Download docx - [CUSTOMER NAME] Enterprise Mobility + Security ... · Web view[CUSTOMER NAME] Enterprise Mobility + Security Business and Technical Review Results [CUSTOMER NAME] Enterprise Mobility

[CUSTOMER NAME]Enterprise Mobility + SecurityBusiness and Technical Review ResultsDelivered by [PARTNER][DATE]

[CUSTOMER NAME] Enterprise Mobility + Security Business and Technical Review Results

Table of ContentsBusiness and Technical Review Recap..................................................................................................4

Participants..................................................................................................................................... 4Identity Management and Security.......................................................................................................5

Business and Technical Review.......................................................................................................5Impact, Value, Key Differentiators, Risk..........................................................................................5Recommendations..........................................................................................................................5

Mobile Device and Application Management........................................................................................6Business and Technical Review.......................................................................................................6Impact, Value, and Key Differentiators............................................................................................6Recommendations..........................................................................................................................6

Classification and Protection of Data....................................................................................................7Business and Technical Review.......................................................................................................7Impact, Value, and Key Differentiators............................................................................................7Recommendations..........................................................................................................................7

Summary.............................................................................................................................................. 8Appendix.............................................................................................................................................. 9

Cloud Identity Management with Azure AD Premium....................................................................10SaaS Security with Cloud Application Security..............................................................................11Mobile Device and Application Management with Intune..............................................................12Identity Breach Defense with Advanced Threat Analytics.............................................................13Classification and Protection of Data with Azure Information Protection.......................................14

2


Executive SummaryOn [DATE OF ASSESSMENT], [PARTNER] and Microsoft conducted an Enterprise Mobility + Security workshop at [CUSTOMER NAME]. The focus was the improvement of [CUSTOMER NAME]’s security for user identity, mobility, and corporate data. Topics covered included:

Identity management and security – corporate identities (internal and cloud), the impact they have on security, and how to best secure and manage them in a mobile and cloud first world.

Mobile device and application management – the impact mobility is having on the organization, the challenges it raises, and how to maximize the use of these devices securely.

Classification and protection of data – the impact cloud and mobile technologies have on corporate data and how to improve protection down to the individual document level.

Based on the findings from the workshop, [PARTNER] and Microsoft are recommending the use of the following solutions: Solution Business/IT initiative addressed Impact (could

include $$$)Identity-based protection with Microsoft ATA

Monitor user activity to identify breaches

Azure Information Protection

Address Legal’s corporate security initiative with communications between executives

Address issue with secure communications between HR and employees

Mobile device management with Intune

Provide Office users secure access to corporate documents on personal devices – eliminate corporate-owned devices

$600,000/year for corporate-owned devices

Azure Active Directory

Implement SSO for all users to reduce 5-10 identities to 1 single identity

Implement self-service password management

$150,000 Help Desk cost reduction

SaaS application management

Identify and manage all SaaS application access by employees

The following report provides details from the workshop on the key focus areas (identity, mobility, and document security) with findings, recommendations, and next steps. [PARTNER] and Microsoft appreciate the investment of time that [CUSTOMER NAME] has made in this effort and we look forward to continuing to work with you. We recommend setting up a time to review the findings in this report and determine the best approach to move forward. Sincerely,[ACCT LEAD NAME], [PARTNER][MS ACCT LEAD NAME], Microsoft

3


Business and Technical Review RecapThe Microsoft Enterprise Mobility + Security (EMS) business and technical review conducted on [DATE OF ASSESSMENT] had the following goals:

1. Understand [CUSTOMER NAME]’s existing challenges and tools in key security scenarios.2. Provide a deeper dive into core components of EMS that could augment [CUSTOMER NAME]’s

existing security efforts. 3. Identify the specific value(s) and impact each component would provide to [CUSTOMER NAME].4. Provide recommendations on how [CUSTOMER NAME] can leverage the components within EMS and

provide detailed next steps.

Participants[CUSTOMER NAME]

Name Title Email

[PARTNER NAME]

Name Title Email

MICROSOFT

Name Title Email

4


Identity Management and SecurityBusiness and Technical Review[CUSTOMER NAME]’s internal identity management and security solution currently leverages [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. INCLUDE DETAIL ON EXISTING DIRECTORIES, FEDERATION, CLOUD APP USAGE, AND ANY EXISTING MFA OR SSO SOLUTIONS].

Impact, Value, Key Differentiators, Risk1. [OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION]2. [OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT

MEET CUSTOMER SECURITY NEEDS]3. [OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES] 4. [OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTATION THAT WOULD NEED TO BE ADDRESSED]6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

RecommendationsRecommended Actions Timeline1. [DETAIL RECOMMENDATIONS FROM CLOUD IDENTITY SESSION WITH

CUSTOMER]Now/3-6 months after purchase/etc.

2.3.4.5.

5


Mobile Device and Application ManagementBusiness and Technical Review[CUSTOMER NAME]’s internal mobile device and application management solution currently leverages [THIRD-PARTY MDM VENDOR – THEN COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. BE SURE TO HIGHLIGHT ANY USE OF SYSTEM CENTER PRODUCTS THAT COULD BE LEVERAGED FOR BETTER TOGETHER STORY].

Impact, Value, and Key Differentiators1. [OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION. HIGHLIGHT ANY

COMPLEXITY CONCERNS]2. [OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT

MEET CUSTOMER SECURITY NEEDS]3. [OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES]4. [OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTION THAT WOULD NEED TO BE ADDRESSED]6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

RecommendationsRecommended Actions Timeline1. [DETAIL RECOMMENDATIONS FROM MOBILE DEVICE AND APPLICATION

MANAGEMENT SESSION WITH CUSTOMER]Now/3-6 months after purchase/etc.

2.3.4.5.

6


Classification and Protection of Data Business and Technical Review[CUSTOMER NAME] currently uses [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. DO THEY USE OFFICE 365 RMS TODAY? HOW HAVE THEY LEVERAGED IT? WHAT OTHER DLP TOOLS DO THEY HAVE DEPLOYED? HAVE THEY HAD ANY DATA LEAKS?].

Impact, Value, and Key Differentiators1. [OUTLINE SPECIFICS OF EMS COULD HELP RESOLVE LEGAL DEPT CONCERNS]2. [OUTLINE SPECIFICS OF HOW EMS COULD HELP RESOLVE HR DEPT CONCERNS]3. [OUTLINE HOW EMS COULD HELPS RESOLVE FINANCE DEPT CONCERNS]4. [OUTLINE HOW EMS COULD HELP PROTECT EXECUTIVE COMMS] 5. [OUTLINE KEY RISK WITH THE SOLUTION IMPLEMENTATION THAT WOULD NEED TO BE ADDRESSED]6. [OUTLINE KEY RISK TO BUSINESS BY NOT MOVING FORWARD]

RecommendationsRecommended Actions Timeline1. [DETAIL RECOMMENDATIONS FROM SELF-PROTECTING DOCUMENTS

SESSION WITH CUSTOMER]Now/3-6 months after purchase/etc.

2.3.4.5.

7


SummaryThe Enterprise Mobility + Security business and technical review provides [CUSTOMER NAME], [PARTNER NAME], and Microsoft the opportunity to gain additional insights into areas where [CUSTOMER NAME] would benefit from components and services that complement or help redefine existing security approaches. Our recommendations would help [CUSTOMER NAME] quickly move forward to realize these benefits, and leveraging [PARTNER NAME] can help accelerate this process. Microsoft provides deployment vouchers with your Enterprise Agreement and we recommend leveraging those to engage [PARTNER NAME] to start detailing each deployment plan. [PARTNER NAME] will work with you directly on next steps.

[Things to add after the initial summary paragraph]1. Biggest impact of EMS to the business and IT initiatives identified in the questionnaire.2. Risk to the company (and impact to the above) by not moving forward.3. How partner can help – be very specific – don’t be shy on this – include specific offerings and map

back to business and IT initiatives.

8


Appendix

9


Cloud Identity Management with Azure AD PremiumAzure Active Directory Premium (Azure AD Premium) is a comprehensive identity and access management cloud solution that provides a robust set of capabilities for users and groups. It helps secure access to on-premises applications and more than 2,500 cloud apps. Key features of Azure AD Premium include: Company branding: To make the end-user experience even better, you can add your company logo

and color schemes to your organization’s Sign In and Access Panel pages. Once you’ve added your logo, you also have the option to add localized logo versions for different languages and locales.

Group-based application access: Use groups to provision users and assign user access in bulk to thousands of SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced-in from your on-premises Active Directory.

