Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Similar documents
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

VMware AirWatch and Office 365 Application Data Loss Prevention Policies

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

Securing Office 365 with MobileIron

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Välkommen. VMware S4C VMware Workspace ONE ger full mobilitet för alla andvändare. Föreläsare: Christian Nilsson, VMware

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

VMware AirWatch Workspace ONE Send Admin Guide Configuring and deploying Workspace ONE Send

Hybrid Identity de paraplu in de cloud

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Use EMS to protect your mobile data and mobile app

AirWatch Container. VMware Workspace ONE UEM

Augmenting security and management of. Office 365 with Citrix XenMobile

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

CONDITIONAL ACCESS FROM A TO Z

Go mobile. Stay in control.

Authlogics for Azure and Office 365

Single Sign-On Showdown

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

ShareFile Technical Presentation

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Service Description VMware Workspace ONE

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

VMware Browser Admin Guide Configuring and deploying the VMware Browser

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Workspace ONE Chrome OS Platform Guide. VMware Workspace ONE UEM 1811

Azure Multi-Factor Authentication: Who do you think you are?

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

ForeScout Extended Module for VMware AirWatch MDM

Citrix ShareFile Share, store, sync, and secure data on any device, anywhere

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

VMware Workspace One Web. VMware Workspace ONE UEM

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

VMware Identity Manager Integration with Office 365

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Cloud Mobility: Meraki Wireless & EMM

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Administering Jive Mobile Apps for ios and Android

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Kaspersky Endpoint Security. AppConfig Technical Capabilities

VMware Identity Manager vidm 2.7

Access Management Handbook

Cirius Secure Messaging Single Sign-On

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

VMware Browser Admin Guide Configuring and deploying the VMware Browser

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

ArcGIS Server and Portal for ArcGIS An Introduction to Security

VMware Identity Manager Administration

Redefine Windows 10 Management. Embrace True Business Mobility

VMware Identity Manager Integration with Office 365

Deploy and Enjoy: Tableau Mobile at Enterprise Scale

Welcome! Securely Sync, Store & Share with Citrix ShareFile

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Single Sign-On. Introduction

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

VMWARE BOXER TECHNICAL WHITE PAPER JUNE 2017

Cloud Secure Integration with ADFS. Deployment Guide

How to Access Protected Health Information from Anywhere and Stay Compliant

Six steps to control the uncontrollable

Deploying Tableau at Enterprise Scale in the Cloud

Integrating AirWatch and VMware Identity Manager

Expertise that goes beyond experience.

Windows 10 Azure AD / EMS

Google Sync Integration Guide. VMware Workspace ONE UEM 1902

Willis Mobile Device Access Security Policy. Date: July-2014 Version: 2.0 FINAL

PLANNING YOUR WINDOWS 10 DEPLOYMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Single Sign-On. Introduction. Feature Sheet

MD-101: Modern Desktop Administrator Part 2

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Salesforce1 Mobile Security White Paper. Revised: April 2014

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Unified Endpoint Management: Security and productivity for the digital workspace

Google Identity Services for work

ProteggereiDatiAziendalion-premises e nel cloud

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

SAP Security in a Hybrid World. Kiran Kola

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Transcription:

SAAM2291BE Securing Access and Protecting Information in Office 365 with Workspace ONE Camilo Lotero Senior Technical Marketing Manager Adarsh Kesari Senior Systems Engineer #VMworld #SAAM2291BE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. #SAAM2291BU CONFIDENTIAL 2

Securing Access and Protecting Information in Office 365 with Workspace ONE 1 Data Loss Prevention 2 Simplified Authentication 3 Conditional Access 4 Securing Productivity Apps #SAAM2291BU CONFIDENTIAL 3

340M Downloads of Office Mobile Applications (Source: Microsoft, 2016)

Four Pillars of Office 365 Security At rest In use In transit Data Loss Prevention On any device Simplified Authentication No passwords (SSO) Control Modern and Legacy Auth Consumer-simple MFA Workspace ONE + Office 365 Conditional Access Block Unapproved Access Email compliance Securing Productivity Apps Email Content Browsing #SAAM2291BU CONFIDENTIAL 5

Data Loss Prevention

A New Level of Data Security At Rest In Use Passcode protection Device encryption In Transit Containerization SSL encryption DLP policies App-level VPN Enterprise wipe MAM co-existence #SAAM2291BU CONFIDENTIAL 7

