will ensure that you can trust and set policy for business-critical apps. 09 Application deployment

Get started: Watch this short demo to see how easy it is to use Intune configuration policies to help secure a mobile device. Go deeper: This TechNet article provides an overview and links to several resources that can help you deploy and configure apps with Intune. For ios and Android: Most enterprises today need to manage apps for these popular platforms. Learn how in this in-depth discussion from Simon May. 10 Application deployment

Step Three: Device configuration policies

Step Three: Device configuration policies The concept of applying policy to devices is not new, but it s important to apply the type of control you re accustomed to in the PC realm to all major mobile platforms if you expect to adequately protect the email on your work force s devices. This means policies must be applied to both corporate-owned and personally owned devices. For personally owned devices, there is another sensitive element here because the owners of those devices will need to approve the settings your policy dictates. For each of these challenges, Microsoft Intune has an enterprise-grade solution. Intune provides access to policy settings that can execute across a broad range of important functions, like configuring device settings, configuring certificate enrollment, and providing access to company resources such as VPNs. 12 Device configuration policies

Intune s general device policy configuration includes the ability to set the following. (This list is not exhaustive, and it does vary a bit based on platform): Device-level encryption Password characteristics such as complexity, reuse, length, and fingerprint use (of note is that we recently introduced the ability to allow Smart Lock on Android) Screen captures and logging Cloud backups For web browsers, whether pop-up blockers are allowed Whether or not app stores are allowed and, if so, if a password is required to access them Whether or not games or entertainment apps are allowed on the device Permissions for specific hardware features like Wi-Fi, Bluetooth, and Wi-Fi tethering If cellular functions like roaming of data and voice are allowed If specified apps are allowed Device-specific settings, like specifying an app to run on a device in kiosk mode 13 Device configuration policies

Get started: Watch this short demo to see how to use Intune to set mobile device security policy. Go deeper: For broader overview of EMS capabilities and a roadmap on getting there, check out this 30-minute discussion with Corporate Vice President Brad Anderson. 14 Device configuration policies

Step Four: Authentication

Step Four: Authentication At Microsoft we have a saying that identity is the control plane for your enterprise, and it s very much true. One of the key requirements for effective IT in any organization today is safely enabling access to resources, such as email. Your ability to control the uncontrolled is rooted in the ability to authenticate and authorize that access so only the right people can get to those resources. Azure AD Premium provides you with access to a number of controls that enable this, but the real power of Azure AD comes from its global, hyper-scale presence. Every time anyone authenticates successfully or unsuccessfully, that action is identified along with details about where and what was attempting access. Azure AD Identity Protection goes even further, providing real-time reporting on the behavior of users (or purported users). It ll tell you if something out of the ordinary happens, like if someone travels between two locations too quickly. Azure AD applies machine learning to actually understand behavior and tell you if something is out of pattern. Another amazing feature of Azure AD is that we can identify through our massive anti-cyber-crime investment if your users have been found on leaked credential lists and, therefore, if your company is at risk. The real beauty of Azure AD is that you can take advantage of features like Azure AD Multi-Factor Authentication (MFA) and Identity Protection as soon as you start to synchronize, if you have EMS. It s just one of the reasons EMS is so effective in conjunction with Office 365. 16 Authentication

Microsoft Virtual Academy: Azure Active Directory Core Skills Get what you need to master identity management: Watch this workshop to learn how to configure single sign-on, provide user self-service management, set up multi-factor authentication, and more. 17 Authentication

Step Five: Conditional Access

Step Five: Conditional access Most organizations today have some form of BYOD strategy, which makes protecting data on mobile devices a paramount concern. Email is especially important here, because it is the most common form of organizational data that is accessed on mobile devices, and one of the most important resources that employees need. Organizations need to keep corporate information secure by restricting access on devices that are not enrolled or are not compliant with corporate policies. For this reason, we created the Conditional Access feature of Intune. Conditional Access enables Intune to restrict access to those users who have enrolled their devices for management. By requiring that only managed and compliant devices be allowed to synchronize email, organizations can provide an extra layer of data protection. Recently, Intune was also updated to support mobile application management for devices that are not enrolled for device management. This functionality protects company data in mobile apps without requiring IT to enroll and deeply manage that end user s entire device. End users retain complete control over their personal apps, data, and settings while the IT department controls the protection of corporate IP. 19 Conditional access

How it works: For an overview of Conditional Access and endpoint controls, check out this video. Get started: In this IT Pro seminar, learn how to secure BYOD scenarios with conditional access. 20 Conditional access

Step Six: Enrollment

Step Six: Enrollment If you re struggling to implement or work within an enterprise BYOD policy, you ve probably wondered how to make it easier for you and your team. The volume and diversity of devices that need access to corporate assets grows by the day. Enabling these devices can make your users more productive, but you need to ensure that the corporate assets being accessed and the data being stored are secure. With Intune, you can enable BYOD enrollment for ios and Mac OSX devices to give access to company email and apps for iphone, ipad, and Mac users. Once users install the Intune company portal app, their devices can be targeted with policy using the Intune administration console. Before you can manage ios and Mac devices, you must import an Apple Push Notification service (APNs) certificate from Apple. This certificate allows Intune to manage ios and Mac devices, and establishes an accredited and encrypted IP connection with the mobile device management authority services. 22 Enrollment

As an alternative to enrollment with the Company Portal app, you can also enroll corporate-owned ios devices. Get started: Watch this video to learn how to register personal devices with Active Directory using Workplace Join. Microsoft Virtual Academy: Taming Android and ios with Enterprise Mobility Suite Enabling these devices can make your users more productive, but you need to ensure that corporate assets and information being accessed is secure. This informative and demo-focused session looks at new enterprise mobility capabilities that make recovery, security and identity management easier and more flexible. 23 Enrollment

Conclusion Microsoft Enterprise Mobility Suite empowers users in your organization to be productive on the devices they love while protecting your company s assets. By moving what were on-premises services to the cloud, EMS helps keep your organization secure in today s mobile- first, cloud-first world, giving employees access to the tools they need to be effective wherever they are. For more information on Microsoft EMS, including demos, case studies and other resources, visit the Microsoft Enterprise Mobility page. 24 Conclusion

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback