* Forrester Research: “BT Futures Report: Info workers ...€¦ · * Forrester Research: “BT...
Transcript of * Forrester Research: “BT Futures Report: Info workers ...€¦ · * Forrester Research: “BT...
Forrester Research ldquoBT Futures Report Info workers will erase boundary between enterprise amp consumer technologiesrdquo Feb 21 2013 Forrester Research ldquo2013 Mobile Workforce Adoption Trendsrdquo Feb 4 2013 Gartner Source Press Release Oct 25 2012 httpwwwgartnercomnewsroomid2213115
To position this solution at your customers hellipPain points which might keep you busy hellip
There are so many different devices to
manage ndash domain joinend (school
owned) like Servers PCs Notebooks
and not domain joined (student owned)
like Notebooks Tablets Smartphones
Is there no holistic management
solution available
We have developed some education
Apps we want to exclusively provide to
our students only in our institution But
this Apps should be distributed to
should be accessible from all different
devices our students are using What is
the best approach to do this
Number of external Software as a Service (bdquoSaaSldquo)
applications in our institution is increasing and
we also developed our own SaaS App Is there no
way of having a Single Sign On solution for all
those applications in order to provide a smooth
logon experience to all users and keep better
control of this App usage Also resetting
forgotten passwords is bdquostealingldquo time from my
administrators hellip
How can I enforce specific
security policies ndash even for
devices students bring on their
own
There are some systems in our
schooluniversity where we want to
provide access mechanisms based on
AD credentials but with additional
security barries Is there a solution that
integrates well in our AD infrastructure
I need a simple to use data
protection encryption solution in
order to easily protect and share
documents amongst teachers and
even accross institutional borders
PCmanagement
The logos above may be the property of their respective owners
How Device and App Management often works hellip
Intune can be used as a standalone
solution or together with SCCM (shown
in light blue besides) in order to have a
fully featured enterprise ready
Unified Device Management
Solution in placeIT can manage devices applications security
settings network profiles hellip
Centralized App deployment and provisioning data or provide secure access to corporate data
Unified infrastructure enables IT to manage devices ldquowhere they liverdquo
Having ONE portal to use for device and application management
Single AdminConsole
User
Unify your environment with Windows Intune amp SCCM 2012 R2
ONE identity based on user credentials stored in ONE place
ndash in our Active directory
Server
Comparison of Intune standalone and Intune + SCCM can be found here
httptechnetmicrosoftcomen-uslibrarydn600286aspx
Target applications based
on user role the best way for
each device
bull WindowsWindows RT
bull Windows Phone
bull iOS
bull Android
bull OS X
Evaluate device capabilities
for optimal application
delivery
bull Local installation
bull Microsoft Application
Virtualization
bull Desktop Virtualization (VDI)
bull Web applications
App side loading for non
domain joined devices ndash
either push (bdquorequiredldquo) or
pull (bdquoavailableldquo)
People-centric Application DeliveryAccessing apps the right way on the right device
MSI RDSApp-V
(MDOP)Remote
App
Native
App
App Store
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
To position this solution at your customers hellipPain points which might keep you busy hellip
There are so many different devices to
manage ndash domain joinend (school
owned) like Servers PCs Notebooks
and not domain joined (student owned)
like Notebooks Tablets Smartphones
Is there no holistic management
solution available
We have developed some education
Apps we want to exclusively provide to
our students only in our institution But
this Apps should be distributed to
should be accessible from all different
devices our students are using What is
the best approach to do this
Number of external Software as a Service (bdquoSaaSldquo)
applications in our institution is increasing and
we also developed our own SaaS App Is there no
way of having a Single Sign On solution for all
those applications in order to provide a smooth
logon experience to all users and keep better
control of this App usage Also resetting
forgotten passwords is bdquostealingldquo time from my
administrators hellip
How can I enforce specific
security policies ndash even for
devices students bring on their
own
There are some systems in our
schooluniversity where we want to
provide access mechanisms based on
AD credentials but with additional
security barries Is there a solution that
integrates well in our AD infrastructure
I need a simple to use data
protection encryption solution in
order to easily protect and share
documents amongst teachers and
even accross institutional borders
PCmanagement
The logos above may be the property of their respective owners
How Device and App Management often works hellip
Intune can be used as a standalone
solution or together with SCCM (shown
in light blue besides) in order to have a
fully featured enterprise ready
