1. Access and Information Protection Product Overview Adam Hall Sr Product Marketing Manager Microsoft

2. System Center Marketing
4/6/2019
Today’s challenges
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Users expect to be able to work in any location and have access to all their work resources.
Users
Deploying and managing applications across platforms is difficult.
Apps
Data
Users need to be productive while maintaining compliance and reducing risk. .
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. System Center Marketing
4/6/2019
People-centric IT
Users
Devices
Apps
Data
Enable users
Allow users to work on the devices of their choice and provide consistent access to corporate resources.
Hybrid Identity
Deliver a unified application and device management on- premises and in the cloud.
Protect your data
Help protect corporate information and manage risk.
Management. Access. Protection.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. System Center Marketing
4/6/2019
Enable users
Challenges
Solutions
Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources.
Users want an easy way to be able to access their corporate applications from anywhere.
IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies.
Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources.
Users can enroll their devices, which provides them with the company portal for consistent access to applications and data, and to manage their devices.
IT can publish access to corporate resources with conditional access based on the user’s identity, the device they are using, and their location.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Registering and Enrolling Devices
System Center Marketing
4/6/2019
Registering and Enrolling Devices
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on- premises and in the cloud
Multi-Factor Authentication
Active Directory
Active Directory
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device
Web Application Proxy
AD FS
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Multi-Factor Authentication integration with Active Directory Federation Services.
As part of the registration process, a new device record is created in Active Directory, establishing a link between the user and their device
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. System Center Marketing
4/6/2019
Make corporate data available to users with Work Folders
Active Directory discoverability provides users Work Folders location
IT can selectively wipe the corporate data from managed devices (Windows 8.1, Windows Phone 8, iOS, Android)
IT can configure a File Server to provide Work Folder sync shares for each user to store data that syncs to their devices, including integration with Rights Management
Active Directory
Devices
Apps & Data
Reverse Proxy
File Services
Web Application Proxy
AD FS
Domain joined devices
Users can sync their work data to their devices.
Users can register their devices to be able to sync data when IT enforces conditional access
IT can publish access directly through a reverse proxy (such as the Web Application Proxy, or conditional access can be enforced through integration with AD FS
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Effective working with Remote Access
System Center Marketing
4/6/2019
Effective working with Remote Access
An automatic VPN connection provides automated starting of the VPN when a user launches an application that requires access to corporate resources.
Web Apps
Session host
LOB Apps
Files
VDI
Cannot originate admin connection from intranet
VPN
Traditional VPNs are user- initiated and provide on- demand connectivity to corporate resources.
Firewall
Can originate admin connection from intranet
With DirectAccess, a users PC is automatically connected whenever an Internet connection is present.
DirectAccess
Connection to
intranet is always active
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. System Center Marketing
4/6/2019
Hybrid Identity
Challenges
Solutions
Providing users with a common identity when they are accessing resources that are located both on- premises in a corporate environment, and in cloud- based platforms.
Managing multiple identities and keeping the information in sync across environments is a drain on IT resources.
Users have a single sign-on experience when accessing all resources, regardless of location.
Users and IT can leverage their common identity for access to external resources through federation.
IT can consistently manage identities across on- premises and cloud-based identity domains.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Single sign-on with device registration
System Center Marketing
4/6/2019
Single sign-on with device registration
Not Joined
Workplace Joined
Domain Joined
User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information.
Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information
Domain joined computers are under the full control of IT and can be provided with complete access to corporate information
Browser session single sign-on
Seamless 2-Factor Auth
for web apps
Enterprise apps single sign-on
Desktop Single Sign-On
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10. System Center Marketing
4/6/2019
Protect your data √
Challenges
Solutions
As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device.
A significant amount of corporate data can only be found locally on user devices.
IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance.
Users can work on the device of their choice and be able to access all their resources, regardless of location or device.
IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents.
IT can centrally audit and report on information access.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. Policy based access to corporate information
System Center Marketing
4/6/2019
Policy based access to corporate information
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.
Centralized Data
Desktop Virtualization
RD Gateway
Distributed Data
Devices
LOB Apps
Web Apps
Session
host
Files
VDI
Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.
Access Policy
IT can publish resources using the Web Application Proxy and create business-driven access policies with multi-factor authentication based on the content being accessed.
IT can audit user access to information based on central audit policies.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. Access and Information Protection Demo

13. Recap: Access and Information Protection
System Center Marketing
4/6/2019
Recap: Access and Information Protection √
Enable users
Hybrid Identity
Common identity to access resources on-premises and in the cloud
Protect your data
Centralize corporate information for compliance and data protection
Policy-based access control to applications and data
Simplified registration and enrollment for BYO devices
Automatically connect to internal resources when needed
Access to company resources is consistent across devices
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. For More Information System Center 2012 R2 Configuration Manager
us/evalcenter/hh aspx?wt.mc_id=TEC_105_1_33
Windows Intune
buy
Windows Server 2012 R2
server/windows-server-2012-r2.aspx
information-protection.aspx management.aspx
More Resources:

15. © 2013 Microsoft Corporation. All rights reserved
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.