SlideShare a Scribd company logo

Introduction to Microsoft EMS by Aidan Finn

Download as PPTX, PDF
J
John Moran

These are the accompanying slides to the Learn.MWH Webinar on Microsoft EMS from MicroWarehouse hosted by Aidan Finn 08/07/16. To watch a recording of the webinar, visit http://bit.ly/29DhVaB Imagine a world where you have sold Office 365 to most of your customers, completed the migrations, and now you wonder to yourself: what do I sell to those customers now? The profile of many of those customers has changed from server-centric to cloud-centric and mobile productivity, so traditional solutions are quickly becoming obsolete. Microsoft has developed a suite of tools which can be used one-at-a-time or together to help with: Taking control of “shadow IT” Reducing helpdesk tickets and improving responsiveness Securing business information Introducing self-service capabilities to users Integrating Microsoft cloud technologies with nearly 2,600 third-party cloud services

Internet
1 of 48
Enterprise Mobility + Security (EMS) Aidan Finn Technical Sales Lead MicroWarehouse Ltd
3
www.mwh.ie I About Aidan Finn • MVP, Cloud & Datacenter Management (Hyper-V) • Experienced with Windows Server/Desktop, System Center, virtualisation, and IT infrastructure • @joe_elway • http://www.aidanfinn.com • http://www.petri.com/author/aidan-finn Technical Sales Lead, MicroWarehouse
www.mwh.ie I About MicroWarehouse • Irish owned/located distributor • Park West, Dublin 12 • Distributors for: • Microsoft on-premises & cloud • DataOn Storage (across Europe) • Gridstore (across Europe) • SkyKick • And many more • Value added distribution: • Much more than selling licenses • Get your licensing right • Sales education • Technical training Value Added Distribution
www.mwh.ie I Entire Hyper-V cluster for a small-mid business in 2U  12 x clustered data drives (e.g. 4 x SSD + 8 x HDD)  1023W (1+1) redundant power  2 x clustered Hyper-V hosts, each with: o 2 x Intel® Xeon® E5-2600v3 (Haswell-EP) o DDR4 Reg. ECC memory up to 512GB o 2 x 1G SFP+ & IPMI management “KVM over IP” port o 2 x PCI-e 3.0 x8 expansion slots o 1 x 12Gb/s SAS x4 HD expansion port o 2 x 2.5” 6Gb/s SATA OS drive bays
www.mwh.ie I Hyper-Converged Infrastructure (HCI) for Hyper-V Enterprise Strategy Group: http://www.esg-global.com/lab-reports/gridstore-30/
www.mwh.ie I Office 365 Migration & Backup
9
Azure AD Connect Active Directory You’ve Actually Deployed Azure Ad Azure AD
11
65% of total email opens occurred on a mobile phone or tablet in Q4 2015** 61% of workers mix personal and work tasks in their devices*** 65% 61% * IDC: “Worldwide Mobile Worker Population 2011–2015 Forecast” ** Experian “Quarterly email benchmark report” (Q4 2015) *** Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 37% of the world’s workforce is mobile* 37%
of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently work away from their desks.*** of enterprise applications with be SaaS-based in 2018.** 66% 27.8% 33% *CEB The Future of Corporate ITL: 2013-2017. 2013. **IDC IDC’s Worldwide SaaS Enterprise Applications 2014–2018 Forecast and 2013 Vendor Shares ***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
Enterprise Mobility Management: customer concerns … … so many different devices in our company (domain joined, non-domain joined, Smartphones, …). Is there a holistic Management solution for all of them? What is the best way to deploy Line Of Business Apps to different types of devices and platforms? Increase of external Software as a Service („SaaS“) applications … is there a Single Sign On solution? Many different Credentials cause more forgotten passwords ( Admin work). We want to support BYOD („Bring your own device“) in our company? How can we enforce security policies and conditional access – even on private devices in order to stay compliant? We want to protect certain systems (SharePoint, Exchange, …) with a multi-level method. What is the best approach based on our Active Directory? We need a simple to use but powerful encryption solution which enables us to share documents in a secure way – even accross company borders.
Mobile Content (& Access) Management (MCM) Mobile Information Management (MIM) Mobile Application Management (MAM) Mobile Device Management (MDM) Microsoft Intune • Mobile device settings management • Mobile application management • Selective wipe • Connect with SCCM • Managed Mobile Apps (Intune is the only solution to securely manage MS Office on iPad and Android) • … Microsoft Azure Active Directory Premium • Single Sign-on for SaaS apps and onpremises web based Apps • Self-service password reset • Multi-factor authentication • Integration with on premises AD • … EnterpriseMobility+Security More information Microsoft Azure Rights Management* • Information protection • on-premises and cloud RMS • Bring your own key • Document Tracking & revoke access • … More information More information MoreinformationEnterprise Mobility Management - full scope Microsoft Advanced Threat Analytics Analyze User Behavior and identify illegal intruders (on premises solution) More information * Azure Information Protection H2 2016
Enterprise Mobility + Security 1st component: Microsoft Intune Device & App Management
PC management The logos above may be the property of their respective owners. How Device and App Management often works …
Unify your environment with Microsoft Intune
Consistent experience across: Discover and install corporate apps Manage devices and data Ability to contact IT Customizable terms and conditions + Deploy automatically without user intervention Simplify app delivery and deployment Company portal self-service experience
