[CUSTOMER NAME] Enterprise Mobility + Security ... view[CUSTOMER NAME] Enterprise Mobility + Security Business and Technical Review Results [CUSTOMER NAME] Enterprise Mobility + Security Business and Technical Review Results [CUSTOMER NAME] Enterprise Mobility ...

  • Published on
    16-May-2018

  • View
    213

  • Download
    1

Embed Size (px)

Transcript

[CUSTOMER NAME] Enterprise Mobility + Security Business and Technical Review Results

[CUSTOMER NAME]Enterprise Mobility + SecurityBusiness and Technical Review Results

Delivered by [PARTNER][DATE]

Table of ContentsBusiness and Technical Review Recap4Participants4Identity Management and Security5Business and Technical Review5Impact, Value, Key Differentiators, Risk5Recommendations5Mobile Device and Application Management6Business and Technical Review6Impact, Value, and Key Differentiators6Recommendations6Classification and Protection of Data7Business and Technical Review7Impact, Value, and Key Differentiators7Recommendations7Summary8Appendix9Cloud Identity Management with Azure AD Premium10SaaS Security with Cloud Application Security11Mobile Device and Application Management with Intune12Identity Breach Defense with Advanced Threat Analytics13Classification and Protection of Data with Azure Information Protection14

Executive Summary

On [DATE OF ASSESSMENT], [PARTNER] and Microsoft conducted an Enterprise Mobility + Security workshop at [CUSTOMER NAME]. The focus was the improvement of [CUSTOMER NAME]s security for user identity, mobility, and corporate data. Topics covered included:

Identity management and security corporate identities (internal and cloud), the impact they have on security, and how to best secure and manage them in a mobile and cloud first world.

Mobile device and application management the impact mobility is having on the organization, the challenges it raises, and how to maximize the use of these devices securely.

Classification and protection of data the impact cloud and mobile technologies have on corporate data and how to improve protection down to the individual document level.

Based on the findings from the workshop, [PARTNER] and Microsoft are recommending the use of the following solutions:

Solution

Business/IT initiative addressed

Impact (could include $$$)

Identity-based protection with Microsoft ATA

Monitor user activity to identify breaches

Azure Information Protection

Address Legals corporate security initiative with communications between executives

Address issue with secure communications between HR and employees

Mobile device management with Intune

Provide Office users secure access to corporate documents on personal devices eliminate corporate-owned devices

$600,000/year for corporate-owned devices

Azure Active Directory

Implement SSO for all users to reduce 5-10 identities to 1 single identity

Implement self-service password management

$150,000 Help Desk cost reduction

SaaS application management

Identify and manage all SaaS application access by employees

The following report provides details from the workshop on the key focus areas (identity, mobility, and document security) with findings, recommendations, and next steps. [PARTNER] and Microsoft appreciate the investment of time that [CUSTOMER NAME] has made in this effort and we look forward to continuing to work with you. We recommend setting up a time to review the findings in this report and determine the best approach to move forward.

Sincerely,

[ACCT LEAD NAME], [PARTNER]

[MS ACCT LEAD NAME], Microsoft

Business and Technical Review Recap

The Microsoft Enterprise Mobility + Security (EMS) business and technical review conducted on [DATE OF ASSESSMENT] had the following goals:

1. Understand [CUSTOMER NAME]s existing challenges and tools in key security scenarios.

2. Provide a deeper dive into core components of EMS that could augment [CUSTOMER NAME]s existing security efforts.

3. Identify the specific value(s) and impact each component would provide to [CUSTOMER NAME].

4. Provide recommendations on how [CUSTOMER NAME] can leverage the components within EMS and provide detailed next steps.

Participants

[CUSTOMER NAME]

Name

Title

Email

[PARTNER NAME]

Name

Title

Email

MICROSOFT

Name

Title

Email

Identity Management and SecurityBusiness and Technical Review

[CUSTOMER NAME]s internal identity management and security solution currently leverages [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. INCLUDE DETAIL ON EXISTING DIRECTORIES, FEDERATION, CLOUD APP USAGE, AND ANY EXISTING MFA OR SSO SOLUTIONS].

Impact, Value, Key Differentiators, Risk

1. [OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION]

2. [OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT MEET CUSTOMER SECURITY NEEDS]

3. [OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES]

4. [OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]

5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTATION THAT WOULD NEED TO BE ADDRESSED]

6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

Recommendations

Recommended Actions

Timeline

1. [DETAIL RECOMMENDATIONS FROM CLOUD IDENTITY SESSION WITH CUSTOMER]

Now/3-6 months after purchase

/etc.

2.

3.

4.

5.

Mobile Device and Application Management

Business and Technical Review

[CUSTOMER NAME]s internal mobile device and application management solution currently leverages [THIRD-PARTY MDM VENDOR THEN COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. BE SURE TO HIGHLIGHT ANY USE OF SYSTEM CENTER PRODUCTS THAT COULD BE LEVERAGED FOR BETTER TOGETHER STORY].

Impact, Value, and Key Differentiators

1. [OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION. HIGHLIGHT ANY COMPLEXITY CONCERNS]

2. [OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT MEET CUSTOMER SECURITY NEEDS]

3. [OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES]

4. [OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]

5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTION THAT WOULD NEED TO BE ADDRESSED]

6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

Recommendations

Recommended Actions

Timeline

1. [DETAIL RECOMMENDATIONS FROM MOBILE DEVICE AND APPLICATION MANAGEMENT SESSION WITH CUSTOMER]

Now/3-6 months after purchase

/etc.

2.

3.

4.

5.

Classification and Protection of Data Business and Technical Review

[CUSTOMER NAME] currently uses [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. DO THEY USE OFFICE 365 RMS TODAY? HOW HAVE THEY LEVERAGED IT? WHAT OTHER DLP TOOLS DO THEY HAVE DEPLOYED? HAVE THEY HAD ANY DATA LEAKS?].

Impact, Value, and Key Differentiators

1. [OUTLINE SPECIFICS OF EMS COULD HELP RESOLVE LEGAL DEPT CONCERNS]

2. [OUTLINE SPECIFICS OF HOW EMS COULD HELP RESOLVE HR DEPT CONCERNS]

3. [OUTLINE HOW EMS COULD HELPS RESOLVE FINANCE DEPT CONCERNS]

4. [OUTLINE HOW EMS COULD HELP PROTECT EXECUTIVE COMMS]

5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTATION THAT WOULD NEED TO BE ADDRESSED]

6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

Recommendations

Recommended Actions

Timeline

1. [DETAIL RECOMMENDATIONS FROM SELF-PROTECTING DOCUMENTS SESSION WITH CUSTOMER]

Now/3-6 months after purchase

/etc.

2.

3.

4.

5.

Summary

The Enterprise Mobility + Security business and technical review provides [CUSTOMER NAME], [PARTNER NAME], and Microsoft the opportunity to gain additional insights into areas where [CUSTOMER NAME] would benefit from components and services that complement or help redefine existing security approaches. Our recommendations would help [CUSTOMER NAME] quickly move forward to realize these benefits, and leveraging [PARTNER NAME] can help accelerate this process. Microsoft provides deployment vouchers with your Enterprise Agreement and we recommend leveraging those to engage [PARTNER NAME] to start detailing each deployment plan. [PARTNER NAME] will work with you directly on next steps.

[Things to add after the initial summary paragraph]

1. Biggest impact of EMS to the business and IT initiatives identified in the questionnaire.

2. Risk to the company (and impact to the above) by not moving forward.

3. How partner can help be very specific dont be shy on this include specific offerings and map back to business and IT initiatives.

Appendix

Cloud Identity Management with Azure AD Premium

Azure Active Directory Premium (Azure AD Premium) is a comprehensive identity and access management cloud solution that provides a robust set of capabilities for users and groups. It helps secure access to on-premises applications and more than 2,500 cloud apps. Key features of Azure AD Premium include:

Company branding: To make the end-user experience even better, you can add your company logo and color schemes to your organizations Sign In and Access Panel pages. Once youve added your logo, you also have the option to add localized logo versions for different languages and locales.