Self-service password reset: Azure has always allowed directory administrators to reset passwords. With Azure AD Basic, you can now reduce Help Desk calls by giving all users in your directory the capability to reset their password, using the same sign-in experience they have for Office 365.

Azure AD Application Proxy: Give your employees secure access to on-premises applications like SharePoint and Exchange/OWA from the cloud using Azure AD.

Self-service group management: Azure AD Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests, and maintain their group’s memberships.

Advanced security reports and alerts: Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are Machine Learning-based and can help you gain new insights to improve access security and respond to potential threats.

Multifactor Authentication: Multifactor Authentication (MFA) is included with Azure AD Premium and can help you secure access to on-premises applications (VPN, RADIUS, etc.), Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and thousands of non-MS Cloud services pre-integrated with Azure Active Directory. Simply enable MFA for Azure AD identities and users will be prompted to set up additional verification the next time they sign in.

Microsoft Identity Manager (MIM): Azure AD Premium comes with the option to grant rights to use a MIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit to the number of FIM servers you can use. However, MIM CALs are granted based on the allocation of an Azure AD Premium user license.

Enterprise SLA of 99.9%: We guarantee at least 99.9% availability for the Azure AD Premium service.

Password reset with write-back: Self-service password reset can be written back to on-premises directories.

Azure AD Connect Health: Monitor the health of your on-premises Active Directory infrastructure and get usage analytics.

Identity Protection: Detect potential vulnerabilities affecting your organization’s identities. Configure risk-based policies that automatically respond to detect issues when a specified risk level has been reached. With our conditional access controls you can either automatically block or initiate adaptive remediation actions including password resets and multi-factor authentication enforcement.

Privileged Identity Management: Manage, control, and monitor administrative access within your organization by providing “just in time” administrative access to online services.

10

https://msdn.microsoft.com/en-us/library/azure/dn906722.aspx

https://msdn.microsoft.com/library/azure/dn768214.aspx


SaaS Security with Cloud Application Security More and more organizations are adopting SaaS apps, not only to reduce costs but also to unlock competitive advantages such as improved time to market and better collaboration. Even if your company does not use cloud applications, your employees probably do. Recent research has shown that more than 80 percent of employees* admit to using non-approved SaaS apps in their jobs. With this fast transition to cloud apps, we know you may be concerned about storing corporate data in the cloud and how to make it accessible to users anywhere without comprehensive visibility, auditing, or controls. Legacy security solutions are not designed to protect data in SaaS applications. Traditional network security solutions, such as firewalls and IPS, don’t offer visibility into the transactions that are unique to each application and traffic off-premises, including how data is being used and stored. Classic controls fail to provide protection for cloud apps as they monitor only a small subset of cloud traffic and have limited understanding of app-level activities. So how can you maintain visibility, control, and protection of your cloud apps? Microsoft Cloud App Security is a comprehensive service that provides deeper visibility, comprehensive controls, and improved protection for your cloud applications. Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications. DiscoveryRisk assessmentCloud App Security not only discovers 13,000 cloud applications in use, but also provides a risk score by evaluating each discovered service against more than 60 parameters: evaluating the service provider, security mechanisms, and compliance certifications. These details help determine and assess the credibility and reliability of each cloud service discovered, represented by a risk score. Cloud App Security gives you the tools to perform a total risk assessment for each service, based on a combination of risk score and usage. Powerful reporting and analyticsDiscovering which applications are in use across an organization is just the first step in making sure sensitive corporate data is protected. Understanding use cases, identifying top users, and determining the risk associated with each application are all important components to understanding an organization’s overall risk posture. With Cloud App Security, we provide ongoing risk detection, analytics, and powerful reporting on users, usage patterns, upload/download traffic, and transactions so that you can identify anomalies right away. Data controlPolicy setting and enforcementGranular-control security policies can be built easily. You can use out-of-the-box policies or build and customize your own. Every insight is actionable, allowing you to remediate with a single click. DLP and data sharing controlYou can govern data in the cloud – such as files that are stored in cloud drives – as attachments, or within cloud application fields. Use pre-defined fields or extend existing enterprise DLP policies to your SaaS

11


applications. Dynamic reports can run on DLP violations, sensitive file sharing, and data sharing violations. Data control in the cloud helps you comply with regulatory mandates such as PCI, HIPAA, and more. Threat protectionUser behavioral analytics Cloud App Security helps you stay ahead of attackers. You can identify anomalies in your cloud usage that may be indicative of a data breach. Cloud App Security advanced machine learning heuristics learn how each user interacts with each SaaS application and, through behavioral analysis, assesses the risks in each transaction. This includes simultaneous logins from two countries, the sudden download of terabytes of data, or multiple failed login attempts that may signify a brute force attack.