Personal apps Managed apps Maximize productivity while preventing leakage of company data by restricting actions such as copy, cut, paste, and save as between Intune-managed apps and unmanaged apps User
Personal apps Managed apps Perform selective wipe via self-service company portal or admin console Remove managed apps and data Keep personal apps and data intact Company Portal Are you sure you want to wipe corporate data and applications from User’s device? OK Cancel IT Managed apps
Enterprise Mobility + Security 2nd component: Microsoft Azure AD Premium Hybrid Identity & Access Management
The current reality around identities …
Idea: centralized Identity directory as the control point Active Directory
Single Sign On – Admin experience Configure Single Sign On for your employees for currently <00 preintegrated popular SaaS apps. With a few mouseclicks you can add Apps for usage in your organization and assign users or groups to these Apps. Azure AD Application Proxy Even publish access to local RDS
Company branded, personalized application Access Panel : e.g. http://myapps.microsoft.com User has to login with his AD- Credentials only here. Then he gets access to all SAAS Apps the admin has provided to him. Single Sign On – User experience
Single Sign-On for > 2,600 Pre-Integrated SaaS Apps: http://www.windowsazure.com/en-us/gallery/active-directory
AD Agent Logs Active Directory Cloud App Discovery https://appdiscovery.azure.com/
Phone callMobile app Single-use codes •••••••• SMS “ ” cloudOn-premises
Self-Service password reset (with write-back) Self-Service group management Application proxy Conditional-based access control Connect health Conditional-based device access (requires Intune) Other Features of Azure AD Premium Company portal self-service experience
Enterprise Mobility + Security 3rd component: Microsoft Azure Rights Management Azure Information Protection (Q4 2016)
Simplified data protection solution. No on-premises infrastructure required. • Control security at the document/email level • Manage who can open/read/print/forward • Maintain security even when you lose control of the document/email • Template-based • Share documents externally Microsoft Azure Rights Management Service (“Azure RMS”)
Share protected content – even outside company borders
Microsoft Azure RMS – consume protected content https://portal.aadrm.com/home/download
Enterprise Mobility + Security 4th component: Microsoft Advanced Threat Analytics Defend against identity misuse
£75K The average cost of a data breach to an SME was between £75K and £311K 33% Of attacks take more than 1 week to detect 57%+ Of SMEs were attacked by misuse of identity 67% Of large enterprises say management don’t place enough emphasis on IT security HM Government 2015 Information Security Breaches Survey
An on-premises solution to identify advanced security attacks before they cause damage  Credit card companies monitor cardholders’ behavior.  If there is any abnormal activity, they will notify the cardholder to verify charge. Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Comparison:
Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.
 Witnesses all authentication and authorization to the organizational resources within the corporate perimeter or on mobile devices Mobility support Integration to SIEM** Seamless deployment  Analyzes events from SIEM to enrich the attack timeline  Works seamlessly with SIEM  Provides options to forward security alerts to your SIEM or to send emails to specific people  Software offering that runs on hardware or virtual  Utilizes port mirroring to allow seamless deployment alongside AD  Non-intrusive, does not affect existing network topology Key features
Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement
41
Online Direct MOSP Includes: Intune Service * SC ConfigMgr & Endpoint Protection Microsoft Intune If customer owns ConfigMgr and SCEP Main EMS related SKUs CSPOpen: OL / OV / OVS Microsoft Intune Add-On for ConfigMgr & SC Endpoint Protection (must license ConfigMgr separately) Includes: MFA (Multi Factor Authentication) Azure Active Directory Premium Microsoft Rights Management Previously Azure Rights Management Service $9/y Intune Service only (no SCCM & SCEP)If customer does not need SCCM & SCEP EMS Licensing AE only Includes: Microsoft Intune * Azure AD Premium * Azure RMS Enterprise Mobility Suite USL Prices are estimated retail prices. License is per user per month. 1 user can have up to 5 managed devices.
43
 Enterprise Mobility Suite is renamed to Enterprise Mobility + Security  Azure RMS is renamed to Azure Information Protection  Existing EMS SKU is renamed to EMS E3  New EMS SKU called EMS E5:  Azure Ad Premium P2: Adds Identity Protection and Privileged Identity Management  Azure Information Protection P2: Adds automatic classification  Microsoft Cloud App Security
46
 Enterprise Mobility Management is much more than just Device Management!  Our Enterprise Mobility Suite covers all customer needs for Enterprise Mobility Management  Mircosoft Intune for Device and App Management  Azure AD Premium for Identity Management (SSO, MFA, Self Service PWD reset, …)  Azure Rights Management (data stays protected – even outside own company!)  Advanced Threat Analytics for discovering unwanted intruders  Currently Microsoft is the only vendor offering such a comprehensive solution!  The price is more than attractive! (compared to competitive offers)  Flexible licensing: CSP, Open, Direct  Makes perfect sense as extension for Office 365
Introduction to Microsoft EMS by Aidan Finn

