consumerization of it msl jumpstart keynote
DESCRIPTION
Learn about how Microsoft is addressing consumerization of IT. This was part of Microsoft Learning's Jumpstart event on Enabling Consumerization of IT which I delivered. For the videos, see: http://aka.ms/consumerITTRANSCRIPT
Embracing the Consumerization of IT Jump StartModule 1: Keynote—Enabling the Consumerization of IT
Bill AndersonPrincipal Program Manager
David TesarTechnical Evangelist
• Microsoft Principal Program Manager– Over 15 years with Microsoft System – Started as pre-sales engineer, then Microsoft Consultant – Been on System Center Configuration Manager (a.k.a
SCCM or SMS) product since 2001– His team drove the User Centric changes in the
Configuration Manager 2012 release.
• Over 20 years experience in systems management space
Meet Bill Anderson
• Microsoft Technical Evangelist, DPE– With Microsoft since 2002, Evangelist since 2007– Prior: Support Escalation Engineer & Premier Field Engineer– Creates technical content, speaks at myriad of Microsoft
and industry-sponsored events, and workis directly with customers
– Works closely with Microsoft product teams to “share the good news” of IT Pro-relevant software
• Areas of focus have included:– Windows Azure security, Windows Intune, various Forefront
security products, Internet Explorer, and all the products and technologies related to the “consumerization of IT” trend
Meet David Tesar | @dtzar
• First module – 200-level all shipped products– Not “become deep expert in each of product”
• Modules 2-8 – 300-level for specific scenarios
• No: Windows 8 client
• Yes: Windows Server 2012, vNext: Intune, App-V, UeV
Course Expectations
Designing Lync Server 2010 Jump Start
Day 1: Device Management Day 2: Data Access
Mod 1: KEYNOTE— Enabling the Consumerization of IT Mod 5: Productive with Office 365
Mod 2: End-to-End Security & Access Mod 6: Information Protection
Mod 3: User-Centric Application Delivery Mod 7: Cloud Security and Management
Mod 4: Mobile Device Management Mod 8: Desktop Virtualization
• Consumerization of IT Overview
• Scenario: Consumerize Contoso Financial’s IT
• Consumerization Business policy & strategy
Module Agenda
A minute in the history of the work environment…Location Screen An activity
Sources:International Telecommunications Union, “Tablet Demand and Disruption” Morgan Stanley, IDC
We are all consumers and workers already.Just depending on what you are doing now…
A minute in the history of the work environment…
Around 371 Million Computers Sold in 2011
Around 6 Billion Cell phones Worldwide
Sources:International Telecommunications Union, “Tablet Demand and Disruption” Morgan Stanley, IDC
16 phones per PC
2 Billion Mobile Internet device today in the world
Only 20% of tablet owners use the device for content creation
2/3 of companies world wide have adopted tablets
Around 21 Million Tablets Worldwide
17 PC’s per Tablet, 285 Phones per Tablet
A minute in the history of the work environment…
CONSUMERIZATION HAS ALREADY HAPPENED…
Broaden your impact
Enable users to work how, when and where they want
Differentiate your organization
Your OpportunityOur commitment to you
INTEGRATES POPULAR SOCIAL TOOLS & APPS
Best productivity experience
PC
PHONE
BROWSER
Unified application development
Security and management to support flexible workstyles
BEST ON WINDOWS-BASED DEVICES & BEST-IN-CLASS ON OTHER DEVICES
Windows-based devicesthat people love
Embracing the Consumerization of ITWe have four pillars to our strategy
Flexible Workstyle SolutionsREADY AND PRODUCTIVE
ANYWHEREPERSONALIZED
EXPERIENCEINTELLIGENT
INFRASTRUCTURE
Work from a branch office
Work on the road
Work on your own device
Work on your phone
End to end security and access
Personalized Windows devices
Optimized application infrastructure
Unified management on-premises and from the
cloud
THE OLD WAY…
The Old Way - Infrastructure
SMS 2003
SharePoint Server 2003
3rd Party AM
Exchange 2003
INTERNET
Financial Data Sales Data Intranet Data
SharePoint Server 2003
Windows Server
2003
CORPORATE NETWORK
3RD Party VPN
Cell phone
PBX
Windows Server
2003 AD DC
Windows XPOffice 2003
Desktop Phone
Work Station/Office
Windows XPOffice 2003
Policy and Access—Effective Access
Unknown
User NamePassword
EAS or BESUser NamePassword
Domain Join, Group Policy, 3rd Party AV,
SMS 2003 client
User NamePassword
Known
Known
Unknown
Tru
st
Device Identity Policy Applied
Full Network Access
See what works
Email Access
Full Access
EAS connected device, if works with Exchange 2003Blackberries
Corporate provided Windows XP PCs
Any device - Unsupported
DeviceExamples
AccessLow
High
Services: Full Application Access, device-centricWhere: Offline local or Online via CORP or PPTP/L2TP VPNData: All types of data, no local data protection
Services: Email and documents attached to emailWhere: Offline & OnlineData: All types of data, only protection via EAS or BES policy
Services: Hope it works with credentialsWhere: CORP network OR Outlook Web Access (OWA) onlineData: All types of data unprotected Services and
Data AccessExamples
People in Ethan’s organization want to use smartphones, slates, tablets, and laptops connect to the corporate network. Can he maintain compliance and ensure corporate data is safe on all devices?
