Embed Size (px)
Citation preview
Spark the future.
May 4 – 8, 2015Chicago, IL
Evolving Mobile Application Management for BYOD Devices with Microsoft Intune
BRK3850
Andy CeratDaniel Emerson
Intune MAM Primer• Layers of Data Protection in EMS• Defining Intune MAM• Application Roadmap
Coming soon to a Intune MAM near you…• Data Protection for BYOD without Compromise: Multi-Identity
Agenda
Intune MAM Primer
Daniel Emerson
Layers of Data Protection with EMS
ITUser
Enterprise Mobility Suite
Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
Active Directory Premium
Rights Management
Why App-Layer Protection?What we’ve heardIT Pros need to prevent data leakage from mobile productivity applicationsIT Pros need to enable easy access for IWs to work from their mobile devicesDevice level data protection works for corporate owned devices;
End users are dissatisfied with impact on personal use and data for BYODFile level data protection works for data on disk;
IT Pros need a solution within and between local applications
Corporate
Personal
Microsoft
Intune
LOB App #1
LOB App #2
Defining Mobile Application Management with Microsoft Intune
Managing App-Layer Protection Policies allow IT configuration Deployable per user, per app Common management console for MDM and MAM
Enabling Protection for Apps Built into Microsoft Office & Productivity apps Support for App Store and LOB applications
Separating Corporate and Personal Focusing protection on Corporate apps, data and
now identities
Managing App-Layer ProtectionMAM Policies
Enforce corporate data access requirements Require a PIN for
launching the app Require authentication
using corporate credentials before launching the app
Verify device health before launching the app
Prevent data leakage on the device Allow/Block
Copy/Paste Allow/Block Screen
Capture Prevent file backup to
unauthorized locations
Restrict sharing of data between applications
Enforce encryption of app data at rest
App-level selective wipe
Enabling Protection for AppsPaths to MAM
Microsoft Applications• Microsoft Office
and Productivity Apps
• Natively manageable with Intune MAM
• Same App Store Apps for Personal and Corporate
Intune Companion Apps
• Support protected web browsing and content viewing
App Wrapping Tool
• Enables protection for LOB apps
• No code changes required, targeted for IT Pros
• Supported on iOS and now Android
App SDK
• Enables full DLP for any app, including Store Apps
• Requires app participation, targeted for Developers
• In Preview for iOS and Android
OneDrive
Managed Browser
OneNoteExcel
PowerPoint
Word
Dec 201
4
Feb 201
5
March
2015
April 201
5
Coming
Soon
MAM Application CatalogImage Viewer
AV Player
PDF ViewerManaged Browser Office Mobile OneDrive
Excel
PowerPoint
Word Outlook
Work Folders Outlook
Data Protection via Intune MAM Policies
Demo
Intune MAM Primer RecapEnables App-Level data protectionComplemented by Device, File and Identity protection in EMSSupported for iOS and Android
Integrated in existing Intune tools and workflowsConfigure with Intune policyDeploy configuration during existing application deployment
List of MAM-enabled application growing quicklyMany Microsoft Office & Productivity apps enabled todayAdditional Microsoft (Outlook!) & Partner applications coming soonLOB apps supported via iOS and now Android App Wrapping Tool
Coming Soon for Intune MAMMulti-identity support for Data Protection
Andy Cerat
Cerat, Andrew
Allow me to introduce myself.
Cerat, Andrew
Cerat
Identity: PersonalName: Cerat, Andrew
Alias: Andy, PatsSox4EVA,
Description: Husband and father of two. Boston Pro Sports fan and big movie buff.
Types of Apps on Mobile Device:Games (For The Kids)
Sports News
Fantasy Sports
Netflix
Kindle
Outlook
Word
Excel
OneNote
OneDrive
Identity: WorkName: Cerat, Andrew
Nickname: Andy, andcerat
Description: Program Manager at Microsoft working on Intune Mobile App Management.