Recommended

Learning Online - EMS Introduction to Participants
Learning Online - EMS Introduction to ParticipantsLearning Online - EMS Introduction to Participants
Learning Online - EMS Introduction to ParticipantsGreg Thweatt
 
Trends in online emergency responder education
Trends in online emergency responder educationTrends in online emergency responder education
Trends in online emergency responder educationGreg Friese
 
SummIT 2015 - Wearables in EMS
SummIT 2015 - Wearables in EMSSummIT 2015 - Wearables in EMS
SummIT 2015 - Wearables in EMSMathias Nick Andersen
 
20110804 ems intro_english
20110804 ems intro_english20110804 ems intro_english
20110804 ems intro_englishYohei Takahashi
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web DesignMario Hernandez
 
California Ambulance Association 2010 Annual Conference
California Ambulance Association 2010 Annual ConferenceCalifornia Ambulance Association 2010 Annual Conference
California Ambulance Association 2010 Annual ConferenceEMS Compass Initiative
 
India electronics manufacturing services (EMS) and contract manufacturing
India electronics manufacturing services (EMS) and contract manufacturingIndia electronics manufacturing services (EMS) and contract manufacturing
India electronics manufacturing services (EMS) and contract manufacturingEvelyn Wyatt
 
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDER
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDERO BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDER
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDERFernando Rizzato
 

Recommended

Learning Online - EMS Introduction to Participants
Learning Online - EMS Introduction to ParticipantsLearning Online - EMS Introduction to Participants
Learning Online - EMS Introduction to ParticipantsGreg Thweatt
 
Trends in online emergency responder education
Trends in online emergency responder educationTrends in online emergency responder education
Trends in online emergency responder educationGreg Friese
 
SummIT 2015 - Wearables in EMS
SummIT 2015 - Wearables in EMSSummIT 2015 - Wearables in EMS
SummIT 2015 - Wearables in EMSMathias Nick Andersen
 
20110804 ems intro_english
20110804 ems intro_english20110804 ems intro_english
20110804 ems intro_englishYohei Takahashi
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web DesignMario Hernandez
 
California Ambulance Association 2010 Annual Conference
California Ambulance Association 2010 Annual ConferenceCalifornia Ambulance Association 2010 Annual Conference
California Ambulance Association 2010 Annual ConferenceEMS Compass Initiative
 