Group-based application access: Use groups to provision users and assign user access in bulk to thousands of SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced-in from your on-premises Active Directory.

Self-service password reset: Azure has always allowed directory administrators to reset passwords. With Azure AD Basic, you can now reduce Help Desk calls by giving all users in your directory the capability to reset their password, using the same sign-in experience they have for Office 365.

Azure AD Application Proxy: Give your employees secure access to on-premises applications like SharePoint and Exchange/OWA from the cloud using Azure AD.

Self-service group management: Azure AD Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests, and maintain their groups memberships.

Advanced security reports and alerts: Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are Machine Learning-based and can help you gain new insights to improve access security and respond to potential threats.

Multifactor Authentication: Multifactor Authentication (MFA) is included with Azure AD Premium and can help you secure access to on-premises applications (VPN, RADIUS, etc.), Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and thousands of non-MS Cloud services pre-integrated with Azure Active Directory. Simply enable MFA for Azure AD identities and users will be prompted to set up additional verification the next time they sign in.

Microsoft Identity Manager (MIM): Azure AD Premium comes with the option to grant rights to use a MIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit to the number of FIM servers you can use. However, MIM CALs are granted based on the allocation of an Azure AD Premium user license.

Enterprise SLA of 99.9%: We guarantee at least 99.9% availability for the Azure AD Premium service.

Password reset with write-back: Self-service password reset can be written back to on-premises directories.

Azure AD Connect Health: Monitor the health of your on-premises Active Directory infrastructure and get usage analytics.

Identity Protection: Detect potential vulnerabilities affecting your organizations identities. Configure risk-based policies that automatically respond to detect issues when a specified risk level has been reached. With our conditional access controls you can either automatically block or initiate adaptive remediation actions including password resets and multi-factor authentication enforcement.

Privileged Identity Management: Manage, control, and monitor administrative access within your organization by providing just in time administrative access to online services.

SaaS Security with Cloud Application Security

More and more organizations are adopting SaaS apps, not only to reduce costs but also to unlock competitive advantages such as improved time to market and better collaboration. Even if your company does not use cloud applications, your employees probably do. Recent research has shown that more than 80 percent of employees* admit to using non-approved SaaS apps in their jobs.

With this fast transition to cloud apps, we know you may be concerned about storing corporate data in the cloud and how to make it accessible to users anywhere without comprehensive visibility, auditing, or controls. Legacy security solutions are not designed to protect data in SaaS applications. Traditional network security solutions, such as firewalls and IPS, dont offer visibility into the transactions that are unique to each application and traffic off-premises, including how data is being used and stored. Classic controls fail to provide protection for cloud apps as they monitor only a small subset of cloud traffic and have limited understanding of app-level activities.

So how can you maintain visibility, control, and protection of your cloud apps?

Microsoft Cloud App Security is a comprehensive service that provides deeper visibility, comprehensive controls, and improved protection for your cloud applications. Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications.

Discovery

Risk assessment

Cloud App Security not only discovers 13,000 cloud applications in use, but also provides a risk score by evaluating each discovered service against more than 60 parameters: evaluating the service provider, security mechanisms, and compliance certifications. These details help determine and assess the credibility and reliability of each cloud service discovered, represented by a risk score. Cloud App Security gives you the tools to perform a total risk assessment for each service, based on a combination of risk score and usage.

Powerful reporting and analytics

Discovering which applications are in use across an organization is just the first step in making sure sensitive corporate data is protected. Understanding use cases, identifying top users, and determining the risk associated with each application are all important components to understanding an organizations overall risk posture. With Cloud App Security, we provide ongoing risk detection, analytics, and powerful reporting on users, usage patterns, upload/download traffic, and transactions so that you can identify anomalies right away.

Data control

Policy setting and enforcement

Granular-control security policies can be built easily. You can use out-of-the-box policies or build and customize your own. Every insight...

Recommended

View more >