* Forrester Research: “BT Futures Report: Info workers ...€¦ · * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,”

Forrester Research ldquoBT Futures Report Info workers will erase boundary between enterprise amp consumer technologiesrdquo Feb 21 2013 Forrester Research ldquo2013 Mobile Workforce Adoption Trendsrdquo Feb 4 2013 Gartner Source Press Release Oct 25 2012 httpwwwgartnercomnewsroomid2213115

To position this solution at your customers hellipPain points which might keep you busy hellip

There are so many different devices to

manage ndash domain joinend (school

owned) like Servers PCs Notebooks

and not domain joined (student owned)

like Notebooks Tablets Smartphones

Is there no holistic management

solution available

We have developed some education

Apps we want to exclusively provide to

our students only in our institution But

this Apps should be distributed to

should be accessible from all different

devices our students are using What is

the best approach to do this

Number of external Software as a Service (bdquoSaaSldquo)

applications in our institution is increasing and

we also developed our own SaaS App Is there no

way of having a Single Sign On solution for all

those applications in order to provide a smooth

logon experience to all users and keep better

control of this App usage Also resetting

forgotten passwords is bdquostealingldquo time from my

administrators hellip

How can I enforce specific

security policies ndash even for

devices students bring on their

own

There are some systems in our

schooluniversity where we want to

provide access mechanisms based on

AD credentials but with additional

security barries Is there a solution that

integrates well in our AD infrastructure

I need a simple to use data

protection encryption solution in

order to easily protect and share

documents amongst teachers and

even accross institutional borders

PCmanagement

The logos above may be the property of their respective owners

How Device and App Management often works hellip

Intune can be used as a standalone

solution or together with SCCM (shown

in light blue besides) in order to have a

fully featured enterprise ready

Unified Device Management

Solution in placeIT can manage devices applications security

settings network profiles hellip

Centralized App deployment and provisioning data or provide secure access to corporate data

Unified infrastructure enables IT to manage devices ldquowhere they liverdquo

Having ONE portal to use for device and application management

Single AdminConsole

User

Unify your environment with Windows Intune amp SCCM 2012 R2

ONE identity based on user credentials stored in ONE place

ndash in our Active directory

Server

Comparison of Intune standalone and Intune + SCCM can be found here

httptechnetmicrosoftcomen-uslibrarydn600286aspx

Target applications based

on user role the best way for

each device

bull WindowsWindows RT

bull Windows Phone

bull iOS

bull Android

bull OS X

Evaluate device capabilities

for optimal application

delivery

bull Local installation

bull Microsoft Application

Virtualization

bull Desktop Virtualization (VDI)

bull Web applications

App side loading for non

domain joined devices ndash

either push (bdquorequiredldquo) or

pull (bdquoavailableldquo)

People-centric Application DeliveryAccessing apps the right way on the right device

MSI RDSApp-V

(MDOP)Remote

App

Native

App

App Store

httptechnetmicrosoftcomen-uslibrarydn376523aspx

httptechnetmicrosoftcomen-uslibrarydn600287aspx

Company Portal for providing Apps to students staff

Company Portal for several platforms

Windows RT and Win 8 81 For Windows Phone 8

81

For iOS Android

Modern UI application

Several installation paths

bull Recommended Apps by IT to

download from Windows Store

bull LOB Apps published by IT

department via side loading

bull Categories and search of Apps

Control of my devices

bull Addremove devices

bull Wipe devices (depending on

platform)

Support

bull contact

bull Link to Support website

Modern UI phone

application

Several installation paths

bull Recommended Apps by IT to

download from Windows Store

bull LOB Apps published by IT

department via side loading

bull Categories and search of Apps

Control of my devices

bull Addremove devices

Support

bull contact

bull Link to Support website

Native App

Get applications on your device

bull Download Apps from Apple

App Store or Google Play Store

bull LOB Apps published by IT

department via side loading

bull Categories and search of Apps

Support

bull contact

bull Link to Support website

Windows Intune regular feature updates

Official communication about the new

Features in January release and outlook to

the next release httpblogstechnetcombin_the_cloudarchive20140129a-people-

first-approach-to-mobile-device-managementaspx

Official communication about April Update

(Windows Phone 81 support Samsung

KNOW support)httpblogstechnetcombwindowsintunearchive20140428availabil

ity-of-update-to-windows-intune-for-windows-phone-8-1-and-

samsung-knox-standardaspx

Windows Intune Service Release Overview

(what features are new in which release)httptechnetmicrosoftcomlibrarydn292747aspx

Whatrsquos New in System Center 2012 R2

Configuration Managerhttptechnetmicrosoftcomen-uslibrarydn236351aspx

Main message we will have nearly 100 feature parity between Intune bdquocloud onlyldquo and Intune + SCCM regarding mobile device management this year

Understand the broader context of Mobility Management

Mobile Information Management (MIM)IT policies applied directly to data wherever it flows or resides

Microsoft delivers

bull Active Directory Rights Management Services protects and encrypts documents and email contents

bull This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and sensitive data from being uploaded to 3rd party cloud file sharing providers

Full range of Mobility Management

Mobile Content (amp Access)

Management (MCM)Secure distribution and mobile access to employee data

Microsoft delivers

bull Devices use Workplace Join to register with Active Directory facilitating Single Sign On (SSO) access to data and services via the Web Application Proxy and ADFS

bull Secure mobile file synchronization is facilitated by on-premises Work Folders

bull Multifactor authentication increases the level of secure access to corporate resources

bull Dynamic Access Control provides automatic document classification and protection based on content

Mobile Application Management (MAM)IT controlled delivery of apps from a corporate app catalog

Microsoft delivers

bull A cross-platform company portal where employees can download internalexternal native web and remote apps for Windows iOS and Android

bull Corporate apps can be pushed to devices and remotely uninstalled

bull Selective wipe of corporate apps data and management policies that leaves personal content untouched

Mobile Device Management (MDM)IT policies applied and profiles provisioned to mobile devices

Microsoft delivers

bull Policy enforcement across Windows iOS and Android through exposed OMA DM management APIs

bull Provisioning of Certificates Wi-Fi and VPN profiles

bull Detection of Jailbroken iOS and Rooted Android devices

bull Management of mobile devices roaming on wireless data networks facilitated by cloud-based Internet gateway

+ 2012 R2(Azure RMS and Azure AD Premium)

Microsoft Azure Rights Management

Several features around information protection secure X-company communication and collaboration hellip

bull Simplified data protection and collaboration ndash no on-premises infrastructure required

bull Support for connection to on-prem and cloud Exchange SharePoint and Windows Server FCI (file classification infrastructure)

bull Near real-time customer-owned logging

bull Office is our ldquofirst and bestrdquo partner ndash Office 2013 2010 2007 -but we can also secure other types of files like PDF JPEG hellip

bull

Microsoft Azure Active Directory Premium

Several features around SSO advanced Authentication enhanced user management hellip

bull Self Service Password Reset

bull Connect to your on-premises Active Directory

bull Multi Factor Authentication

bull Pre-integrated for Single Sign On (SSO) to over 1000 popular SaaS apps (Office 365 Yammer LinkedIn Facebookhellip )

bull Easily add custom cloud-based apps

bull Security reporting to track inconsistent access patterns

bull hellip and FIM hellip

Cloud technologies to complete our Mobility Management offering

httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx

httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo

httpblogstechnetcombadarchive20140421new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-supportaspx

httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx

bull Technet Blog regarding Azure Rights Management Service

Azure RMS Whitepaper

Azure RMS Slides from TechEd 2013

+

+

=

Windows Azure Active Directory SKU features comparison WAAD O365 WAAD Premium

Directory as a Service Yes - up to 500K Objects Yes - No Limit

UserGroup Management Yes Yes

SSO to pre-integrated SAAS Applications Custom Apps Yes Yes

Directory Synchronization Tool (WSAD Extension) Yes Yes

User-Based access managementprovisioning Yes Yes

Group-based access managementprovisioning Yes

Self-Service Group Management for cloud users Yes

Self-Service Change Password for cloud users Yes Yes

Self-Service Reset Password for cloud users Yes

Security Reports Yes Yes

Advanced Security Reporting (machine learning-based) Yes

Usage Reporting Yes

Tenant Branding (LogonAccess Panel customization) Yes

MFA (All available features on Windows Azure and on premises) Yes

Enterprise Sync (Extend any directory to Azure AD) (Q4) Yes

Write back for Self-Service ResetChange Password (Q4) Yes

Administration based on Departments (Q4) Yes

SLA Yes

FIM CAL + FIM Server Yes

Windows Azure MFA vs MFA for Office 365MFA for Office 365Azure

Administrators

Windows Azure Multi-Factor

Authentication

Administrators can EnableEnforce MFA to end-users Yes Yes

Use Mobile app (online and OTP) as second authentication factor Yes Yes

Use Phone call as second authentication factor Yes Yes

Use SMS as second authentication factor Yes Yes

Application passwords for non-browser clients (eg Outlook Lync) Yes Yes

Default Microsoft greetings during authentication phone calls Yes Yes

Custom greetings during authentication phone calls Yes

Fraud alert Yes

MFA SDK Yes

Security Reports Yes

MFA for on-premises applications MFA Server Yes

One-Time Bypass Yes

BlockUnblock Users Yes

Customizable caller ID for authentication phone calls Yes

Event Confirmation Yes

Windows Azure RMS vs RMS for Office 365

Microsoft RMS for

O365

Microsoft

RMS

Protection for content stored in Office 365

Both office file type amp non office file types

X X

Protection for content stored in on-premises Exchange amp

SharePoint

For Office amp non Office file types via RMS Connector

X X

Bring Your Own Key X X

SDK Access for LOB Applications X X

Office 365 Message Encryption X X

Protection for content stored in on-premises Windows Server

file shares via RMS Connector for FCI (x) X

Enterprise Mobility Suite Key Competitors

Cloud Hybrid Identity Management

Mobile Device Management

Information Protection

Key Competitors

Microsoft Differentiation

Azure AD Premium Windows Intune Azure RMS

Licensing Overview

Windows Intune (Edu) Licensing Offer in detail

Per user student

Licensing

(up to 5 devices)

