Seguridad en un Mundo MóvilGestión y control de apps y dispositivos

#MicrosoftSecure

Ernesto Rincón – Especialista en soluciones de Movilidad + Seguridad

Raúl Moros Peña – Especialista técnico en soluciones de Movilidad + Seguridad

Seguridad en un

Mundo móvil

Microsoft Cloud App Security Enterprise-grade security for your cloud apps

#MicrosoftSecure

Ernesto Rincón – Especialista en soluciones de Movilidad + Seguridad

Seguridad en un

Mundo móvil

• User chooses apps (unsanctioned, shadow IT)

• User can access resources from anywhere

• Data is shared by user and cloud apps

• IT has limited visibility and protection

• Only sanctioned apps are installed

• Resources accessed via managed devices/networks

• IT had layers of defense protecting internal apps

• IT has a known security perimeter

Life with cloudLife before cloud

On-premises

Storage, corp data Users

Enterprise Mobility Suite

Identity and access

management

Azure Active

Directory

Mobile device and

app management

Intune

Information

protection

Azure Rights

Management

User and entity

behavioral analytics

Advanced Threat

Analytics

Cloud and SaaS

app security

Cloud App

Security

Bring enterprise-grade

visibility, control, and

protection to your

cloud applications.

DiscoveryGain complete visibility and

context for cloud usage and

shadow IT—no agents required

Data controlShape your cloud environment with

granular controls and policy setting

for access, data sharing, and DLP

Threat protectionIdentify high-risk usage and security

incidents, detect abnormal user

behavior, and prevent threats

Integrate with existing security, mobility, and encryption solutions

No agents required on

user devices for discovery

Comprehensive controls

for your sanctioned apps

Enterprise-grade: simple

to deploy and manage

Builds on broader Microsoft

security platform

Deeply integrated with

Office 365

Threat detection draws from

Microsoft’s security intelligence

Intune

#MicrosoftSecure

Raúl Moros – Especialista técnico en soluciones de Movilidad + Seguridad

Seguridad en un

Mundo móvil

Click to edit Master title style

Leveraging the Cloud Platform to Boost

Mobile ProductivityTransformation and end user expectation

The digital transformation brings new challenges for IT, as they strive to protect data, while enabling employees to stay productive.

End user expectations have never been higher, they expect a mobile productivity experience that matches their consumer experiences.

Click to edit Master title styleConsider the data in your email and docs

Think of the volume of information that moves through Outlook– the sensitive data you put into Word, Excel, and PowerPoint. Everyday.

Intellectual property

Product development

Strategic direction

Growth plans

Competitive plans

Board presentations

Confidential client information

Corporate secrets

Internally only licensed content

Balancing productivity with protection.

How do IT Pros empower their users to be

productive, while protecting the massive

amounts of data flowing through their

mobile ecosystem?

Mobile application management

PC managementMobile device management

Strategically direct the flow of your mobile ecosystem, giving your end

users the experience they expect while ensuring your corporate data is

protected at every turn.

Enterprise mobility management with Intune

Enable your users

Protect your data

Microsoft Intune

User IT

Click to edit Master title styleDelivered from the cloud

Because Microsoft Intune is cloud-based, it lowers costs and eliminates the need to plan, purchase, and maintain on premise hardware and infrastructure.

Intune is always up to date, and scales with ease as your needs evolve.

Click to edit Master title styleDelivering on a unified Microsoft vision

Built with EMS, Office and Windows, Intune delivers on a unified Microsoft vision to transform the way enterprise secures mobile productivity.

This combined effort enables awesome end-to-end scenarios.

Control access to your data

Control what happens to your data

after it’s been accessed

Modern PC management

Click to edit Master title style

Control access to your data

Click to edit Master title styleControl access to data based on real-time context

Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels. As conditions change, natural user prompts ensure that only the right users on compliant devices can access sensitive data.

Azure Active Directory Premium

Microsoft IntuneMicrosoft Intelligent

Security Graph

Risk-based conditional access

• Block access

• Wipe device

Conditions

• Allow

• Enforce MFA

• Remediate

Actions

Location (IP range)

Device state

User groupUser

MFA

Risk

On-premises

applications

Microsoft Azure

Risk (Low, Medium, High)

Click to edit Master title style

Control what happens after the data is accessed

Click to edit Master title style

Managed apps

Personal appsPersonal apps

Managed apps

MDM – optional (Intune or 3rd-party)

Our app protection policies allow you to control what happens to docs and data after they’ve been accessed.

• App encryption at rest

• App access control – PIN or credentials

• Save as/copy/paste restrictions

• App-level selective wipe

• Managed web browsing

• Secure viewing of PDFs, images, videos

Control what happens after the data is accessed

Corporate data

Personaldata

Multi-identity policy

Click to edit Master title styleThe Office apps end-users expect

Give your people the real Office experience they expect, without compromising the control you need. Intune gives you unparalleled control over the data in that moves through Office -across all your devices.

Click to edit Master title styleProtect with and without enrollment

Intune’s application protection

policies give you the versatility to

manage your data with or without

device enrollment.

Click to edit Master title styleAlso manage apps via native OS app controls

Intune can also manage apps via native app controls that are exposed through iOS and Android operating systems. This capability extends Intune’s app ecosystem beyond our SDK built enlightened apps, to include many other popular business apps.

Only for managed devices.

Click to edit Master title style

Modern PC management

Click to edit Master title style

With the different options in

Windows 10, plus Configuration

Manager and Intune, you have the

flexibility to stage implementation

of modern management scenarios

while targeting different devices

the way that best suits your

business needs.

Everything you need for modern PC management

Click to edit Master title style

You need flexibility in a complex device ecosystem

Microsoft Intune provides you option that allow you to keep your data secure across a range of scenarios that occur day-to-day. Our MAM and MDM capabilities allow you to protect corporate data with or without device management.

Company-Managed

Employee-Managed

3rd Party-Managed

Click to edit Master title style

Click to edit Master title styleA growing partner ecosystem

Intune partnerships are designed to enhance our core functionality by delivering interoperability with popular point solutions our customers want and rely upon.

All partner products must be purchased directly from the partner

Device is compliant

Device is managed

Scans apps for risk

ITScans unknown network for risk

Allow access or

Block access

Enforce MFA per

user/per app

Device compliant

Scans OS for vulnerability

Risk (Low, Medium, High)

Managed apps

Personal apps

✓ Input telecom plan details

✓ Set data & roaming thresholds

✓ Real Time data monitoring activity

Block data and/or roaming use when thresholds

are reached

App reports usage

ADMIN

Warning notifications sent as

thresholds approach

Intune

Datalert app deployed & activated

• Intune managed device

Notify Intune when thresholds are reached

Unblock when notified by Datalert

USER

X X X X X

✓ Require enrollment through the Intune portal to ensure compliance

Intune conditions

Device managed

Device compliant

✓ Enforce appropriate network access policies based on mobile device posture and risk assessment.

Allow access

Block access

Cisco ISE enforcement

VPN

WiFi

X X X X X

✓ Require enrollment through the Intune portal to ensure compliance

Intune conditions

Device managed

Device compliant

✓ Enforce appropriate network access policies based on mobile device posture and risk assessment.

Allow access

Block access

NetScaler enforcement

VPN

End user requests help through Intune PC Client Center

IT alerted and responds through Intune Admin Console

TeamViewer remote assistance session

Chat

Remote restart

Video

Screen annotation

File transfer

Register your company’s TeamViewer account with Intune and enable streamlined remote assistance

#MicrosoftSecure

Seguridad en un

Mundo móvil