Hoe houd ik de controle? Veilig mobiel samenwerken Ferjan Ormeling Mobile Solution Specialist Microsoft B.V.

Slides:



Advertisements
Similar presentations
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Advertisements

Enable Bring Your Own Device with SCCM 2012 David Caddick Solutions Architect, Quest Software WCL315.
Hosted Exchange 2007 Enterprise Grade and Collaboration Solutions for Small and Medium Businesses.
Unified Communications 2007 Windows Mobile Bob Hunt Sr. Messaging Technology Specialist Microsoft Corporation.
Office 365 for Enterprises ITExpo February 2, 2012.
Ljubomir Ivaniš CPU d.o.o.
Office 365: Pricing & Licensing Overview. | Copyright© 2010 Microsoft Corporation Transition to the Cloud: Were All In! 2.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Unified. Simplified. Unified Communications Launch 2007.
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
Which server is right for you? Get in Contact with us
Office 365 for Enterprises: Pricing & Licensing Overview
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
MICROSOFT ® OFFICE 365 Last updated Nov
Hosted Exchange 2010 Enterprise Grade and Collaboration Solutions for Small and Medium Businesses Web Site:
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
4/17/2017 6:13 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Sessions about to start – Get your rig on!. Ash de Zylva.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Utilize an enterprise’s current Active Directory ® structure to deploy and manage Windows Mobile devices with: Over 125 policies, including specific.
1 Integrating ISA Server and Exchange Server. 2 How works.
Vik Thairani Mobility Technical Sales Consultant Mobile Communication Business -Microsoft Corp. WMB308.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Windows Phone 8 device and app management Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation WPH205.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Unified. Simplified. Unified Communications Launch 2007.
Howard A. Carter III Senior Consultant Microsoft Consulting Services
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Securing Microsoft® Exchange Server 2010
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD
By: Bill Stevenson Jose Plancarte Erik Magsino. Overview Messaging and collaboration server Send and Receive electronic mail and other forms of interactive.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
20 21 Remote Wipe.
Module 11: Remote Access Fundamentals
Exchange 2007 Client Access Simon Butler Exchange MVP Amset IT Solutions Ltd.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Deploy Windows Mobile 5 On Exchange 2003 SP2 Mark Mulvany MCT,MCSE,MCSE+I,CNA Microsoft Small Business Specialist SMS&P Breadth Partner Training Specialist.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Delivering a Standard Mobile Operating Environment Don Kerr : Business Solutions Marketing – Windows Mobile Rick Anderson : Mobility Solution Sales.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Implementing Microsoft Exchange Online with Microsoft Office 365
09:45-10:30 – Windows Mobile Update 10:30-11:30 – System Center Mobile Device Manager :30-11:45 - Break 11:45-12:30 -Deploying SCMDM and Customer.
User and Device Management
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Pat Fetty – Principal PM Manager Securing your mobile assets with Microsoft Intune WIN33 1.
Craig Pringle & Derek Moir
Adam Glick Sr. Technical Product Manager Microsoft Corporation WMB201.
Walter Pitrof Technology Solution Professional Microsoft Switzerland.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Windows 8 tablets with Intel Core 64-bit processors Windows 8 tablets with Intel Atom 32-bit processors Windows RT tablets with ARM processors.
20 21 Remote Wipe.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Microsoft Office 365 Overview. | Copyright© 2010 Microsoft Corporation Introducing Microsoft Office 365 BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED.
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Cloud-First, Modern Windows Management and Security
Securing the Network Perimeter with ISA 2004
Implementing Client Security on Windows 2000 and Windows XP Level 150
Microsoft Virtual Academy
Presentation transcript:

Hoe houd ik de controle? Veilig mobiel samenwerken Ferjan Ormeling Mobile Solution Specialist Microsoft B.V.

