Presentation is loading. Please wait.

Presentation is loading. Please wait.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

Published bySuzanna Long Modified over 9 years ago

Similar presentations

Presentation on theme: "SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access."— Presentation transcript:

1

2

3

4 SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access Filter or block mobile app access Block unmanaged devices Prevent downloads Force multi-factor authentication Require domain joined Force traffic via proxy/VPN

5 The current reality…

6 SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNETDMZ Active Directory The perimeter can not help protect data Challenge Solution Access control and data containment integrated natively in the apps, devices, and the cloud. SaaS Apps

7 SharePoint Server Exchange Server CORPORATE NETWORK Perimeter network Active Directory SharePoint Online Native device MDM Intune App SDK/Tool AD Authentication library Standard on-premises integration Native cloud integration Managed Office productivity and security O365: Mobile productivity Azure AD: Identity and Access control to O365, SaaS apps and on prem apps. Intune: Data container for Office mobile apps Azure RMS: Information protection at file level Firewall SaaS Apps Extensibility: Enable business apps to interoperate with Office Mobile Intune: Mobile device management

8 On-Premises applications Introducing ‘Conditional Access Control’ Application Business sensitivity Other Network Location Risk profile Devices Authenticated MDM Managed Compliant with policies Not lost/stolen User attributes User identity Group memberships Auth strength (MFA) Conditional access control

9

10 Securing O365 Services with EMS Secure Data in Transit Encrypt emails/attachments shared externally Track/Audit Rights protected document usage Remote kill document access Revoke Access Revoke company resource access from lost/stolen devices or ex employee scenarios Selectively wipe corp data Employees Control Access Block Email/SharePoint until enrolled and Compliant to IT policies Simple end user experience Revoke access on policy violations Prevent data leaks Encrypt application data at rest Restrict data sharing to managed apps Enforce application level policies Built in data protection for Office apps

11

12 Unified Enrollment Azure AD Device object -device id -isManaged -MDMStatus Quarantine Website Step 1: Enroll device Outlook App Office 365 EAS Service Access control to Outlook clients on iOS/Android 4 Register device in Azure AD Outlook Cloud Service 1 Authenticate User and Device (Workplace Join + management) 3 Enroll into Intune 4 Intune Set device management/ compliance status 5 6 Issue Access token Access Outlook Cloud service with AAD token 7 8 Get EAS service access token for user 9 Get Corporate email 10 Email delivered Redirect to Intune 2

13 Access control to SharePoint from OneDrive mobile apps Azure AD OneDrive App Unified Enrollment Device object -device id -isManaged -MDMStatus Quarantine Website Step 1: Enroll device Office 365 SharePoint Online service Intune 4 Register device in Azure AD 1 Authenticate User and Device (Workplace Join + management) 3 Enroll into Intune 4 Set device management/ compliance status 5 8 Documents Synced Redirect to Intune 2 Access SPO service with AAD token 7 Issue Access token 6

14

15

16 ABAC Microsoft ADD fabrikam DASHBOARDUSERSGROUPSDEVICESAPPLICATIONS REPORT S CONFIGURE

17 1&1 Control Panel 1010data 15Five 1to1Real 24SevenOffice 4Imprint 5pm etc… 1&1 control panel Access Rules APPLY TO RULES STATUS Selected Groups: All Users Configure “work” network location. None Selected Add GroupRemove Group Except: Add GroupRemove Group None Selected DASHBOARDCONFIGUREACCESS RULESOWNERS OFFMONITORON Require multi-factor authentication Require multi-factor authentication when not at work Block access when not at work Require a compliant device Require multi-factor authentication when device is not authenticated Monitor will generate statistics but not impact user access.

18 Owner: uday Presenter: sam

19

20 Azure Active Directory Corporate Network DMZ

21 AD FS and Hybrid Conditional Access Active Directory AD FS 2012 R2 or higher Device AuthN MFA adapter Conditional access policy (claim rules) Device MDM compliance Intune Azure AD registered devices write-back Azure AD

22 Device based conditional access on premises Active Directory AD FS 2012 R2 or higher Device AuthN MFA adapter Conditional access policy (claim rules) MFA required for un- registered device

23

24 Owner: Sam Presenter: sam

25  Support for major SSL VPN vendors: Cisco Juniper Checkpoint SonicWall F5 Custom VPN Payloads  Support for Native VPN standards PPTP L2TP IKEv2  Automatic VPN connection App-triggered VPN: Windows 8.1 and Windows Phone 8.1 Per-app VPN for iOS  Support multiple Wifi Authentication types: WEP WPA/WPA2 Personal WPA/WPA2 Enterprise  Specify certificate to be used for Wi-Fi connection

26 Deployment Usage with Resource Access profiles RenewalRevocation

27

28

29 EAS Client Attempt email connection 2 Quarantine If not managed, Push device into quarantine 3 On Prem Exchange Server 2010/2013 Who does what? Intune: Evaluate policy, manage device state and mark device record in AAD Exchange Server: Provides API and infrastructure for quarantine 10 If managed, email access is granted Unified Enrollment Register EAS email client 7 Create EASID to device ID binding 8 Set device management/ compliance status 6 Azure AD DRS Device object -device id -isManaged -MDMStatus -EASIDs Azure AD Quarantine email Step 1: Enroll device Step 2: Register EAS client (Workplace Join + management) 4 Intune 5 Register device in Azure AD 5 Enroll into Intune 1 Block non Managed devices 9 Allow Managed device

30

31

32 Refer session @ Microsoft Ignite on “Securing Access to Microsoft Exchange and SharePoint Online services with Microsoft Intune“ by Dilip Radhakrishnan & Chris Green Access please 1 2 Prove to me you are healthy Intune, AAD & Windows Attestation Service Here is my proof 5 Approved 4 Company resources Documents Email 3 Request

33 “Enterprise data protection” User friendly work-personal separation Manage what data is “Enterprise” Audit intentional data disclosure for business personal Business Apps & Data Managed Personal Apps & Data Unmanaged Data exchange is blocked or audited

34

35 Auto connect VPN VPN traffic filters Application based filters Unified platform VPN: open to 3rd party plug- ins

36

37 Intune Device & App Management Office 365 Productivity Azure AD Identity and Access

38 Microsoft’s Differentiators Cloud-hosted corporate data protection Best end-user experience for mobile productivity World-class engineering and security with a single support system and 3 rd -party ecosystem Complete solution for application and device management, access, identity, productivity, and data protection

39

40

Download ppt "SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
5 | Microsoft Confidential 6 | Microsoft Confidential.

5 | Microsoft Confidential 6 | Microsoft Confidential.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows Infra @MaccaMSOz.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

Similar presentations

Ads by Google