Windows 10 Azure AD / EMS

Similar documents
Phil Schwan Technical

Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

Office 365: Modern Workplace

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Use EMS to protect your mobile data and mobile app

At Course Completion After completing this course, students will be able to:

Windows 10. Tech Note. Open the Window to Endless Possibilities. Windows for the Enterprise. Universal App Experience

CONDITIONAL ACCESS FROM A TO Z

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

PLATFORM CONVERGENCE JOURNEY

Six steps to control the uncontrollable

C: Deploying and Managing Windows 10 Using Enterprise Services. Duration: 5 days; Instructor-led

Deploying and Managing Windows 10 Using Enterprise Services

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

Exam /Course C or B Configuring Windows Devices

Hybrid Identity de paraplu in de cloud

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

COURSE OUTLINE: B Deploying and Managing Windows 10 Using Enterprise Services. Course Name. Course Duration Course Structure Course Overview

MD-101: Modern Desktop Administrator Part 2

Deployment Genval November 2018

Windows Phone 8 Security

Mobility Windows 10 Bootcamp

Go Ahead Bring Your Own Device to Work... 1 Requirements... 1

Identity as the core of enterprise mobility

Quo vadis? System Center Configuration Manager Full managed desktop. Mobile device management Light managed device policies, inventory,

Single Sign-On Showdown

Microsoft Deploying and Managing Windows 10 Using Enterprise Services

Course Outline. Deploying and Managing Windows 10 Using Enterprise Services Course B: 5 days Instructor Led

AirWatch for Android Devices for Skype for Business

Configuring Windows 10 Devices (697)

COURSE B: DEPLOYING AND MANAGING WINDOWS 10 USING ENTERPRISE SERVICES

[ Sean TrimarcSecurity.com ]

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

ShareFile Technical Presentation

33% 18% 66% President Convergent Computing

News and Updates June 1, 2017

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Deploying and Managing Windows 10 Using Enterprise Services

"Charting the Course... MOC C: Deploying and Managing Windows 10 Using Enterprise Services. Course Summary

Modern Management of Windows - Intune & Autopilot

Identity & Access Management

HOW TO UNLOCK EMS. 3 Things You Need to Know to Capitalize on Enterprise Mobility Suite

SAS STUDIO. JUNE 2014 PRESENTER: MARY HARDING Education SAS Canada. Copyr i g ht 2014, SAS Ins titut e Inc. All rights res er ve d.

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

TIS/App Delivery Mobility Job Aid: Install and Configure Microsoft Outlook on Your Android Phone. Overview. Job Aid: Outlook for Mobile - Android

: A: Deploying and Managing Windows 10 Using Enterprise Services

Deploying and Managing Windows 10 Using Enterprise Services

Installing and Configuring Windows 10 (698)

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

CAN MICROSOFT HELP MEET THE GDPR

Microsoft. MS-101 EXAM Microsoft 365 Mobility and Security. m/ Product: Demo File

Deploying and Managing Windows 10 Using Enterprise Services ( )

ForeScout Extended Module for VMware AirWatch MDM

Windows 8/RT Features Matrix

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Vodafone Secure Device Manager Administration User Guide

Keeping Current with Windows 10. Jon Anderson Senior Systems Consultant, Now Micro December 5 th, 2018

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation

Armoring your mobile workforce warriors for the 21st century

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

BlackBerry UEM Configuration Guide

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Configuration Guide. BlackBerry UEM. Version 12.9

device management The following policies can be applied to Knox container of Samsung devices. [Android OS, Samsung Only(Knox2+)]

Managing Devices and Corporate Data on ios

AirWatch for Android Devices for AirWatch InBox

ncrypted Cloud works on desktops and laptop computers, mobile devices, and the web.

Leveraging Azure Services for a Scalable Windows Remote Desktop Deployment

PROTECTION SERVICE FOR BUSINESS. Datasheet

70-697: Configuring Windows Devices Course 7 Managing Apps

How Windows 10 marks the end of Roaming Profiles

Citrix SSO for Mac OS X. User Guide

Securing Enterprise or User Brought mobile devices

Windows 10 for enterprise. Pramiti Bhatnagar

Windows 10 listening tour. What is REALLY on the minds of our customers?

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Why Choose MS Azure?

MICROSOFT ONLINE (ONEDRIVE) VS G SUITE (GOOGLE DRIVE)

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

We need a browser that just works with modern web sites and services. I m worried about Internet security threats and the risk to my business

Verizon MDM UEM Unified Endpoint Management

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

Welcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...

Adnan Cloud Solutions Architect. SAFFA living in Netherlands, work globally. Microsoft Trainer +25y (xrl MSLearning)

iphone Backup 1 P a g e

Windows 10 Deployment and Security. Crissier Jean-Francois Ageneau

Transcription:

Windows 10 Azure AD / EMS Jörgen Nilsson @ccmexec Jorgen.nilsson@onevinn.se Blog: http://ccmexec.com #win10tour

The traditional IT environment is no more Our users have More than one device A large number of identities/accounts Apps and cloud services Onedrive, Dropbox, icloud Company information. Everywhere!