Prevent Data Loss Using Native Platform Controls Managed App container Open-in controls Device passcode and Touch ID VMworld 2017 Content: Not for publication Android for Work container Copy/Paste controls Device passcode Windows Information Protection Passport for Work and Windows Hello #SAAM2291BU CONFIDENTIAL 8

Available Data Loss Prevention Policies Prevent Backup Allow Apps to Transfer Data to Other Apps Allow Apps to Receive Data from Other Apps Prevent Save As Restrict Cut Copy Paste with Other Apps Restrict Web Content to Display in Managed Browser Encrypt App Data Disable Contacts Sync Disable Printing Allow Specific Data Storage Locations One Drive for Business, SharePoint, Box, Dropbox, Google Drive, Local Storage Require PIN for Access Number of Attempts before PIN Reset Allow Simple PIN PIN Length Allowed Pin Characters Allow Fingerprint Instead of PIN Require Corporate Credentials For Access Block Managed Apps from Running on Jailbroken or Rooted Devices Recheck The Access Requirements after Timeout Offline Grace Period Offline Interval before App Data is Wiped Block Android Screen Capture and Android Assistant #SAAM2291BU CONFIDENTIAL 9

Current Integration Office 365 & Azure Cloud Microsoft cloud services enforce policies on all Office apps managed or unmanaged AirWatch calls Graph API to configure and assign DLP for native Office apps Device enrolls to manage apps and wipe corporate data #SAAM2291BU CONFIDENTIAL 10

Integration Office 365 Azure APIs Azure Active Directory Graph API Layer 1. Add Azure admin into AW & save 2. Search Azure groups by name 3. Return matching Azure groups 4. Select Azure groups to add in AW 5. Configure DLP rules in AW & save Permission scope of token AW Azure Admin user permissions AW Azure app permissions Graph API request or response AW 6. Create ios & Android DLP policy AW 7. Set specific DLP rules for policies #SAAM2291BU CONFIDENTIAL 11

#SAAM2291BU 12

#SAAM2291BU CONFIDENTIAL 13

#SAAM2291BU CONFIDENTIAL 14

#SAAM2291BU CONFIDENTIAL 15

#SAAM2291BU CONFIDENTIAL 16

Demo Office 365 Integration

Simplified Authentication

Office 365 is Complex: Many Clients (Modern, Legacy, & 3 rd Party) Can Access Data and Emails. IT Must Close All the Holes Outlook Android Native ios Native Thunder -bird Boxer Legacy Outlook Excel OneNote SharePoint App OneDrive Word Power Point #SAAM2291BU CONFIDENTIAL 20

Office 365 is Complex: Some Clients Use Modern Auth, and Some Use Legacy. IT Must Protect Both Outlook OneDrive Android Native Word Users can get to Office 365 using legacy or modern auth. Workspace ONE protects both Modern auth Workspace ONE ios Native Legacy Outlook Legacy auth #SAAM2291BU CONFIDENTIAL 21

Office 365 Requires Protection For Two Kinds of Authentication: Modern Auth and Legacy Auth What is Modern Auth? MSFT s official definition: authentication that uses the Active Directory Authentication Library (ADAL) and OAuth 2.0 ADAL and OAuth work together to provide users/apps access to protected resources through security tokens 1. User authenticates to the IDP to get a token VMworld 2017 IDP Content: Not for publication 2. App uses the token from step 1 to get the protected resource User/app Resource #SAAM2291BU CONFIDENTIAL 22

O365 Modern Authentication Flow Passive Federation (WS-Fed Passive Profiles) SAML 2 3 4 1 5 1. Client connects to O365 2. Client is redirect to IdP for Authentication 3. SAML Assertion is sent via redirect to O365 4. Access and Refresh OAuth2 Tokens are generated and passed to client 5. Access Token is now used for accessing O365 OAuth2 OAuth2 OAuth2 Access Token Refresh Token Access Token Access Token TTL = 1h Refresh Token TTL = 15-90 days #SAAM2291BU CONFIDENTIAL 23

What is Modern Auth: Simple Definition Modern Auth is when the user authenticates to an IDP in a browser, rather than putting credentials into the app itself VMworld 2017 This is Modern Auth The app redirects the user to an IDP in a browser The user sees an IDP screen and authenticates (configurable at the IDP) Content: Not for publication The IDP sends the user back to the app with an auth token #SAAM2291BU CONFIDENTIAL 24

What is Not Modern Auth: Simple Definition If the user has to enter credentials directly into the app, it s not Modern Auth This is not Modern Auth The user enters credentials into app UI The app sends credentials to IDP #SAAM2291BU CONFIDENTIAL 25