Hoe houd ik de controle Agenda 1.Microsoft & Mobility 2.Waarom beveiliging? 3.Exchange Server 4.System Center Mobile Device Manager Samenvatting

Microsoft & Mobility

Waarom Mobile? Grootste groeier! YOY % shipping growth CAGR Source: Gartner Dataquest, and IDC % Mobile PCs 5.8% Mobile Phones 3.9% Desktop PCs 34.1% Converged Mobile Phones

Access Control Firewall Mobile and Traditional Traditional Devices Devices TeamWorkspaces Web and Video Conferencing Documents and Files Calendaring InstantMessaging Identity and Presence LOB Applications Intranet Web Applications Managed PC Unmanaged PC (Home PC, Kiosk, etc) Wired INTERNET Wireless Microsoft's visie op Mobility

ProductivityReliabilityCost Business Value Re-Use Knowledge Easy to Manage/Support Scalable Secure Secure Device Choice Easy-To-Use Enabling Lifestyle Microsoft’s Mobile Value Proposition

Demo 7

Windows Mobile is all about choice!

Waarom beveiliging?

Ferjan’s top 5 meest gehoorde vragen: 1.Hoe ‘provision’ ik de mobiel? 2.Hoe kan ik programma’s of hardware uitzetten? 3.Hoe beveilig ik de data die op de mobiel staat? 4.Hoe krijg ik software op de mobiel? 5.Hoe zit het met virussen?

Exchange Server

Mobile Functionality /Time Exchange and Mobility DirectPush introduced Policy enforcement (7 policies) Remote/local device wipe 9 new policies Self-service via OWA SharePoint and File access 30 new policies Encryption Hardware control Software control

Built-in: no special server or services required Rich access for the many, not the few Anywhere Access Outlook experience from desktop to mobile devices

Architecture Overview EAS SSL – Port 443 Direct Push Internet

Securing the Servers -Restricting access –Inbound port 443 (SSL) to Client Access Server –Works with existing firewalls and Microsoft’s ISA Server -Data inspection –All communication can be inspected and filtered -Complete Exchange Security Hardening Guide available from Microsoft –Exchange us/library/aa aspx us/library/aa aspx –Exchange us/library/bb aspx us/library/bb aspx EAS

Securing the Communication -Secure Sockets Layer –Standard for securing communications over the Internet (i.e. online banking/shopping) –Encryption RC4, 3DES, AES* –Authentication Password or certificate authentication RSA SecureID support -~80% of Exchange customers has this in place today for OWA SSL – Port 443 Direct Push Internet * Requires Windows Server 2008

Securing the devices -Policy enforcement -PIN password -Local and Remote wipe device -Encryption -Application control -Hardware control

Policies - General -Targeting users with policies –Exchange 2003 SP2 One policy that applies to all users Users can be exempted from policy (no policy applied) –Exchange 2007 & SP1 Multiple policies supported Targeting based upon user/group membership Exchange 2007 SP1 adds a default policy

Policies - General -Allow/Deny non-provisionable devices –What devices are allowed to connect -Refresh Interval (hours) –How often is the policy refreshed on the device

Password Policies -Require device password -Minimum password length -Require alphanumeric password -Inactivity timeout (in minutes) -Number of failed attempts allowed

Security Device Data Encryption -All device and storage encryption utilizes AES encryption -Require encryption on the storage card –Requirements: Ex2007 RTM and Windows Mobile 6 –Ensures that any data written to the storage card is encrypted -Require encryption on the device –Requirements : Ex2007 SP1 and Windows Mobile 6.1

Sync Settings Exchange 2007 & 2007 SP1 -Allow sync when roaming This setting allows administrators to disable DirectPush while device is roaming. User must sync manually. -Allow attachments to be downloaded to device -Maximum attachment size -Allow HTML formatted

Sync Settings Exchange 2007 SP1 -Include past calendar items -Include past items -Limit size to –Define the maximum size of sent to the device by default (user can still request a full message) -Allow HTML formatted

Mobile Policies In SP1 Exchange 2007 SP1 -Allow removable storage -Allow camera -Allow Wi-Fi -Allow infrared -Allow internet sharing -Allow Remote Desktop -Allow Desktop Sync -Allow Bluetooth –All or headset profile only

Mobile Policies In SP1 Exchange 2007 SP1 -Allow browser -Allow consumer mail -Allow unsigned apps -Allow unsigned installation packages -Allowed applications -Blocked applications

Manageability Self Service

End User Experience John Litware Inc.’s Exchange Server

System Center Mobile Device Manager 2008

MDM helps to… -Safeguard corporate data from unauthorized access. -Reduce the cost and complexity of mobile deployments. -Maintain persistent and enhanced security for connectivity. -Simplify device management.

