nytt og hot i enterprise mobility + security › nextlevel › presentasjoner ›...
TRANSCRIPT
Enterprise Mobility + Security(EM+S)
Nytt og Hot i Enterprise Mobility + Security
Jan Vidar Elven
Arkitekt
MVP Enterprise Mobility
Microsoft Threat ProtectionMicrosoft Ignite, Orlando 2018
Sikkerhet vs. “Happy Vibes”
Nytt og Hot - IdentitetPassordløst | Identity Governance | Microsoft Secure Score | B2B
Alle hater passord…
Brukere hater passord
Alfanumeriske passord er vanskelige å huske
Password manager løsninger er
kompliserte og er bare mer jobb
Det er vanskelig å skrive inn passord på mobile
enheter
Credential reuse across multiple services increases attack surfaces
Even the strongest passwords are easily phishable
279% more enterprise securityincidents from 2016 to 2017
81% of hacking-related breaches leveraged either stolen and/or weak passwords
OTA Cyber incidents Report 2018 I Verizon Cybercrime Case Studies 2017
IT hater passord
Mest frekvent avslåtte passord fra siste uke før Ignite..
Hackere passord
Windows Hello Microsoft Authenticator FIDO2 Security Keys
Hvordan komme til en verden uten passord
Autentisering med høy styrke, høy sikkerhet og tilgjengelige metoder
Identity Governance• Identitetsstyring kommer til
Azure AD
• Entitlement management• Admins kan lage policier for
ressurser som grupper, apper, og siter.
• Automatisere prosess for gi tilgang til ansatte og partnere.
• My Access portal• Ansatte og partnere kan be om
tilgang til disse entitlements, og forretningsledere kan godkjenneforespørsler.
Microsoft Secure Score
B2B• Azure AD B2B støtter nå federering med Google
• Gjelder bare personlige Google kontoer, som @gmail.com• Foreløpig ikke GCP
Felles registrering for SSPR og Azure MFA
https://aka.ms/setupsecurityinfo
https://aka.ms/MFASetup
https://aka.ms/SSPRSetup
FØR NÅ
Modern ManagementManagement og Beskyttelse av Enheter og Applikasjoner
- Powered by Cloud
Apps without app protection policies
Data protection with app protection policies
Data protection with app protection policies on devices managed by a MDM solution
Data protection with app protection policies for devices without enrollment
Managed Apps Policy TargetTargeted Apps iOS Targeted Apps Android
• Outlook• OneDrive• OneNote• Skype for Business• Yammer• Word• Excel• PowerPoint• Microsoft Teams• Microsoft Planner• Microsoft Dynamics CRM on iPhone/iPad• Microsoft Connections• Managed Browser • Edge• Microsoft PowerBI• Microsoft SharePoint• Microsoft Visio Viewer• Azure Information Protection• Adobe Acrobat Reader for Intune• Microsoft Invoicing• Microsoft Kaizala• Microsoft StaffHub
• Outlook• OneDrive• OneNote• Skype for Business• Yammer• Word• Excel• PowerPoint• Microsoft Teams• Microsoft Planner• Dynamics CRM for Phones/Tablets
• Managed Browser• Edge• Microsoft Power BI• Microsoft SharePoint
• Azure Information Protection• Adobe Acrobat Reader for Intune• Microsoft Invoicing• Microsoft Kaizala• Microsoft StaffHub• Microsoft Launcher
Applikasjonsbeskyttelse policierEnrolled Devices (iOS, Android) Without Enrollment (iOS, Android)
Data Relocation:
• Prevent iTunes & iCloud Backup: Yes
• Allow app to transfer data to other apps: Policy managed apps
• Allow app to receive data from other apps: All
• Prevent Save As: Yes (allow OneDrive for Business, SharePoint,
Local Storage)
• Restrict cut, copy, and paste with other apps: Policy managed
apps with paste in
• Restrict web content to display in Managed Browser: No
• Encrypt app data: Yes
• Disable contacts sync: No
• Disable printing: No
Data Relocation:
• Prevent iTunes & iCloud Backup: Yes
• Allow app to transfer data to other apps: Policy managed apps
• Allow app to receive data from other apps: Policy managed apps
• Prevent Save As: Yes (allow OneDrive for Business, SharePoint)
• Restrict cut, copy, and paste with other apps: Policy managed
apps
• Restrict web content to display in Managed Browser: Yes
• Encrypt app data: Yes
• Disable contacts sync: No
• Disable printing: No
Access Actions:
• Require PIN for access: Yes, Numeric, PIN length 4. Allow
fingerprint/facial recognition.
• Disable App PIN when device PIN is managed: Yes
Access Actions:
• Require PIN for access: Yes, Numeric, PIN length 4. Allow
fingerprint/facial recognition.
• Disable App PIN when device PIN is managed: No
Firmaportal og Managed Apps
InformasjonsbeskyttelseAzure Information Protection | Unified Labels | Cloud App Security
Unified Labeling• Migrering av Azure Information Protection label til Office 365
Security & Compliance (Preview)
• Unified Labeling Client• Preview for Windows
• Office Insider for Mac
Cloud App Security• Azure AD Conditional Access integrasjon for Office 365 SaaS Apps
• Integrasjon med Windows Defender ATP for Cloud Discovery (“Shadow IT”)
• Microsoft Classification Service