Bottom line: O365 Solutions Must Protect a Complex, Powerful Suite of Apps Used Across Your Organization Your solution must Handle all ways to authenticate into Office 365 Protect all the clients that users use to access Office 365 email and data Ensure corporate data doesn t leak from user s devices #SAAM2291BU CONFIDENTIAL 26

Federate Existing AD Credentials with Identity Manager VMware Identity Manager Existing Identity Solution(s) Active Directory #SAAM2291BU CONFIDENTIAL 27

Federate Existing AD Credentials with Identity Manager VMware Identity Manager Existing Identity Solution(s) Active Directory Federates identity for single version of truth Works across Office 365 and all other app investments Integrates with existing identity solutions Automatic SSO based on native OS APIs SSO based on certificates and Kerberos authentication #SAAM2291BU CONFIDENTIAL 28

Conditional Access

Restrict Office 365 Access to Managed and Compliant Devices No Management Management Profile Installed ACCESS DENIED or ACCESS GRANTED distribution User identity validated VMware Identity Manager #SAAM2291BU CONFIDENTIAL 30

Compliance Policies for Comprehensive Access Control Not Managed Managed by VMware AirWatch ACCESS DENIED ACCESS GRANTED User identity validated VMware Identity Manager Integrate with on-premises AD Validate user identity, groups, MFA policies Allow access to specific users, devices, OS versions Check device compromised status Ensure device is managed by EMM App-agnostic identity framework across all apps (non-microsoft apps) #SAAM2291BU CONFIDENTIAL 31

Conditional Access Model for Office 365 USER & GROUP User Management Status DEVICE Policy Framework USER APP Compliance DEVICE LOCATION Web Mobile APP Virtual In Network LOCATION Out Network Group Device Type Compromise Low Security High Security Corp Wifi 3G / 4G Risk Score Domain Joined Azure AD Joined External Internal Geo #SAAM2291BU CONFIDENTIAL 32

Leverage Your Existing Investments in the Conditional Access Workflow AirWatch Compliant? Passed an MFA check? Domain Joined? Azure AD Domain Joined? Has a valid certificate? #SAAM2291BU CONFIDENTIAL 33

Workspace ONE Integrates with Best of Breed MFA, CASB, UEBA and Security Providers Best of breed MFA Duo, RSA SecurID, and VMware Verify at no cost Best of breed CASB Netskope, SkyHigh Best of breed UEBA Gurucul Other security ecosystems Mobile Security Alliance (MSA) AppConfig #SAAM2291BU CONFIDENTIAL 34

Demo Adaptive Management, Mobile SSO and Conditional Access VMworld 2017 Content: Not for publication

Securing Productivity Apps

Office 365 Supports Many Legacy and 3 rd Party Clients Workspace ONE Keeps All Clients Secure Boxer (Extra security) Content Locker (Extra security) Outlook Android Native ios Native Thunder -bird Legacy Outlook OneNot e Sharep oint App OneDr ive Word Excel #SAAM2291BU CONFIDENTIAL 38

Accelerate your Knowledge of Workspace ONE Date Title Session # Speaker Tuesday, 11:00am Transformation of the Digital Workspace SAAM3157SU Tony Kueh Tuesday, 12:30pm Introduction to Access Management in Workspace ONE SAAM2288BU Josue Fontanez Prab Kalra Tuesday, 3:30pm Tuesday, 5:00pm Wednesday, 2:00pm Wednesday, 3:30pm Thursday, 10:30am Thursday, 1:30pm Enable Simple, Secure Access to your Horizon and Citrix Virtual Desktops and Apps with Workspace ONE Securing Access and Protecting Information in Office 365 with Workspace ONE Deployment Deep Dive: Best Practices and Troubleshooting of Workspace ONE Secure and Seamless Access to all of your Applications with Conditional Access and Mobile SSO in Workspace ONE VMware on VMware: Winning a Single Sign-On Solution with VMware Workspace ONE Simplify Management and Security of your Mobile Apps with Workspace ONE SAAM1150BU SAAM2291BU SAAM2197BU SAAM2204BU SAAM1321BU SAAM2294BU Greg Armanini Matt Coppinger Camilo Lotero Adarsh Kesari Kevin Sheehan Adarsh Kesari Vikas Jain Prab Kalra Robert Coggins Josue Fontanez Vikas Jain Vinay Jain Also join us for Quick Talks, Expert Discussions, and Hands-on-Labs!!!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback