Volle Power mit Windows 10 und Enterprise Mobility Suite

Volle Power mit Windows 10
und Enterprise Mobility Suite
Johannes Nöbauer
Bereichseiter Enterprise Services
Agenda
 Arbeitsplatz 4.0
 Windows 10 &
Microsoft Enterprise Mobility & Security
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise &
consumer technologies,” Feb. 21, 2013
** Forrester Research: “2013 Mobile Workforce Adoption Trends,” Feb. 4, 2013
*** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115
Ernüchternte Statistik
200+
The median # of days that
attackers reside within a
victim’s network before
detection
75%+
$500B $3.5M
of all network intrusions are
due to compromised user
credentials
The total potential cost of
cybercrime to the global
economy
The average cost of a data
breach to a company
Die Häufigkeit und Gewandtheit der Cyber-Angriffe werden
sogar noch schlimmer
“There are two kinds of BIG companies. Those who have been
hacked, and those who don’t know they have been hacked.”
Windows 10
Schneller
Besser
Sicherer
Microsoft
Enterprise Mobility + Security Suite
Identity and access
management
EMS
E5
Information
protection
Identity-driven
security
Azure Active Directory
Premium P2
Azure Information Protection
Premium P2
Microsoft Cloud
App Security
Identity and access
management with advanced
protection for users and
privileged identities
Intelligent classification and
encryption for files shared
inside and outside your
organization
Enterprise-grade visibility,
control, and protection for your
cloud applications
(includes all capabilities in P1)
(includes all capabilities in P1)
Azure Active Directory
Premium P1
EMS
E3
Managed mobile
productivity
Secure single sign-on to cloud
and on-premises apps
MFA, conditional access, and
advanced security reporting
Microsoft Intune
Mobile device and app
management to protect
corporate apps and data on any
device
Azure Information Protection
Premium P1
Microsoft Advanced
Threat Analytics
Encryption for all files and
storage locations
Protection from advanced
targeted attacks leveraging user
and entity behavioral analytics
Cloud-based file tracking
Microsoft
Enterprise Mobility & Security
 Azure Active Directory Premium
 Azure Information Protection
 Advanced Threat Analytics
 Microsoft Intune
Azure
Active Directory
Self Service Password Reset
Multifaktor Authentifizierung
Single-Sign On über Hybrid Clouds
Your Directory on the cloud
Connect and Sync on-premises
directories with Azure.
*
* Azure Active Directory Connect
PowerShell
SQL (ODBC)
LDAP v3
Web Services
( SOAP, JAVA,
REST)
Other Directories
Microsoft Azure
Active Directory
Your Directory on the cloud
Connect and Sync on-premises
directories with Azure.
2400+ Preintegrated popular
SaaS apps.
Other Directories
Microsoft Azure
Active Directory
SaaS apps
Azure Multi Factor Authentication
Optionen
Demo
Azure Active Directory
Microsoft Azure
Active Directory
Identity-driven Security
Actions
Conditions
Location (IP range)
Device state
User
User group
Allow access
Or
Enforce MFA per
user/per app
Risk
Block access
MFA
IDENTITY
PROTECTION
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIES
CLOUD APP DISCOVERY
PRIVILEGED IDENTITY MANAGEMENT
Cloud-powered Schutz
Konsoldierte Ansicht auf die durch „machine
learning“ basierte Erkennung von Bedrohungen
Infected
devices
Brute force
attacks
Configuration
vulnerabilities
Leaked
credentials
Suspicious sign-in
activities
Remediation Empfehlung
Riskbased
policies
MFA Challenge
Risky Logins
“Risk severity” Berechnung
Machine-Learning Engine
Change bad
credentials
Block attacks
Risiko-basierter „Conditional Access“ schützt
automatisch vor verdächtigen Anmeldungen
und gefährdeten Anmeldeinformationen
Sign-in Risk Policy mit Tor Browser
Microsoft
Enterprise Mobility & Security
 Azure Active Directory Premium
 Azure Information Protection