What IT pains does MDM solve? How to: -Manage mobile devices like PCs on the corporate network -Manage policies and software distribution to multiple groups of users -Provision mobile devices without physically touching them -Allow more secure connectivity with single-point network access control -Allow specific business units individual control over the devices in their business unit

MDM enables Windows Mobile 6.1 devices to be deployed and managed like PCs and laptops in the IT infrastructure, providing them network access to corporate data and making them first-class citizens on the corporate network. Management Workload Deployment: inside firewall Network Access Workload Deployment: in DMZ Machine authentication and “double envelope security” Session persistence Fast reconnect Internetwork roaming Standards support (IKEv2, IPSEC tunnel mode) Single point of management for mobile devices in enterprise Full OTA provisioning and bootstrapping OTA Software distribution based on WSUS 3.0 Device data and inventory reporting SQL Server 2005-based reporting capabilities Role-based administration MMC snap-ins and Powershell cmndlets WMU on/off control OMA-DM compliance Active Directory Domain Join Policy enforcement using Active Directory and Group Policy targeting (>130 policies and settings) Communications and camera disablement File encryption Application allow and deny Remote wipe OMA-DM compliance Security Management Device Management MobileVPN

Samenvatting

Waarom beveiliging? De antwoorden! 1.Hoe ‘provision’ ik de mobiel? Gebruiker kan OTA met + wachtwoord / PIN code de mobiel klaarmaken voor gebruik 2.Hoe kan ik programma’s of hardware uitzetten? Zowel Exchange 2007 SP1 als SCMDM kunnen gebruikt worden om functies en programma’s aan- of uit te zetten 3.Hoe beveilig ik de data die op de mobiel staat? Via policies kunnen wachtwoord en encryptie verplicht worden, met remote wipe kan een verloren of gestolen mobiel leeggemaakt worden 4.Hoe krijg ik software op de mobiel? Met SCMDM kan OTA software gedistribueerd worden 5.Hoe zit het met virussen? Tiered security op de mobiel, alleen ‘gesignede’ applicaties toestaan, gebruikers opvoeden en eventueel anti-virus software installeren

Samenvatting Exchange 2003 SP2: Direct Push , Contacts, Calendar Basic Security PIN-code, device-lock, device-wipe Windows Mobile 5 and newer Exchange 2007 RTM: Enriched PIM-experience HTML , Out-of-Office SharePoint- & UNC-access to files Enhanced Security Storage Card Encryption, Password Recovery Windows Mobile 6 and newer* Exchange 2007 SP1: Direct Push Bandwidth optimization uses up to 1/3 less bandwidth S/MIME support Enhanced Security Device Encryption, Hardware Control Windows Mobile 6.1 and newer* SCMDM 2008: Security Management Device Encryption, Hardware Control Device Management Software Distribution, Inventory Mobile VPN Windows Mobile 6.1 and newer * Version needed for enhanced functionality, backwards compatible down to Windows Mobile 5

Tot slot Vragen?

Mensen maken

het Nieuwe Werken

Appendix

Key Deployment Steps 1. Ensure Exchange Server 2003 SP2 or Exchange Server 2007 are in place 2. Ensure TCP Port 443 is able to reach Client Access Server 3. Ensure customer has implemented SSL security 4. Adjust firewall connection timeout values 5. Enable Exchange ActiveSync and policies on Exchange Server 6. If needed, deploy certificates to devices If you are using Outlook Web Access, much of this will already be in place.

Configure all communication points (firewalls) between the Exchange Server and Windows Mobile device with the same idle session timeout Microsoft recommends increasing the idle session timeouts to 30 minutes Available Documentation Firewall Configuration: Network Security Impact: Mailbox Server HTTPS (443) Advanced Firewall Perimeter Network Front End / CAS Server Exchange 07 Edge Server Increase idle session timeout to 30 mins Increase advanced firewall idle timeout to 30 mins Increase idle session timeout to 30 mins Adjust Firewall Timeout Settings

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.