Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Slides:



Advertisements
Similar presentations
Empowering People-centric IT Speaker name 00/00/0000.
Advertisements

People Centric IT Unified Device Management with SCCM + Windows Intune
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.
2 Agenda Introductions – Kathleen Wetherell Introduction of the Enterprise Mobility Suite– Kathleen Wetherell Overview of Microsoft’s Intune with Product.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves 905M tablets in.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Mobility is the new normal 52% of information workers across 17 countries report using three or more devices for work* 52% 90% of enterprises will have.
UAGSharePoint InternetIntranet.
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Microsoft Windows 8.1 Enterprise: A brief overview of Microsoft Windows 8 Enhancements. Welcome!
Empowering Your Users-Security & Mobility Bil Martin 1.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Alessandro Cardoso Microsoft MVP | Readify National Manager |
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is.
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
Empowering people-centric IT Patrick Rogers May 29, 2014.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Microsoft Azure RemoteApp Michael Hacker Cloud Solutions Architect
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Access resources in a federation partner organization.
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
Unified Device Management with Windows Intune Andras Khan Microsoft Western Europe HQ.
Empowering people-centric IT
User and Device Management
Craig Pringle & Derek Moir
Windows 8 tablets with Intel Core 64-bit processors Windows 8 tablets with Intel Atom 32-bit processors Windows RT tablets with ARM processors.
Empowering people-centric IT Anthony Bartolo Technical Evangelist Microsoft Canada 05/14/2014.
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
2015 October 5 th - 6 th 3 Things You Need to Know to Capitalise on Enterprise Mobility Suite How to Unlock EMS.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Go mobile. Stay in control. Craig Morris EMPOWER ENTERPRISE MOBILITY.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Selecting the Management Platform Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy.
Today’s challenges Data Users Apps Devices
The time to address enterprise mobility is now
People-Centric Management
Conduct a successful pilot deployment of Microsoft Intune
Azure AD for the client management guy (or gal!)
10982B 10: Troubleshooting Resource Access for Clients That Are Not Domain Members Module 10 Presentation: 75 minutes Lab: 75 minutes After completing.
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Module 7: Access & Information Protection with Windows Server 2012 R2
Cloud Connect Seamlessly
Microsoft Virtual Academy
Access and Information Protection Product Overview October 2013
Getting Started.
PCIT-B313 Hybrid Identity
Getting Started.
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /9/2018 1:09 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft Virtual Academy
System Center Marketing
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft Virtual Academy
PCIT-B314 BYOD and WS2012R2 Adam Hall
TechEd /18/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Virtual Academy
Presentation transcript:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

What’s happening? Before

What’s happening? Now 32% of employees use two or three PCs for work from multiple locations FORRESTER RESEARCH THE STATE OF WORKFORCE TECHNOLOGY ADOPTION: GLOBAL BENCHMARK 2012, FORRESTER RESEARCH, INC., APRIL 12, % of enterprises will have two or more mobile operating systems to support in 2017 GARTNER GARTNER PRESS RELEASE, GARTNER SAYS TWO- THIRDS OF ENTERPRISES WILL ADOPT A MOBILE DEVICE MANAGEMENT SOLUTION FOR CORPORATE LIABLE USERS THROUGH 2017, OCTOBER 25, 2012, 115

What’s happening? Today 32% of your employees—power laptop users—access 21 different applications, while desktop users—36% of your employees—use 9.8 applications at work FORRESTER RESEARCH THE STATE OF WORKFORCE TECHNOLOGY ADOPTION: GLOBAL BENCHMARK 2012, FORRESTER RESEARCH, INC., APRIL 12, 2012

Mobility is the new normal 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves 905M tablets in use for work and home globally by 2017 FORRESTER RESEARCH BRING THE BUSINESS CASE FOR A BRING- YOUR-OWN-DEVICE (BYOD) PROGRAM, FORRESTER RESEARCH, INC., OCTOBER 23, 2012 FORRESTER RESEARCH 2013 MOBILE WORKFORCE ADOPTION TRENDS, FORRESTER RESEARCH, INC., FEBRUARY 4, 2013

The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is difficult. Apps Today’s challenges Data Users need to be productive while maintaining compliance and reducing risk. Users expect to be able to work in any location and have access to all their work resources. Users

across multiple devices… with access to apps… in a consistent manner. Starts with a person… EMPLOYEE # CONTOSO whose identity is verified…

Devices Apps Users People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Hybrid Identity Deliver a unified application and device management on- premises and in the cloud. Protect your data Help protect corporate information and manage risk. Management. Access. Protection. Data

