Presentation is loading. Please wait.

Presentation is loading. Please wait.

Five mistakes to avoid when deploying Enterprise Mobility + Security

Published bySiska Tanuwidjaja Modified over 5 years ago

Similar presentations

Presentation on theme: "Five mistakes to avoid when deploying Enterprise Mobility + Security"— Presentation transcript:

1 Five mistakes to avoid when deploying Enterprise Mobility + Security
12/8/2018 2:27 PM THR3063 Five mistakes to avoid when deploying Enterprise Mobility + Security Jussi Roine Chief Research Officer Microsoft MVP, Microsoft Regional Director, Microsoft Certified Master © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 12/8/2018 2:27 PM What is EM+S? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Identity-driven security solution
Azure Active Directory Premium P2 Azure Information Protection Premium P2 Cloud App Security E5 Azure Active Directory Premium P1 Intune Azure Information Protection Premium P1 Advanced Threat Analytics E3

4 Enterprise Mobility + Security
Users Apps Data Devices Identity-driven security Managed mobile productivity Comprehensive solution

5 Deploying EM+S Envision the scenarios for EM+S
Not required to deploy everything at once – or ever Start with security and identities Onboard users, starting with a pilot user base works best Drive value and increase security while ramping up adoption

6 12/8/2018 2:27 PM Mistake #1 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Not using Azure Multi-Factor Authentication
Strong and secure authentication for on-premises, hybrid & the cloud Available as Azure MFA service and Azure MFA Server (on-premises) App Passwords for users are needed for some non- browser apps that do not support MFA Always enable MFA for admins, preferrably also for users with conditional access Whitelist known and trusted IP address spaces to bypass MFA

8 12/8/2018 2:27 PM Mistake #2 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Azure Active Directory capabilities
Challenges arise when capabilities are not understood Connect Health, Cloud App Discovery, Self-Service Password Reset and similar require at least Azure AD P1 Identity Protection and Privileged Identity Management require Azure AD P2 ( EM+S E5)

10 12/8/2018 2:27 PM Mistake #3 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Advanced Threat Analytics not deployed
ATA works by combining analysis of network traffic, events and contextual data from Active Directory Deploy, configure and let ATA start monitoring your network

12 Demo Less-known capabilities in EM+S
Jussi Roine

13 12/8/2018 2:27 PM Mistake #4 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Conditional Access Without conditional access users can access services in an uncontrolled fashion Enable conditional access and enforce certain conditions, such as Access secure SharePoint Online sites only from a trusted network Enforce MFA when conditions are met (or not met) Block out non-managed devices

15 12/8/2018 2:27 PM Mistake #5 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Modern Authentication not configured
Active Directory Authentication Library (ADAL) based sign-in to Office clients and apps Brings in support for MFA, smartcards, certificate based authentication and third-party identity providers On by default for new Office 365 tenants for Exchange Online and Skype for Business Online On by default for Office 2016 – removes the need to do Basic Authentication

17 Enabling Modern Authentication
Use PowerShell to enable for EXO Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true Use PowerShell to enable for SfBO Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed Verify Modern Authentication is enabled Get-OrganizationConfig | ft name, *OAuth* Get-CsOAuthConfiguration

18 Further reading and additional resources
Modern Authentication updated documentation Enabling Modern Authentication for Office 2013 clients

19 12/8/2018 2:27 PM Mistake #6 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Pass-through authentication not used
Pass-through authentication often a good alternative to federated identities with ADFS Password hash sync is not required to the cloud No network infrastructure changes required Enables Seamless Single Sign-on

21 Please evaluate this session
Tech Ready 15 12/8/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 12/8/2018 2:27 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Five mistakes to avoid when deploying Enterprise Mobility + Security"

Similar presentations

Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Deployment Planning Services

Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Deployment Planning Services

Deployment Planning Services
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
Azure SDKs and Tools for You

Azure SDKs and Tools for You
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Microsoft Virtual Academy

Microsoft Virtual Academy
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
The power of common identity across any cloud

The power of common identity across any cloud
Understanding Multi-Geo Capabilities in Office 365

Understanding Multi-Geo Capabilities in Office 365
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

Similar presentations

Ads by Google