CoLabora - Protecting Company data using EMS - June 2015
-
Upload
colaboradk -
Category
Technology
-
view
23 -
download
0
Transcript of CoLabora - Protecting Company data using EMS - June 2015
Click icon to add picture
CoLabora User Group Meeting, June 2015
Protecting Company Data using the Enterprise Mobility Suite
© EG A/S 2
Key Takeways
Why is mobile management important?
What is EMS and why do you need it?
How do we get started with EMS?
© EG A/S 3
About me…
Ronni PedersenSenior Infrastructure Architect, EG A/S
Microsoft MVP: Enterprise Client ManagementFounder: System Center User Group DenmarkMicrosoft Certified TrainerMicrosoft TechNet Moderator
Contact MeTwitter: https://twitter.com/ronnipedersen Blog: http://www.ronnipedersen.com/Mail: [email protected]: +45 7260 2452
Enterprise Mobility Suite
• SCCM is undisputed winner of PC Mgmt w/ >70% share
• You need to look into a MDM solution today
• I believe Microsoft is the long-term winner
State of the UnionGrowth is all in Mobile Devices
1 2 3 4 5 60
500,000,000
1,000,000,000
1,500,000,000
2,000,000,000
2,500,000,000
349,335,656315,106,382295,885,430293,590,237293,049,891292,210,603
725,326,4991,009,642,8711,131,106,836
1,283,446,8871,434,316,782
1,578,749,506162,047,448
230,581,255269,915,242
308,172,044
339,735,801
367,594,067Series3 Series2
Series1
Devices Shipments (MM)
Source: IDC
© EG A/S 6
LicensingMicrosoft Intune (Standalone)
Enterprise Mobility SuiteMicrosoft IntuneAzure Active Directory PremiumAzure Rights Management
Enterprise Cloud SuiteEnterprise Mobility SuiteOffice 365 Enterprise E3Windows Software Assurance (Per User)
http://www.microsoft.com/licensing/about-licensing/briefs/enterprise-cloud-suite.aspx
© EG A/S 7
Enterprise Mobility SuiteMicrosoft Intune
Mobile and Device Management
Azure Active Directory PremiumHybrid Identity Management
Azure Rights ManagementInformation Protection
Getting Started with IntuneSetting up the environment
© EG A/S 9
Process Overview
Prepare
• Create Accounts for cloud services• Create Subscriptions
Deploy
• Add Public DNS• Configure AD Users with Public Domain UPNs• Deploy and Configure Azure AD Sync
Configure
• Configure Configuration Manager for Mobile Device Management
• Configure Device Enrolment
© EG A/S 10
Create accounts for the cloudStart by creating dedicated admin accounts:
Microsoft account: https://signup.live.com/
Apple ID: https://appleid.apple.com/account
Google account: https://accounts.google.com/Signup
© EG A/S 11
Create the trial subscriptions
Microsoft Office 365:http://aka.ms/ITcampO365Trial
Microsoft Intune:http://aka.ms/tryintune
Microsoft Azure Active Directory (AD) Premium:http://azure.microsoft.com/en-us/pricing/free-trial
Azure Rights Management:https://manage.windowsazure.com
© EG A/S 12
Single management console for IT admins
Configuration Manager console (hybrid)Intune web console (cloud only)
DEMOConfiguring Microsoft Intune
Device Enrolment
Mobile device management
ITUser
Devicesenrolled
Apply policies
Company PortalRecommended apps for user’s devices
Mobile device management
ITUser
Mobile Device – Personal vs Corporate
App Management By default, user-enrolled devices are “Personal”
Complete inventory of all Apps on the device only when set to Corporate
Only the admin can specify corporate-owned devices !
Personal vs.
Corporate Owned Devices
DEMODevice Enrollment and Inventory
Conditional Access
Conditional access for Office 365
If compliant, email access is granted
7
Enrollment/compliance remediation
5
If not compliant, push device into quarantine
Quarantine
4
Is device
managed &
compliant ? 2
Quarantine email with remediation steps
Link to enroll device and compliance remediation steps
Who does what?Intune: Evaluate policy compliance for device
Azure AD: Authenticate user and provide device compliance status
Exchange Online: Enforces access to email based on device state
Attempt email connection
1
Return device
state
3
Azure Active Directory
Set device management/ compliance status
6Office 365
Mobile device
Microsoft Intune
Intuitive end-user experience
To access your Contoso e-mail and other company resources, this device needs to be enrolled with Contoso. Part of this process includes installing the Company Portal. Click first link below to begin this process.
Step 1Enroll your device.
Step 2Once you’ve enrolled your device, click here to Activate your enrollment.
Restrict access forNon-managed devicesNon-compliant devices
Assistance with remediating issuesSteps provided on how to enroll devices and remediate compliance issues
Quick compliance remediation and evaluationIntune automatically remediates most of the policy issuesEnd user can retrigger compliance evaluation in the Company Portal
DEMOConditional Access
Mobile Application Management
© EG A/S 24
Mobile Application Management
Maximize mobile productivity and protect corporate resources with Office mobile apps
Extend these capabilities to existing line-of-business apps using the Intune app wrapper
Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Managed apps
Personal apps
Personal apps
Managed apps
IT
User
© EG A/S 25
Mobile Application Management
Personal apps
Managed apps
Copy Paste Save
Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem
Save to personal storage
Paste to personal app
User
Email attachment
DEMOMobile Application Management
© EG A/S 27
Questions
© EG A/S 28