Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

Published byClement Allison Modified over 5 years ago

Similar presentations

Presentation on theme: "6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs."— Presentation transcript:

1 6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs IT Masterclasses © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Traditional IT environment
6/25/ :13 PM Traditional IT environment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Tech recap Kerberos authentication of computer and user account.
6/25/ :13 PM Tech recap Kerberos authentication of computer and user account. Tokens granted for server access. Resources required by users are primarily on-premises. Devices are managed by Group Policy (and SCCM in larger enterprises). © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 6/25/ :13 PM The proposition Windows devices can be more secure by not being part of a traditional IT infrastructure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Azure AD Join Integration with O365 SSO with Edge or office apps
6/25/ :13 PM Azure AD Join Integration with O365 SSO with Edge or office apps OneDrive access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Cloud environment – AAD Join
6/25/ :13 PM Cloud environment – AAD Join © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Demo Azure Active Directory 6/25/2018 11:13 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Registered devices vs. joined devices
6/25/ :13 PM Registered devices vs. joined devices Registered Device Joined Device Personal Devices Company owned device BYOD scenario CYOD scenario Local user authentication AAD user authentication MDM capable Windows, iOS, Android Windows only Windows Hello Access Windows Store for Business © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 So how is this more secure?
The cloud environment doesn’t run on Kerberos. Apps and services rely on OAUTH for cloud identities. Users may need 2 identities for on-premises and cloud resources. Ugh! Maintaining a single identity in a managed environment avoids password overlap. Cloud identities can be used inside/outside the organization.

10 Windows Hello for Business
User authentication to an AAD account PIN, biometric or gesture is verified locally with TPM The TPM holds the private key that never leaves the device. AAD holds the public key and verifies identity against the device held private key. No passwords = more secure

11 Microsoft 365 Licences are out, subscriptions are in.
Windows 10 & Office 365 & EMS. New kid on the block.

12 EMS – Enterprise Mobility & Security
6/25/ :13 PM EMS – Enterprise Mobility & Security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Azure Information Protection
6/25/ :13 PM EMS breakdown AAD Premium Azure Information Protection Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 AAD Premium security Adds MFA (multi-factor authentication)
Self-service password reset Security reports – are your users being hacked? Cloud app discovery – understand what users actually use Bitlocker recovery Auto MDM enrolment – devices are secured from day 1

15 Conditional access Policies control access to cloud applications
6/25/ :13 PM Conditional access Policies control access to cloud applications Example 1: AAD joined devices only Example 2: MFA required for user authentication Example 3: MDM controlled computers only Example 4: Compliant devices only may access apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Azure AD Identity Protection

17 6/25/ :13 PM Intune Rich cloud-based management of Windows 10 ( as well as iOS, Android) Extends capabilities further with Enterprise Mobility Suite (EMS) Integration with Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 6/25/ :13 PM Intune Rich cloud-based management of Windows 10 ( as well as iOS, Android) Extends capabilities further with Enterprise Mobility Suite (EMS) Integration with Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Intune Benefits Single admin portal to manage services
6/25/ :13 PM Intune Benefits Single admin portal to manage services Same user identities (AAD) SMEs typically don’t deploy SCCM for management Field-based computers are always ‘in-touch’ © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Intune for MDM Assets can be viewed and managed in the cloud.
Better understand apps and hardware. Allows for remote reset and selective wipe. Deploy VPN and Wi-Fi profiles.

21 So how is this more secure?
6/25/ :13 PM So how is this more secure? Intune managed devices are controlled via CSPs. CSPs control device behaviour. Updates can be deployed without the IT infrastructure – great for road warriors. Defender and Windows updates can be deployed this way. Up to date device = more secure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 6/25/ :13 PM Humans are fallible Where do current practices allow for logon or data breach? Identify the gaps. Where can EMS plug the gaps? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Azure Information Protection
6/25/ :13 PM Azure Information Protection Known user/device to access to data. Protect company data better on managed devices. data is effectively ‘partitioned’ on devices. Devices can be used for work and play without fear. Better together – conditional access + data security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 6/25/ :13 PM Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Office 365 MDM MDM exists in O365 subscriptions.
6/25/ :13 PM Office 365 MDM MDM exists in O365 subscriptions. Devices managed in O365 portal. If you have M365, use Intune for more features. Lacks features like MAM, VPN profiles, app deployment. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 6/25/ :13 PM The proposition Windows devices can be more secure by not being part of a traditional IT infrastructure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 6/25/ :13 PM Related session BRK3260: Manage Windows devices in the complex hybrid cloud world of today Thursday 16:00–17:15 W307 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Please evaluate this session
Tech Ready 15 6/25/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 6/25/ :13 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs."

Similar presentations

Deployment Planning Services

Deployment Planning Services
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Deployment Planning Services

Deployment Planning Services
Manage Windows devices in the complex hybrid cloud world of today

Manage Windows devices in the complex hybrid cloud world of today
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
Modernizing your Remote Access

Modernizing your Remote Access
Where is your Windows support career going wrong?

Where is your Windows support career going wrong?
Microsoft Virtual Academy

Microsoft Virtual Academy
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
The power of common identity across any cloud

The power of common identity across any cloud
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
Secure Remote Access to on-premises Web Apps using Azure AD

Secure Remote Access to on-premises Web Apps using Azure AD
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

Similar presentations

Ads by Google