Learn these 10 core skills for Enterprise Mobility to future proof your enterprise

20
pdfcrowd.com open in browser PRO version Are you a developer? Try out the HTML to PDF API Learn these 10 core skills for Enterprise Mobility to future proof your enterprise With a new version of Windows coming down the pipe, Microsoft have started to release information about some of the key 0 February 11, 2015 Simon May Stay updated Top Posts Home » Enterprise Client Endpoint Zone Twitter About Simon May Post Types » Want Zero-cost labs, training, tips, tricks and news about Microsoft Enterprise Mobility?

Transcript of Learn these 10 core skills for Enterprise Mobility to future proof your enterprise

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Learn these 10 core skills forEnterprise Mobility to futureproof your enterprise

With a new version of Windows coming down the pipe, Microsofthave started to release information about some of the key

0

February 11, 2015 Simon May

Stay updated

Top Posts

Home » Enterprise Client Endpoint Zone Twitter

About Simon May Post Types »

Want Zero-cost labs, training, tips, tricks and news about Microsoft Enterprise Mobility?

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

technologies you need to know a little more about. Thosetechnologies aren’t just key to helping your users have anamazing Windows experience though. No matter what devicethey use these core skills for enterprise mobility will help all yourusers have a better experience.

Enterprise Mobility Management is a massive subject domain,subdivided into multiple solution domains to meet that holy grailof outcomes: maximize personal and organizational productivitywhile minimizing organizational risk (and minimizing personalprivacy invasion). I include the section in parenthesis because it’simportant, IT needs to respect user privacy to gain user trust.

Now is the time to invest in your “core skills” for enterprisemobility so you are at the center of your organization’s future, justlike you were when you moved from Windows NT to Windows2000…remember how you felt then? I felt pretty epic, it was acareer highpoint for me!

So I decided to break it down into 10 core skills forEnterprise Mobility!

Top Posts

Get Started with theEnterprise Mobility Suite inMinutes

New MVA Course: How tomanage Samsung KNOX withMicrosoft…

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

If you have a severe case of TL;DR you can just look at thepictures and skip to the bottom.

Identity

Identity, not device management, is where I think you want tobegin your journey. Why? Well, it’s the cornerstone of being ableto set up some sort of trust. So what are the top three things youneed to know about identity in the modern world?

1 – Cloud-based Directory: Azure AD

Learn these 10 coreskills for EnterpriseMobility to futureproof your enterprise

Active DirectoryFederation Services(AD FS) & WindowsAzure Active DirectorySync (DirSync)Resources

Connecting on-premisesActive Directory to Azure ADcan give your…

More Top Posts &Pages

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

You need to start out by understanding why you need to extendyour directory to the cloud and this is where devices come in.Today’s devices move around a lot, they go everywhere. As aresult, they connect to different types of networks and they can’talways work in the synchronous way we recognize with on-prem.Even if you think you don’t have a highly mobile environment, itprobably has highly mobile characteristics: high latency, lossynetwork connections.

Maximize personal and organizationalproductivity while minimizing organizationalrisk (and minimizing personal privacyinvasion).

Azure AD is designed from the ground up to work in thisenvironment. Also, because Azure AD was born in this new worldyou don’t need to wait for improvements to come along – which

Setting Up ADFS +Web App Proxy inWindows Server 2012R2

Subscribe by EmailSign up to email updatesevery time this blog getsupdated!

Email Address

Subscribe

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

means you can quickly take advantage of an improvement andtest it when it’s in Public Preview and move to production whenthe feature does. With on-prem you’d have waited a couple ofyears, then you’d have done the paperwork to get a changewindow to upgrade the domain functional level.

Not having to wait means you don’t get left behind when yourorganization wants to try new things!

Users aren’t the only things with identity in your organizationthough; each device that a user enrolls also has identity andAzure AD can automatically track that information for you, as longas you’ve enabled it to. This is a critical core skill because it helpsyou leverage something we will come to later: ConditionalAccess. But this is the foundation.

2 – Cloud Based Activity Reporting

User accounts are of course much more than just about matchinga password to an identity. They are also about matching otherattributes, such as where and when a person works to thatidentity. One of the coolest things about Azure AD is that it can

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

learn those things about your users – don’t get me wrong, AzureAD won’t learn your users’ job functions and add that to theiraccounts!

Azure AD will do something increadible– itwill learn what your users are doing and letyou know when they do something strange.

That’s why reporting is a core skill…that and the fact that yourmanager wants to see reports!

3 – Manage and Maintain Sync

Getting your existing users into Azure AD is the first step tosetting things up correctly. Signing into Windows is somethingthat most people are so used to doing they don’t even realizewhat they’re doing when they sign in. They don’t realize thatbeing logged on means that they’ve been authenticated for a

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

specified period (and that Windows renews it); they don’t realizethat they’ve been seamlessly signed into multiple systems theyuse daily; file, print, email.

The first step and, therefore, one of the most critical skills issetting up and maintaining a sync relationship between your on-prem AD and Azure AD.

4 – Nurture Active Directory Federation Services

This is a super valuable core skill. Knowing how AD FS works,how to deploy, manage and troubleshoot it is a core skill for nowand the future. Many organizations that use Office 365 orotherwise have connected to Azure AD use AD FS forauthentication. With AD FS in place no authentication actuallytakes place in the cloud – you don’t need to securely synchronizepassword hashes – and many organizations find that comforting.Instead of Azure AD handling the sync the client is actuallydirected to your on-prem AD FS servers.

AD FS actually forms another massively important part of your

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

user’s daily life though: it handles single sign on requests. Whena user connects to a service that has a trust relationship with yourAD FS you will be automatically allowed access if you’ve alreadybeen granted the token by another trusted broker. So, say you’vesigned into Windows, AD has issued your token. When you wantto use a site secured by AD FS you pass the AD FS service thetoken, it trusts your AD so you get single sign on – no passwordprompting.

AD FS actually forms another massivelyimportant part of your user’s daily lifethough: it handles single sign on requests.

It is possible to get lots of AD FS style functionality without AD FSby using just Azure AD but for some advanced scenarios you’llwant the extra detail of AD FS.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

There are tons of other things that I’d consider core skills forenterprise mobility related to Identity, but that’s enough to getyou started, let’s move onto the topic of management.

Management

Organizations need management capabilities for a multitude ofreasons and topping that list now is security. Organizations wantto maintain a level of security that will stop data breaches, or atleast show that they exercised due diligence!

When we look at the world of management we can see thatWindows is the most manageable OS on the planet and has theability to tweak almost every characteristic remotely. While somewant to get to that level of detail, not everyone does – so youneed to have the skill of selecting the most appropriate level ofmanagement. Windows management using SCCM is pretty well-known, so while I think that’s a core skill it’s probably somethingyou, like me, have internalized over the years.

As we moved into the mobile world a new, lighter, level ofmanagement more appropriate for BYOD scenarios that adapts to

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

management more appropriate for BYOD scenarios that adapts tocompany owned scenarios developed.

5 – Mobile Device Management (MDM)

MDM is the ability to take a device, enroll it into managementand then change settings at the device level. The ability to, forexample, turn on encryption is something that most MDMplatforms support. Microsoft has Intune for MDM and it supportsdoing exactly that on iOS, Samsung KNOX, Android and WindowsPhone – anywhere that the device OS supports thatmanagement.

The core skill here is knowing how to translate the requirementsfor device level management into the MDM solution. Forexample when you want to protect your company data you mightdecide that you need to turn off the camera on all enrolleddevices…but then you need to think how your users feel whenthey suddenly can’t, legitimately, take a picture of their kids.Angry is how they feel. So the core skill with Mobile DeviceManagement is being able to translate what’s possible to what’sappropriate, and it will always vary.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

6 – Mobile Application Management (MAM)

MAM is the exciting new area of Enterprise Mobility Managementthat involves managing at the application level. In the case ofMicrosoft Intune this is actually exceptionally cool because theproduct is the only product that works with Microsoft Office. As aresult you can manage the iOS and Android applications forWord, Excel, PowerPoint, OneNote and OneDrive. All have theMicrosoft Intune SDK integrated.

This SDK integration means you can group together thoseapplications and allow each of them to only allow data egress toeach other. More specifically, when managed, you can only opena document from SharePoint online in the managed MicrosoftWord application and you can only save from Microsoft Word toOneDrive for Business. However, unlike other MAM solutions,you can opt to allow users to bring in data from anywhere.

