Welcome to Office Mechanics. Coming up on
the show, if you’re used to managing devices, it used to be about locking
down the entire device now with the cloud and BYOD it really transcends that, to
be able to protect files at the data level. We’re going to talk about that in the next 10
minutes and all the things that we’re doing from Office 365, Intune and Azure. Stay tuned. Microsoft Office Office Mechanics I’m joined again by Nasos Kladakis, welcome. Nice to be here When we think about Mobile Device Management, what are we trying to solve for? We are trying to solve the enterprise mobility challenge. And in order to do that, we have to see it from two different perspectives The end users and IT End users want to access everything from everywhere They want to be able to access their personal data and business data from any device When you think about it from the IT perspective We also want permission based access. We want to make sure regardless of what device you are on it should be platform agsnotic The identity, the person who needs access to the data can only access that data Also, we’re also doing something around segregating personal and work information And for that specific point I want to clarify that users want to
access, let’s say, their Facebooks and their Twitter accounts side-by-side
with a corporate data. They want that seperation So it means you won’t have to
carry two devices around like you may have done in the past. Also when you think about management it’s really moving down to the data versus just the device
levels. We want to be able to protect that in the file level anything on that
device. Actually we protect on many different levels but everything starts
from identity. We want to be sure that you have secure single sign-on. The
second step is to go and manage applications and devices One of things that we’re doing with Office is we’re actually instrumenting those
applications to make sure they can be managed. One of the cool things now with
Office 365 and Windows Intune is I can enroll through Word, Excel, PowerPoint it’s
not just about contacting mail to that device but also connecting through those
other apps. So OneDrive for business, for example, becomes that enrollment
mechanism. Regardless of how I connect to data, I need to be able to protect that You know, by getting that getting that separation end users get
their devices. But it doesn’t have to be managed devices of their enterprise. Besides identity and mobile application management we can go even
deeper. We can protect data, we can have encryption that will follow the data wherever they are. Even when they leave their device. Let’s have a look at some demonstrations
of all of this working because we have some really cool things to show across
all the different workloads that we have from Office 365 also into Intune and
Azure We’re going to move to my device here and you’ll see here that I have a brand new Compliance Center in Office 365. That’s got a few new capabilities. It’s got archiving, device management, data
loss prevention. A lot of these apply regardless of whether I’m using a mobile
device or whether I’m using a traditional PC. Just to show you what I can do
from a conditional access perspective I want to make sure that devices connected to my infrastructure are actually healthy. Some of the new things that
we can do in terms of access requirements that weren’t in Exchange
ActiveSync, for example, are the ability to check for rooted or jailbroken devices.
Those things I can do right within my console here to make sure that these
types of devices we can ensure are safe, are not able to connect to corporate resources. Some of the other things I can do as well, some configurations. A lot of people ask me
‘Can I stop people from screen printing on their device?’ Yes. We have all of that
built in. I can do things like lock screen capture right on the device. You can
see it here but I have new capabilities that might not have been
things within Exchange ActiveSync in the past. We have additional controls. 50 different PowerShell controls that we can do there. In terms of having more granular control over the
device. I’ll cancel out of that. I want to show you how you do selective wipe within Office 365
if we go and look at our list of managed devices here. We’ll see that we have a few
devices in our tenant. We’ve got a couple of new capabilities. I’l zoom into those capabilities. If we think about what we had before, we
had something called full wipes. If we look at what full wipe will do, I’ll be careful not to press that because somebody’s device will get wiped. and reset to it’s original factory state. What would happen there is that a device will get set back to the original factory state. The state that it was when you unboxed it. Now with selective wipe We basically just remove the information, the data and reset the applications to where they
were when you installliy installed them before you signed in to try to access data. That
means that you can leave everything back on the device, the pictures, everything
else, untouched so that users can use the device that they typically own. That way they won’t need to carry two devices. Really exciting stuff natively inside of Office 365 but it
gets even better when we add Intune to that, right? Right, let me explain the concept
now. This is personal device that is enrolled in Intune the user doesn’t really want to have a fully
locked device. They just want a managed environment and manage applications. So you can see here in my iPad I have different applications and if I click on my notes, for example, I can get into them with no problem but if I click one of the managed devices you will see what will happen. This internal device has Outlook, the moment I click Outlook, you see that I need to provide the pin so by using the secure pin I have access now to this
manage application let me show you what I can do through that managed application. that lets say I’m looking at specific mail and I’m trying
to copy that part of my email then let’s suppose I try to paste that
part to a personal application. Let’s say in note. If I go here you’ll see that paste is not even an option. So whatever I
copied from the managed application controlled by Intune wasn’t even possible to paste