India electronics manufacturing services (EMS) and contract manufacturing
India electronics manufacturing services (EMS) and contract manufacturingIndia electronics manufacturing services (EMS) and contract manufacturing
India electronics manufacturing services (EMS) and contract manufacturingEvelyn Wyatt
 
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDER
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDERO BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDER
O BACK-END PERFEITO PARA APLICAÇÕES DELPHI E C++ BUILDERFernando Rizzato
 
4 5walls-johnson-goodman16
4 5walls-johnson-goodman164 5walls-johnson-goodman16
4 5walls-johnson-goodman16afacct
 
E Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine OverviewE Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine OverviewBrian Edwards
 
Trends in Online Education
Trends in Online EducationTrends in Online Education
Trends in Online EducationGreg Friese
 
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...Zpryme Research & Consulting, LLC
 
EMS CPAP Training
EMS CPAP TrainingEMS CPAP Training
EMS CPAP TrainingRobert Cole
 
Crew Resource Management For Ems Finished
Crew Resource Management For Ems FinishedCrew Resource Management For Ems Finished
Crew Resource Management For Ems FinishedJohn Halbrook
 
Presentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media SuperiorPresentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media SuperiorDGETI Zacatecas
 
Daejin catalogue k 2011 for web
Daejin catalogue k 2011 for webDaejin catalogue k 2011 for web
Daejin catalogue k 2011 for webBrian Nam
 
Ethik ems tag2
Ethik ems tag2Ethik ems tag2
Ethik ems tag2Max Ruppert
 
Ems obligatoriedad
Ems obligatoriedadEms obligatoriedad
Ems obligatoriedadEliseo Anaya
 
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)Salziger RadStation KG
 
SC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa FriesoytheSC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa FriesoytheSCM Fussball
 
RAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en EspañolRAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en EspañolFernando Rizzato
 
Ethik ems tag1
Ethik ems tag1Ethik ems tag1
Ethik ems tag1Max Ruppert
 
Integrated Information Tracking Technology
Integrated Information Tracking TechnologyIntegrated Information Tracking Technology
Integrated Information Tracking TechnologyNick Nudell
 
Sistema Nacional de Bachillerato
Sistema Nacional de BachilleratoSistema Nacional de Bachillerato
Sistema Nacional de Bachilleratocetis109blog
 
Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1E RV
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 

More Related Content

Viewers also liked

4 5walls-johnson-goodman16
4 5walls-johnson-goodman164 5walls-johnson-goodman16
4 5walls-johnson-goodman16afacct
 
E Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine OverviewE Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine OverviewBrian Edwards
 
Trends in Online Education
Trends in Online EducationTrends in Online Education
Trends in Online EducationGreg Friese
 
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...Zpryme Research & Consulting, LLC
 
EMS CPAP Training
EMS CPAP TrainingEMS CPAP Training
EMS CPAP TrainingRobert Cole
 
Crew Resource Management For Ems Finished
Crew Resource Management For Ems FinishedCrew Resource Management For Ems Finished
Crew Resource Management For Ems FinishedJohn Halbrook
 
Presentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media SuperiorPresentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media SuperiorDGETI Zacatecas
 
Daejin catalogue k 2011 for web
Daejin catalogue k 2011 for webDaejin catalogue k 2011 for web
Daejin catalogue k 2011 for webBrian Nam
 
Ems obligatoriedad
Ems obligatoriedadEms obligatoriedad
Ems obligatoriedadEliseo Anaya
 
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)Salziger RadStation KG
 
SC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa FriesoytheSC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa FriesoytheSCM Fussball
 
RAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en EspañolRAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en EspañolFernando Rizzato
 
Integrated Information Tracking Technology
Integrated Information Tracking TechnologyIntegrated Information Tracking Technology
Integrated Information Tracking TechnologyNick Nudell
 
Sistema Nacional de Bachillerato
Sistema Nacional de BachilleratoSistema Nacional de Bachillerato
Sistema Nacional de Bachilleratocetis109blog
 
Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1E RV
 

Viewers also liked (17)

4 5walls-johnson-goodman16
4 5walls-johnson-goodman164 5walls-johnson-goodman16
4 5walls-johnson-goodman16
 
E Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine OverviewE Bridge Ems Telemedicine Overview
E Bridge Ems Telemedicine Overview
 
Trends in Online Education
Trends in Online EducationTrends in Online Education
Trends in Online Education
 
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
[Smart Grid Market Research] Energy Management 3.0: Advanced Systems for Comm...
 
EMS CPAP Training
EMS CPAP TrainingEMS CPAP Training
EMS CPAP Training
 
Crew Resource Management For Ems Finished
Crew Resource Management For Ems FinishedCrew Resource Management For Ems Finished
Crew Resource Management For Ems Finished
 
Presentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media SuperiorPresentación de la Reforma Integral de la Educación Media Superior
Presentación de la Reforma Integral de la Educación Media Superior
 
Daejin catalogue k 2011 for web
Daejin catalogue k 2011 for webDaejin catalogue k 2011 for web
Daejin catalogue k 2011 for web
 
Ethik ems tag2
Ethik ems tag2Ethik ems tag2
Ethik ems tag2
 
Ems obligatoriedad
Ems obligatoriedadEms obligatoriedad
Ems obligatoriedad
 
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
Rad-Touren aus der Region Boppard-Bad Salzig - Bad Ems (Rhein/Lahn)
 
SC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa FriesoytheSC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
SC Melle 03 - Stadionecho - SCM gegen SV Hansa Friesoythe
 
RAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en EspañolRAD Studio XE8 - Delphi Tour 2015 - Edición en Español
RAD Studio XE8 - Delphi Tour 2015 - Edición en Español
 
Ethik ems tag1
Ethik ems tag1Ethik ems tag1
Ethik ems tag1
 
Integrated Information Tracking Technology
Integrated Information Tracking TechnologyIntegrated Information Tracking Technology
Integrated Information Tracking Technology
 
Sistema Nacional de Bachillerato
Sistema Nacional de BachilleratoSistema Nacional de Bachillerato
Sistema Nacional de Bachillerato
 
Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1Gen2 Profordems Ppt Modulo 1
Gen2 Profordems Ppt Modulo 1
 

Recently uploaded

Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 

Recently uploaded (20)

Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 

Introduction to Microsoft EMS by Aidan Finn

  • 1.
  • 2. Enterprise Mobility + Security (EMS) Aidan Finn Technical Sales Lead MicroWarehouse Ltd
  • 3. 3
  • 4. www.mwh.ie I About Aidan Finn • MVP, Cloud & Datacenter Management (Hyper-V) • Experienced with Windows Server/Desktop, System Center, virtualisation, and IT infrastructure • @joe_elway • http://www.aidanfinn.com • http://www.petri.com/author/aidan-finn Technical Sales Lead, MicroWarehouse
  • 5. www.mwh.ie I About MicroWarehouse • Irish owned/located distributor • Park West, Dublin 12 • Distributors for: • Microsoft on-premises & cloud • DataOn Storage (across Europe) • Gridstore (across Europe) • SkyKick • And many more • Value added distribution: • Much more than selling licenses • Get your licensing right • Sales education • Technical training Value Added Distribution
  • 6. www.mwh.ie I Entire Hyper-V cluster for a small-mid business in 2U  12 x clustered data drives (e.g. 4 x SSD + 8 x HDD)  1023W (1+1) redundant power  2 x clustered Hyper-V hosts, each with: o 2 x Intel® Xeon® E5-2600v3 (Haswell-EP) o DDR4 Reg. ECC memory up to 512GB o 2 x 1G SFP+ & IPMI management “KVM over IP” port o 2 x PCI-e 3.0 x8 expansion slots o 1 x 12Gb/s SAS x4 HD expansion port o 2 x 2.5” 6Gb/s SATA OS drive bays
  • 7. www.mwh.ie I Hyper-Converged Infrastructure (HCI) for Hyper-V Enterprise Strategy Group: http://www.esg-global.com/lab-reports/gridstore-30/
  • 8. www.mwh.ie I Office 365 Migration & Backup
  • 9. 9
  • 10. Azure AD Connect Active Directory You’ve Actually Deployed Azure Ad Azure AD
  • 11. 11
  • 12. 65% of total email opens occurred on a mobile phone or tablet in Q4 2015** 61% of workers mix personal and work tasks in their devices*** 65% 61% * IDC: “Worldwide Mobile Worker Population 2011–2015 Forecast” ** Experian “Quarterly email benchmark report” (Q4 2015) *** Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 37% of the world’s workforce is mobile* 37%
  • 13. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently work away from their desks.*** of enterprise applications with be SaaS-based in 2018.** 66% 27.8% 33% *CEB The Future of Corporate ITL: 2013-2017. 2013. **IDC IDC’s Worldwide SaaS Enterprise Applications 2014–2018 Forecast and 2013 Vendor Shares ***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
  • 14. Enterprise Mobility Management: customer concerns … … so many different devices in our company (domain joined, non-domain joined, Smartphones, …). Is there a holistic Management solution for all of them? What is the best way to deploy Line Of Business Apps to different types of devices and platforms? Increase of external Software as a Service („SaaS“) applications … is there a Single Sign On solution? Many different Credentials cause more forgotten passwords ( Admin work). We want to support BYOD („Bring your own device“) in our company? How can we enforce security policies and conditional access – even on private devices in order to stay compliant? We want to protect certain systems (SharePoint, Exchange, …) with a multi-level method. What is the best approach based on our Active Directory? We need a simple to use but powerful encryption solution which enables us to share documents in a secure way – even accross company borders.
  • 15. Mobile Content (& Access) Management (MCM) Mobile Information Management (MIM) Mobile Application Management (MAM) Mobile Device Management (MDM) Microsoft Intune • Mobile device settings management • Mobile application management • Selective wipe • Connect with SCCM • Managed Mobile Apps (Intune is the only solution to securely manage MS Office on iPad and Android) • … Microsoft Azure Active Directory Premium • Single Sign-on for SaaS apps and onpremises web based Apps • Self-service password reset • Multi-factor authentication • Integration with on premises AD • … EnterpriseMobility+Security More information Microsoft Azure Rights Management* • Information protection • on-premises and cloud RMS • Bring your own key • Document Tracking & revoke access • … More information More information MoreinformationEnterprise Mobility Management - full scope Microsoft Advanced Threat Analytics Analyze User Behavior and identify illegal intruders (on premises solution) More information * Azure Information Protection H2 2016
  • 16. Enterprise Mobility + Security 1st component: Microsoft Intune Device & App Management
  • 17. PC management The logos above may be the property of their respective owners. How Device and App Management often works …
  • 18. Unify your environment with Microsoft Intune
  • 19. Consistent experience across: Discover and install corporate apps Manage devices and data Ability to contact IT Customizable terms and conditions + Deploy automatically without user intervention Simplify app delivery and deployment Company portal self-service experience
  • 20. Personal apps Managed apps Maximize productivity while preventing leakage of company data by restricting actions such as copy, cut, paste, and save as between Intune-managed apps and unmanaged apps User
  • 21. Personal apps Managed apps Perform selective wipe via self-service company portal or admin console Remove managed apps and data Keep personal apps and data intact Company Portal Are you sure you want to wipe corporate data and applications from User’s device? OK Cancel IT Managed apps
  • 22. Enterprise Mobility + Security 2nd component: Microsoft Azure AD Premium Hybrid Identity & Access Management
  • 23. The current reality around identities …
  • 24. Idea: centralized Identity directory as the control point Active Directory
  • 25. Single Sign On – Admin experience Configure Single Sign On for your employees for currently <00 preintegrated popular SaaS apps. With a few mouseclicks you can add Apps for usage in your organization and assign users or groups to these Apps. Azure AD Application Proxy Even publish access to local RDS
  • 26. Company branded, personalized application Access Panel : e.g. http://myapps.microsoft.com User has to login with his AD- Credentials only here. Then he gets access to all SAAS Apps the admin has provided to him. Single Sign On – User experience
  • 27. Single Sign-On for > 2,600 Pre-Integrated SaaS Apps: http://www.windowsazure.com/en-us/gallery/active-directory
  • 28. AD Agent Logs Active Directory Cloud App Discovery https://appdiscovery.azure.com/
  • 29. Phone callMobile app Single-use codes •••••••• SMS “ ” cloudOn-premises
  • 30. Self-Service password reset (with write-back) Self-Service group management Application proxy Conditional-based access control Connect health Conditional-based device access (requires Intune) Other Features of Azure AD Premium Company portal self-service experience
  • 31. Enterprise Mobility + Security 3rd component: Microsoft Azure Rights Management Azure Information Protection (Q4 2016)
  • 32. Simplified data protection solution. No on-premises infrastructure required. • Control security at the document/email level • Manage who can open/read/print/forward • Maintain security even when you lose control of the document/email • Template-based • Share documents externally Microsoft Azure Rights Management Service (“Azure RMS”)
  • 33. Share protected content – even outside company borders
  • 34. Microsoft Azure RMS – consume protected content https://portal.aadrm.com/home/download
  • 35. Enterprise Mobility + Security 4th component: Microsoft Advanced Threat Analytics Defend against identity misuse
  • 36. £75K The average cost of a data breach to an SME was between £75K and £311K 33% Of attacks take more than 1 week to detect 57%+ Of SMEs were attacked by misuse of identity 67% Of large enterprises say management don’t place enough emphasis on IT security HM Government 2015 Information Security Breaches Survey
  • 37. An on-premises solution to identify advanced security attacks before they cause damage  Credit card companies monitor cardholders’ behavior.  If there is any abnormal activity, they will notify the cardholder to verify charge. Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Comparison:
  • 38. Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.
  • 39.  Witnesses all authentication and authorization to the organizational resources within the corporate perimeter or on mobile devices Mobility support Integration to SIEM** Seamless deployment  Analyzes events from SIEM to enrich the attack timeline  Works seamlessly with SIEM  Provides options to forward security alerts to your SIEM or to send emails to specific people  Software offering that runs on hardware or virtual  Utilizes port mirroring to allow seamless deployment alongside AD  Non-intrusive, does not affect existing network topology Key features
  • 40. Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement
  • 41. 41
  • 42. Online Direct MOSP Includes: Intune Service * SC ConfigMgr & Endpoint Protection Microsoft Intune If customer owns ConfigMgr and SCEP Main EMS related SKUs CSPOpen: OL / OV / OVS Microsoft Intune Add-On for ConfigMgr & SC Endpoint Protection (must license ConfigMgr separately) Includes: MFA (Multi Factor Authentication) Azure Active Directory Premium Microsoft Rights Management Previously Azure Rights Management Service $9/y Intune Service only (no SCCM & SCEP)If customer does not need SCCM & SCEP EMS Licensing AE only Includes: Microsoft Intune * Azure AD Premium * Azure RMS Enterprise Mobility Suite USL Prices are estimated retail prices. License is per user per month. 1 user can have up to 5 managed devices.
  • 43. 43
  • 44.
  • 45.  Enterprise Mobility Suite is renamed to Enterprise Mobility + Security  Azure RMS is renamed to Azure Information Protection  Existing EMS SKU is renamed to EMS E3  New EMS SKU called EMS E5:  Azure Ad Premium P2: Adds Identity Protection and Privileged Identity Management  Azure Information Protection P2: Adds automatic classification  Microsoft Cloud App Security
  • 46. 46
  • 47.  Enterprise Mobility Management is much more than just Device Management!  Our Enterprise Mobility Suite covers all customer needs for Enterprise Mobility Management  Mircosoft Intune for Device and App Management  Azure AD Premium for Identity Management (SSO, MFA, Self Service PWD reset, …)  Azure Rights Management (data stays protected – even outside own company!)  Advanced Threat Analytics for discovering unwanted intruders  Currently Microsoft is the only vendor offering such a comprehensive solution!  The price is more than attractive! (compared to competitive offers)  Flexible licensing: CSP, Open, Direct  Makes perfect sense as extension for Office 365