Access and Information Protection Protect your data Centralize corporate information for compliance and data protection Policy-based access control to applications and data Hybrid Identity Common identity to access resources on-premises and in the cloud Enable users Simplified registration and enrollment for BYO devices Automatically connect to internal resources when needed Access to company resources is consistent across devices

ChallengesSolutions Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources. Users want an easy way to be able to access their corporate applications from anywhere. IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies. Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources. Users can enroll their devices, which provides them with the company portal for consistent access to applications and data, and to manage their devices. IT can publish access to corporate resources with conditional access based on the user’s identity, the device they are using, and their location. Enable users

Registering and Enrolling Devices IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Multi-Factor Authentication integration with Active Directory Federation Services. Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications As part of the registration process, a new device record is created in Active Directory, establishing a link between the user and their device Data from Windows Intune is sync with Configuration Manager which provides unified management across both on- premises and in the cloud

Publish access to resources with the Web Application Proxy 12 Users can access corporate applications and data wherever they are IT can use the Web Application Proxy to pre-authenticate users and devices with multi-factor authentication through integration with AD FS Use conditional access for granular control over how and where the application can be accessed Active Directory provides the central repository of user identity as well as the device registration information Developers can leverage Windows Azure Mobile Services to integrate and enhance their apps Devices Apps & Data Published applications AD Integrated

13 Users can sync their work data to their devices. Users can register their devices to be able to sync data when IT enforces conditional access IT can publish access directly through a reverse proxy (such as the Web Application Proxy, or conditional access can be enforced through integration with AD FS IT can configure a File Server to provide Work Folder sync shares for each user to store data that syncs to their devices, including integration with Rights Management IT can selectively wipe the corporate data from managed devices (Windows 8.1, Windows Phone 8, iOS, Android) Devices Apps & Data Make corporate data available to users with Work Folders Active Directory discoverability provides users Work Folders location

Effective working with Remote Access 14 Can originate admin connection from intranet Connection to intranet is always active Cannot originate admin connection from intranet VPN DirectAccess With DirectAccess, a users PC is automatically connected whenever an Internet connection is present. Traditional VPNs are user- initiated and provide on- demand connectivity to corporate resources. An automatic VPN connection provides automated starting of the VPN when a user launches an application that requires access to corporate resources. Firewall

Video Demo Windows 8.1 and iPad Workplace Join and Company Portal

Hybrid Identity ChallengesSolutions Providing users with a common identity when they are accessing resources that are located both on- premises in a corporate environment, and in cloud- based platforms. Managing multiple identities and keeping the information in sync across environments is a drain on IT resources. Users have a single sign-on experience when accessing all resources, regardless of location. Users and IT can leverage their common identity for access to external resources through federation. IT can consistently manage identities across on- premises and cloud-based identity domains.

Delivering a seamless user authentication experience User attributes are synchronized using DirSync including the password hash, Authentication is completed against Windows Azure Active Directory 17 User attributes are synchronized using DirSync, Authentication is passed back through federation and completed against Windows Server Active Directory Cloud Authentication Federated Authentication with Single Sign-On Multi-Factor Authentication can be configured through Windows Azure AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication

Protecting information with multi-factor authentication Users attempts to login or perform an action that is subject to MFA 2. When the user authenticates, the application or service performs a MFA call 3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a mobile app 5. IT can configure the type and frequency of the MFA that the user must respond to 4. The response is returned to the app which then allows the user to proceed

Protect your data ChallengesSolutions As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device. A significant amount of corporate data can only be found locally on user devices. IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance. Users can work on the device of their choice and be able to access all their resources, regardless of location or device. IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents. IT can centrally audit and report on information access.

Desktop Virtualization Policy based access to corporate information IT can publish resources using the Web Application Proxy and create business-driven access policies with multi-factor authentication based on the content being accessed. IT can audit user access to information based on central audit policies. Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Centralized Data 20 Distributed Data Devices

Protect data with Dynamic Access Control Centrally manage access control and audit polices from Windows Server Active Directory. Automatically identify and classify data based on content. Classification applies as files are created or modified. Integration with Active Directory Rights Management Services provides automated encryption of documents. Central access and audit policies can be applied across multiple file servers, with near real-time classification and processing of new and modified documents. File classification, access policies and automated Rights Management works against client distributed data through Work Folders. 21

Video Demo Work Folders with DAC and RMS

information-protection.aspx management.aspx More Resources: System Center 2012 R2 Configuration Manager us/evalcenter/hh aspx?wt.mc_id=TEC_105_1_33 Windows Intune buy Windows Server 2012 R2 server/windows-server-2012-r2.aspx For More Information