Upload
jan-ketil-skanke
View
1.261
Download
1
Embed Size (px)
Citation preview
Better together:Windows 10 + EMSJan Ketil Skanke
@janke75 jankesblog.com
Easily manage identities across
on-premises and cloud. Single sign-on and self-service for corporate
resources.
Manage and protect corporate apps and data on
almost any device with MDM and MAM.
Encryption, authorization policies and track usage
options to secure corporate files across devices
Unify identity
Manage apps and devices
Protect data
Enterprise Mobility Suite
Azure Active Directory Premium Microsoft Intune Azure Rights
Management
Protect applicationaccess
Help secure dataeverywhere
Flexible device & app management
Why EMS?What benefit does EMS provide Windows 10 customers?
Protect application access
Use EMS to protect application access on WindowsProtect application access
Windows foundation provides:
EMS
provides:
• Conditional access with MFA across devices & apps leveraging Windows device health data
• Self-service group and application management• Password reset with write-back to on-premises directory• Secure remote access and SSO to on-premises web applications with no need for VPN.• Microsoft Identity Manager for on-premises identity, smart-cards, certificate management
& more
• Enhanced security with Microsoft Passport• Users can set up company devices without preparation from IT with MDM auto enrollment• Device sign in with company credentials• Single sign-on to thousands of SaaS application hosted in any public cloud
Windows 10 identity choices
Protect application access
Organization-owned
• Computer joins AD to establish trust
• User signs on using AD account
• Group Policy + System Center Configuration Manager
Personally-owned
• Computer joins Azure AD to establish trust
• User signs on using Azure AD account
• MDM auto enroll with Intune or 3rd party MDM
• Settings roaming
• Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access
• User signs in with a Microsoft account, associates an Azure AD account
• MDM auto enroll with Intune or 3rd party MDM
Single sign-on to enterprise + cloud-based services
Flexible device and application management
Leverage MDM and MAM support in Windows 10Flexible device and application management
• MDM support capabilities• Corporate app isolation support – MAM • Corporate app distribution leveraging Windows Store for Business• Advanced OS distribution and upgrade support
EMS
provides:
• Automatic enrollment into MDM (via Azure AD Premium)• MDM & MAM across Windows, iOS, and Android in a single tool• Application distribution and updates with Company Portal• Secure content viewer for media and web across device platforms• Agent-based management of Windows devices
• Domain joined via System Center Configuration Manager• Internet-based via Intune
• Windows in-place upgrade & OS deployment via System Center Configuration Manager
• Certificate, WiFi, VPN, email profile provisioning
Windows foundation provides:
One consistent set of MDM capabilities
across Mobile, Desktop, and IoT
Flexible device and application management
EMS orchestratesMDM in Windows 10
ENROLLMENT
INVEN
TORY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
AS
SIST
ANCE
UNENROLLMENT
One consistent set of MDM
capabilities across mobile, desktop,
and IoT
Help secure data everywhere
Help secure data everywhere
Extend Windows 10 security to protect your data and identities
• Corporate application isolation and management• Automatic encryption for data on the device and included in roaming and
backup• Storage of Bitlocker device encryption keys in Azure
• Encrypt data during collaboration w/ consistent experience across multiple device platforms
• Track protected files and revoke access to files• Advanced security reporting
• Cloud security reports based on machine learning • On premises Behavioral analytics for advanced threat detection & Detection for known
malicious attacks and security issues• Simple, actionable feed for suspicious activity alerts with recommendations• Integration with your existing Security Information and Event Management (SIEM)
systems
EMS
provides:
Windows foundation provides:
Multiple layers of protection
Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
User IT
Active Directory Premium
Rights Management
Enterprise Mobility Suite
Windows 10 and Enterprise Mobility Suite
Windows 10
Enterprise Mobility Suite
EMS benefits for Windows
Mobile device and app management
Information protection
• Single sign-on for business cloud apps• Device set up and registration
for Windows devices
• Windows Store for Business• Traditional domain join
manageability• Manageability via MDM and
MAM
• Encryption for data at rest and generated on device• Encryption for data included in
roaming settings
• Conditional access policies for enhanced single sign on security• MDM auto enrollment• Self-service group and
application management • Password reset with write-back
to on-premises directory• Cloud based advanced security
reports • Microsoft Identity Manager
• Mobile device management• Mobile app management • Secure content viewer• Certificate, WiFi, VPN, email
profile provisioning• Agent-based management of
Windows devices (domain joined via ConfigMgr and internet-based via Intune)
• Tracking and notifications for shared documents• Protection for content stored in
Office & Office 365• Protection for on-premises
Windows Server file shares• Behavioral analytics for
advanced threat detection• Detection for known malicious
attacks and security issues
Identity and access management
Existing Differentiated Features in Win7 /Win8.1Domain Join and Group Policy ManagementExisting Win7 / Win 8.1 Enterprise features
Windows 10: Management and Deployment Side-loading of LOB appsMDM auto enrollmentAzure AD JoinThe Business StorePrivate Catalog Granular UX Control and Lockdown
Windows 10: SecurityMicrosoft PassportEnterprise Data Protection (EDP)Pass the Hash Mitigations (using Virtual Secure Mode)Device Guard
Windows 10: Windows as a Service, Support, and EntitlementsWindows Update for Business and Current Branch for BusinessAccess to Long Term Servicing Branch
Home Pro EnterpriseEMS
Management with Intune or ConfigMgr
Intune
MDM auto enrollment requires Azure AD Premium.
Management and app delivery via Intune Advanced management via Intune Company Portal
Management with Intune or ConfigMgrExtend EDP w/ Azure Rights Management for data encryption when files leave the device
Management with Intune or ConfigMgr
EMS and Windows 10
EMS
EMS
EMS
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.