Enterprise Mobility Suite Overview - Catatpult...

Enterprise Mobility

Suite Overview

Joe Kuster

Catapult Systems

52% of information workers

across 17 countries report

using three or more devices

for work*

>80% of employees admit to

using non-approved software-

as-a-service (SaaS) applications

in their jobs***

90% of enterprises will have

two or more mobile operating

systems to support in 2017**

52% 90% >80%

* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report

Security RealitiesNo one wants to be the next _______

USERS DEVICES APPS DATA

MANAGEMENT | ACCESS | PROTECTION

DATAAPPSDEVICESUSERS

WINDOWS INTUNE

Mobile device settings management

Mobile application management

Selective wipe

MICROSOFT AZURE ACTIVE DIRECTORY PREMIUM

Security reports, and audit reports, multi-factor authentication

Self-service password reset and group management

Connection between Active Directory and Azure Active Directory

MICROSOFT AZURE RIGHTS MANAGEMENT SERVICE

Information protection Connection to on-premises assets

Bring your own key

http://www.surface.com/



Identity



Bring your own key

WINDOWS INTUNE



Selective wipe

WINDOWS INTUNE



Selective wipe







Bring your own key






What is Multi-Factor Authentication…and why you should care

Azure Multi-Factor Authentication

What You Know + What You Have = Access

Limits Stolen/Hacked Password Abuse

Use a Mobile App, Phone Call or Text

Supports IP Whitelisting

Extensible on-prem for additional token options

Multi-Factor Authentication Server Bring Office 365’s Multi-Factor Authentication’s Security and Ease

of Use to On-Premises

Integrates with many of your pre-existing applications through IIS, Windows Authentication, LDAP & Radius

Presents Real-Time Monitoring Capabilities & Threat Reporting

Software Development Kit (SDK) Allows Integration into Custom Apps





WINDOWS INTUNE



Selective wipe



Bring your own key







Bring your own key






Comprehensive lifecycle management

Enroll• Provide a self-service Company

Portal for users to enroll devices

• Deliver custom terms and

conditions at enrollment

• Bulk enroll devices using Apple

Configurator or service account

• Restrict access to Exchange

email if a device is not enrolled

Retire• Revoke access to corporate

resources

• Perform selective wipe

• Audit lost and stolen devices

Provision• Deploy certificates, email, VPN,

and WiFi profiles

• Deploy device security policy

settings

• Install mandatory apps

• Deploy app restriction policies

• Deploy data protection policies

Manage and Protect• Restrict access to corporate

resources if policies are violated

(e.g., jailbroken device)

• Protect corporate data by

restricting actions such as

copy/cut/paste/save outside of

managed app ecosystem

• Report on device and app

compliance

User IT

Conditional access to email

•••••••••

Username Microsoft Intune

ITITUser

Intuitive end user experience

Restrict access for:• Non-managed devices

• Non-compliant devices

Assistance with remediating issues• Steps provided on how to enroll devices and remediate compliance

issues

Quick compliance remediation and evaluation• Intune automatically remediates most of the policy issues

• End user can retrigger compliance evaluation in the Company Portal

To access your Contoso e-mail and other company resources, this device needs to be enrolled with Contoso. Part of this process includes installing the Company Portal. Click first link below to begin this process.

Step 1Enroll your device.

Step 2Once you’ve enrolled your device, click here to Activate your enrollment.

Consistent experience across:

Discover and install corporate apps

Manage devices and data

Ability to contact IT

Customizable terms and conditions

Mobile application management policies

Enforce corporate data

access requirements

Prevent data leakage

on the device

Enforce encryption

of app data at rest

App-level

selective wipe


Personal apps

Managed apps

Maximize productivity while preventing leakage of company

data by restricting actions such as copy/cut/paste/save in

your managed app ecosystem

User

Microsoft Office mobile apps are natively manageable with Intune

• Word

• Excel

• PowerPoint

• Outlook Web Access

(OWA)

