ed baker – are you intune with your enterprise devices
TRANSCRIPT
![Page 1: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/1.jpg)
Classified as Microsoft General
ARE YOU INTUNE WITH YOUR ENTERPRISE DEVICES?Ed Baker
Microsoft UK
Technical Evangelist
@edbaker1965
ed-baker.com
![Page 2: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/2.jpg)
Classified as Microsoft General
Who Am I?
I am Ed Baker– Technical Evangelist
@ Microsoft UK
I tweet from @edbaker1965
I blog at ed-baker.com
Email me [email protected]
When not tweeting/blogging/presenting
I like to bake and ride motorbikes, not normally at the same time though.
![Page 3: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/3.jpg)
Classified as Microsoft General
AGENDA
Security Landscape
Identity is the new control plane
Enterprise Mobility & Security
Mobile Application Management – Intune
Cloud App Security
Demonstrations
![Page 4: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/4.jpg)
Classified as Microsoft General
SECURITY LANDSCAPE
![Page 5: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/5.jpg)
Mobile-first, cloud-first reality
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
63% 0.6%IT budget growth
Gartner predicts global IT spend
will grow only 0.6% in 2016.
Shadow IT
More than 80 percent of employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
![Page 6: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/6.jpg)
Enterprise Mobility + Security The Microsoft vision
Identity Driven Security
Managed Mobile Productivity
Comprehensive Solution
AppsDevices DataUsers
![Page 7: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/7.jpg)
![Page 8: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/8.jpg)
Classified as Microsoft General
IDENTITY IS THE NEW CONTROL PLANE
![Page 9: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/9.jpg)
Identity as the control plane
On-premises
Windows ServerActive Directory
![Page 10: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/10.jpg)
Identity as the control plane
On-premises
Windows ServerActive Directory
VPN
BYO
SaaSAzure
Cloud
Publiccloud
Customers
Partners
![Page 11: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/11.jpg)
Identity as the control plane
On-premises
Windows ServerActive Directory
VPN
BYO
Microsoft Azure Active Directory
Azure
Cloud
Publiccloud
Customers
Partners
![Page 12: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/12.jpg)
Customers
Azure AD as the control plane
On-premises
Partners
Azure
Cloud
Publiccloud
Microsoft Azure Active Directory
BYO
Windows ServerActive Directory
![Page 13: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/13.jpg)
33,000Enterprise Mobility +
Security | Azure AD
Premium enterprise
customers
>110kthird-party
applications used
with Azure AD
each month
>1.3
billion authentications every
day on Azure AD
More than
750 Muser accounts on
Azure AD
Azure AD
Directories
>10 M
85% of Fortune 500
companies use
Microsoft Cloud
(Azure, O365, CRM Online, and PowerBI)
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
• Microsoft “Identity Management as a Service
(IDaaS)” for organizations.
• Millions of independent identity systems
controlled by enterprise and government “tenants.”
• Information is owned and used by the controlling
organization—not by Microsoft.
• Born-as-a-cloud directory for Office 365. Extended
to manage across many clouds.
• Evolved to manage an organization’s relationships
with its customers/citizens and partners (B2C and
B2B).
![Page 14: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/14.jpg)
Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps
Manage access at scale
Manage identities and access at scale in the cloud
and on-premises
Ensure user and admin accountability with better security and governance
Enable business without borders
Stay productive with universal access to every app and collaboration capability
Azure Active Directory. Identity at the core of your business
1000s of apps, 1 identity
Cloud-powered protection
![Page 15: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/15.jpg)
Classified as Microsoft General
ENTERPRISE MOBILITY & SECURITY
![Page 16: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/16.jpg)
The network
perimeter has
vanished
Attacks have
become organized,
targeted, and
persistent
More than 1,000
businesses
affected by cyber
attacks
Another major
retailer hacked
With mobility come new security challenges
You want to
have visibility
and control in
the cloud
![Page 17: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/17.jpg)
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudLife before cloud
On-premises
Storage, corp data Users
![Page 18: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/18.jpg)
Is it possible to keep up?
