Presentation is loading. Please wait.

Presentation is loading. Please wait.

Five mistakes to avoid when deploying Enterprise Mobility + Security

Similar presentations


Presentation on theme: "Five mistakes to avoid when deploying Enterprise Mobility + Security"— Presentation transcript:

1 Five mistakes to avoid when deploying Enterprise Mobility + Security
12/8/2018 2:27 PM THR3063 Five mistakes to avoid when deploying Enterprise Mobility + Security Jussi Roine Chief Research Officer Microsoft MVP, Microsoft Regional Director, Microsoft Certified Master © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 12/8/2018 2:27 PM What is EM+S? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Identity-driven security solution
Azure Active Directory Premium P2 Azure Information Protection Premium P2 Cloud App Security E5 Azure Active Directory Premium P1 Intune Azure Information Protection Premium P1 Advanced Threat Analytics E3

4 Enterprise Mobility + Security
Users Apps Data Devices Identity-driven security Managed mobile productivity Comprehensive solution

5 Deploying EM+S Envision the scenarios for EM+S
Not required to deploy everything at once – or ever Start with security and identities Onboard users, starting with a pilot user base works best Drive value and increase security while ramping up adoption

6 12/8/2018 2:27 PM Mistake #1 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Not using Azure Multi-Factor Authentication
Strong and secure authentication for on-premises, hybrid & the cloud Available as Azure MFA service and Azure MFA Server (on-premises) App Passwords for users are needed for some non- browser apps that do not support MFA Always enable MFA for admins, preferrably also for users with conditional access Whitelist known and trusted IP address spaces to bypass MFA

8 12/8/2018 2:27 PM Mistake #2 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Azure Active Directory capabilities
Challenges arise when capabilities are not understood Connect Health, Cloud App Discovery, Self-Service Password Reset and similar require at least Azure AD P1 Identity Protection and Privileged Identity Management require Azure AD P2 ( EM+S E5)

10 12/8/2018 2:27 PM Mistake #3 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Advanced Threat Analytics not deployed
ATA works by combining analysis of network traffic, events and contextual data from Active Directory Deploy, configure and let ATA start monitoring your network

12 Demo Less-known capabilities in EM+S
Jussi Roine

13 12/8/2018 2:27 PM Mistake #4 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Conditional Access Without conditional access users can access services in an uncontrolled fashion Enable conditional access and enforce certain conditions, such as Access secure SharePoint Online sites only from a trusted network Enforce MFA when conditions are met (or not met) Block out non-managed devices

15 12/8/2018 2:27 PM Mistake #5 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Modern Authentication not configured
Active Directory Authentication Library (ADAL) based sign-in to Office clients and apps Brings in support for MFA, smartcards, certificate based authentication and third-party identity providers On by default for new Office 365 tenants for Exchange Online and Skype for Business Online On by default for Office 2016 – removes the need to do Basic Authentication

17 Enabling Modern Authentication
Use PowerShell to enable for EXO Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true Use PowerShell to enable for SfBO Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed Verify Modern Authentication is enabled Get-OrganizationConfig | ft name, *OAuth* Get-CsOAuthConfiguration

18 Further reading and additional resources
Modern Authentication updated documentation Enabling Modern Authentication for Office 2013 clients

19 12/8/2018 2:27 PM Mistake #6 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Pass-through authentication not used
Pass-through authentication often a good alternative to federated identities with ADFS Password hash sync is not required to the cloud No network infrastructure changes required Enables Seamless Single Sign-on

21 Please evaluate this session
Tech Ready 15 12/8/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 12/8/2018 2:27 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Five mistakes to avoid when deploying Enterprise Mobility + Security"

Similar presentations


Ads by Google