Microsoft Intune y Gestión de Identidad Corporativa
-
Upload
plain-concepts -
Category
Technology
-
view
68 -
download
4
Transcript of Microsoft Intune y Gestión de Identidad Corporativa
1
09:10 Diseña tus aplicaciones multiplataforma10:00 Azure API ManagementQué sabemos10:50 Push Notifications11:40 Testing: Xamarin Test Cloud
12:30 Break & Networking
13:00 Analitics: Monitoriza tus aplicaciones móviles13:50 Microsoft Intune14:40 Gestión de Identidad Corporativa
Desarrollo y gestión
de aplicacione
s móviles corporativa
s
INTUNE(EMS)José María [email protected] Team lead
Enterprise Mobility + Security
Go mobile. Stay in control.José María GenzorEnterprise Team lead
Enterprise Mobility + Security
Enterprise Mobility + Security
Basic identity mgmt. via Azure AD for O365:• Single sign-on for O365 • Basic multi-factor
authentication (MFA) for O365
Basic mobile device management via MDM for O365• Device settings
management• Selective wipe• Built into O365
management console
RMS protection via RMS for O365• Protection for content
stored in Office (on-premises or O365)• Access to RMS SDK• Bring your own key
Azure AD for O365+• Advanced security reports• Single sign-on for all apps • Advanced MFA• Self-service group
management & password reset & write back to on-premises, • Dynamic Groups, Group
based licensing assignment
MDM for O365+ • PC management• Mobile app management
(prevent cut/copy/paste/save as from corporate apps to personal apps)• Secure content viewers• Certificate provisioning• System Center integration
RMS for O365+ • Automated intelligent
classification and labeling of data• Tracking and notifications
for shared documents• Protection for on-premises
Windows Server file shares
Advanced Security Management• Insights into suspicious
activity in Office 365
Cloud App Security• Visibility and control for all
cloud appsAdvanced Threat Analytics• Identify advanced threats in
on premises identities Azure AD Premium P2• Risk based conditional access
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
EMS Benefits for O365 customers
Mobile-first, cloud-first reality
Data breaches63% of confirmed data breaches involve weak, default, or stolen passwords.
63%
0.6%IT Budget growthGartner predicts global IT spend will grow only 0.6% in 2016.
Shadow ITMore than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs.
80%
Is it possible to keep up?
Employees
Business partners
Customers
Is it possible to stay secure?
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
Is it possible to keep up?
Employees Business partners Customers
The Microsoft vision
Secure and protect against new threats
Maximum productivity experience
Comprehensive and integratedApps
Devices
Data
Users
Enterprise Mobility Vision
Protect your data
Enable your users
User IT
Unify Your Environment
Devices Apps Data
Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure
Manage mobile productivity and protect data with Office Mobile apps for iOS and AndroidManage policy for existing iOS line of business apps (so called “app wrapping”)Managed browser and PDF/Audio/Video viewers
Provide access to Exchange and OneDrive for Business resources only to managed devicesDeny access if a device falls out of compliance
Enable IT to bulk enroll corporate-owned task-worker devicesSupport for Apple Configurator
Microsoft Manageability FutureManage mobile productivity without compromising compliance
Conditional Access Policy to Email and Documents
Enroll and Manage Corporate-owned Devices
Manage Mobile Productivity and Protect Datawith Office
Microsoft Intune
Personal
Corporate
Conditional access sample
Microsoft Intune
Compliance Policies
Microsoft Intune
Layer 2 – Application and data containers (aka “managed mobile productivity”)Protects corporate data by…
Gaps it leaves open
Preventing apps from sharing data with other apps outside of IT controlPreventing apps from saving data to stores outside of IT controlEncrypting app data to supplement device encryption
Only protects corporate data that resides on devices. Cannot protect data beyond a device.Applies same protection to all data that an app touches. Does not allow for specific protection per document.
Layer 3 – Data wrapping
Protects corporate data by…
Gaps it leaves open
Protecting data wherever it residesProviding granular, content specific protection – e.g. time bomb vision docs
Requires enlightened applicationsRequires all data to be protected if not complemented by Layers 1 and 2
Native E-mail
ManagedBrowser
LoB
Layer 1 – Mobile device lockdown via MDMProtects corporate data by…
Gaps it leaves open
Restricting device behaviors: PIN, encryption, wipe, disable screen capture and cloud backup, track compliance, etc.Provisioning credentials that enable corporate resource access control
Apps may share corporate data with other apps outside IT controlApps may save corporate data to consumer cloud services
LoB
Protecting Data in the Mobile Enterprise
Beyond Containers for Data Protection
What other MAM vendors do
• Attempt to isolate corporate data on device
How they do it• Proprietary apps for
email, web, file• Proprietary wrappers
and SDKs
Side effects• Poor end user
experience• App layer protection
only• Proprietary,
incompatible technology
Today’s MAM Containers
Our vision• Protect corporate data
across layers: device, app and data
How we do it• Protected Office email
and collab managed by Intune
• Enterprise Mobility Suite extends Office’s mobile data protection
Why this is better• Superior experience
using the apps you already love
• Comprehensive protection at device, app and data layers
• Integration across AD, Office, System Center, EMS, O365
Protected Mobile Productivity
Enterprise Mobility Lifecycle
Manage and ProtectMeasure device and app compliance Block access if policy violated (eg:
jailbreak)Contain data to prevent leaksSelf service portal for users
RetireRevoke company resource
accessSelective wipe
Audit lost/stolen devices etc Employee
s
EnrollEnroll devices in AD and MDM
Block email/SharePoint etc until enrolled
Customizable Terms & ConditionsSimple end user experience
ProvisionProvision access to corporate