Employees Business partners Customers
Microsoft’s vision
Apps DevicesUsers Data
![Page 19: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/19.jpg)
Is it possible to keep up?
Employees Business partners Customers
Microsoft’s vision
Apps DevicesUsers Data
![Page 20: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/20.jpg)
This is why the solution needs to be comprehensive
The problem is complex
75%Exploited credentials
“I can log in with Matt’s credentials and lay low in the network.” Hacker
Mobility60%
“I would like to send this customer file to one of our vendors so they can take a look.” Matt
“I’ll save the file to my cloud storage app so I can work on it from home.” Matt
“I would work on this file on my tablet while I am waiting for my flight at the airport.” Matt
88%Losing control of data
80%Non-approved SaaS app use
![Page 21: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/21.jpg)
Access to everything
from everythingSecure devices, apps,
and data
Preserve existing
invesments
Customer’s needs
Integrated,
secure identity
It protects
Office betterIt just works
Microsoft’s Solution
Empower Enterprise Mobility
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
![Page 22: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/22.jpg)
Intune
Azure Rights
Management and
Secure IslandsProtect your users, devices, and apps
Detect problems early with visibility
and threat analytics
Protect your data, everywhere
Extend enterprise-grade security to your cloud and SaaS apps
Manage identity with hybrid integration to protect application
access from identity attacks
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Identity Protection
![Page 23: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/23.jpg)
Enterprise Mobility Suite
Identity and access
management
Azure Active
Directory
Mobile device and
app management
Intune
Information
protection
Azure Rights
Management
User and entity
behavioral analytics
Advanced Threat
Analytics
Cloud and SaaS
app security
Cloud App Security
Bring enterprise-grade
visibility, control, and
protection to your
cloud applications.
![Page 24: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/24.jpg)
Classified as Microsoft General
MOBILE APPLICATION MANAGEMENT – INTUNE
![Page 25: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/25.jpg)
Protect your data
Devices DataApps
Enable your users Unify your environment
Help organizations enable their users to be productive on the
devices they love while keeping corporate assets secure.
ITUser
![Page 26: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/26.jpg)
DMZ InternetCorporate network
Policies• Filter EAS• Filter web access• Filter or block mobile app access• Block unmanaged devices• Prevent downloads• Force multifactor authentication• Require domain joined• Force traffic via proxy/VPN
Active
Directory
PCs
SharePointServer
Exchange Server
Traditional access control to corporate data
Mobile
devices
Browsers
![Page 27: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/27.jpg)
The current reality…
![Page 28: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/28.jpg)
On-premise data
Controlling access to data
App
Mobile app is managed
Mobile app reputation
SaaS app sensitivity
Other
Network location
Breach detected
Device
Managed (Intune or CM)
Compliant
Risky behavior
User
Group memberships
Auth strength (MFA)
Risky behavior
Conditional access with EMS
![Page 29: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/29.jpg)
Containing data after it has been accessed
Managed apps
Personal appsPersonal apps
Managed apps Corporate data
Personaldata
Protect corp data
Control sharing and
downloading
ITMonitor andrestrict activity
![Page 30: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/30.jpg)
• Enrolling corporate devices for
management
• Enrolling personal devices for
management
• Provisioning settings, certs, profiles
• Reporting device inventory
• Measuring device compliance
• Removing corporate data from devices
• All of the above using OS standards
Mobile Device
Management
• Publishing mobile apps to users
• Configuring mobile apps
• Securing corporate data in mobile apps
• Removing corporate data from mobile
apps
• Updating mobile apps
• Reporting app inventory and usage
• All of the above with or without MDM
Mobile App
Management
![Page 31: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/31.jpg)
IT managed
• Information worker
• Shared
Employee managed
• Companion
• Primary
Foreign managed
• Contractor
• Public kiosk
![Page 32: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/32.jpg)
Classified as Microsoft General
CLOUD APP SECURITY
![Page 33: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/33.jpg)
of enterprises indicated security as a top challenge holding back SaaS adoption*
73%
SaaS adoption challenge
• Cloud Security Alliance (CSA) survey, Cloud Adoption, Practices and Priorities Survey Report 2015** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
>80% of employees admit to using non-approved SaaS apps in their jobs**
80%
![Page 34: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/34.jpg)
How do I know what apps
are used in my environment?
