what is microsoft enterprise mobility suite and how to deploy it
TRANSCRIPT
Introduction to
Microsoft Enterprise
Mobility Suite (EMS)
Peter De Tender – [email protected] - @pdtit
Session Outline
- Setting the Mobile Scene
- What is EMS and why do you need
it in your enterprise?
- Demo’s
- Q&A
of tech budgets
controlled by
departments
other than IT
27%
What’s on the mind of enterprise leaders in 2015?
CEO priorities
engaged
employees
satisfied
customers
Growing
expectation
personal,
individualized
service
Becoming moreresponsive
Transformingto a digital
believe they make
better and faster tech
decisions than IT
79% of C-level executives
Outperforming
enterprises are 54%more
likely to
Enhancingthe customer
experience
enhancing customer experiencetop priority
3/4decisionmakers
digitalsavvy
CEO’s businessperformance
bestindicatorof
Sense/
respond
business
model
Make/sell
business
model
of CxOs now look to partners who will
have an equal hand in creating
business value
60%
CxOs believe
social/digital
interaction is the
new imperative
7 in 10
Responding to
ongoing needs for
efficiency and growth
exploiting a
fundamentally different
digital paradigmdual goals
CIOs70%
to reduce
IT costs
Would
increase
risk
and accelerate
business agility
of
business
Mobile has become the new normalThe influence of consumer technology and always-on connectivity
“The nature of work has changed. Collaboration, data analysis, and mobility are now
critical levers for labor productivity. Yet, 60% of employees globally believe IT is
ineffective at providing these capabilities.”
time spent using digital media overtook
time spent watching TV
of enterprise BYOD programs will fail
60% will opt for mobile customer
service applications as first option
In 2015, most apps will sync, collect and analyze
deep data about users and their social graph
By 2017, mobile users will provide
personalized data streams to more
than 100 apps and services, every day
1/3 work on-premises, but frequently collaborate
away from their desks. 70% of these employees
are unhappy with their mobility capabilities.
–IT Impact Report: Five Key Findings on Driving Employee Productivity. CEB. Q1 2014.
In
2014
20%
Transforming to digital…and protecting assets in amobile-first, cloud-first world.
Reimagining the Enterprise with Microsoft Solutions
6
Empowering people…to be responsive and makean impact from anywhere.
Activating the business…with user-centricsolutions.
…comprehensive and connected solutions…
…culture of reliability, security and privacy…
Global excellence in hybrid cloud services…
…familiar and fluid experiences
…spanning consumer and business…
Current Microsoft IT standards
and buying tools available to
employees at //getdevices
Empowering people to choose their own devices
“I buy the smartphone and other
personal mobile devices I want”
“I choose the PC I want and order it through an
approved procurement channel”
Making it easy to connect and be productive
8
Company
Portal app
Enrollment
of personal
devices
Device Strategy
Framework in
most Enterprises
Low
Fre
edom
Hig
h Freed
om
Low Trust
High Trust
Making it easy to connect and be productive… NOT NOT NOT NOT NOT !!!!!
Your decision should be based on the level of
freedom vs. control you need
Here is your
own
On Your
OwnChoose your
own
Bring Your
Own
Choice
Enterprise Control
Microsoft’s
Device Strategy
Framework
Making it easy to connect and be productive… YES YES YES YES YES YES !!!!!