Types of Apps on Mobile Device:Intune Company Portal
Microsoft Campus Map app
MS Expense Report App
TripIt
Outlook
Word
PowerPoint
Excel
OneNote
OneDrive
Managed Browser
Personal Only Apps
Apps that are used exclusively for personal use.
These app are available from an App Store.
What we’ve heard• IT must prevent corporate data from
leaking into these apps• IT desires different levels of control needed
depending on device ownership• End Users are not satisfied with any control
of these apps
Corporate Only Apps
Apps that are used exclusively for corporate use.
These app are can be from the an App Store or created specifically for a company.
What we’ve heard• Apps should be limited to use only with a
corporate identity
• IT must prevent corporate data from leaking out of these apps
• End Users recognize these apps need to be secured
Personal and Corporate Apps - “Dual Use Apps”
Apps that are used for both personal and work purposes.
These apps are almost always from an App Store.
There apps are generally productivity apps. Email is the classic example of a “Dual use”
app.
What we have heard• These apps can be difficult to manage
because they handle both personal and corporate data.
• These apps offer users the best productivity tools & experience
Defining Multi-Identity with Microsoft Intune Mobile App Management with Microsoft Intune
Corporate
Differentiate between a user’s personal account and their work account while using “dual use” apps.
Manage the corporate data in the app versus managing the entire app.
Personal use is left untouched and unhindered .
Intune Multi-Identity Support
Personal
MicrosoftIntune
LOB App #1
LOB App #2
Personal Data
Corporate Data
Why Intune MAM Multi-Identity Protection?What we’ve heard• End users are dissatisfied with data protection solutions that isolate or contain at the
device or app level – they accept control of Corporate experiences but not Personal• End users are confused by data protection solutions to duplicate applications – one
for corporation and one for personal. This is generating support costs.• End users are familiar with and want to use Office apps as the best productivity apps;
IT Pros need to be able to protect the Corporate data in these “dual use” apps.
What we offer• Protection of only the corporate data/identity while not limiting personal use• Ensuring isolation between corporate and personal data• Removing only the corporate data while leaving the app with the personal data behind
Multi-Identity Demo
Andy Cerat
Intune MAM Multi-Identity RecapOffice apps are “Dual use” appsThe Office apps are “dual use” apps that support multi-identityIntune MAM allow users to be productive for both personal and work use
Enables Identity-Level data protectionMulti-identity extend the Intune data protection capabilities, including “Save As”, Copy/Cut/Paste, data transfer between apps to target corporate identities vs the entire App
The Rollout begins Support starts with the release of Outlook and will continue in future updates of existing MAM-enabled applications
Related SessionsMonday, May 4th
What’s New and Upcoming with Microsoft Intune and System Center Configuration Manager [01:30-02:45PM]
Tuesday, May 5th
• Managing Windows 10: Back to Basics [01:30-02:45PM]• Securing Access to Office 365 and other apps with Enterprise Mobility Suite [05:00-06:15PM]
Wednesday, May 6th
• Evolving Mobile Application Management for BYOD Devices with Microsoft Intune [10:45-12:00PM]• Managing Windows 10 with Microsoft Intune and System Center Configuration Manager [01:30-
02:45PM]• Building Out a Successful Microsoft Intune Pilot [03:15-04:30PM]• Device and Data Protection with Mobile Device Management in Office 365 [03:15-04:30PM]
Thursday, May 7th
• Deep Dive on Android and iOS Device Management with Microsoft Intune [10:45-12:00PM]
Friday, May 8th
• Configuring Corporate-Owned Mobile Devices with Microsoft Intune [09:00-10:15AM]
Liked what you saw? Experience it and win Visit our booth Check out our solutions Complete our missions….You are entered to win!
Microsoft Mobility Quest
www.msmobilityquest.com
Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.
Please evaluate this sessionYour feedback is important to us!
© 2015 Microsoft Corporation. All rights reserved.