Notes

bull Windows Intune Add-On for ConfigMgr requires ConfigMgr amp SCEP to be licensed under the

EAEASEES

bull Under all offers customers will be licensed for System Center 2012 Configuration Manager and

Endpoint Protection

bull Windows Software Assurance no longer required (For Windows Intune amp Windows Intune Add-On)

bull All prices are estimated retail prices based on Licensewisebull Errors omissions and typos excepted

Direct

(online)

Windows Intune

with Windows SA

Includes

bull Intune Service

bull ConfigMgr amp SCEP

CHF 1090

user

Month

Windows Intune

Add-On for

ConfigMgr amp SCEP

Windows Intune

(if the customer does

not have SCCM and

SCEP)

If the customer also

wants Windowshellip

Offers

If the customer owns

ConfigMgr and SCEPhellip

EES

Must license ConfigMgr

separately

CHF 055

user

month

Open

Academic

Can be sold by reselling

partners to offer our MS

service + partner service

on ONE bill

CHF 081

user

month

CHF 081

user

month

CHF 590

user

Month

bull EAEES Add-On to customers with existingbull CoreCAL

bull eCAL

bull O365 + BridgeCAL

bull Contains 3 main elements bull Azure AD Premium

bull including on Premises usage rights (Server + CALs) for Forefront Identity Manager

bull Azure RMS

bull Windows Intune

bull On pricelist per May 1st

Licensing of Enterprise Mobility Suite

Limited time Promo

bull For a limited time Enterprise Mobility Suite Add On available at

an additional 40 discount

bull EA Pricing starts at ~$4 per user per month

Limited time EA Level A promo pricing Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCALECAL)

Promo

$1530 discount

40 discount

Enterprise Mobility Suite Package Price

CHF 163

user

Month

CHF 272

user

Month

Final comments

Reference cases for Windows Intune

httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=intuneampLangID=46

Kloster Ingenbohl

Official case study

httpwwwmicrosoftcomcasest

udiesWindows-IntuneV-ster-s-

StadSwedish-School-District-

Improves-PC-Reliability-

Learning-with-Online-

Tools710000002639

Due to the fact that Azure RMS currently has the same featureset as RMS in

Office 365 (plan E3E4) there are no specific Azure RMS reference cases so far

This topic is for sure included in several Office 365 projects

Reference cases for Azure AD Premium amp RMS

httpwwwmicrosoftcomcasestudiesCase_Study_Search_ResultsaspxType=1ampKeywords=Microsoft20Azure20Active20Directory

hellip regarding Windows Intune System Center Configuration Manager

or Enterprise Mobility Suite please contact

bull Melanie Riedener (ACCOUNT EXECUTIVE EDU)bull MelanieRiedenermicrosoftcom

bull Andras Khan (SOLUTION SPECIALIST INTUNE)bull AndrasKhanmicrosoftcom

If you have further interest in a more bdquodeep diveldquo Tech Update hellip

Supporting links and materials

Enterprise Mobility Suite overall

EMS Website

bull EMS Datasheet

bull EMS Customer-Ready Presentation

bull EMS FAQ (Customer)

Azure Active Directory Premium

bull A nicely animated video which describes our Azure AD Premium service can be found here

httpblogstechnetcombadarchive20140325identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-deviceaspx

httpmsdnmicrosoftcomen-uslibrarywindowsazuredn532272aspx

httpchannel9msdncomShowsEdgeEdge-Show-85-Windows-Azure-Active-Directory-Premium-Demo

IP Whitelist allows administrators to add an extra level of security and convenience by only requiring users to perform MFA whenaccessing resources from outside their corporate network

Our new Cloud App Discovery service enables IT to easily determine which cloud apps are in use in the organization IT can then take steps to integrate the applications with Azure Active Directory

Password reset writeback to Windows Server AD using DirSync allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory

AAD Sync is our newly created one sync service to rule them all In this first preview we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments a capability that all of our largest customers have been asking for

Azure Rights Management Service

Technet Blog regarding Azure Rights Management Service

Azure RMS Whitepaper

Azure RMS Slides from TechEd 2013

Windows Intune

Windows Intune product page

Intune Demo Environment for Partners (Intune Cloud platform AND Sytem Center environment)

Some whitepapers on how MSIT is dealing with mobilityBYOD internally

30-days trial

Compliance Settings for Mobile Devices in SCCM

Mobile Device Mgmt features in Windows Intune

httponlinehelpmicrosoftcomwindowsintunejj839713aspx

httpsupportmicrosoftcomph15994

Intune Privacy related documents

Windows Intune Privacy Statement

Windows Intune Trust Center

Security

Privacy

Compliance

Microsoft Cloud Services erfuumlllen nachweislich alle europaumlischen Datenschutzregeln

BYOD

bull Video Empowering People-Centric IT in the Age of Consumerization

bull BYOD Devices - A Deployment Guide for Education (January 2014)

bull Bring Your Own Device Scenarios A Deployment Guide for Education(April 2014)