Editor's Notes

  1. Be sure to welcome and thank the audience, introduce yourself and your role before you get started with the presentation.  
  2. There are a couple of mega trends that have been changing the world of work as we know it. The place where people actually get their work done is no longer exclusively a traditional office or workplace. People now work from home, cafes, customer sites, on the road, in the air. In fact, people can—and do—work from just about anywhere. Even when they’re in the office, people don’t expect to be sitting at their desk in order to be productive. We are in an era where mobility really is the new normal.
  3. Slide 6: Mobility is the new normal   There are a couple of mega trends that have been changing the world of work as many of us know it. The place where people work is no longer exclusively the workplace. People work from home, from cafes, from customer sites, on the road, in the air. In fact people can – and do – work from just about anywhere. Even when they’re in the office, people don’t expect to be sitting at their desk in order to be productive. We are in an era where mobility really is the new normal. The cloud-first, mobile-first world is here. People expect to have the ability to work where, when and how they choose. Using the devices they love and the apps they are familiar with. Just look at the story told by some of these stats: 66% of employees use personal devices for work. A large percentage of employees work away from their desk – even when they are in the office. And BYOD is going to mean a new way of working across apps and data.
  4. PCIT: People-centric IT (PCIT) enables every employee IT supports to work from virtually anywhere, on the device of their choice, while giving IT a consistent way to manage and protect it all. EMM: Enterprise mobility management (EMM) is an all-encompassing approach to securing and enabling employee smartphones and tablets that involves MDM, MAM, MIM and MCM. MDM: System Center Configuration Manager 2012 R2 uses Microsoft Intune as an Internet gateway to enroll, secure, and manage mobile devices. PCIT means we expect employees to have multiple devices and we therefore license “by user” instead of “by device.” It also means you use a single console to manage desktops, laptops, servers, tablets and smartphones running a variety of operating systems. MAM: System Center Configuration Manager 2012 R2 delivers a private app store via a native portal downloaded from the Windows Store, Apple App Store and Google Play. This PCIT way of delivering software means employees get the corporate apps they need for the mobile devices they use in order to be productive at work. MIM: Active Directory Rights Management on Windows Server 2012 R2 encrypts sensitive data allowing only approved applications and users to access it. PCIT allows IT to protect corporate data by helping to define classification of data based on content. This prevents users from forwarding, saving or printing Exchange/Outlook emails containing sensitive data or attachments. It also prevents users from uploading corporate data to Dropbox. MCM: The PCIT way of giving users access to corporate resources begins with Windows Server 2012 R2 working with Active Directory to allow mobile devices to register via Workplace Join so IT knows about them. This provides seamless second factor authentication and therefore single-sign-on to corporate resources and applications. Mobile access to those corporate resources is provided by the Web Application Proxy feature of Windows Server 2012 R2. If you’ve used ISA Server, TMG, or UAG to publish Exchange ActiveSync, then you know how Web Application Proxy works. Encrypted file synchronization is delivered to mobile devices via Work Folders as an IT-controlled alternative to Dropbox.
  5. IT has had to respond and there are tools available to help address many of the challenges we’ve outlined already. But the majority of solutions manage either PCs or mobile devices. Not both. The result is that many organizations have two lots of infrastructure set up to manage devices for the same user. This adds cost and complexity from an IT perspective. It also means that the end user is most likely getting a different experience across their devices. Not ideal for anyone! In addition, the user can end up having to sign in multiple times, with a different experience across different devices. Frustrating and inefficient!
  6. Now that we’ve talked about how you can provide your users access resources from virtually anywhere, on any device, we need to turn to the second section of our discussion – making sure that with all the empowerment you’re providing to your workers, that you can still maintain the corporate security and compliance – as well as the efficiency of your IT processes. Given the explosion of devices that you’ll see coming through the door, it is absolutely essential that you have an infrastructure in place to manage these devices without introducing complexity or astronomical budget increases. Unified infrastructure enables IT to manage devices “where they live” The Microsoft solution is focused on helping reducing client management infrastructure costs and complexity. With the integration between Configuration Manager and Microsoft Intune, we offer a single console that integrates both on-premises and in-the-cloud management. Client management and security are offered in a unified single solution – giving you a streamlined approach to managing devices and applications as well as identifying and remediating threats and non-compliance. If you’re a current Configuration Manager customer, adding the Microsoft Intune cloud-based management is quick and easy. With this unified solution, organizations are able to manage endpoint devices “where they live.” This also includes connectivity to Office 365 for EAS-based management policies. Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Policies can be applied across various devices and operating systems to meet compliance requirements, to the extent of the capabilities exposed on those platforms Extended native management for Windows RT, iOS and Android IT can provision certificates, VPNs, and Wi-Fi profiles on personal devices Full app inventory and application push install for corporate-owned devices, inventory of “managed” apps and publishing of apps for personal devices Remotely wipe and unregister corporate devices from management system (as supported by each operating system) IT can manage the device and application life cycle by removing MDM-specific content from devices no longer managed Selective wipe of managed applications’ data Applications that were installed through Microsoft Intune Sideloading keys MDM policies Wi-Fi/VPN profiles
  7. As noted on the previous slide, users can leverage the self-service Intune Company Portal for a variety of things. The portal provides a consistent experience across popular mobile platforms where users can enroll their own devices, install corporate applications, and quickly access support information for their corporate IT department. From this portal, users also have the ability to wipe corporate data off of their enrolled device or devices and retire devices that will no longer be used. A new feature that is also now available is customizable terms and conditions. This new feature enables an organization to outline the specific conditions and policies that apply to the enrolled device and user at enrollment into the Intune service. Also – It’s important to highlight is that the company portal design conforms to the UX guidelines of each device platform to retain platform consistency.
  8. Let’s now take a closer look at how app-level policies can help keep company data and information secure. Our user receives a work email through her managed Outlook account with an attached Excel spreadsheet containing information she needs for a report. Our user opens the attachment in her Excel mobile application to find the information she needs. She then wants to copy the info to add to her report. But when she tries to paste it into her personal notepad, it doesn’t work—the personal notepad is not a managed app and our IT pro has applied policies that restrict copy, paste, and cut functions to only apps that are part of the managed app ecosystem (for Intune enrolled devices). So our user opens her Microsoft Word mobile app which is managed by Intune and she is successfully able to paste her information. Now our user wants to save the working copy of her report to her personal OneDrive account so that she can access it from her home computer. Because her personal OneDrive account is not one of the managed applications, she’s unable to save it here. IT has applied policies restricting the ability to save to only apps that are part of the managed app ecosystem. So our user must save her working copy to her managed OneDrive for Business account, which means when she does want to work on this report from another device, this device will have to be an enrolled for management . By using the mobile application management capabilities of Intune, the IT pro can help prevent leakage of important company data and make sure that this information doesn’t get into the wrong hands. 