Shadow IT
How do I ensure appropriate
access to my cloud apps?
Access control
Visibility/reporting
How do I gain visibility into
cloud apps and usage?
How do I prevent
data leakage?
Data protectionThreat prevention
How do I know if my users
have been breached?
How do I address
regulatory mandates?
Compliance
![Page 35: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/35.jpg)
Based on Adallom acquisition
Cloud-delivered service bringing
visibility and control to cloud apps
Comprehensive and proven protection
Committed to supporting third-party
cloud applications
![Page 36: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/36.jpg)
No agents required on
user devices for discovery
Comprehensive controls
for your sanctioned apps
Enterprise-grade: simple
to deploy and manage
Builds on broader Microsoft
security platform
Deeply integrated with
Office 365
Threat detection draws from
Microsoft’s security intelligence
![Page 37: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/37.jpg)
DiscoveryGain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data controlShape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protectionIdentify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
Integrate with existing security, mobility, and encryption solutions
![Page 38: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/38.jpg)
Integrate with existing security, mobility, and encryption solutions
Discovery
• Discover 13,000+ cloud apps in use—no agents required
• Identify all users, IP addresses, top apps, top users
Shadow IT discovery Risk scoring
• Get an automated risk score driven by 60+ parameters
• See each app’s risk assessment based on its security mechanisms and compliance regulations
• Ongoing risk detection, powerful reporting, and analytics on users, usage patterns, upload/download traffic, and transactions
• Ongoing anomaly detection for discovered apps
Ongoing analytics
![Page 39: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/39.jpg)
DLP and data sharingPolicy definition
• Set granular-control security policies for your approved apps
• Use out-of-the-box policies or customize your own
• Prevent data loss both inline and at rest
• Govern data in the cloud, such as files stored in cloud drives, attachments, or within cloud apps
• Use pre-defined templates or extend existing DLP policies
Policy enforcement
• Identify policy violations, investigate on a user, file, activity level
• Enforce actions such as quarantine and permissions removal
• Block sensitive transactions, limit sessions for unmanaged devices
Data control
![Page 40: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/40.jpg)
• Identify anomalies in your cloud environment which may be indicative of a breach
• Leverage behavioral analytics (each user’s interaction with SaaS apps) to assess risk in each transaction
Behavioral analytics Attack detection
• Identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with vast Microsoft threat intelligence
• Coming soon: send any file through real-time behavioral malware analysis
Threat prevention
![Page 41: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/41.jpg)
Shadow IT
Sanctioned
App Security
Visibility and
control
Compliance and
regulations
Integration with
existing systems and
workflows
Cloud security
expertise
Cloud Discovery
![Page 42: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/42.jpg)
Discover
Investigate
Alerts
Control
![Page 43: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/43.jpg)
Discover
Investigate
Alerts
Control
![Page 44: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/44.jpg)
Alerts
Discover
Investigate
Control
![Page 45: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/45.jpg)
Discover
Investigate
Alerts
Control
![Page 47: Ed Baker – Are YOU Intune with your Enterprise Devices](https://reader031.vdocuments.net/reader031/viewer/2022022419/587dc1dd1a28ab1b498b6359/html5/thumbnails/47.jpg)
Discovery
• Use traffic logs to discover and analyze which cloud apps are in use
• Manually or automatically upload log files for analysis from your firewalls and proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud app providers
• Connect an app and extend protection by authorizing access to the app. Cloud App Security queries the app for activity logs and scans data, accounts, and cloud content
App connectors
Cloud discoveryProtected
Cloud apps
Cloud traffic
Cloud traffic logs
Firewalls
Proxies
Your organization from any location
API
Cloud App Security