Seguridad en un Mundo móvil #MicrosoftSecure Seguridad en...
Transcript of Seguridad en un Mundo móvil #MicrosoftSecure Seguridad en...
Seguridad en un Mundo MóvilGestión y control de apps y dispositivos
#MicrosoftSecure
Ernesto Rincón – Especialista en soluciones de Movilidad + Seguridad
Raúl Moros Peña – Especialista técnico en soluciones de Movilidad + Seguridad
Seguridad en un
Mundo móvil
Microsoft Cloud App Security Enterprise-grade security for your cloud apps
#MicrosoftSecure
Ernesto Rincón – Especialista en soluciones de Movilidad + Seguridad
Seguridad en un
Mundo móvil
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudLife before cloud
On-premises
Storage, corp data Users
Enterprise Mobility Suite
Identity and access
management
Azure Active
Directory
Mobile device and
app management
Intune
Information
protection
Azure Rights
Management
User and entity
behavioral analytics
Advanced Threat
Analytics
Cloud and SaaS
app security
Cloud App
Security
Bring enterprise-grade
visibility, control, and
protection to your
cloud applications.
DiscoveryGain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data controlShape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protectionIdentify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
Integrate with existing security, mobility, and encryption solutions
No agents required on
user devices for discovery
Comprehensive controls
for your sanctioned apps
Enterprise-grade: simple
to deploy and manage
Builds on broader Microsoft
security platform
Deeply integrated with
Office 365
Threat detection draws from
Microsoft’s security intelligence
Intune
#MicrosoftSecure
Raúl Moros – Especialista técnico en soluciones de Movilidad + Seguridad
Seguridad en un
Mundo móvil
Click to edit Master title style
Leveraging the Cloud Platform to Boost
Mobile ProductivityTransformation and end user expectation
The digital transformation brings new challenges for IT, as they strive to protect data, while enabling employees to stay productive.
End user expectations have never been higher, they expect a mobile productivity experience that matches their consumer experiences.
Click to edit Master title styleConsider the data in your email and docs
Think of the volume of information that moves through Outlook– the sensitive data you put into Word, Excel, and PowerPoint. Everyday.
Intellectual property
Product development
Strategic direction
Growth plans
Competitive plans
Board presentations
Confidential client information
Corporate secrets
Internally only licensed content
Balancing productivity with protection.
How do IT Pros empower their users to be
productive, while protecting the massive
amounts of data flowing through their
mobile ecosystem?
Mobile application management
PC managementMobile device management
Strategically direct the flow of your mobile ecosystem, giving your end
users the experience they expect while ensuring your corporate data is
protected at every turn.
Enterprise mobility management with Intune
Enable your users
Protect your data
Microsoft Intune
User IT
Click to edit Master title styleDelivered from the cloud
Because Microsoft Intune is cloud-based, it lowers costs and eliminates the need to plan, purchase, and maintain on premise hardware and infrastructure.
Intune is always up to date, and scales with ease as your needs evolve.
Click to edit Master title styleDelivering on a unified Microsoft vision
Built with EMS, Office and Windows, Intune delivers on a unified Microsoft vision to transform the way enterprise secures mobile productivity.
This combined effort enables awesome end-to-end scenarios.
Control access to your data
Control what happens to your data
after it’s been accessed
Modern PC management
Click to edit Master title style
Control access to your data
Click to edit Master title styleControl access to data based on real-time context
Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels. As conditions change, natural user prompts ensure that only the right users on compliant devices can access sensitive data.
Azure Active Directory Premium
Microsoft IntuneMicrosoft Intelligent
Security Graph
Risk-based conditional access
• Block access
• Wipe device
Conditions
• Allow
• Enforce MFA
• Remediate
Actions
Location (IP range)
Device state
User groupUser
MFA
Risk
On-premises
applications
Microsoft Azure
Risk (Low, Medium, High)
Click to edit Master title style
Control what happens after the data is accessed
Click to edit Master title style
Managed apps
Personal appsPersonal apps
Managed apps
MDM – optional (Intune or 3rd-party)
Our app protection policies allow you to control what happens to docs and data after they’ve been accessed.
• App encryption at rest
• App access control – PIN or credentials
• Save as/copy/paste restrictions
• App-level selective wipe
• Managed web browsing
• Secure viewing of PDFs, images, videos
Control what happens after the data is accessed
Corporate data
Personaldata
Multi-identity policy
Click to edit Master title styleThe Office apps end-users expect
Give your people the real Office experience they expect, without compromising the control you need. Intune gives you unparalleled control over the data in that moves through Office -across all your devices.
Click to edit Master title styleProtect with and without enrollment
Intune’s application protection
policies give you the versatility to
manage your data with or without
device enrollment.
Click to edit Master title styleAlso manage apps via native OS app controls
Intune can also manage apps via native app controls that are exposed through iOS and Android operating systems. This capability extends Intune’s app ecosystem beyond our SDK built enlightened apps, to include many other popular business apps.
Only for managed devices.
Click to edit Master title style
Modern PC management
Click to edit Master title style
With the different options in
Windows 10, plus Configuration
Manager and Intune, you have the
flexibility to stage implementation
of modern management scenarios
while targeting different devices
the way that best suits your
business needs.
Everything you need for modern PC management
Click to edit Master title style
You need flexibility in a complex device ecosystem
Microsoft Intune provides you option that allow you to keep your data secure across a range of scenarios that occur day-to-day. Our MAM and MDM capabilities allow you to protect corporate data with or without device management.
Company-Managed
Employee-Managed
3rd Party-Managed
Click to edit Master title style
Click to edit Master title styleA growing partner ecosystem
Intune partnerships are designed to enhance our core functionality by delivering interoperability with popular point solutions our customers want and rely upon.
All partner products must be purchased directly from the partner
Device is compliant
Device is managed
Scans apps for risk
ITScans unknown network for risk
Allow access or
Block access
Enforce MFA per
user/per app
Device compliant
Scans OS for vulnerability
Risk (Low, Medium, High)
Managed apps
Personal apps
✓ Input telecom plan details
✓ Set data & roaming thresholds
✓ Real Time data monitoring activity
Block data and/or roaming use when thresholds
are reached
App reports usage
ADMIN
Warning notifications sent as
thresholds approach
Intune
Datalert app deployed & activated
• Intune managed device
Notify Intune when thresholds are reached
Unblock when notified by Datalert
USER
X X X X X
✓ Require enrollment through the Intune portal to ensure compliance
Intune conditions
Device managed
Device compliant
✓ Enforce appropriate network access policies based on mobile device posture and risk assessment.
Allow access
Block access
Cisco ISE enforcement
VPN
WiFi
X X X X X
✓ Require enrollment through the Intune portal to ensure compliance
Intune conditions
Device managed
Device compliant
✓ Enforce appropriate network access policies based on mobile device posture and risk assessment.
Allow access
Block access
NetScaler enforcement
VPN
End user requests help through Intune PC Client Center
IT alerted and responds through Intune Admin Console
TeamViewer remote assistance session
Chat
Remote restart
Video
Screen annotation
File transfer
Register your company’s TeamViewer account with Intune and enable streamlined remote assistance
#MicrosoftSecure
Seguridad en un
Mundo móvil