  9. Slide 29: Mobile application management   IT can safeguard against corporate information and resources leaking through User interaction by applying policies to the apps themselves, but with most employees working from multiple enrolled devices, our IT Pro still needs a broader way of protecting access to the corporate applications on any of the User’s enrolled devices. Perhaps our User decides to replace or retire her device, perhaps she leaves the company or just doesn’t want to use the device for work any longer. The Company Portal allows our IT Pro to selectively wipe corporate applications from any device at any time and arrange for automatic selective wipe of corporate apps when a device is unenrolled . And, in the event that our User’s device is lost or stolen, she or IT can completely wipe the device from the same Company Portal. The self-service option can save time, frustration, worry, and IT resources!  
  10. So let’s focus on cloud identity management. We are trying to address 3 main issues: Help IT departments get control of who is access what on the public cloud and provide SSO in a secure and efficient manner. Various departments in enterprises are enthusiastically adopting many different SaaS application, and “Shadow IT” makes its appearance. One way of resolving this problem is adding more federated connections with every new SaaS application that an organization is using, but that’s a very difficult way to resolve Single Sign On. Password proliferation and Self-Service needs. I am accessing more than 5 cloud services for personal use at least once per week, how many are you using? How many times do you login each week? For each access and each application we must enter in our user name and password, it can become tedious to say the least.  The most useful link on those services is the "I forgot my password" one and, to be honest, “I forgot my username" is becoming common too. Imagine the scale of this issue in enterprises. [Click] An average user already deals with a bunch of usernames and passwords for his on-premises applications, and cloud based applications are piling up with an increasing pace. There are already enterprises that have many cloud based applications in their environment. (There are more than 20.000 SaaS apps in the market already according to IDC). So organizations have to maintain [Click] Windows Server AD credentials and some of them even more for other on-premises directories in addition to the new cloud-related ones   Huge amounts of money have been invested in on premises identity and access management solution without actually having the problem of Single Sign On solved. Help centers and IT departments all over the world can confirm that. If you add personal cloud applications' identities into the mix [Click] along with the desire to access applications from different devices, you get many frustrated users who voice their unhappiness and place pressure on IT for simpler solutions. The challenge for IT in today’s world of many devices, on premises apps, cloud apps, and hybrid apps is that they are not always aware of all the cloud-based applications their users are accessing. IT has not purchased or deployed these apps and in most cases they have no visibility into how they were purchased or if they are being managed. With the dramatic increase in cloud applications and the ease of sign up and free trials, Management and users are asking from IT departments to provide single sign on from everywhere to everything…   A solution to this problem could be a federation with each and every one of those cloud-based applications. But not all of them are using the same protocols or standards when it comes to identity management, which can make federation a very difficult task. Instead, [Click] organizations need a hub that can sync their on-premises Active Directory (and other non-MS directories), [Click] seamlessly connect with many cloud applications, [Click] can integrate with various protocols and can scale around the globe to authenticate users everywhere [Click] from any device in a way that integrates simply with their existing identities. With more than 95% of fortune 1000 organizations using Windows Server Active Directory on premise, they would prefer not to reinvent the wheel or recreate all of their identities. The good news is that they don’t have to. That’s exactly what Microsoft Azure Active Directory provides. And it does that in a secure and comprehensive manner.
  11. If your enterprise uses cloud-based, SaaS or custom LoB, applications that are not pre-integrated into Azure Active Directory, you can follow simple steps to add them and enable single sign on to them too.   Azure Active Directory sign-in gives developers a way to avoid a separate ID and password for their application.  Users get single sign on across your application and other applications like Office 365.  Support for industry standard protocols such as SAML 2.0, WS-Federation, and OpenID Connect makes sign-in possible on a wide variety of platforms such as .Net, Java, Node.js, and PHP.  The REST-based Graph API enables read and write to the directory, which is often essential for access management.  Through support for OAuth 2.0, developers can build mobile and web applications that integrate with Microsoft and third party web APIs, and build their own secure web APIs.  Open source client libraries are available for .Net, Windows Store, iOS, and Android, with additional libraries under development. So a developer can build an application on any platform (.Net, Node, Java) and host it in any cloud, (we strongly recommend to use our rich platform and host it on Azure) and to leave the identity management to Azure AD. More info on what we offer to developers for application integration: http://msdn.microsoft.com/en-us/library/windowsazure/dn151121.aspx   At this point we must highlight that Azure Active Directory can also provide identity management for cloud only solutions. If there is a need for a custom branded cloud directory  to host identities and provide authentication to cloud based apps that are built on azure on any other public cloud, Azure Active Directory can address your needs. Create a Azure Active Directory tenant, give it a name that you want, add users and assign to them access to cloud based apps with a new set of credentials. That could be a solution for customer-partner-vendor related projects or for companies/departments that are focused on cloud only.   Pre-integrated or easily added SaaS apps, custom LoB cloud-based apps, newly developed apps, hosted on Azure or any other cloud can be connected with Azure Active Directory and make it the home of all the CLOUD-BASED applications you need. All capabilities described in this slide are included in the free and premium offering
  12. From the beginning of this presentation one key principle we highlighted is the effort to empower end –user and simplify how they access applications across many disparate systems, ultimately making them happier and more productive. This might happen if they could access all their apps from many devices and geographies with a single set of credentials and get Self-Service capabilities. Azure Active Directory is focused on this key capability. When administrators assign access to preintegrated SaaS applications from the Azure Portal, as we described earlier, shortcuts of these apps (tiles) are displayed, for every user, via a single personalized web paged, that is hosted on Azure. This web page is called Access Panel from which every user has a personalized view of their apps. The link to the Access Panel is really easy : myapps.Microsoft.com Also mobile application are available to provide the same experience from mobile phones. [Click] From the Access Panel of every user all displayed SaaS apps can be launched using a single set of credentials. Being a web page, hosted on Azure, Access Panel is accessible from any device and any place providing the end user the flexibility he needs. Some restrictions exist for those SaaS apps that are using Password SSO instead of federation SSO. Those SaaS apps can be launched only from desktop browsers and web applications. IE, Chrome and Firefox are supported for now. The reason behind that is that an add-on is needed to be installed in order for Password SSO apps to be launched. The logon screen and the actual Access Panel can be customized (Company branded) and host the logos and the color schemes that the IT administrator wants. This can be done from the “configure” tab of Azure Management Portal and it’s a feature of the premium offering [Click] Via Access Panel a user can review his profile and change his password or his Multi-Factor Authentication settings (if he has this feature enabled)
  13. We have two deployment models. You can run this on premises against your traditional private cloud applications (SharePoint), integrating this with your applications on premises. We also have cloud services. You don’t deploy anything on premises, but you can apply multi-factor authentication against cloud services (Office 365). Our multi-factor authentication cloud service provides the ability to challenge users in a number of ways: A mobile application can be installed on a user’s device, they authenticate that device through a verification process and from that point forward they are able to answer the multi-factor authentication challenge using the mobile app. SMS or text messages can be sent to the user to request their PIN code or to send them a one-time code that must be sent back. A phone call either challenges the user to press the hash key as prompted or to enter their PIN code. Single-use codes can be provided on the screen and the user is challenged to present that code to the cloud service as part of the authentication. All of these challenges are designed to verify the user. If the user has the user name and a password, has the right device and the PIN code to unlock the device, and is able to respond in the appropriate manner, we’re creating a user verification process that can safely assess that the user is who they say they are.