EthanSystems EngineerContoso Financial Network
Ultimate safety hero, but open to new ideas.
Ben has lots of devices and travels frequently.How can he be productive on all of his devices with all the personal things he’s used to while on-the-road?
Ben SmithGlobal Business Development ManagerContoso Financial Network
Self-proclaimed gadget geek.
Lisa is very tired and keeps getting bugged by Ben to help him close a customer deal. Can she work from home in her pajamas?
Alice CiccuTechnical AdvisorContoso Financial
Doesn’t know the meaning of impossible.
Access from Untrusted Devices
SharePoint Server 2003
3rd Party AM
Exchange 2003
INTERNET
SharePoint Server 2003
Windows Server 2003
CORPORATE NETWORK
3RD Party VPN
DOMAIN ISOLATION
SERVER ISOLATION
X
UNTRUSTED
Windows XPOffice 2003
SMS 2003 PBX
Desktop Phone
Work Station/Office
Smart phone
Slate Windows XPOffice 2003
Financial Data Sales Data Intranet Data
Windows Server 2003 AD DCDomain ControllerUntrusted
Access from Untrusted Devices
3rd Party AM
UNTRUSTED
Windows XPOffice 2003
Desktop Phone
Work Station/Office
Smart phone
Windows XPOffice 2003
CORPORATE NETWORK
ModernGateway
Exchange 2003SMS 2003
Unmanaged/Rogue Device
3RD Party VPN PBX
INTERNET
Windows Server 2003
Sales Data Intranet DataFinancial Data
DOMAIN ISOLATION
SharePoint Server 2003
Domain Controller
Untrusted
• Access from untrusted devices– Ben’s Android Tablet accessing Internal SharePoint site– Ethan blocking access at network level to SharePoint
server using Windows 2008 R2 Server and Domain Isolation
Consumerize your IT – DEMOs
Access from Trusted Devices
Quarantine Network
Desktop Phone
Smart phone
Unmanaged/Rogue Device
3rd Party AM
Windows Server 2003
UNTRUSTED
Windows XPOffice 2003
Work Station/Office
Windows XPOffice 2003
CORPORATE NETWORK
ModernGateway
Direct Access Server
SMS 2003
X
ModernGateway
Remediate
Exchange 2003 PBX
INTERNET
Smart phone
Slate
Hotel
Office 2003
Office 2003 Office 2003
Financial Data Sales Data Intranet Data
DOMAIN ISOLATION
SharePoint Server 2003
Remediate
Network Access Protection
Untrusted
Domain Controller
Productivity with Office 365
UNTRUSTED
CORPORATE NETWORK
Office 2003
Exchange 2003OWA
Smart phone
Slate
PBX
On the Road
Desktop Phone
Work Station/Office
Office 2003
Windows Server 2003
Financial Data Sales Data Intranet Data
DOMAIN ISOLATION
INTERNET
SharePoint Server 2003
SharePoint
XExchange
X
ADFS Domain Controller
ADFS Web Proxy
Direct Access Server
ModernGateway
Untrusted
Lync
• Productivity on any device with O365 & SharePoint
• Work on your Phone– Co-authoring with Office Web Apps
Cynthia on Android slate Alice on Windows PC & iPhone Ben on iPad
– Lync Communications
Consumerize your IT – DEMOs
Mobile Device Management
SharePointExchange Lync
UNTRUSTED
CORPORATE NETWORK
Office 2003 Smart phone
Slate
PBX
X
Web Browser
Stolen Devices!Desktop
Phone
Work Station/Office
WipedWiped
Windows Server 2003
Financial Data Sales Data
DOMAIN ISOLATION
Direct Access Server
ModernGateway
ADFS Web Proxy
Hotel
Domain Controller
X
Untrusted
ADFS
Partial trust
INTERNET
• Mobile Device Management – SCCM remote wipe of Ben’s iPad and iPhone
Consumerize your IT – DEMOs
Information Protection—AD Rights Management Services
SharePointExchange Lync
LBI
UNTRUSTED
Desktop Phone
Workstation/Office
CORPORATE NETWORK
INTERNET
BitLocker Encrypted
AD RMS
SlateSmart phone
PBX
MBI
Stolen Devices!