Mobile Device and Application Management with IntuneMicrosoft Intune provides Mobile Device Management and Mobile Application Management via the cloud. It enables organizations to provide their employees with access to corporate applications, data, and resources from virtually anywhere on virtually any device, while helping to keep corporate information secure. Key features of Intune include: Device choice: Provide employees with the ability to register, enroll, and manage their devices as

well as install corporate applications from the self-service Company Portal – all from the devices of their choice.

Unparalleled management of Office mobile apps: Maximize productivity by enabling your employees to access corporate resources with the Office mobile apps they know and love while applying policies that can help prevent leakage of company data.

Data protection: Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on device enrollment and compliance policies set by the administrator.

No infrastructure required: Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.

Enterprise integration: Extend your existing System Center Configuration Manager infrastructure through integration with Intune to provide a consistent management experience across devices on-premises and in the cloud.

12


Identity Breach Defense with Advanced Threat AnalyticsToday, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In 63% of breaches, attackers use compromised user credentials to breach systems. Traditional IT security tools provide limited protection against sophisticated cyber-security attacks when user credentials are stolen. Initial set up, creating rules, and fine-tuning are cumbersome and may take years. Every day, organizations receive several reports full of false positives. Most of the time, you don’t have the resources to review this information and even if you could, you may still not have the answers, since these tools are designed to protect the perimeter, primarily stopping attackers from gaining access. Today’s complex cyber-security attacks require a different approach. Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline. Microsoft Advanced Threat Analytics leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to build an Organizational Security Graph and detect advanced attacks in near real time.Detect suspicious activities and malicious attacks with behavioral analytics Using its proprietary algorithm, Microsoft Advanced Threat Analytics works around the clock to help you pinpoint suspicious activities in your systems by profiling and knowing what to look for. No need for creating rules, fine-tuning, or monitoring a flood of security reports, since the intelligence needed is built in. ATA also identifies known advanced attacks and security issues. Adapt to the changing nature of cyber-security threats ATA continuously learns the behavior of organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. As attacker tactics get more sophisticated, ATA helps you adapt to the changing nature of cyber-security threats with continuously-learning behavioral analytics. Focus on what is important with a simple attack timeline The constant reporting of traditional security tools and sifting through them to locate the important and relevant alerts can get overwhelming. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who, what, when, and how. ATA also provides recommendations for investigation and remediation for each suspicious activity. Reduce false positive fatigue Traditional IT security tools are often not equipped to handle the rising amounts of data, turning up unnecessary red flags and distracting you from the real threats. With ATA, these alerts happen once suspicious activities are contextually aggregated to its own behavior, as well as to the other entities in its interaction path. The detection engine also automatically guides you through the process, asking you simple questions to adjust the detection process based on your input.

13


Classification and Protection of Data with Azure Information ProtectionOrganizations no longer operate within their own perimeters. Data is traveling between users, devices, apps, and services more than ever before, and perimeter, user, or device-based protections do not guarantee data will remain safe as it travels outside of corporate boundaries. Even simply identifying the data that needs protection can be a major challenge. So how can you identify and secure your data when it’s being stored in disparate locations and shared across boundaries? Microsoft Azure Information Protection helps you classify and label your data at the time of creation. Protection (encryption + authentication + use rights) can then be applied to sensitive data. Classification labels and protection are persistent, traveling with the data so that it’s identifiable and protected at all times – regardless of where it’s stored or with whom it’s shared. The interface is simple and intuitive and does not interrupt your normal working experience. You also have deep visibility and control over shared data. What does Azure Information Protection provide?

Classification and labeling

Classify data based on source, context, and content at the time of creation or modification, either automatically or manually. Once classified, a persistent label is embedded in the data and actions such as visual marking and encryption can be taken based on the classification and label.

Protection and use rights

Protect sensitive data by encrypting it and allowing only authorized users access to the data. The protection is persistent to ensure data is protected at all times, regardless of where it’s stored or with whom it’s shared.

Tracking and reporting Users can track activities on shared files and revoke access if they

encounter unexpected activities. The solution provides rich logs and reporting that can be leveraged for compliance and regulatory purposes.

14