Unified Device Management
Solution in placeIT can manage devices applications security
settings network profiles hellip
Centralized App deployment and provisioning data or provide secure access to corporate data
Unified infrastructure enables IT to manage devices ldquowhere they liverdquo
Having ONE portal to use for device and application management
Single AdminConsole
User
Unify your environment with Windows Intune amp SCCM 2012 R2
ONE identity based on user credentials stored in ONE place
ndash in our Active directory
Server
Comparison of Intune standalone and Intune + SCCM can be found here
httptechnetmicrosoftcomen-uslibrarydn600286aspx
Target applications based
on user role the best way for
each device
bull WindowsWindows RT
bull Windows Phone
bull iOS
bull Android
bull OS X
Evaluate device capabilities
for optimal application
delivery
bull Local installation
bull Microsoft Application
Virtualization
bull Desktop Virtualization (VDI)
bull Web applications
App side loading for non
domain joined devices ndash
either push (bdquorequiredldquo) or
pull (bdquoavailableldquo)
People-centric Application DeliveryAccessing apps the right way on the right device
MSI RDSApp-V
(MDOP)Remote
App
Native
App
App Store
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
PCmanagement
The logos above may be the property of their respective owners
How Device and App Management often works hellip
Intune can be used as a standalone
solution or together with SCCM (shown
in light blue besides) in order to have a
fully featured enterprise ready
Unified Device Management
Solution in placeIT can manage devices applications security
settings network profiles hellip
Centralized App deployment and provisioning data or provide secure access to corporate data
Unified infrastructure enables IT to manage devices ldquowhere they liverdquo
Having ONE portal to use for device and application management
Single AdminConsole
User
Unify your environment with Windows Intune amp SCCM 2012 R2
ONE identity based on user credentials stored in ONE place
ndash in our Active directory
Server
Comparison of Intune standalone and Intune + SCCM can be found here
httptechnetmicrosoftcomen-uslibrarydn600286aspx
Target applications based
on user role the best way for
each device
bull WindowsWindows RT
bull Windows Phone
bull iOS
bull Android
bull OS X
Evaluate device capabilities
for optimal application
delivery
bull Local installation
bull Microsoft Application
Virtualization
bull Desktop Virtualization (VDI)
bull Web applications
App side loading for non
domain joined devices ndash
either push (bdquorequiredldquo) or
pull (bdquoavailableldquo)
People-centric Application DeliveryAccessing apps the right way on the right device
MSI RDSApp-V
(MDOP)Remote
App
Native
App
App Store
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Intune can be used as a standalone
solution or together with SCCM (shown
in light blue besides) in order to have a
fully featured enterprise ready
Unified Device Management
Solution in placeIT can manage devices applications security
settings network profiles hellip
Centralized App deployment and provisioning data or provide secure access to corporate data
Unified infrastructure enables IT to manage devices ldquowhere they liverdquo
Having ONE portal to use for device and application management
Single AdminConsole
User
Unify your environment with Windows Intune amp SCCM 2012 R2
ONE identity based on user credentials stored in ONE place
ndash in our Active directory
Server
Comparison of Intune standalone and Intune + SCCM can be found here
httptechnetmicrosoftcomen-uslibrarydn600286aspx
Target applications based
on user role the best way for
each device
bull WindowsWindows RT
bull Windows Phone
bull iOS
bull Android
bull OS X
Evaluate device capabilities
for optimal application
delivery
bull Local installation
bull Microsoft Application
Virtualization
bull Desktop Virtualization (VDI)
bull Web applications
App side loading for non
domain joined devices ndash
either push (bdquorequiredldquo) or
pull (bdquoavailableldquo)
People-centric Application DeliveryAccessing apps the right way on the right device
MSI RDSApp-V
(MDOP)Remote
App
Native
App
App Store
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Target applications based
on user role the best way for
each device
bull WindowsWindows RT
bull Windows Phone
bull iOS
bull Android
bull OS X
Evaluate device capabilities
for optimal application
delivery
bull Local installation
bull Microsoft Application
Virtualization
bull Desktop Virtualization (VDI)
bull Web applications
App side loading for non
domain joined devices ndash
either push (bdquorequiredldquo) or
pull (bdquoavailableldquo)
People-centric Application DeliveryAccessing apps the right way on the right device
MSI RDSApp-V
(MDOP)Remote
App
Native
App
App Store
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
httptechnetmicrosoftcomen-uslibrarydn376523aspx
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
httptechnetmicrosoftcomen-uslibrarydn600287aspx
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Company Portal for providing Apps to students staff
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Company Portal for several platforms
