CoLabora - Protecting Company data using EMS - June 2015

Click icon to add picture

CoLabora User Group Meeting, June 2015

Protecting Company Data using the Enterprise Mobility Suite

© EG A/S 2

Key Takeways

Why is mobile management important?

What is EMS and why do you need it?

How do we get started with EMS?

© EG A/S 3

About me…

Ronni PedersenSenior Infrastructure Architect, EG A/S

Microsoft MVP: Enterprise Client ManagementFounder: System Center User Group DenmarkMicrosoft Certified TrainerMicrosoft TechNet Moderator

Contact MeTwitter: https://twitter.com/ronnipedersen Blog: http://www.ronnipedersen.com/Mail: Ronni.Pedersen@eg.dkPhone: +45 7260 2452

Enterprise Mobility Suite

• SCCM is undisputed winner of PC Mgmt w/ >70% share

• You need to look into a MDM solution today

• I believe Microsoft is the long-term winner

State of the UnionGrowth is all in Mobile Devices

1 2 3 4 5 60

500,000,000

1,000,000,000

1,500,000,000

2,000,000,000

2,500,000,000

349,335,656315,106,382295,885,430293,590,237293,049,891292,210,603

725,326,4991,009,642,8711,131,106,836

1,283,446,8871,434,316,782

1,578,749,506162,047,448

230,581,255269,915,242

308,172,044

339,735,801

367,594,067Series3 Series2

Series1

Devices Shipments (MM)

Source: IDC

© EG A/S 6

LicensingMicrosoft Intune (Standalone)

Enterprise Mobility SuiteMicrosoft IntuneAzure Active Directory PremiumAzure Rights Management

Enterprise Cloud SuiteEnterprise Mobility SuiteOffice 365 Enterprise E3Windows Software Assurance (Per User)

http://www.microsoft.com/licensing/about-licensing/briefs/enterprise-cloud-suite.aspx

© EG A/S 7

Enterprise Mobility SuiteMicrosoft Intune

Mobile and Device Management

Azure Active Directory PremiumHybrid Identity Management

Azure Rights ManagementInformation Protection

Getting Started with IntuneSetting up the environment

© EG A/S 9

Process Overview

Prepare

• Create Accounts for cloud services• Create Subscriptions

Deploy

• Add Public DNS• Configure AD Users with Public Domain UPNs• Deploy and Configure Azure AD Sync

Configure

• Configure Configuration Manager for Mobile Device Management

• Configure Device Enrolment

© EG A/S 10

Create accounts for the cloudStart by creating dedicated admin accounts:

Microsoft account: https://signup.live.com/

Apple ID: https://appleid.apple.com/account

Google account: https://accounts.google.com/Signup

© EG A/S 11

Create the trial subscriptions

Microsoft Office 365:http://aka.ms/ITcampO365Trial

Microsoft Intune:http://aka.ms/tryintune

Microsoft Azure Active Directory (AD) Premium:http://azure.microsoft.com/en-us/pricing/free-trial

Azure Rights Management:https://manage.windowsazure.com

© EG A/S 12

Single management console for IT admins

Configuration Manager console (hybrid)Intune web console (cloud only)

DEMOConfiguring Microsoft Intune

Device Enrolment

Mobile device management

ITUser

Devicesenrolled

Apply policies

Company PortalRecommended apps for user’s devices

Mobile device management

ITUser

Mobile Device – Personal vs Corporate

App Management By default, user-enrolled devices are “Personal”

Complete inventory of all Apps on the device only when set to Corporate

Only the admin can specify corporate-owned devices !

Personal vs.

Corporate Owned Devices

DEMODevice Enrollment and Inventory

Conditional Access

Conditional access for Office 365

If compliant, email access is granted

7

Enrollment/compliance remediation

5

If not compliant, push device into quarantine

Quarantine

4

Is device

managed &

compliant ? 2

Quarantine email with remediation steps

Link to enroll device and compliance remediation steps

Who does what?Intune: Evaluate policy compliance for device

Azure AD: Authenticate user and provide device compliance status

Exchange Online: Enforces access to email based on device state

Attempt email connection

1

Return device

state

3

Azure Active Directory

Set device management/ compliance status

6Office 365

Mobile device

Microsoft Intune

Intuitive end-user experience

To access your Contoso e-mail and other company resources, this device needs to be enrolled with Contoso. Part of this process includes installing the Company Portal. Click first link below to begin this process.

Step 1Enroll your device.

Step 2Once you’ve enrolled your device, click here to Activate your enrollment.

Restrict access forNon-managed devicesNon-compliant devices

Assistance with remediating issuesSteps provided on how to enroll devices and remediate compliance issues

Quick compliance remediation and evaluationIntune automatically remediates most of the policy issuesEnd user can retrigger compliance evaluation in the Company Portal

DEMOConditional Access

Mobile Application Management

© EG A/S 24

Mobile Application Management

Maximize mobile productivity and protect corporate resources with Office mobile apps

Extend these capabilities to existing line-of-business apps using the Intune app wrapper

Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Managed apps

Personal apps

Personal apps

Managed apps

IT

User

© EG A/S 25

Mobile Application Management

Personal apps

Managed apps

Copy Paste Save

Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem

Save to personal storage

Paste to personal app

User

Email attachment

DEMOMobile Application Management

© EG A/S 27

Questions

© EG A/S 28