Extending the scenario – you’re updating a business proposal inWord, saved on OneDrive for Business and you want to put in apretty picture from Instagram. Fine! You can do that because we

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

control data egress from the apps and optionally allow dataingress by default.

This is exactly the behavior users want and your core skill isknowing how to enable that.

7 – On Premises Integration

Integrating your identity is only one part of the solution. Youmight want to enable integration at the management level too,meaning productivity gains for you in IT, from a single console.Configuration Manager can control Microsoft Intune to give you asingle pane of glass between your existing managed Windows,OSX and Linux devices and any mobile devices in Intune.

The core skill is knowing how to architect your solution to makethis possible.

Content Management

As the Enterprise Mobility Management space continues toevolve and mature, content management becomes an ever moreinteresting area. If you want to future proof, you need to

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

understand the core skills for enterprise mobility that relate tocontent management.

8 – Conditional Access Management

When you have knowledge of a user’s identity and knowledge ofthe state of a device, you can start to leverage that to allowconditional access to company resources. Quite literally, this coreskill is about protecting your assets.

Conditional Access allows you to set up rules that do functionssuch as:

Don’t allow users in marketing access to email unless theirdevices are encrypted and are managed.Don’t allow users in sales access to OneDrive for Businessunless their devices are managed and not rooted.

Conditional Access policy can become anautomatic gate-keeper for your information.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

9 – Rights Management

Rights management, on the other hand, is able to control whatpeople can do with the information. RMS is the leading service inthe world for this type of thing, trusted by lawyers and those whowant to protect intellectual property (IP) the world over. When afile is protected with Rights Management it can be configuredwith rules that allow different people differing levels of access.Some can print; some can save; some can only read; and muchmore.

Because the rights travel with the file, either directly in the file orin the files wrapper, they will go wherever the file goes. This isgreat because if your users manage to avoid the system and storetheir files with a cloud storage provider you weren’t expecting,the information is still safe. The user is made to authenticate (toAAD, with MFA and auditing if required) each time they needaccess to the file – no authentication, no access. Also, the filescan expire automatically after a specified period.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

The core skill you need is knowing how to configure appropriatelevels of rights management templates to make informationprotection decisions easy, or automatic, for end users.

10 – On premises integration

As always you’ll need to integrate with what you already have. Inthe case of Azure RMS, that means that a core skill becomesdeploying new, hybrid architecture, such as the Azure RMSconnector. This connector performs a “call home connection” toAzure AD and enables integration between Azure RMS and on-premises Exchange, SharePoint and file server farms.

What next?

So there you have them, my 10 core skills for Enterprise MobilityManagement. If you can gain and internalize these skills you’llget to a really successful architecture for the future and you’llprobably keep the money coming and the rent paid for a fewmore years. Of course you need to know how to get them…

That’s why I’ve designed this Enterprise Mobility Core Skills

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Jumpstart series for Microsoft Virtual Academy that I’m reallyexcited to be the first to tell you about. Over the course of thefour episodes, one each month from March to June, I’ll be takingyou through the core skills for enterprise mobility that you need –LIVE!

I’m really excited by this series and joining me each month willBrad Anderson, Corporate Vice President, Enterprise ClientManagement and Mobility at Microsoft who’ll be explaining andshowing what you can do…then myself and my far moreknowledgeable co-host will break down the solution into the keyskills you need to take away. Not only that but to get you startedwe’ll have instructor led virtual labs.

Go here, sign up – get involved.

Also tell me what you’d love me to cover in the comments below– honestly you will be helping me to target this content just foryou!

Now check out these great posts

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Edge Show135

UnderstandingAzure

RemoteApp+What

happened inMicrosoft…

New MVACourse: Howto manageSamsung

KNOX withMicrosoft…

Connectingon-premises

ActiveDirectory to

Azure AD cangive your…

EndpointZone Episode

5 with BradAnderson and

specialguest…

Edge Show133 – Azure

AD SaaS appsand What’s…

I’m on BradAnderson’s

@inthemsftcloudpodcast

Share with your network so they know you're THE mobility

expert

18 2 13 0 0 0

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Simon MaySimon May is an Infrastructure Technology Evangelist at Microsoft concentrating on Devices and Servicesbut with special interests in deployment and device management. Simon is a professional public speakerand the author of several books on Windows. Opinions on this blog are his own.

Powered by WordPress - A theme by CSSIgniter.com