Windows RT and Win 8 81 For Windows Phone 8
81
For iOS Android
Modern UI application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
bull Wipe devices (depending on
platform)
Support
bull contact
bull Link to Support website
Modern UI phone
application
Several installation paths
bull Recommended Apps by IT to
download from Windows Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Control of my devices
bull Addremove devices
Support
bull contact
bull Link to Support website
Native App
Get applications on your device
bull Download Apps from Apple
App Store or Google Play Store
bull LOB Apps published by IT
department via side loading
bull Categories and search of Apps
Support
bull contact
bull Link to Support website
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Windows Intune regular feature updates
Official communication about the new
Features in January release and outlook to
the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-
first-approach-to-mobile-device-managementaspx
Official communication about April Update
(Windows Phone 81 support Samsung
KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil
ity-of-update-to-windows-intune-for-windows-phone-8-1-and-
samsung-knox-standardaspx
Windows Intune Service Release Overview
(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx
Whatrsquos New in System Center 2012 R2
Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx
Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Understand the broader context of Mobility Management
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides
Microsoft delivers
bull Active Directory Rights Management Services protects and encrypts documents and email contents
bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers
Full range of Mobility Management
Mobile Content (amp Access)
Management (MCM)Secure distribution and mobile access to employee data
Microsoft delivers
bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS
bull Secure mobile file synchronization is facilitated by on-premises Work Folders
bull Multifactor authentication increases the level of secure access to corporate resources
bull Dynamic Access Control provides automatic document classification and protection based on content
Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog
Microsoft delivers
bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android
bull Corporate apps can be pushed to devices and remotely uninstalled
bull Selective wipe of corporate apps data and management policies that leaves personal content untouched
Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices
Microsoft delivers
bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs
bull Provisioning of Certificates Wi-Fi and VPN profiles
bull Detection of Jailbroken iOS and Rooted Android devices
bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway
+ 2012 R2(Azure RMS and Azure AD Premium)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Microsoft Azure Rights Management
Several features around information protection secure X-company communication and collaboration hellip
bull Simplified data protection and collaboration ndash no on-premises infrastructure required
bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)
bull Near real-time customer-owned logging
bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip
bull
Microsoft Azure Active Directory Premium
Several features around SSO advanced Authentication enhanced user management hellip
bull Self Service Password Reset
bull Connect to your on-premises Active Directory
bull Multi Factor Authentication
bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )
bull Easily add custom cloud-based apps
bull Security reporting to track inconsistent access patterns
bull hellip and FIM hellip
Cloud technologies to complete our Mobility Management offering
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
bull Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
+
+
=
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium
Directory as a Service Yes - up to 500K Objects Yes - No Limit
UserGroup Management Yes Yes
SSO to pre-integrated SAAS Applications Custom Apps Yes Yes
Directory Synchronization Tool (WSAD Extension) Yes Yes
User-Based access managementprovisioning Yes Yes
Group-based access managementprovisioning Yes
Self-Service Group Management for cloud users Yes
Self-Service Change Password for cloud users Yes Yes
Self-Service Reset Password for cloud users Yes
Security Reports Yes Yes
Advanced Security Reporting (machine learning-based) Yes
Usage Reporting Yes
Tenant Branding (LogonAccess Panel customization) Yes
MFA (All available features on Windows Azure and on premises) Yes
Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes
Write back for Self-Service ResetChange Password (Q4) Yes
Administration based on Departments (Q4) Yes
SLA Yes
FIM CAL + FIM Server Yes
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure
Administrators
Windows Azure Multi-Factor
Authentication
Administrators can EnableEnforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (eg Outlook Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications MFA Server Yes
One-Time Bypass Yes
BlockUnblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Windows Azure RMS vs RMS for Office 365