Enterprise Mobility Suite

EMS:Microsoft Intune Securing your device Mobile Device Management Mobile Application Management Securing the Device Policies Conditional Access Personal Corporate

EMS:Rights Management Protects your information Encrypts all file types The files can be saved everywhere Central control and logging Support for modern devices Determines user and permission Grant access to anyone

EMS:Azure AD Premium Securing Your Identity Authentication Identity management Application Portal Logging and Reporting Application Proxy Multi-Factor Authentication Azure AD Join Device Registration Self Service

EMS:Azure AD Premium: Security and reports

Windows 10 Identity Choices Computer joins AD to establish trust User signs on using AD account Group Policy + System Center Computer joins Azure AD to establish trust User signs on using Azure AD account Intune/MDM Settings roaming Single sign-on to enterprise + cloud-based services

Azure AD join Single sign on to apps protected by Azure AD (Office 365) Synced back on-prem for use in ADFS Conditional access for Office 365 Conditional access for On-premise (ADFS) OS State Roaming Enterprise-ready Windows store Automatic MDM enrollment Self-provisioning of corporate owned devices

Personal vs Corporate devices Personal Device (MDM) Intune enrollment forces a workplace join in Azure AD Enrolled device=personal Device Corporate Device(AzureAD+MDM) Azure AD join, optional Intune enrollement. Enrolled device = Corporate Device Global Administrators are made local administrators Add additional local administrators

Demo Azure AD Join

OTHER ATTEMPTS TO FILL THE GAP: PAIN POINTS

OUR VISION

Windows 10 Enterprise Data Protection Protects data at rest, and when roaming Platform integrated, no mode switching Corp data identifiable from personal Only IT-Allowed apps see business data IT controls keys, can remote wipe Common experience, x-plat support

Windows 10 Enterprise Data Protection Optional screen lock security policy System tosses decryption key on lock Blocks read when screen is locked Can encrypt new files and data Logon, unlock restores keys and access Helps mitigate system level attacks See session 639 Microsoft Passport and Windows Hello: Moving beyond passwords and credential theft

Business/Personal One experience Data is isolated Data is encrypted at rest Business Apps & Data (Managed) Lync email Facebook OneDrive for Business Contacts WhatsApp Personal Apps & Data (Unmanaged) Block/audit data exchange Organization holds keys PowerPoint Calendar OneDrive Office and OneDrive APIs for ISVs MDM managed PDF Reader Photos Weather Data exchange is blocked or audited

Windows 10 Management Group Policies will still work but. MDM policies will have near the same capabilities Features like Enterprise Data Protection, Conditional Access will require either: Configuration Manager vnext Intune 3rd Party MDM solution

Windows 10 MDM is the new black! Open Mobile Alliance Device Management (OMA DM) Open Mobile Alliance Uniform Resource Identifier (OMA URI) Windows 10 Mobile and Desktop Intune, Configuration Manager and 3rd Party MDM

Custom policy Policy/Config/AreaName Handles the policy configuration request from the server. Policy/Result/AreaName Provides a read-only path to policies enforced on the device. Example:./Vendor/MSFT/Policy/Config/Defender/AllowRealtimeMonitoring Integer: 0 Not allowed. 1 (default) Allowed. https://msdn.microsoft.com/enus/library/windows/hardware/dn904962%28v=vs.85%29.aspx

Demo Windows 10 Custom Policy

ConfigMgr vnext On-Premise MDM

Bulk enrollment Provisioning Package Root Certificate Automatic MDM Enrollment Wi-Fi Configuration

Demo Bulk enrollment

Microsoft Edge Modern Browser Modern Standards Always up to date Sandbox Universal app FAST!

Microsoft Edge Default.PDF reader Default Browser in Windows 10 (Not LTSB) Doesn t exist in LTSB No Plug-ins, like java, silverlight. Builtin Flash A plugin solution will be developed like Chrome and Firefox.

Favorites %Userprofile%\appdata\local\packages\Microsoft.MicrosoftEdge_8w ekyb3d8bbwe\ac\microsoftedge\user\default Registry key with favorites order HKEY_Classes_Root\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\ Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Fav Order

Edge

Compatibility Options: Sends all intranet traffic over to Internet Explorer Allows you to configure the Enterprise Site list Microsoft provides list

Group Policy Inställning Machine/User Allows you to run scripts like Javascript Allows you to let people use autofill on websites Machine/User Machine /User Allows you to let people send Do Not Track headers Machine/User Allows you to configure password manager Machine/User Allows you to run pop-ups Stops address bar from showing search suggestions Machine/User Machine/User Allows you to configure SmartScreen Configure how Microsoft Edge treats cookies Machine/User Machine/User Allows you to configure the Enterprise Site list Machine/User Sends all intranet traffic over to Internet Explorer Machine/User

Future!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback