Embracing the Consumerization of IT Jump StartModule 1: Keynote—Enabling the Consumerization of IT

Bill AndersonPrincipal Program Manager

David TesarTechnical Evangelist

• Microsoft Principal Program Manager– Over 15 years with Microsoft System – Started as pre-sales engineer, then Microsoft Consultant – Been on System Center Configuration Manager (a.k.a

SCCM or SMS) product since 2001– His team drove the User Centric changes in the

Configuration Manager 2012 release.

• Over 20 years experience in systems management space

Meet Bill Anderson

• Microsoft Technical Evangelist, DPE– With Microsoft since 2002, Evangelist since 2007– Prior: Support Escalation Engineer & Premier Field Engineer– Creates technical content, speaks at myriad of Microsoft

and industry-sponsored events, and workis directly with customers

– Works closely with Microsoft product teams to “share the good news” of IT Pro-relevant software

• Areas of focus have included:– Windows Azure security, Windows Intune, various Forefront

security products, Internet Explorer, and all the products and technologies related to the “consumerization of IT” trend

Meet David Tesar | @dtzar

• First module – 200-level all shipped products– Not “become deep expert in each of product”

• Modules 2-8 – 300-level for specific scenarios

• No: Windows 8 client

• Yes: Windows Server 2012, vNext: Intune, App-V, UeV

Course Expectations

Designing Lync Server 2010 Jump Start

Day 1: Device Management Day 2: Data Access

Mod 1: KEYNOTE— Enabling the Consumerization of IT Mod 5: Productive with Office 365

Mod 2: End-to-End Security & Access Mod 6: Information Protection

Mod 3: User-Centric Application Delivery Mod 7: Cloud Security and Management

Mod 4: Mobile Device Management Mod 8: Desktop Virtualization

• Consumerization of IT Overview

• Scenario: Consumerize Contoso Financial’s IT

• Consumerization Business policy & strategy

Module Agenda

A minute in the history of the work environment…Location Screen An activity

Sources:International Telecommunications Union, “Tablet Demand and Disruption” Morgan Stanley, IDC

We are all consumers and workers already.Just depending on what you are doing now…

A minute in the history of the work environment…

Around 371 Million Computers Sold in 2011

Around 6 Billion Cell phones Worldwide

Sources:International Telecommunications Union, “Tablet Demand and Disruption” Morgan Stanley, IDC

16 phones per PC

2 Billion Mobile Internet device today in the world

Only 20% of tablet owners use the device for content creation

2/3 of companies world wide have adopted tablets

Around 21 Million Tablets Worldwide

17 PC’s per Tablet, 285 Phones per Tablet

A minute in the history of the work environment…

CONSUMERIZATION HAS ALREADY HAPPENED…

Broaden your impact

Enable users to work how, when and where they want

Differentiate your organization

Your OpportunityOur commitment to you

INTEGRATES POPULAR SOCIAL TOOLS & APPS

Best productivity experience

PC

PHONE

BROWSER

Unified application development

Security and management to support flexible workstyles

BEST ON WINDOWS-BASED DEVICES & BEST-IN-CLASS ON OTHER DEVICES

Windows-based devicesthat people love

Embracing the Consumerization of ITWe have four pillars to our strategy

Flexible Workstyle SolutionsREADY AND PRODUCTIVE

ANYWHEREPERSONALIZED

EXPERIENCEINTELLIGENT

INFRASTRUCTURE

Work from a branch office

Work on the road

Work on your own device

Work on your phone

End to end security and access

Personalized Windows devices

Optimized application infrastructure

Unified management on-premises and from the

cloud

THE OLD WAY…

The Old Way - Infrastructure

SMS 2003

SharePoint Server 2003

3rd Party AM

Exchange 2003

INTERNET

Financial Data Sales Data Intranet Data

SharePoint Server 2003

Windows Server

2003

CORPORATE NETWORK

3RD Party VPN

Cell phone

PBX

Windows Server

2003 AD DC

Windows XPOffice 2003

Desktop Phone

Work Station/Office

Windows XPOffice 2003

Policy and Access—Effective Access

Unknown

User NamePassword

EAS or BESUser NamePassword

Domain Join, Group Policy, 3rd Party AV,

SMS 2003 client

User NamePassword

Known

Known

Unknown

Tru

st

Device Identity Policy Applied

Full Network Access

See what works

Email Access

Full Access

EAS connected device, if works with Exchange 2003Blackberries

Corporate provided Windows XP PCs

Any device - Unsupported

DeviceExamples

AccessLow

High

Services: Full Application Access, device-centricWhere: Offline local or Online via CORP or PPTP/L2TP VPNData: All types of data, no local data protection

Services: Email and documents attached to emailWhere: Offline & OnlineData: All types of data, only protection via EAS or BES policy

Services: Hope it works with credentialsWhere: CORP network OR Outlook Web Access (OWA) onlineData: All types of data unprotected Services and

Data AccessExamples

People in Ethan’s organization want to use smartphones, slates, tablets, and laptops connect to the corporate network. Can he maintain compliance and ensure corporate data is safe on all devices?

EthanSystems EngineerContoso Financial Network

Ultimate safety hero, but open to new ideas.

Ben has lots of devices and travels frequently.How can he be productive on all of his devices with all the personal things he’s used to while on-the-road?

Ben SmithGlobal Business Development ManagerContoso Financial Network

Self-proclaimed gadget geek.

Lisa is very tired and keeps getting bugged by Ben to help him close a customer deal. Can she work from home in her pajamas?

Alice CiccuTechnical AdvisorContoso Financial

Doesn’t know the meaning of impossible.

Access from Untrusted Devices

SharePoint Server 2003

3rd Party AM

Exchange 2003

INTERNET

SharePoint Server 2003

Windows Server 2003

CORPORATE NETWORK

3RD Party VPN

DOMAIN ISOLATION

SERVER ISOLATION

X

UNTRUSTED

Windows XPOffice 2003

SMS 2003 PBX

Desktop Phone

Work Station/Office

Smart phone

Slate Windows XPOffice 2003

Financial Data Sales Data Intranet Data

Windows Server 2003 AD DCDomain ControllerUntrusted

Access from Untrusted Devices

3rd Party AM

UNTRUSTED

Windows XPOffice 2003

Desktop Phone

Work Station/Office

Smart phone

Windows XPOffice 2003

CORPORATE NETWORK

ModernGateway

Exchange 2003SMS 2003

Unmanaged/Rogue Device

3RD Party VPN PBX

INTERNET

Windows Server 2003

Sales Data Intranet DataFinancial Data

DOMAIN ISOLATION

SharePoint Server 2003

Domain Controller

Untrusted

• Access from untrusted devices– Ben’s Android Tablet accessing Internal SharePoint site– Ethan blocking access at network level to SharePoint

server using Windows 2008 R2 Server and Domain Isolation

Consumerize your IT – DEMOs

Access from Trusted Devices

Quarantine Network

Desktop Phone

Smart phone

Unmanaged/Rogue Device

3rd Party AM

Windows Server 2003

UNTRUSTED

Windows XPOffice 2003

Work Station/Office

Windows XPOffice 2003

CORPORATE NETWORK

ModernGateway

Direct Access Server

SMS 2003

X

ModernGateway

Remediate

Exchange 2003 PBX

INTERNET

Smart phone

Slate

Hotel

Office 2003

Office 2003 Office 2003

Financial Data Sales Data Intranet Data

DOMAIN ISOLATION

SharePoint Server 2003

Remediate

Network Access Protection

Untrusted

Domain Controller

Productivity with Office 365

UNTRUSTED

CORPORATE NETWORK

Office 2003

Exchange 2003OWA

Smart phone

Slate

PBX

On the Road

Desktop Phone

Work Station/Office

Office 2003

Windows Server 2003

Financial Data Sales Data Intranet Data

DOMAIN ISOLATION

INTERNET

SharePoint Server 2003

SharePoint

XExchange

X

ADFS Domain Controller

ADFS Web Proxy

Direct Access Server

ModernGateway

Untrusted

Lync

• Productivity on any device with O365 & SharePoint

• Work on your Phone– Co-authoring with Office Web Apps

Cynthia on Android slate Alice on Windows PC & iPhone Ben on iPad

– Lync Communications

Consumerize your IT – DEMOs

Mobile Device Management

SharePointExchange Lync

UNTRUSTED

CORPORATE NETWORK

Office 2003 Smart phone

Slate

PBX

X

Web Browser

Stolen Devices!Desktop

Phone

Work Station/Office

WipedWiped

Windows Server 2003

Financial Data Sales Data

DOMAIN ISOLATION

Direct Access Server

ModernGateway

ADFS Web Proxy

Hotel

Domain Controller

X

Untrusted

ADFS

Partial trust

INTERNET

• Mobile Device Management – SCCM remote wipe of Ben’s iPad and iPhone

Consumerize your IT – DEMOs

Information Protection—AD Rights Management Services

SharePointExchange Lync

LBI

UNTRUSTED

Desktop Phone

Workstation/Office

CORPORATE NETWORK

INTERNET

BitLocker Encrypted

AD RMS

SlateSmart phone

PBX

MBI

Stolen Devices!

