3 Leveraging the Cloud Platform to Boost Mobile Productivity Transformation and end user expectationThe digital transformation brings new challenges for IT, as they strive to protect data, while enabling employees to stay productive.End user expectations have never been higher, they expect a mobile productivity experience that matches their consumer experiences.There’s a digital transformation under way, as IT makes a move to the cloud --and employee expectation is to be able to be productive on the go, across devices – with an experience that matches their consumer experiences.All this change at once brings new challenges for IT, as they strive to protect data while enabling employees to stay productive, while protecting corporate data in today’s increasingly complex mobile landscape.
4 Consider the data in your email and docs Think of the volume of information that moves through Outlook– the sensitive data you put into Word, Excel, and PowerPoint. Everyday.Intellectual propertyProduct developmentStrategic directionGrowth plansCompetitive plansBoard presentationsConfidential client informationCorporate secretsInternally only licensed contentFor many companies, their first step into the cloud is with Office 365. Office 365 gives end users the experience they expect across all of their devices, while providing enterprise grade security and compliance for data on our servers – knowing that their data is as safe if not safer than data stored on their on-premises servers in the past.But how to protect the data after it is accessed, as it courses through the mobile devices of your workforce – and how do you ensure that only the right people on healthy devices under approved circumstances access that data?
5 Balancing productivity with protection. How do IT Pros empower their users to be productive, while protecting the massive amounts of data flowing through their mobile ecosystem?The real question this leads us to is -- how do IT Pros empower their users to be productive, while protecting the massive amounts of data flowing through their mobile ecosystem?
6 Optional --video that explores this challenge from the perspective of real IT Pros and real end users.2:23 length
7 Empower every person and every organization on the planet to achieve more. This challenge fits perfectly into Microsoft’s wheelhouse – just consider our mission – to empower every person and every organization on the planet to achieve more.
8 “Digital Transformation is about the mobility of the human experience” –Satya NadellaAnd enabling mobility is top of mind for our executive leadership team.
9 Microsoft IntuneManage your diverse mobile environment in a secure and unified way with Microsoft Intune.Intune is part of Microsoft’s vision – for enabling a secure mobile workforce, by delivering a set of tools that let you manage your diverse mobile environment in a secure and unified way. Whether your people are using iOS, MacOS, Android or Windows devices – Intune can hep you deliver productivity to your people across end points while keeping your data secure at every turn.Today we’ll look at how Intune delivers in three important areas:How we deliver on a unified Microsoft vision for a secure and productive enterpriseour focus and commitment to experience for both end users and IT ProsAnd how we’re ready to solve your needs today – and we’re ready for your evolving needs..by offering unparalleled flexibility, choice and scale for how you manage your mobile ecosystemVisionExperienceReady
10 Enterprise mobility management with Intune Mobile device managementMobile application managementPC managementUserITOptional slide for customers that are not familiar with Intune’s high level capabilities….Microsoft IntuneProtect your dataEnable your usersStrategically direct the flow of your mobile ecosystem, giving your end users the experience they expect while ensuring your corporate data is protected at every turn.
11 Vision Experience Ready MICROSOFT INTUNELet’s look first at how we deliver on a unified Microsoft visionVisionExperienceReady
12 Delivering on a unified Microsoft vision Control access to your dataBuilt with EMS, Office and Windows, Intune delivers on a unified Microsoft vision to transform the way enterprise secures mobile productivity.This combined effort enables awesome end-to-end scenarios.Control what happens to your data after it’s been accessedModern PC managementThe way Intune works across EMS, Office and Windows – to deliver on Microsoft larger vision for secure productive enterprise - let’s you have awesome end to end scenarios that you can’t get anywhere else:The ability to control access to your data - based on multiple layers of context and risk data.The ability to control what happens to your data after it’s been accessed.And full Modern PC management capabilities.
13 Control access to data based on real-time context Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels. As conditions change, natural user prompts ensure that only the right users on compliant devices can access sensitive data.Let’s take a look at how we help you control access to your data.Conditional access from EMS combines the power of Intune and Azure AD Premium to make sure that only the right people, on approved devices, under the right circumstances can access your data.With conditional access, you can define adaptive policies that limit access to your corporate data based on location, device and user state, and application sensitivity. Plus, our risk detection capabilities, which leverage billions of signals daily, can detect suspicious behavior and apply risk-based conditional access that protects your applications and critical company data in real time.