Common
Identity
Microsoft
Mobility
Solution
Cloud Services
Independent
Cloud App
Vendors
Specific product/service connections and data sync
Datacenter
Introducing the Enterprise Mobility Suite - EMS
Identity & Access Management
Mobile Device, App & Data Management
Information Protection
• Group management & security / audit reports• Self Service Password Reset & Multi-Factor Authentication• Connection between AD / Azure AD
• Information protection• Connection to on-premises assets• Rules-based engine to identify confidential content
• Mobile device settings management• Mobile app management• Selective wipe
Enabled via Azure Active Directory Premium:
Enabled via Microsoft Intune:
Enabled via Azure Rights Management Service:
Microsoft’s Enterprise Mobility Suite offers
Management of your identity and mobile devices
Enhanced security through policy & encryption
Cross-platform for iOS, Android and Windows
Conditional access to devices, apps and data
On-premises, hybrid and cloud architectures
Better
Office 365 + EMS
Desktop EA Customers(Windows Ent / Office / CAL Suites)
Desktop EA + O365
Customers(Windows Ent / Office / CAL Suites+O365)
Enterprise Mobility Suite(Microsoft Intune / Azure AD Premium / Azure RMS)
• Domain based Identity
Management (SSO for on prem
apps)
• Centralized PC Management
• Information Protection for On
prem Office
• Hybrid identity & SSO for O365
• MFA for O365
• Cloud based information
protection for O365 (E3/E4 only)
• Group Management & Security / audit reports• Self Service Password Reset & MFA• Connection between AD / Azure AD
• Information protection• Connection to on-premises assets
• Mobile device settings management• Mobile app management• Selective wipe
On Premises Solution
Cloud Solution
EMS additional benefits for O365 customers
Cloud and hybrid identity management
Mobile device management
Information protection
Enterprise Mobility
Suite
• Protection for O365 content
• Protection for on prem Exchange
SharePoint content• Access to RMS SDK• Bring your own Key
• Protection for on-premises
Windows Server file shares
• Basic Mobile Device Management
via EAS
• PIN enforcement
• Device wipe
• PC Management
• Mobile Device Management
• Mobile App Management
• Certificate Provisioning
• Selective wipe
• Single Sign on for O365
• Basic Multifactor Authentication
(MFA) for O365
• Single Sign on for all cloud apps
• Advanced MFA for all workloads
• Self Service group management
and password reset with write back
to on prem directory
• Advanced security reports
• FIM (Server + CAL)
Microsoft Azure Active Directory Premium
Pre-integrated for Single Sign On (SSO) to over 2,500+ popular SaaS apps
Easily add custom cloud-based apps.
Connect to your on-premises Windows Server Active Directory
SaaS apps
many apps, one identity repository
manage identities and access to cloud
apps
monitor and protect access to enterprise
apps
enable users
Comprehensive identity and access management console
Centralized management for assigning access to applications with groups
Secure business processes with advanced access management capabilities
Security reporting to track inconsistent access patterns
Included Multi-Factor authentication capabilities
Advanced machine-learning-based reporting
Consistent experience for SSO – the access panel
Tenant branded access panel
Self service password reset
Office 2007Office 2010Office 2013
Microsoft Azure Rights Management
protect your data
• Simplified data protection and collaboration – no on-premises infrastructure required
• Support for connection to on-premises Exchange, SharePoint and Windows Server FCI
• Bring your own Key with Hardware Security Module (HSM) – hosted key storage
• Near real-time customer-owned logging
• Office is our “first and best” partner –Office 2013, 2010, 2007
Microsoft Intune
enable users
unify your environment
protect your data
Market-leading, familiar client management tools extended with cloud-based MDM
Simplified, user-centric application management with profile configuration
Comprehensive settings management across platforms
Consistent Company Portal experiences across devices
Simplified enrollment
Automatic connection to apps and data
Selective wipe of corporate apps and data to protect sensitive information
Email profile configuration and selective wipe
Data protection configuration settings (iOS 7)
Azure
AD Premium
The current reality …
Self-service Singlesign on
•••••••••••
Username
Identity as the control plane
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Azure Active Directory Connect
Microsoft AzureActive Directory
Other Directories
PowerShell
LDAP v3
SQL (ODBC)
Web Services ( SOAP, JAVA, REST)
Your Directory on (and in…) the cloud
SaaS appsMicrosoft AzureActive DirectoryOther Directories
Your Directory on (and in…) the cloud
Preintegrated SaaS apps in the application gallery
alerts.
Monitor your applications usage in the cloud
Azure AD - Demo
Azure
Rights Management
Rights Management
Important: RMS never sees your DATA,
only your keys
Azure RMS is built on…
Encryption
Identity and access management
Policy enforcement
Access logging
Azure RMS deployment optionsfor
1) cloud-ready, 2) cloud-accepting, 3) cloud-averse customers
We’re all in for the cloud! We’re adopting O365 and we need
simple, secure collaboration.
Cloud-Ready
Cloud Ready
Integration
BYO Key
Sync
We’re ready for some cloud! We have Exchange, SharePoint, and Windows Server on-prem. We might
adopt O365, but we need simple, secure collaboration now.
Cloud Accepting
Cloud Accepting
Integration
BYO Key
Sync
Azure RMS
Connector
We’re not ready for the cloud yet! We have Exchange, SharePoint, and
Windows Server on-prem. We still need simple, secure collaboration.
