Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?

Turn off your mobile. Thank you.

3 Today’s Challenges Deploying and managing applications across platforms is difficult. Apps Data Users need to be productive while maintaining compliance and reducing risk. Users expect to be able to work in any location and have access to all their work resources. Users The explosion of devices is eroding the standards-based approach to corporate IT. Devices

4 People-centric IT Apps Users Empower users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Deliver a unified application and device management on- premises and in the cloud. Protect your data Help protect corporate information and manage risk. Management. Access. Protection. Data Devices

5 Consistent Company Portal experiences across devices Simplified registration and enrollment Automatic connection to internal resources Enable consumerization of IT without compromising compliance Empower Users

6 Empower Users Allow users to work the device of their choice and provide consistent access to corporate resources Users can work from anywhere on their devices with access to their corporate resources. Users can register devices for single sign-on and access to corporate data with Workplace Join. IT can publish access to resources with the web application proxy based on device awareness and the users identity. IT can provide seamless corporate access. Users can enroll devices for access to the company portal for easy access to corporate applications. IT can publish desktop virtualization resources for access to centralized resources. Firewall

7 Registering and Enrolling Devices IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the user’s identity.; multi-factor authentication can be used through Windows Azure Active Authentication (formerly PhoneFactor) Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on-premises and in the cloud

8 Not JoinedWorkplace JoinedDomain Joined User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information. Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information Domain joined computers are under the full control of IT and can be provided with complete access to corporate information Browser session single sign-on Seamless 2-Factor Auth for web apps Enterprise apps single sign-on Desktop Single Sign-On Expanded domain join capabilities

9 Users can sync their work data to their devices. Users can register their devices to be able to sync data when IT enforces conditional access IT can publish access directly through a reverse proxy, or conditional access can be enforced via device registration through the Web Application Proxy IT can configure a File Server to provide Work Folder sync shares for each user to store data that syncs to their devices, including integration with Rights Management IT can selectively wipe the corporate data from Windows 8.1 clients Active Directory discoverability provides users Work Folders location Devices Apps & Data User exclusive access Automated classification RMS protection Reporting on sensitive information Anti Virus protection Make corporate data available to users with Work Folders

10 Market-leading client management extended with cloud- based MDM Simplified, user-centric application management Comprehensive settings management across platforms Common identity across on-premises and in the cloud Enable consumerization of IT without compromising compliance Unify Your Environment

11 Unify Your Environment Deliver comprehensive application and device management Single admin console IT can manage the device and application lifecycle Unified infrastructure enables IT to manage devices “where they live” Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Users

12 Windows Intune integrated with System Center 2012 R2 Configuration Manager Mac OS X Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Windows RT, Windows Phone 8 iOS, Android

13 Mobile Device Settings in ConfigMgr 2012 R2 CategoryWin 8.1 PC & RTWP8iOSAndroid VPN Wi-Fi Certificates Password (*) (*) Device restrictions (*) (*) Store access Browsers (*) Content Rating Cloud Synch (*) Encryption (*) Security (*) Roaming (*) Windows Server Work Folders * Subset of settings Note: Table applicable to direct MDM and not EAS

14 Policy-based access control to corporate applications and data Increased security through multi-factor authentication Selective wipe of corporate apps and data to protect information Protect data Enable consumerization of IT without compromising compliance Protect Your Data

15 Protect Your Data Help protect corporate information and manage risk IT can publish resources using the web application proxy and create business-driven access policies with multi-factor authentication based on the content being accessed. IT can audit user access to information based on central audit policies. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Centralized Data Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. Desktop Virtualization Distributed Data Devices

16 Centrally manage access control and audit polices from Windows Server Active Directory. Automatically identify and classify data based on content. Classification applies as files are created or modified. Integration with Active Directory Rights Management Services provides automated encryption of documents. Central access and audit policies can be applied across multiple file servers, with near real-time classification and processing of new and modified documents. File classification, access policies and automated Rights Management works against client distributed data through Work Folders. Protect data with Dynamic Access Control

Dan’s Laws of Information Protection Data exists to be consumed Data will flow across data stores, devices, and orgs; it will flow from on-premise to the cloud and back. If data does is not let to flow, it is not being sufficiently used! Protection = Encryption + Policy Encryption alone is uninteresting and quite plentiful already. Policy, when associated with data, offers an extended reach not offered by the traditional perimeter. Protected data is consumed by more than humans It should be possible for protected data to be reasoned over by ‘authorized compute nodes’. Protection should exist in two measurable tiers Encryption is dissolved before anything useful is done. This is inevitable. PRE AUTHORIZATION protection must offer very robust protection against adversaries. POST AUTHORIZATION protection is need be as ‘transparent’ as possible in everyday use

Approaches to Protecting Information

What is new in Rights Management Services I can protect any file type I can consume protected files on important devices I can share with anyone and they can sign up for free I can share with any business user I can share with any individual (LiveID/GMAIL ID) I can keep my data on-premise (if the cloud scares me) I can control my RMS ‘tenant key’ from on-premise I am aware of what is going on with my protected data I can rely on MSFT + Partners for complete solutions

20 Consistent Company Portal experiences across devices Simplified registration and enrollment Automatic connection to internal resources Market-leading client management extended with cloud-based MDM Simplified, user-centric application management Comprehensive settings management across platforms Common identity across on-premises and in the cloud Policy-based access control to corporate applications and data Increased security through multi-factor authentication Selective wipe of corporate apps and data to protect information Protect data empower users unify your environment protect your data Enable consumerization of IT without compromising compliance People-centric IT Solution

Q&A.

22