  14. As noted on the previous slide, users can leverage the self-service Intune Company Portal for a variety of things. The portal provides a consistent experience across popular mobile platforms where users can enroll their own devices, install corporate applications, and quickly access support information for their corporate IT department. From this portal, users also have the ability to wipe corporate data off of their enrolled device or devices and retire devices that will no longer be used. A new feature that is also now available is customizable terms and conditions. This new feature enables an organization to outline the specific conditions and policies that apply to the enrolled device and user at enrollment into the Intune service. Also – It’s important to highlight is that the company portal design conforms to the UX guidelines of each device platform to retain platform consistency.
  15. We are all aware of the advanced cyber security attacks that are taking place : we have seen several examples in the last couple years with Target, Premera, JP Morgan Chase, Anthem Blue Cross, Sony. Almost every day now in news, we are seeing new, sophisticated cybersecurity attacks. Most of us got our credit cards changed even without asking for it in the last year. Some of us have been a victim of identity theft. In the past we have been shredding credit card statements but now our information is out there anyway. The fact of the matter is the frequency and sophistication of cybersecurity attacks is getting worse. Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom and event to the White House. Attacks and threats have grown substantially more sophisticated in frequency and severity. We would like to share some sobering, eye opening statistics regarding these cyber security attacks: Over 75% of the network intrusions are tracked back to compromised (weak or exploited) user credentials. We have several devices and we are accessing corporate resources from a variety of devices. Users and user credentials remain to be the most important blind spot in the advanced attacks. We think we can catch these attackers, right? Wrong. The median number of days the attackers reside within a victim’s network before detection. As one of the IT directors I had a discussion mentioned, they are not coming into our networks with bombs, explosive materials anymore. They use chopsticks and toothpicks. They law low. The cost of these attacks to the global economy and to a company is significant. It is estimated that the total potential cost of cybercrime to the global economy is $500B. The average cost of a data breach to a company is $3.5Million and that is only the top of the iceberg. 200+ days: The average number of days that attackers reside within a victim’s network before detection 76% of all network intrusions are due to compromised user credentials (Source: Verizon 2013 Data Breach Investigation Report) $500B The total potential cost of cybercrime to the global economy (Source: CSIS-McAfee Report) $3.5M The average cost of a data breach to a company (Source: Ponemon Institute Releases 2014 Cost of Data Breach)
  16. That is why we are introducing Microsoft Advanced Threat Analytics, an innovative technology based on the acquisition of Aorato, innovator in enterprise security. To explain the concept on a high level, we would like to use an analogy: We are all credit card holders. If we travel to another location, especially to another country, it is in our travel check list to give a call to our bank to tell them they are going to be seeing some charges from another country. For instance if my credit card company starts to see some charges from South Africa, although I am normally located in Redmond Washington, they will give me a call and ask whether I am really travelling, whether this is somebody using my credential or whether it is me. If it is not me, they will block my card and send me a new card. They will also notify me if there is an abnormal activity in my credit card. If they say see a charge of 3,000 in a single transaction, they may send me an alert. Microsoft Advanced Threat Analytics is bringing this concept in a more advanced way to the employees, vendors and IT departments of organizations. Microsoft Advanced Threat Analytics, in short ATA, is an on premises platform helping IT to protect their enterprise from the advanced attacks by automatically analyzing, learning, and identifying normal and abnormal entity (user, devices and resources) behavior. How?
  17. So what are the benefits? Detect threats fast with behavioral analytics Microsoft Advanced Threat Analytics works around the clock to help IT pinpoint suspicious activities by profiling and knowing exactly what to look for. Using its proprietary algorithm, ATA surfaces suspicious activity you may never have recognized and brings them to your attention quickly. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. Advanced Threat Analytics doesn’t just identify questionable activities in the system—it also identifies known advanced attacks and security issues.   Adapt to the changing nature of cyber-security threats ATA continuously learns from the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, Microsoft Advanced Threat Analytics helps you adapt to the changing nature of cyber-security attacks with continuously-learning behavioral analytics. Focus on what’s important using the simple attack timeline IT and security teams are overwhelmed with the constant reporting of traditional security tools and the task of sifting through them to locate the important and relevant attacks. Many go undetected in all of the noise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of the enterprise.   Reduce false positive fatigue Traditional IT security tools are often not equipped to handle the sheer volume of data, turning up unnecessary red flags and distracting you from real threats. With Microsoft Advanced Threat Analytics, these alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. Microsoft Advanced Threat Analytics will also automatically guide you through the process, asking you simple questions to adjust the detection process according to your input.   Prioritize and plan next steps with recommendations For each suspicious activity, ATA provides recommendations for investigation and remediation.
  18. Some key features to mention: Mobility support No matter where your corporate resources reside— within the corporate perimeter, on mobile devices, or elsewhere—ATA witnesses authentication and authorization. This means that external assets like devices and vendors are as closely monitored as internal assets. Integration to SIEM ATA works seamlessly with SIEM after contextually aggregating information into the attack timeline. It can collect specific events that are forwarded to ATA from the SIEM. Also, you can configure ATA to send an event to your SIEM for each suspicious activity with a link to the specific event on the attack timeline. Seamless Deployment ATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment. You don’t have to install any agents on the domain controllers, servers or computers.
  19. ATA identifies known security issues using world-class security researchers’ work. Broken trust Weak protocols Known protocol vulnerabilities ATA detects known malicious attacks almost as instantly as they occur. Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce Remote execution Behavioral analytics leverage Machine Learning to uncover questionable activities and abnormal behavior. Anomalous logins Unknown threats Password sharing Lateral movement
  20. Mobility Licensing This table shows the supported licensing mechanisms for the different Microsoft Intune SKUs and for the Enterprise Mobility Suite. Note that the enterprise mobility suite is only available through Enterprise Agreement (EA) and Enrollment for Education Solutions (EES) Contrasting this is Microsoft Intune, which is also now available through the Open License, The new The direct Microsoft Online Services Program (MOSP) The new Cloud Solution Provider Program (CSPP) The new Microsoft Products and Services Agreement (MPSA) Also note that under EA/EAS there are options for customers to “Bridge” from Coreor Enterprise CAL to Intune and/or Office 365. Also under Open and EA/EES there is an Microsoft Intune add-on option for customers that are already licensed for Systems Center Configuration Manager Also worth noting is that Azure Active Directory Premium is only available through Enterprise Agreement (EA) and Enrollment for Education Solutions (EES), while Azure Rights management is available more broadly across MOSP, MPSA or EA/EES.
  21. Mobility Licensing This table shows the supported licensing mechanisms for the different Microsoft Intune SKUs and for the Enterprise Mobility Suite. Note that the enterprise mobility suite is only available through Enterprise Agreement (EA) and Enrollment for Education Solutions (EES) Contrasting this is Microsoft Intune, which is also now available through the Open License, The new The direct Microsoft Online Services Program (MOSP) The new Cloud Solution Provider Program (CSPP) The new Microsoft Products and Services Agreement (MPSA) Also note that under EA/EAS there are options for customers to “Bridge” from Coreor Enterprise CAL to Intune and/or Office 365. Also under Open and EA/EES there is an Microsoft Intune add-on option for customers that are already licensed for Systems Center Configuration Manager Also worth noting is that Azure Active Directory Premium is only available through Enterprise Agreement (EA) and Enrollment for Education Solutions (EES), while Azure Rights management is available more broadly across MOSP, MPSA or EA/EES.