Office 2003
AD RMSWindows Server
2003
HBI
DOMAIN ISOLATION Financial Data Sales Data
_
Direct Access Server
ModernGateway
ADFS Web Proxy
Domain Controller
AD RMS
Untrusted
ADFS
Partial trust
Cloud Management and Security—Windows Intune
AD RMS
UNTRUSTED DOMAIN ISOLATION
AD RMS
MBI HBI
PBX
Desktop Phone
Work Station/Office
Client Installed
CORPORATE NETWORK
Direct Access Server
ModernGateway
ADFS Web Proxy
Domain Controller
Untrusted
New Windows
Phone
New Slate
ADFS
Partial trust
SharePointExchange Lync
LBI
AD RMS
Software Installed
Desktop Virtualization
AD RMSVDI / RDS
PBX
INTERNET
New Slate
UNTRUSTED
Desktop Phone
Work Station/Office
CORPORATE NETWORK
DOMAIN ISOLATION
AD RMS
MBI HBI
Virtual Desktop
Direct Access Server
ModernGateway
ADFS Web Proxy
On the Road
Domain Controller
Untrusted
ADFS
Partial trust
New Windows
Phone
SharePointExchange Lync
LBI
AD RMS
Personalized Experiences—User State Virtualization
AD RMS
UNTRUSTED DOMAIN ISOLATION
AD RMS
MBI HBI
PBX
Profile File Storage
VDI / RDS
Virtual Desktop
Data Sync
Profile Sync
INTERNET
Direct Access Server
ModernGateway
ADFS Web Proxy
On the Road
Domain Controller
Untrusted
ADFS
Partial trust
New Slate
New Windows
Phone
SharePointExchange Lync
LBI
AD RMS
CORPORATE NETWORK
Desktop Phone
Work Station/Office
Personalized Experiences—User Centric App Delivery
AD RMS
UNTRUSTED DOMAIN ISOLATION
AD RMS
CORPORATE NETWORK
PBX
APP-V Sequencer
VDI / RDS
Desktop Phone
Work Station/Office
Virtual Desktop
INTERNET
Direct Access Server
ModernGateway
ADFS Web Proxy
On the Road
Domain Controller
ADFS
New Slate
New Windows
Phone
SharePointExchange Lync
LBI
AD RMS
Untrusted Partial trust
Profile File Storage
MBI HBI
• User Centric Application Delivery– Ben being able to install applications from self service
portal on his laptop while on the road connected to CORP via DirectAccess
• User State Virtualization– Ben saving documents to my documents and desktop on
Laptop while on the road connected to CORP via DirectAccess
Consumerize your IT – DEMOs
• Desktop Virtualization– Ben’s new device (BYOD) connecting up to Corp desktop
over internet
• User State Virtualization– Ben’s saved documents and settings automatically getting
restored to the virtual desktop
• Information Protection– Ben sending an AD RMS protected email and document
from virtual desktop
Consumerize your IT – DEMOs
Work on Your Phone
AD RMS
UNTRUSTED DOMAIN ISOLATION
AD RMS
MBI HBI
CORPORATE NETWORK
APP-V Sequencer
VDI / RDS
Virtual Desktop
PBX
INTERNET
On the Road
Direct Access Server
ModernGateway
ADFS Web Proxy
Domain Controller
ADFS
New Slate
New Windows
PhoneUntrusted Partial trust
SharePointExchange Lync
LBI
AD RMS
Desktop Phone
Work Station/Office
XProfile File Storage
Consumerization of IT Strategy
Choose Your Own
Enterprise Full Control
Freedom
Control
Your decision should be based on the level of Freedom vs. Control you need
What needs to be managed?
Device Policy
Management & Access Policy
Corporate
Parital
Policy and Access—Effective Access
Unknown
User NamePassword
EAS, Domain Join, Group Policy
User NamePasswordCertificate (Optional)
SCCM, SCEP, NAPDomain Join, Group Policy, SCCM client
User NamePasswordCertificate
Known
Known
Unknown
Tru
st
Device Identity Policy Applied Policy Compliant
Public
Proxied
Corporate Partial
Corporate Full
EAS connected deviceNon-domain joined PC with Windows Intune
Domain joined PC out of compliance
Physical Windows PC with TPM, BitLocker and DirectAccessDesktop Virtualation machine (VDI)
Windows, Windows Phone, Android, iPad, iPhone
Any Device DeviceExamples
AccessLow
High
Services: Full Application Access, User-CentricWhere: Anywhere with internet seamlessly OR OfflineData: HBI, MBI, LBI
Services: Limited local, Remote optionsWhere: Offline & OnlineData: EAS – LBI or MBI/HBI with AD RMSPCs – LBI-HBI with bitlocker & manage to compliance
Services: Remote Desktop, Remote Apps, Web Apps, Modern GatewayWhere: Online onlyData: Remote only, No local
Services and Data Access
Examples
Any DeviceServices: noneWhere: CORPData: none
• IT Camps Public homepagehttp://aka.ms/itcamps
• Consumerization of IT Technology – Device Matrixhttp://aka.ms/CoITMatrix (anyone with a link)
• Microsoft Virtual Academy (MVA)http://www.MicrosoftVirtualAcademy.com
Related Resources
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Some information relates to pre-released product which may be substantially modified before it’s commercially released.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.