Microsoft RMS for
O365
Microsoft
RMS
Protection for content stored in Office 365
Both office file type amp non office file types
X X
Protection for content stored in on-premises Exchange amp
SharePoint
For Office amp non Office file types via RMS Connector
X X
Bring Your Own Key X X
SDK Access for LOB Applications X X
Office 365 Message Encryption X X
Protection for content stored in on-premises Windows Server
file shares via RMS Connector for FCI (x) X
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Enterprise Mobility Suite Key Competitors
Cloud Hybrid Identity Management
Mobile Device Management
Information Protection
Key Competitors
Microsoft Differentiation
Azure AD Premium Windows Intune Azure RMS
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Licensing Overview
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Windows Intune (Edu) Licensing Offer in detail
Per user student
Licensing
(up to 5 devices)
Notes
bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the
EAEASEES
bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and
Endpoint Protection
bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)
bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted
Direct
(online)
Windows Intune
with Windows SA
Includes
bull Intune Service
bull ConfigMgr amp SCEP
CHF 1090
user
Month
Windows Intune
Add-On for
ConfigMgr amp SCEP
Windows Intune
(if the customer does
not have SCCM and
SCEP)
If the customer also
wants Windowshellip
Offers
If the customer owns
ConfigMgr and SCEPhellip
EES
Must license ConfigMgr
separately
CHF 055
user
month
Open
Academic
Can be sold by reselling
partners to offer our MS
service + partner service
on ONE bill
CHF 081
user
month
CHF 081
user
month
CHF 590
user
Month
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
bull EAEES Add-On to customers with existingbull CoreCAL
bull eCAL
bull O365 + BridgeCAL
bull Contains 3 main elements bull Azure AD Premium
bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager
bull Azure RMS
bull Windows Intune
bull On pricelist per May 1st
Licensing of Enterprise Mobility Suite
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Limited time Promo
bull For a limited time Enterprise Mobility Suite Add On available at
an additional 40 discount
bull EA Pricing starts at ~$4 per user per month
Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)
Promo
$1530 discount
40 discount
Enterprise Mobility Suite Package Price
CHF 163
user
Month
CHF 272
user
Month
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Final comments
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Reference cases for Windows Intune
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46
Kloster Ingenbohl
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Official case study
httpwwwmicrosoftcomcasest
udiesWindows-IntuneV-ster-s-
StadSwedish-School-District-
Improves-PC-Reliability-
Learning-with-Online-
Tools710000002639
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Due to the fact that Azure RMS currently has the same featureset as RMS in
Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far
This topic is for sure included in several Office 365 projects
Reference cases for Azure AD Premium amp RMS
httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
hellip regarding Windows Intune System Center Configuration Manager
or Enterprise Mobility Suite please contact
bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom
bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom
If you have further interest in a more bdquodeep diveldquo Tech Update hellip
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)
Supporting links and materials
Enterprise Mobility Suite overall
EMS Website
bull EMS Datasheet
bull EMS Customer-Ready Presentation
bull EMS FAQ (Customer)
Azure Active Directory Premium
bull A nicely animated video which describes our Azure AD Premium service can be found here
httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx
httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx
httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo
IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network
Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory
Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory
AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for
Azure Rights Management Service
Technet Blog regarding Azure Rights Management Service
Azure RMS Whitepaper
Azure RMS Slides from TechEd 2013
Windows Intune
Windows Intune product page
Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)
Some whitepapers on how MSIT is dealing with mobilityBYOD internally
30-days trial
Compliance Settings for Mobile Devices in SCCM
Mobile Device Mgmt features in Windows Intune
httponlinehelpmicrosoftcomwindowsintunejj839713aspx
httpsupportmicrosoftcomph15994
Intune Privacy related documents
Windows Intune Privacy Statement
Windows Intune Trust Center
Security
Privacy
Compliance
Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln
BYOD
bull Video Empowering People-Centric IT in the Age of Consumerization
bull BYOD Devices - A Deployment Guide for Education (January 2014)
bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)