15 Multi-identity policy Control what happens after the data is accessedManaged appsPersonal appsManaged appsCorporatedataPersonalMulti-identity policyOur app protection policies allow you to control what happens to docs and data after they’ve been accessed.App encryption at restApp access control – PIN or credentialsSave as/copy/paste restrictionsApp-level selective wipeManaged web browsingSecure viewing of PDFs, images, videosRestrict features, sharing and downloadsAnd then there is an unprecedented ability to control what happens after the data is accessed.Our unique approach to data protection allows us to protect the data at the app level, with out the need for traditional containerization or sandboxing. And because we leverage the user identity in our approach, we can enable multi- identity usage of apps - -where app policies are intelligent enough to only apply to data applicable to corporate accounts.Our capabilities here include:App encryption at restApp access control – PIN or credentialsSave as/copy/paste restrictionsApp-level selective wipeManaged web browsingSecure viewing of PDFs, images, videosIntune has been working directly with the Office team to define our app protection strategy. Intune is the only mobility management solution that can control Office with this much granular control, without compromising on the end user experience.Personal appsMDM – optional(Intune or 3rd-party)
16 Everything you need for modern PC management With the different options in Windows 10, plus Configuration Manager and Intune, you have the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.And if your ready to take the step to full modern PC management we have the full set of capabilities available. And will continue to work closely with Windows to bring new capabilities to you when they are available. Modern management – is here with Intune – if your ready.If you want to start with a mixed environment of traditional PC management and Modern management -- the different options in Windows 10, plus Configuration Manager and Intune, you have the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
17 Vision Experience Ready MICROSOFT INTUNENow lets look at how we deliver on experience for end users and IT ProsVisionExperienceReady
18 An awesome end-user and IT Pro experience Real Office appsNatural and intuitive, the best experience for both end users and IT Pros. The control and support IT requires; the experience your people expect.Protect data with and without device enrollmentIntune on AzureWe believe that your only as good as the experience you enable, which is why we are so focused on providing both end users and IT Pros a natural and intuitive experience that just works.A great experience for end users means they have a higher likelihood of actually using the protected solutions that you provide them – less likely to create workarounds that are completely off your radar to get work done.And for IT Pros this means that you spend more of your time strategically managing the flow of your mobile ecosystem – empowering your users to be productive across the diverse end points that they work on – while your data stays secure.Support to get you started and keep you going day-to-day
19 The Office apps end-users expect Give your people the real Office experience they expect, without compromising the control you need. Intune gives you unparalleled control over the data in that moves through Office - across all your devices.With Intune you can give your people the real Office experience they expect without compromising the control you expect. Intune is the only mobility management solution that can control Office with this much granular control, without compromising on the end user experience.
20 Protect with and without enrollment Intune’s application protection policies give you the versatility to manage your data with or without device enrollment.Our ability to protect data with our without device enrollment give you the ability to enable scenarios where corporate data can be accessed securely even when a user is reluctant to enroll the device – which you can find sometimes with BYOD scenarios…
21 A new admin experience with Intune on Azure Intune on Azure empowers IT Pros be more strategic and proactive in today’s do-more-with-less business environment.A new service platform -built for scaleThe power of Microsoft GraphOptimized administration of core EMS workflowsFrom now, through the first quarter of 2017, the Intune administrative experience for both MDM and MAM will be migrating completely to the Azure Portal. This move to Azure, brings some important new benefits for IT Pros using Intune, Including:A new service platform with increased scale and reliability. The new platform provides the foundation for nearly unlimited scale moving forward and ready to easily handle and render huge numbers of objects, like devices, users, and groups. And the new admin experience on Azure can run in any browser, on any deviceThe ability to harness the Microsoft Graph for automation and reporting. Intune, like many Microsoft cloud services such as Office 365, will use Microsoft Graph for API exposure --providing interfaces for both IT Pro and IT systems integration. With the Graph, an IT Pro can bulk add and deploy applications to devices without even opening the console. You can also audit any actions done through APIs or the console, providing powerful insights into who made changes when. IT Systems can be integrated with Graph to pull data as well for example, you could pull detailed asset information on devices into asset management or reporting systems.And the new admin experience on Azure provides an optimized IT experience for cross EMS workflows. Workflows that cross EMS services, like Conditional Access, are simplified and optimized administratively through the combination of Azure Active Directory and Intune through the Azure Portal. The Azure Portal administration experience also incorporates role-based access, that allows you to segment administrative actions across the appropriate mobility-management personnel in customer IT organizations. And it brings deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamic targeting groups, fully federated with an organization’s on-premises Active Directory.
22 World class support – included FastTrack provides you access to a team of engineers dedicated to helping you plan and execute your deployment. And our 24/7 support ensures you have the support you need day to day.Both included with your Intune subscription.Finally, Intune comes with an incredible support package.Including FastTrack support which provides access to a dedicated team of engineers that can help you plan and execute your Intune deploymentAnd we offer 24/7 support in multiple languages to make sure you have everything you need to stay up and running day-to-day.Both included free of charge with your Intune subscriptions.
