Enterprise mobility suite

24
Enterprise Mobility Suite Managing Access and Help Protect Corporate Email Data

Transcript of Enterprise mobility suite

Page 1: Enterprise mobility suite

Enterprise Mobility SuiteManaging Access and Help Protect Corporate Email Data

Page 2: Enterprise mobility suite

Employees… Productivity

Page 3: Enterprise mobility suite

IT Manager… Security

Page 4: Enterprise mobility suite
Page 5: Enterprise mobility suite

Enterprise Mobility Suite

Page 6: Enterprise mobility suite

Protecting almost everything

Page 7: Enterprise mobility suite

EMS Validates Identities

EMS helps to ensure that only authorized users are permitted to access corporate email and documents by using security features that leverage Microsoft Azure machine learning capabilities.

Page 8: Enterprise mobility suite

EMS Manages Devices

Mobile device management capabilities in EMS help organizations to manage and enforce device-level settings and resource access profiles and VPN that enable seamless access to corporate resources.

Page 9: Enterprise mobility suite

EMS Manages Applications

Mobile application management capabilities in EMS help prevent corporate data leaks by restricting actions in Office mobile apps, such as cut, copy, paste, and save as.

Employees can also use a single app (such as Outlook) for both personal and corporate use while EMS helps to ensure that the corporate data is separated and protected on devices that are both enrolled and not enrolled for management purposes.

Page 10: Enterprise mobility suite

EMS Protect Information

The information protection capabilities in EMS help to secure highly confidential documents at the file layer.

Employees can encrypt virtually any type of a file, set granular permissions, and track usage to ensure that only the right people inside and outside of the organization can access email attachments and documents, wherever the files are.

Azure Rights Management Service

Page 11: Enterprise mobility suite

Scenarios

Page 12: Enterprise mobility suite

Protecting Corporate Email

Allow only compliant devices to access company’s email Restricting access to devices that don’t use a strong password, are not

jailbroken, or not encrypted. Microsoft Intune gives you the ability to set conditions that users have to

meet to gain access to company’s resources. This is known as conditional access.

Page 13: Enterprise mobility suite

Access control flow for email Apps

Employees attempting to access Exchange Online or Outlook ApplicationTo access email the device used by the employee needs to:

Enroll with Intune

Register with Azure AD

Be compliant with the device policies set by IT admin

Page 14: Enterprise mobility suite

Access control flow for email Apps

IT admin Role:

Configure and deploy the compliance policies that are used to evaluate the compliance status of the device.

Configure the Exchange Online conditional access policy, and specify which Azure AD security groups will be affected by, or exempted from these policies.

Choose to allow or block devices that are not capable of enrolling in Intune.

Page 15: Enterprise mobility suite

Access control flow for email Apps

End-User Role:

When the user attempts to access email on the device for the first time, or sync subsequently, the device enrollment and compliance status is checked.

The process of enrolling or fixing compliance issues is a guided experience.

The end-user is shown the necessary steps to enroll their device and make it compliant without needing to call IT help desk.

Page 16: Enterprise mobility suite

Protect attachments from data leakage The content of an email can be copied, moved saved to a different

location, or shared with another user. EMS solves this problem using mobile application management policies.

Managed apps are apps that are deployed by IT admin that comply with your companies security requirements.

Page 17: Enterprise mobility suite

Protect attachments from data leakageThrough a set of mobile application management (MAM) Intune lets us: Block Copy and paste, or prevent data transfer from a managed app to an

app without MAM policy. Prevent Backup to personal cloud storage, preventing Save as, etc. Secure app access by requiring PIN/passcode or corporate credentials on a

MAM-protected app. Configure the application to open all web links inside the Intune Managed

Browser. Selectively wimulti-identity.pe only data that is associated with the

managed app. When a device is lost, stolen, or is no longer managed by IT, a selective wipe can remove all corporate data from the apps, leaving only personal app data behind. This is known as multi-identity.

Page 18: Enterprise mobility suite

Extend Email Protection with Azure RMSUsing Azure Rights Management Services: Email messages can be encrypted so only the right users can read or view the

content whether within your company or outside the company. Users can protect email messages and the recipient can read and use protected

email messages sent to them. An Administrator can set rules to:

Automatically apply the rules to a specified group of recipients or create templates for specific departments.

Automatically detect and apply rules to email messages with sensitive content. The rule can be based on sender, recipient, message subject, or content.

Detect sensitive content and alert the sender to apply the protection rules before sending the email.

Page 19: Enterprise mobility suite

Managed App Components

Page 20: Enterprise mobility suite

Operations and Incidence Response

Both Intune and Azure AD have monitoring and reporting capabilities that can help in monitoring and responding quickly in case of a security issue.

Intune reports and alerts help us monitor the status and health of devices managed by Intune.

Azure AD has auditing and activity logging. We can monitor things like password changes and user management. It includes advanced anomaly security reports and alerts.

Page 21: Enterprise mobility suite

Operations and Incidence Response

Page 22: Enterprise mobility suite

Flexible Architecture

EMS is designed to work with both cloud services and on-premises infrastructure.

Office 365 and EMS are directly integrated and designed to run in the cloud from the ground up to provide easily configurable and powerful tools for organizations.

EMS integrates with existing on-premises investments, such as AD, Exchange Server, and System Center Configuration Manager.

Page 23: Enterprise mobility suite

Key benefits

Page 24: Enterprise mobility suite

Thank YouPrepared By: Ali Moukahhal

Enterprise Mobility Suite