 Advanced Threat Analytics
 Microsoft Intune
Microsoft
Azure Information Protection
Wie kann ich sicher stellen das Dokumente nur die
gewünschte Zielpersonen verschlüsselt erreichen und
diese nur spezifische Rechte haben
Wie kann ich den Zugriff nachverfolgen
Wie kann ich die Berechtigungen wieder entziehen
Azure Rights Management Service
Authentication and
collaboration
Client integration
Integration
Rights Management 101
File is protected by an AES
symmetric key
License protected by orgowned key
Use Rights +
Secret
Cola Formula
Water
HFCS
Brown #16
Protect
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
Usage rights + symmetric key stored in
file as ‘license’
Secret
Cola Formula
Unprotect
Water
HFCS
Brown #16
Rights Management 101
Enlightened apps use the RMS SDK
which communicates with the RMS key
management servers
Use Rights +
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
File content is
never sent to the
RMS server/service
RMS-enlightened apps enforce rights,
Generic Protection offered by the RMS
App
Demo
Azure Information Protection
Microsoft
Enterprise Mobility & Security
 Azure Active Directory Premium
 Azure Information Protection
 Advanced Threat Analytics
 Microsoft Intune
Microsoft
Azure Threat Analytics
Werde oder bin ich schon im internen
Netzwerk angegriffen?
Wie finde Account Credentials Angriffe
Habe ich unsichere Admin Logons im
internen Netz
Die Muster der Cyber-SecurityAngriffe ändern sich
Today’s cyber attackers are:
Compromising user credentials in the vast
majority of attacks
Using legitimate IT tools rather than malware
– harder to detect
Staying in the network an average of eight
months before detection
Costing significant financial loss, impact to
brand reputation, loss of confidential data,
and executive jobs
Die Muster der Cyber-SecurityAngriffe ändern sich
Today’s cyber attackers are:
Compromising user credentials in the vast
majority of attacks
Using legitimate IT tools rather than malware
– harder to detect
Staying in the network an average of eight
months before detection
Costing significant financial loss, impact to
brand reputation, loss of confidential data,
and executive jobs
Die Muster der Cyber-SecurityAngriffe ändern sich
Today’s cyber attackers are:
Compromising user credentials in the vast
majority of attacks
Using legitimate IT tools rather than malware
– harder to detect
Staying in the network an average of eight
months before detection
Costing significant financial loss, impact to
brand reputation, loss of confidential data,
and executive jobs
Problemstellung
Traditional IT Security Lösungen sind typischerweise :
Komplex
Neigen zu
“false positives”
Ausgelegt für den
“perimeter” Schutz
Ersteinrichtung,
Feinabstimmung, Erstellen
von Regeln für
Schwellwerte/Baselines
können lange dauern.
Sie erhalten zu viele Berichte
an einem Tag mit mehreren
"false positives", die wertvolle
Zeit erfordern, die Sie nicht
haben.
Wenn Benutzerlogin
Informationen gestohlen
wurden und Angreifer sich
bereits im Netz befinden,
bietet Ihre aktuelle Abwehr
nur mehr eingeschränkten
Schutz.
Übersicht Microsoft Advanced
Threat Analytics
Eine lokale Lösung um fortschrittliche Sicherheits Angriffe zu identifizieren, bevor diese Schaden
anrichten
Vergleich:

Kreditkartenunternehmen
überwachen das Verhalten
der Karteninhaber

Gibt es ungewöhnlich
Aktivitäten, wird der
Karteninhaber
benachrichtigt um die
Transaktionen zu überprüfen
Microsoft Advanced Threat Analytics bringt dieses Konzept
zur IT und Anwender einer bestimmten Organisation
Wie Microsoft Advanced Threat
Analytics arbeitet
4 Alert
ATA reports all suspicious
activities on a simple,
functional, actionable
attack timeline
ATA identifies
Who?
What?
When?
How?
For each suspicious
activity, ATA provides
recommendations for
the investigation and
remediation.