• OneDrive for Business

Office mobile apps

Intune provides apps for secure content viewing

• Managed Browser

• PDF Viewer

• AV Player

• Image Viewer

Intune viewer apps

Make any app manageable without modifying code

• ‘Wrap’ internal line-of-

business (LOB) apps to

manage with Intune

MAM policies

Intune app wrapping tool

Build your apps from the ground-up with Intune SDK

• Developers can easily

integrate applications for

manageability

• Provide more control

over user experience

with SDK (vs. app

wrapping)

Intune SDK

Options for corporate data removal

Restore device to factory defaults

• All data on the device is removed

• Device is reset to factory defaults

• Typically used for lost/stolen devices or resetting

corporate-owned devices

Full wipe

Remove company assets from device

• Company resources (apps, data, profiles,

certificates, settings, and email) are removed

• MAM support adds ability to remove only

corporate data from multi-account applications

• Typically used for personal-owned devices

Selective wipe

Managed corporate-owned devices

• Bulk enroll devices with a service account

• Support for Apple Configurator

• Support for Apple Device Enrollment Program

Bulk enrollment

• Custom iOS policy

• Device lockdown

• Policies and apps targeted to devices

• Application install allow/deny list

Configuration policies

Mobile devices and PCs Mobile devices

System Center Configuration

Manager

Domain joined PCs

Configuration Manager integrated with Intune (hybrid)Intune standalone (cloud only)

IT IT

Intune web console Configuration Manager console

User Installs

Company Portal

Native Applications

Loaded

Supported Apps are

Configured – Native

Email, Managed

Browser

SaaS Apps Available

in MyApps

Windows Apps

presented through

RemoteApp or RDP

User is fully

provisioned



Bring your own key





Enterprise Mobility SuiteMICROSOFT AZURE ACTIVE DIRECTORY PREMIUM




WINDOWS INTUNE



Selective wipe

WINDOWS INTUNE



Selective wipe






ServerFiles Services

ServerRights Management

EMS benefits for O365

Hybrid identity and single sign-on for Office 365.

Multi-factor authentication for Office 365.

Cloud-based information protection for Office 365.

Security reports and multi-factor authentication.

Self-service password reset and group management.

Connection between Active Directory and Azure Active Directory.

Mobile device settings management.

Mobile application management.

Selective wipe.

Information protection.

Connection to on-premises assets.

ON-PREMISES SOLUTION CLOUD SOLUTION

EMS IT Manageability benefits for O365 customers

CLOUD AND HYBRID IDENTITY MANAGEMENT

MOBILE DEVICE MANAGEMENT

INFORMATION PROTECTION

Enterprise Mobility Suite

Productivity

Conditional access for Office 365

If compliant,

email access is

granted

7

Enrollment /

compliance

remediation

5

If not compliant,

push device into

quarantine

Quarantine

4

2

Quarantine email with

remediation steps

Link to enroll device

and compliance

remediation steps

Who does what?

Intune: Evaluate policy

compliance for device

Azure AD: Authenticate user

and provide device

compliance status

Exchange Online: Enforces

access to email based on

device state

Attempt

email

connection1

3

Azure Active Directory

Set device

management/

compliance

status

6Office 365

Mobile device

Microsoft Intune

Azure Active Directory offering comparison

Azure MFA offering comparison

RMS for O365 Azure RMS (EMS)

Pricing

Next Steps• Contact Catapult to arrange an EMS or

Azure RemoteApp POC, Pilot or

Production Deployment

• To find out more about Enterprise

Mobility Suite visit:

http://www.microsoft.com/EMS

http://www.catapultsystems.com/applica

tion/enterprise-mobility

Joe Kuster

Senior Lead Consultant

Catapult Systems

Email: [email protected]

Blog: MicrosoftMercenary.com

Twitter: @Joe_Kuster

http://www.microsoft.com/EMS

http://www.catapultsystems.com/application/enterprise-mobility

Enterprise Mobility Suite Overview - Catatpult...

Documents

Transcript of Enterprise Mobility Suite Overview - Catatpult...