Cloud-Averse
Cloud Averse
Integration
BYO Key
Sync
Azure RMS
Hub
Get started quickly with Azure RMS
Simple wizard driven
template definition
Get started quickly
with a single click1
Manage templates and
create with ease2 3
Working with Azure RMS templates
Expire content based on a
specified date3
Manage template lifecycle5
Enforce online connection or
allow offline access4
Azure RMS - Demo
Azure RMS - Demo
So, I’m very sorry… no Azure RMS Demo
Microsoft Intune
Device management
Intune standalone (cloud only)
Lightweight, agentless OR agent-based management
PC protection from malware
PC software update management
Software distribution
Proactive monitoring and alerts
Hardware and software inventory
Policies for Windows Firewall management
Intune standalone (cloud only) Configuration Manager integrated with Intune (hybrid)
Lightweight, agentless OR agent-based management Agent-based management only
PC protection from malware PC protection from malware
PC software update management PC software update management
Software distribution Software distribution
Proactive monitoring and alerts Proactive monitoring and alerts
Hardware and software inventory Hardware and software inventory
Policies for Windows Firewall management Policies for Windows Firewall management
Operating system deployment
PC, mobile device, Windows Server, Linux/Unix, Mac, and virtual desktop management
Power management
Custom reporting
Mobile devices and PCs Mobile devices
System Center Configuration
Manager
Domain joined PCs
Configuration Manager integrated with Intune (hybrid)Intune standalone (cloud only)
Deployment flexibility
IT IT
Intune web console Configuration Manager console
Single management console for IT admins
Configuration Manager console (hybrid)Intune web console (cloud only)
The Microsoft solution is different
Rapid release cycles and innovationRapidly changing environment
User-focused managementMany devices / shorter half life
Managed Office mobile appsOffice
Identity, device, apps, dataProtection at all layers
Architecture mattersDevice and IT experiences count
Settings management
Comprehensive security policies are enforced on each platform
Reporting available on
each setting whether it is
applicable, conformant or
has an error
Extensive configuration settings are available for each platform
Policies can be applied to user and device groups
User
Manage mobile productivity and protect data with Office Mobile apps for iOS and Android
Manage policy for existing iOS line of business apps (so called “app wrapping”)
Managed browser and PDF/Audio/Video viewers
Provide access to Exchange and OneDrive for Business resources only to managed devices
Deny access if a device falls out of compliance
Enable IT to bulk enroll corporate-owned task-worker devices
Support for Apple Configurator
Manage mobile productivity without compromising compliance
Conditional Access Policy to Email and Documents
Enroll and Manage Corporate-owned Devices
Manage Mobile Productivity and Protect Datawith Office
Personal
Corporate
Category FeatureExchange ActiveSync
MDM for Office 365
IntuneStandalone
Intune + ConfigMgr
(Hybrid)
Devi
ce
config
ura
tio
n Inventory mobile devices that access corporate applications ● ● ● ●
Remote factory reset (full device wipe) ● ● ● ●
Mobile device configuration settings (PIN length, PIN required, lock time, etc.) ● ● ● ●
Self-service password reset (Office 365 cloud only users) ● ● ● ●
Off
ice 3
65
Provides reporting on devices that do not meet IT policy ● ● ●
Group-based policies and reporting (ability to use groups for targeted device configuration) ● ● ●
Root cert and jailbreak detection ● ● ●
Remove Office 365 app data from mobile devices while leaving personal data and apps intact (selective wipe) ● ● 2015
Prevent access to corporate email and documents based upon device enrollment and compliance policies ● ● 2015
Pre
miu
m
mo
bile
devi
ce &
ap
p m
anag
em
ent
Self-service Company Portal for users to enroll their own devices and install corporate apps ● ●
App deployment (Windows Phone, iOS, Android) ● ●
Deploy certificates, VPN profiles (including app-specific profiles), email profiles, and Wi-Fi profiles ● ◐ *
Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile application management) ● 2015
Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune ● 2015
Remote device lock via self-service Company Portal and via admin console ● ●
PC
M
anag
em
ent
Client PC management (e.g. Windows 8.1, inventory, antimalware, patch, policies, etc.) ● ●
PC software management ● ●
Comprehensive PC management (e.g. Windows Server/Linux/Mac OS X support, virtual desktop and power
management, custom reporting, etc.)●
OS deployment ●
Single management console for PCs, Windows Server/Linux/Mac OS X, and mobile devices ●* Deployment of VPN and email profiles for Android devices to be added in CY2015
Microsoft Intune - Demo
Session Outline
- Setting the Mobile Scene
- What is EMS and why do you need
it?
- Demo’s
- Q&A
Questions?
Keep the
momentum
- Technet
http://technet.Microsoft.com
- Microsoft Virtual Academy
http://www.microsoftvirtualacademy.com
- @pdtit
- #TechEdYellowPantsTeam