here. If I go to Word. Which is also protected device, I can now,
by clicking here, you can see that paste is possible and I can paste it because also
Word is protected. You see that I can do both of these things. If I try to save that Word document, and
the same goes for Outlook and attachements of Outlook and stuff like that If I go to save that device, I have many
different options If I tried to save it in my dropbox, which is a personal
space, you will see that I’m not able to do that because this is not allowed. But if I go to the Contoso Cloud OneDrive, I am able to save it. Let’s save, you see, it says ‘Your administrator doesn’t allow saving to personal locations’ So, although this is my device, I have a full separation between what is mine and what is business control That’s okay for Office applications and Office 365 but what about other applications Right! Cause it really goes beyond just protecting the
device because you have other business applications may be other personal
applications you might try to connect to via the web or other mechanisms this
also gives you a way to protect the login with those. We have abilities now within Azure Active Directory to do a lot more in terms of protecting experiences. Exactly. If you remember my point on having secured single sign-on this is what I’m going to
do right now. So I’m going to an application, a mobile application
that’s available in all mobile devices and of course in iPads. I will log in as a user. I was recognized, the environment changed my familiar home and I will use my password. The
thing you’re going to see now, it’s a single place that I will be able to sign
in to many different applications. So you see Office 365 but you can see box and enterprise Twitter account and everything. Everything is here. the enterprise Twitter account is is protected. If I don’t know the actual
possible, I can just sign in from here. I can see my workday account and look at that those icons are icons from web applications on-premises published through Active Directory
premium to devise and I can take additional taxes and special protection
different applications here so if I can do either probably I will be there with
no protection but if I decide to go to my own premises application lets say I
want to go to my legacy sales tracking application with an application from on
premises and click on the icon now that I will be prompt action so I’m
expecting for that phone call because I know that one set of credentials to get
all these different services now I’m going to answer you have to believe me
that the real nice lady says but if it wasn’t you press 0 pound and your
account will be blocked and an alert will be created so although probably has
he doesn’t have your mobile phone so you can block this is a real protection this
is great because it works again on even sites that might have only a single
factor authentication now you can require that even if it’s here company’s
Twitter account company’s Facebook account those things you can protect the
multifactor authentication via that same login that you would have to access
internal services all in one place even with an iPad and we saw with the phone multiple authentication right now I’m
going to show you also how you can discover almost obligations on your end
users are you see I’m going now to management console and I’m going to go
in there you will see a new capability that we have announced recently at the
keynote on Monday I am one of the things that you want to do is actually figure
out what people are using right exactly this is my mouth so I know I know that I
had to protect their books and other obligations of you have just seen but
let’s see are you sure that you know exactly where your end users are using
to do that of discovery is available throughout the
directory and I’m going to click here to actual to cloud the directory and you
will see you have the capability to see what exactly are using in our case we
have four hundred and sixty-two new applications discover our managed
devices environment applications and I got down and see exactly applications how much you can say that I
see them I shared forge of them using this obligation heavily and I see the
news application is still change that let’s bring those users under a managed
environment and security to sign on and other benefits that you have seen so
when I discovered the application I can manage from here and bring them in or I
can go even further legal obligation and get a view of how many users and how
much they’re using application and even further which users can see their names I can
see their devices so I can’t decide if this is an important application to
bring in this is what users are using but you don’t know from where they are
really so in order to help you even more without without your Active Directory
premium week the security advanced security reporting I’m going to show you
a few this report so important part of our Active Directory premium now that we
know with applications we have to secure now we have mobile application
management and office 365 MGM now that we have everything let’s be sure that
our users are using their obligations consistently and safely if a user is
accessing an application from an anonymizer from torrent any major you
can know that now to access the same applications from two different places
at the same time that’s a sign him up he’s not worried at the same time so
probably something is wrong with this guy actions so every indication beyond just the devices itself and
really going on lot more intelligence are unable to
login then we can manage manage we can have manageability their place without
sacrificing any user productivity right we can give security at the same time
that’s about all the time we have to show today in terms of mobile device
management the things that go beyond the device with all of these discussions on
the office blogs have your own blog as well right of course enterprise mobility
microsoft.com / and you will see all the things that we have to thanks for
watching and now

Beyond MDM—How to protect your data with BYOD and SaaS implemented

Leave a Reply

Your email address will not be published. Required fields are marked *