23 Vision Experience Ready MICROSOFT INTUNENext we’ll look at how Intune is uniquely positioned readily meet your needs today and tomorrow.VisionExperienceReady
24 Meets your immediate needs and adapts to your evolving IT strategy. Flexibility and choice in how you manage your mobile ecosystemMicrosoft Intune is built from the cloud, with the flexibility and control that meets your needs today, and scales as your mobile strategy matures and evolves over time.Inclusive partner ecosystemWhere you are today is not where you will be tomorrow, so having a solution that can adapt as your mobile strategy evolves and matures is critical. Our ability to do so means that Intune is an investment that will take you into the future.Now let’s look at how we deliver on this.Microsoft Cloud Infrastructure
25 You need flexibility in a complex device ecosystem Company-ManagedMicrosoft Intune provides you option that allow you to keep your data secure across a range of scenarios that occur day-to-day. Our MAM and MDM capabilities allow you to protect corporate data with or without device management.Employee-ManagedMicrosoft Intune provides you option that allow you to keep your data secure across a range of scenarios that occur day-to-day. Our MAM and MDM capabilities allow you to protect corporate data with or without device management.3rd Party-Managed
26 Complexity is inherent in today’s mobile landscape – with the multiple needs and scenarios naturally presenting themselves in even the most simple environments.You have company-managed devices – these may be dedicated to a specific user (IW) or devices that are shared across multiple employees.You also have devices that are employee-managed – whether it’s a primary device their using (their iPhone or PC) or what we call a companion device – something the are using to get online from time to time (like their daughter’s iPad or a family computer)And last but not least there’s 3rd party-managed devices – these are devices that may be managed by other entities or perhaps unmanaged but unfamiliar to you --think about your partners and contractors that you want to enable – or public kiosk scenarios.These various needs naturally show up in today’s corporate environment. Intune’s MAM and MDM capabilities are designed to help you solve for them all – in a way that enables you enable access to data securely based on your needs.
27 The best control with Intune-enlightened apps All Intune-enlightened applications are built with the Intune App SDK, enabling them with the richest set of mobile application protection policies available.Many also support multi-identity and without enrollment scenarios.We have a great app story too.Earlier we discussed all the app policies that allow you secure access to data and what happens to data after it’s been accessed. This premium set of policies and features are available with Intune-enlightened apps- apps that are built with our SDK. Our growing ecosystem of enlightened apps includes over 20 apps, including the Office apps – and there are more being added all the time. And don’t forget, you can also use the Intune App Wrapping Tool to protect your own internal line-of-business (LOB) apps.REMINDER from earlier slides: our unique approach to data protection allows us to protect the data at the app level, with out the need for traditional containerization or sandboxing. And because we leverage the user identity in our approach, we can enable multi- identity usage of apps - -where app policies are intelligent enough to only apply to data applicable to corporate accounts.Our capabilities here include:App encryption at restApp access control – PIN or credentialsSave as/copy/paste restrictionsApp-level selective wipeManaged web browsingSecure viewing of PDFs, images, videos
28 Also manage apps via native OS app controls Intune can also manage apps via native app controls that are exposed through iOS and Android operating systems. This capability extends Intune’s app ecosystem beyond our SDK built enlightened apps, to include many other popular business apps.Only for managed devices.For device scenarios we can also manage apps via native app controls that are exposed through iOS and Android operating systems. This capability extends Intune’s app ecosystem beyond our SDK built Intune-enlightened apps, to include many other popular business apps.This capability puts us at parity with our competitors that are engaged in the App Config community.
29 A growing partner ecosystem Intune partnerships are designed to enhance our core functionality by delivering interoperability with popular point solutions our customers want and rely upon.We also have a growing ecosystem of technology partners. These technology partnerships are designed to enhance our core functionality by delivering interoperability with popular point solutions you may be using today.All partner products must be purchased directly from the partner
30 Intune + Lookout IT Lookout Intune Scans unknown network for risk Scans apps for riskAllow access orScans OS for vulnerabilityIntuneEnforce MFA per user/per appDevice is managedLookout provides mobile threat detection – they scan apps on your devices to identify malicious threats, data leakage risks, and wireless network or operating system vulnerabilities that may otherwise go unnoticed. Our partnership with them allows you to include this threat intelligence into the conditional access policies you define with Intune by integrating Lookout with Microsoft Enterprise Mobility + Security.Device is compliantBlock accessDevice compliantRisk (Low, Medium, High)
32 Intune + Datalert from Saaswedo real time telecom expense management Notify Intune when thresholds are reachedApp reports usageInput telecom plan detailsSet data & roaming thresholdsReal Time data monitoring activityBlock data and/or roaming use when thresholds are reachedManaged appsPersonal appsWarning notifications sent as thresholds approachUnblock when notified by DatalertSaaswedo does telecom expense management – they help their customers keep their mobile data and roaming bills from getting unruly. With this interoperability, an IT pro would enter the data plan details into Saaswedo and set usage thresholds where they want roaming and data to be turned off for a user.An app on the end user’s device monitors usage and reports back to the Saaswedo service. Once a threshold is hit, Saaswedo triggers Intune to block data and/or roaming.This requires an Intune managed device.Public preview in December 2016 in the Azure admin experienceGenerally available Q1 2017USERDatalert app deployed & activatedIntune managed deviceADMIN
35 Delivered from the cloud Because Microsoft Intune is cloud-based, it lowers costs and eliminates the need to plan, purchase, and maintain on premise hardware and infrastructure.Intune is always up to date, and scales with ease as your needs evolve.Another true differentiator for us is that we are born in the cloud.Because Microsoft Intune is cloud-based, it lowers costs and eliminates the need to plan, purchase, and maintain on premise hardware and infrastructure. Intune is always up to date, and scales with ease as your needs evolve.
36 Microsoft IntuneManage your diverse mobile environment in a secure and unified way with Microsoft Intune.VisionExperienceReady