1 / 25

Lessons from the Field: Protecting Corporate Data on any Device with Microsoft Intune and EMS

Lessons from the Field: Protecting Corporate Data on any Device with Microsoft Intune and EMS. Quoc Lai Senior Program Manager Intune Customer Experience Team. BRK3029. Clay Taylor Senior Program Manager Intune Customer Experience Team. Agenda.

mayers
Download Presentation

Lessons from the Field: Protecting Corporate Data on any Device with Microsoft Intune and EMS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lessons from the Field: Protecting Corporate Data on any Device with Microsoft Intune and EMS Quoc Lai Senior Program Manager Intune Customer Experience Team BRK3029 Clay Taylor Senior Program Manager Intune Customer Experience Team

  2. Agenda Explore and understand many ways data can be accessed Levels of controls to secure the access to the corporate data Common scenarios and options to control corporate data exposure

  3. Productivity Simplicity MicrosoftIntune &Configuration Manager Unified Endpoint Management The simplest way to manage all Microsoft 365 endpoints Security

  4. Who is accessing the data on a particular device? What is their role and should their device be trusted?

  5. Who is accessing the data on a particular device Identity driven access control to data What is their role and what level of access should they have? Identify roles and responsibilities for end user personas

  6. Demo Identity based controls to data access

  7. Can I protect app data on an unknown device?

  8. How do I protect app data on an unmanaged device? App Protection Policies App Based Conditional Access/ Native Mail App? Corporate Identity binding controls How do I enable app protection for my LOB apps and 3rd Party apps? Enlightened for Windows / SDK iOS and Android

  9. Bring your own device End-user personal device Do not want IT managing their personal data Want convenience of access to corporate services Mobile Application Management (MAM) controls Windows 10 – Windows Information Protection without enrollment Apple iOS – Intune APP Restrictions Android – Intune APP Restrictions + AE Work Profile Enlightened apps through Intune SDK integration or Application Wrapping Tool Corporate Identity user context awareness driven Application level restrictions and file based encryption

  10. Introduction to Intune App Protection Policies (APP) MAM policies Familiar Office experience • Seamless “enrollment” into app management • Use for personal and corporate accounts Comprehensive protection • App encryption at rest • App access control – PIN or credentials • Save as/copy/paste restrictions • App-level selective wipe MDM mgmt. by Intune or third-party is optional Might be a good solution for these scenarios: • BYOD when MDM is not required • Extending app access to vendors and partners • Already have an existing MDM solution Corporate apps MDM – optional (Intune or 3rd-party) Personal apps MDM policies

  11. Demo Application level data trust controls

  12. When should I require a device to be fully MDM managed? How should I protect data on a managed device?

  13. When should I require a device to be fully MDM managed? Corporate vs. BYOD What do users need to access? Are there additional security requirements; certificates, S/MIME? How should I protect data on a managed device? Enrollment Restrictions Windows Security Baseline Settings Windows Hello Encryption Mobile Threat Defense

  14. Fully managed data compliance Self-enrollment assisted through guided registration process Access authorization driven via conditional access controls Mandatory device compliance requirements enforced Microsoft Windows 8.1 & 10 – Azure Active Directory Device Registration Apple iOS – Open-In Management Android Enterprise – Work Profile and Managed Google Play Protect

  15. Demo Device level data trust controls

  16. What about device health and compliance?

  17. Compliance data controls Configuration Policies and compliance policies Security Baselines Administrative template policy controls

  18. Are there actions to remediate unhealthy devices and the data?

  19. Is the device healthy? What is the baseline for a compliant device state? How is remediation Example of emergency visit vs well check Compliance Policies vs. configuration policies

  20. Demo

  21. Who is accessing the data on a particular device? What is their role and what level of access should they have? Can I protect app data of unknown device? When should I require a device to be fully MDM managed? How should I protect data on a managed device? What about device health and compliance? Are there actions to remediate unhealthy devices and the data?

  22. Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

More Related