resourcesInstall VPN, Wifi, CertificatesDeploy device security policy
settingsInstall mandatory apps
Deploy app restriction policiesDeploy data protection policies
Mobile App DeploymentIT pros have complex app deployment needs
Manage apps across numerous device types and platformsProvide end users with means with which to browse and installDeployment of apps to corporate owned and BYOD devicesEnsure only approved apps can runKeep apps up-to-date
Intune helps IT pros manage apps in heterogeneous enterprise space while keeping corporate data secure
Manage and
Protect
Retire
Enroll
Provision
The How
Intune web console
Mobile devices and PCs
IT
ConfigMgr console
Microsoft Intune
Mobile devices
System CenterConfigMgr
IT
Domain joined PCs
ConfigMgr integrated with Intune (hybrid)
Intune standalone (cloud only)
Microsoft IntuneSystem Center 2012 R2
Configuration Manager with Microsoft Intune
Build on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsScale to 100,000 devicesExtensible administration tools (RBA, PowerShell, SQL Reporting Services)
Cloud-based Management
Microsoft IntuneNo existing Configuration Manager deploymentSimplified policy controlPC+MDM: 4K users, 6K PCs, and 7K devicesMDM Only: 25k users and 50k mobile devicesSimple web-based administration console
The End User Experience Family
Gestión identidadJosé María GenzorEnterprise Team leadEnterprise Mobility + Security
Identity-driven Security
Data Breaches 63%
Identity is the foundation for enterprise mobility
IDENTITY – DRIVEN SECURITY
Single sign-onSelf-service
Simple connection
On-premises
Other directories
Windows ServerActive Directory
SaaSAzure
Publiccloud
CloudMicrosoft Azure Active Directory
1000s of apps,
1 identityProvide one persona to the
workforce for SSO to 1000s of cloud and on-premises apps
with multifactor authentication.
Manage access at scale
Manage identities and access at scale in the
cloud and on-premises
Enable business without bordersStay productive with universal
access to every app and collaboration capability and self service capabilities to
save money
Identity at the core of your businessIDENTITY – DRIVEN SECURITY
ShadowIT
Data breach
Security landscape has changedIDENTITY – DRIVEN SECURITY
EmployeesPartnersCustomers
Cloud apps
Identity Devices Apps & Data
Transition tocloud & mobility
New attack landscape
Current defenses not sufficient
Identity breach On-premises apps
SaaSAzure
IntelligentInnovativeHolistic Identity-driven
Addresses security challenges across users (identities),
devices, data, apps, and platforms―on-premises and in the
cloud
Offers one protected common identity for secure access to all corporate resources, on-premises and in the cloud, with risk-based conditional
access
Protects your data from new and
changing cybersecurity attacks
Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a
vast amount of datasets and machine learning in the cloud.
Identity anchors our approach to securityIDENTITY – DRIVEN SECURITY
Three steps to identity-driven security IDENTITY – DRIVEN SECURITY
1. Protect at the front doorSafeguard your resources at the front door with
innovative and advanced risk-based conditional accesses
2. Protect your data against user mistakes
Gain deep visibility into user, device, and data activity on-premises and in the cloud.
3. Detect attacks before they cause damage
Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
Protect at the front door
ConditionsAllow access Or
Block access
Actions
Enforce MFA per user/per app
LocationDevice state
User/Application
MFA
Risk
User
Azure AD Privileged Identity Management
Azure AD Identity Protection
IDENTITY – DRIVEN SECURITY
Protect your data against user mistakesIDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data on-premises and in the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data leakage from my mobile apps?
LOB app protection
DLP for Office 365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility and control of my cloud apps?
Detect attacks before they cause damageIDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security + Azure Active Directory Premium
Behavioral analytics
Detection in the cloud
Anomaly detection
Security reporting and monitoring
Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY
MicrosoftIntune
Azure Information Protection
Protect your users, devices,
and apps
Detect threats early with
visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security to your cloud and
SaaS apps
Manage identity with hybrid integration to protect
application access from identity attacks
MicrosoftAdvanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory Premium
Enterprise Mobility + SecurityInformation protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information Protection Premium P2Intelligent classification and encryption for files shared inside and outside your organization(includes all capabilities in P1)
Azure Information Protection Premium P1Encryption for all files and storage locationsCloud-based file tracking
Microsoft Cloud App SecurityEnterprise-grade visibility, control, and protection for your cloud applications
Microsoft Advanced Threat AnalyticsProtection from advanced targeted attacks leveraging user and entity behavioral analytics
Microsoft IntuneMobile device and app management to protect corporate apps and data on any device
Azure Active Directory Premium P2Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1)
Azure Active Directory Premium P1Secure single sign-on to cloud and on-premises appsMFA, conditional access, and advanced security reporting
EMS E3
EMS E5
@plainconcepts
¡GRACIAS!www.plainconcepts.com
www.plainconcepts.com
MADRIDPaseo de la Castellana 163, 10º
28046 Madrid. EspañaT. (+34) 91 5346 836
BILBAONervión 3 , 6º
48001 Bilbao. EspañaT. (+34) 94 6008 168
BARCELONAAv. Josep Tarradellas 10, 6º 1ª
08029 Barcelona. EspañaT. (+34) 93 3607 114
SEVILLAAvenida de la innovación s/nEdificio Renta Sevilla, 3º A
41020 Sevilla. España
DUBAIDubai Internet City. Building 1
73030 Dubai. EAUT. (+971) 4 551 6653
LONDONImpact Hub Kings Cross24B York Way, N1 9AB
London. UK
SEATTLE1511, Third Ave
Seattle WA 98101. USAT. (+1) 206 708 1285