nytt og hot i enterprise mobility + security › nextlevel › presentasjoner ›...

Enterprise Mobility + Security(EM+S)

Nytt og Hot i Enterprise Mobility + Security

Jan Vidar Elven

Arkitekt

MVP Enterprise Mobility

Microsoft Threat ProtectionMicrosoft Ignite, Orlando 2018

Sikkerhet vs. “Happy Vibes”

Nytt og Hot - IdentitetPassordløst | Identity Governance | Microsoft Secure Score | B2B

Alle hater passord…

Brukere hater passord

Alfanumeriske passord er vanskelige å huske

Password manager løsninger er

kompliserte og er bare mer jobb

Det er vanskelig å skrive inn passord på mobile

enheter

Credential reuse across multiple services increases attack surfaces

Even the strongest passwords are easily phishable

279% more enterprise securityincidents from 2016 to 2017

81% of hacking-related breaches leveraged either stolen and/or weak passwords

OTA Cyber incidents Report 2018 I Verizon Cybercrime Case Studies 2017

IT hater passord

Mest frekvent avslåtte passord fra siste uke før Ignite..

Hackere passord

Windows Hello Microsoft Authenticator FIDO2 Security Keys

Hvordan komme til en verden uten passord

Autentisering med høy styrke, høy sikkerhet og tilgjengelige metoder

Identity Governance• Identitetsstyring kommer til

Azure AD

• Entitlement management• Admins kan lage policier for

ressurser som grupper, apper, og siter.

• Automatisere prosess for gi tilgang til ansatte og partnere.

• My Access portal• Ansatte og partnere kan be om

tilgang til disse entitlements, og forretningsledere kan godkjenneforespørsler.

Microsoft Secure Score

B2B• Azure AD B2B støtter nå federering med Google

• Gjelder bare personlige Google kontoer, som @gmail.com• Foreløpig ikke GCP

Felles registrering for SSPR og Azure MFA

https://aka.ms/setupsecurityinfo

https://aka.ms/MFASetup

https://aka.ms/SSPRSetup

FØR NÅ

Modern ManagementManagement og Beskyttelse av Enheter og Applikasjoner

- Powered by Cloud

Apps without app protection policies

Data protection with app protection policies

Data protection with app protection policies on devices managed by a MDM solution

Data protection with app protection policies for devices without enrollment

Managed Apps Policy TargetTargeted Apps iOS Targeted Apps Android

• Outlook• OneDrive• OneNote• Skype for Business• Yammer• Word• Excel• PowerPoint• Microsoft Teams• Microsoft Planner• Microsoft Dynamics CRM on iPhone/iPad• Microsoft Connections• Managed Browser • Edge• Microsoft PowerBI• Microsoft SharePoint• Microsoft Visio Viewer• Azure Information Protection• Adobe Acrobat Reader for Intune• Microsoft Invoicing• Microsoft Kaizala• Microsoft StaffHub

• Outlook• OneDrive• OneNote• Skype for Business• Yammer• Word• Excel• PowerPoint• Microsoft Teams• Microsoft Planner• Dynamics CRM for Phones/Tablets

• Managed Browser• Edge• Microsoft Power BI• Microsoft SharePoint

• Azure Information Protection• Adobe Acrobat Reader for Intune• Microsoft Invoicing• Microsoft Kaizala• Microsoft StaffHub• Microsoft Launcher

Applikasjonsbeskyttelse policierEnrolled Devices (iOS, Android) Without Enrollment (iOS, Android)

Data Relocation:

• Prevent iTunes & iCloud Backup: Yes

• Allow app to transfer data to other apps: Policy managed apps

• Allow app to receive data from other apps: All

• Prevent Save As: Yes (allow OneDrive for Business, SharePoint,

Local Storage)

• Restrict cut, copy, and paste with other apps: Policy managed

apps with paste in

• Restrict web content to display in Managed Browser: No

• Encrypt app data: Yes

• Disable contacts sync: No

• Disable printing: No

Data Relocation:

• Prevent iTunes & iCloud Backup: Yes

• Allow app to transfer data to other apps: Policy managed apps

• Allow app to receive data from other apps: Policy managed apps

• Prevent Save As: Yes (allow OneDrive for Business, SharePoint)

• Restrict cut, copy, and paste with other apps: Policy managed

apps

• Restrict web content to display in Managed Browser: Yes

• Encrypt app data: Yes

• Disable contacts sync: No

• Disable printing: No

Access Actions:

• Require PIN for access: Yes, Numeric, PIN length 4. Allow

fingerprint/facial recognition.

• Disable App PIN when device PIN is managed: Yes

Access Actions:

• Require PIN for access: Yes, Numeric, PIN length 4. Allow

fingerprint/facial recognition.

• Disable App PIN when device PIN is managed: No

Firmaportal og Managed Apps

InformasjonsbeskyttelseAzure Information Protection | Unified Labels | Cloud App Security

Unified Labeling• Migrering av Azure Information Protection label til Office 365

Security & Compliance (Preview)

• Unified Labeling Client• Preview for Windows

• Office Insider for Mac

Cloud App Security• Azure AD Conditional Access integrasjon for Office 365 SaaS Apps

• Integrasjon med Windows Defender ATP for Cloud Discovery (“Shadow IT”)

• Microsoft Classification Service