Topology
Topology - Gateway
Captures and analyzes DC network traffic
via port mirroring
Listens to multiple DCs from a single
Gateway
Receives events from SIEM
Retrieves data about entities from the
domain
Performs resolution of network entities
Transfers relevant data to the ATA Center
Topology - Center
Manages ATA Gateway configuration
settings
Receives data from ATA Gateways and
stores in the database
Detects suspicious activity and abnormal
behavior (machine learning)
Provides Web Management Interface
Supports multiple Gateways
Video Demo
Azure Advanced Threat Analytics
Microsoft
Enterprise Mobility & Security
 Azure Active Directory Premium
 Azure Information Protection
 Advanced Threat Analytics
 Microsoft Intune
Microsoft
Intune
Bring Your Own Device  Mobiles Device Management
MIT IT-Kontrolle OHNE private Enteignung
App-Management für mobile Unternehmens-Apps Schön
Êigener App-Store
PC-Management und MDM integriert
Managed Antivirus ist wieder
Today’s challenges
Users
Users expect to be able to
work in any location and
have access to all their
work resources.
Devices
The explosion of devices is
eroding the standards-based
approach to corporate IT.
Apps
Data
Deploying and managing
applications across
platforms is difficult.
Users need to be productive
while maintaining
compliance and reducing
risk.
Empowering people with our Enterprise
Mobility Suite
Enable users
Allow users to work on the
devices of their choice and
provide consistent access to
corporate resources.
Unify your environment
Users
Devices
Apps
Data
Deliver a unified application and
device management onpremises and in the cloud.
Protect your data
Management. Access. Protection.
Help protect corporate
information and manage risk.
Enterprise mobility management
with Intune
Mobile device
management
User
Mobile application
management
PC management
IT
Intune helps organizations provide their employees with access to corporate applications, data, and
resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Device Lifecycle Management
Enroll
Provision
• Provide a self-service Company
Portal for users to enroll devices
• Deliver custom terms and
conditions at enrollment
• Bulk enroll devices using Apple
Configurator or service account
• Restrict access to Exchange email
if a device is not enrolled
• Deploy certificates, email, VPN,
and WiFi profiles
• Deploy device security policy
settings
• Install mandatory apps
• Deploy app restriction policies
• Deploy data protection policies
User
IT
Retire
Manage and Protect
• Revoke access to corporate
resources
• Perform selective wipe
• Audit lost and stolen devices
• Restrict access to corporate
resources if policies are violated
(e.g., jailbroken device)
• Protect corporate data by
restricting actions such as
copy/cut/paste/save outside of
managed app ecosystem
• Report on device and app
compliance
Deployment Option 1:
Intune only
Intune standalone (cloud only)
IT
Intune web console
Manage and Protect
•
No existing infrastructure necessary
•
No existing Configuration Manager deployment
required
•
Simplified policy control
•
Simple web-based administration console
•
Faster cadence of updates
•
Always up-to-date
Devices Supported
Mobile devices and PCs
•
Windows PCs (x86/64, Intel SoC)
•
Windows RT
•
Windows Phone 8.x
•
iOS
•
Android
Deployment Option 2:
SCCM + Intune MDM
Configuration Manager integrated with Intune (hybrid)
System Center 2012 R2 Configuration
Manager with Microsoft Intune
•
•
•
•
•
Build on existing Configuration Manager deployment
Full PC management (OS deployment, endpoint
protection, application delivery control, custom
reporting)
Deep policy control requirements
Greater scalability
Extensible administration tools (RBA, PowerShell, SQL
reporting services)
IT
Configuration Manager console
System Center
Configuration
Manager
Devices Supported
•
•
•
•
•
Windows PCs
(x86/64, Intel SoC)
Windows to Go
Windows Server
Linux
Mac OS X
•
•
•
•
Windows RT
Windows Phone 8.x
iOS
Android
Domain joined PCs
Mobile devices
Demo
Microsoft Intune
Danke!
für Ihre Aufmerksamkeit