Office 2003

AD RMSWindows Server

2003

HBI

DOMAIN ISOLATION Financial Data Sales Data

_

Direct Access Server

ModernGateway

ADFS Web Proxy

Domain Controller

AD RMS

Untrusted

ADFS

Partial trust

Cloud Management and Security—Windows Intune

AD RMS

UNTRUSTED DOMAIN ISOLATION

AD RMS

MBI HBI

PBX

Desktop Phone

Work Station/Office

Client Installed

CORPORATE NETWORK

Direct Access Server

ModernGateway

ADFS Web Proxy

Domain Controller

Untrusted

New Windows

Phone

New Slate

ADFS

Partial trust

SharePointExchange Lync

LBI

AD RMS

Software Installed

Desktop Virtualization

AD RMSVDI / RDS

PBX

INTERNET

New Slate

UNTRUSTED

Desktop Phone

Work Station/Office

CORPORATE NETWORK

DOMAIN ISOLATION

AD RMS

MBI HBI

Virtual Desktop

Direct Access Server

ModernGateway

ADFS Web Proxy

On the Road

Domain Controller

Untrusted

ADFS

Partial trust

New Windows

Phone

SharePointExchange Lync

LBI

AD RMS

Personalized Experiences—User State Virtualization

AD RMS

UNTRUSTED DOMAIN ISOLATION

AD RMS

MBI HBI

PBX

Profile File Storage

VDI / RDS

Virtual Desktop

Data Sync

Profile Sync

INTERNET

Direct Access Server

ModernGateway

ADFS Web Proxy

On the Road

Domain Controller

Untrusted

ADFS

Partial trust

New Slate

New Windows

Phone

SharePointExchange Lync

LBI

AD RMS

CORPORATE NETWORK

Desktop Phone

Work Station/Office

Personalized Experiences—User Centric App Delivery

AD RMS

UNTRUSTED DOMAIN ISOLATION

AD RMS

CORPORATE NETWORK

PBX

APP-V Sequencer

VDI / RDS

Desktop Phone

Work Station/Office

Virtual Desktop

INTERNET

Direct Access Server

ModernGateway

ADFS Web Proxy

On the Road

Domain Controller

ADFS

New Slate

New Windows

Phone

SharePointExchange Lync

LBI

AD RMS

Untrusted Partial trust

Profile File Storage

MBI HBI

• User Centric Application Delivery– Ben being able to install applications from self service

portal on his laptop while on the road connected to CORP via DirectAccess

• User State Virtualization– Ben saving documents to my documents and desktop on

Laptop while on the road connected to CORP via DirectAccess

Consumerize your IT – DEMOs

• Desktop Virtualization– Ben’s new device (BYOD) connecting up to Corp desktop

over internet

• User State Virtualization– Ben’s saved documents and settings automatically getting

restored to the virtual desktop

• Information Protection– Ben sending an AD RMS protected email and document

from virtual desktop

Consumerize your IT – DEMOs

Work on Your Phone

AD RMS

UNTRUSTED DOMAIN ISOLATION

AD RMS

MBI HBI

CORPORATE NETWORK

APP-V Sequencer

VDI / RDS

Virtual Desktop

PBX

INTERNET

On the Road

Direct Access Server

ModernGateway

ADFS Web Proxy

Domain Controller

ADFS

New Slate

New Windows

PhoneUntrusted Partial trust

SharePointExchange Lync

LBI

AD RMS

Desktop Phone

Work Station/Office

XProfile File Storage

Consumerization of IT Strategy

Choose Your Own

Enterprise Full Control

Freedom

Control

Your decision should be based on the level of Freedom vs. Control you need

What needs to be managed?

Device Policy

Management & Access Policy

Corporate

Parital

Policy and Access—Effective Access

Unknown

User NamePassword

EAS, Domain Join, Group Policy

User NamePasswordCertificate (Optional)

SCCM, SCEP, NAPDomain Join, Group Policy, SCCM client

User NamePasswordCertificate

Known

Known

Unknown

Tru

st

Device Identity Policy Applied Policy Compliant

Public

Proxied

Corporate Partial

Corporate Full

EAS connected deviceNon-domain joined PC with Windows Intune

Domain joined PC out of compliance

Physical Windows PC with TPM, BitLocker and DirectAccessDesktop Virtualation machine (VDI)

Windows, Windows Phone, Android, iPad, iPhone

Any Device DeviceExamples

AccessLow

High

Services: Full Application Access, User-CentricWhere: Anywhere with internet seamlessly OR OfflineData: HBI, MBI, LBI

Services: Limited local, Remote optionsWhere: Offline & OnlineData: EAS – LBI or MBI/HBI with AD RMSPCs – LBI-HBI with bitlocker & manage to compliance

Services: Remote Desktop, Remote Apps, Web Apps, Modern GatewayWhere: Online onlyData: Remote only, No local

Services and Data Access

Examples

Any DeviceServices: noneWhere: CORPData: none

• IT Camps Public homepagehttp://aka.ms/itcamps

• Consumerization of IT Technology – Device Matrixhttp://aka.ms/CoITMatrix (anyone with a link)

• Microsoft Virtual Academy (MVA)http://www.MicrosoftVirtualAcademy.com

Related Resources

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be substantially modified before it’s commercially released.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.