Manage access to Prevent data Accelerate deployment

corporate resources leakage from and optimize management

from mobile devices mobile devices of Windows 10
 37% 53% 61%

37 percent of the world’s 53 percent of total email 61 percent of workers mix

workforce is mobile* opens occurred on a mobile personal and work tasks in their
phone or tablet in Q3 2014** devices***

* IDC: “Worldwide Mobile Worker Population 2011–2015 Forecast”

** Experian “Quarterly email benchmark report” (Q3 2014)
*** Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013
 Users Devices Apps Data

IT

Employees Business partners Customers

 Unify identity Manage apps and devices Protect data

Azure Active Directory Microsoft Intune & Azure Rights

Premium Microsoft Enterprise Mobility Suite (EMS)
System Center Configuration Manager Management

Easily manage identities across Manage and protect corporate apps Encryption, identity, and authorization
on premises and cloud. Single sign-on and data on almost any device with policies to secure corporate files and
and self-service for corporate resources. MDM and MAM. email across phones, tablets, and PCs.
Enroll and manage access Provision
• Provide a self-service Company Portal • Deploy certificates, email, VPN,
for users to enroll devices and WiFi profiles
• Deliver custom terms and conditions • Deploy device security policy
at enrollment settings
• Bulk enroll devices • Install mandatory apps
• Restrict access to Office 365 if device • Deploy app restriction policies
is not managed or compliant

User IT

Retire Manage and protect

• Revoke access to corporate • Restrict access to corporate
resources resources if policies are violated
• Perform selective wipe (e.g., jailbroken device)
• Audit lost and stolen devices • Protect corporate data with mobile
application management policies
• Report on device and app
compliance
How do I secure How do I ensure How do I accelerate
access to that corporate deployment and
corporate data isn’t leaked optimize
resources from from mobile management of
mobile devices? devices once the Windows 10?
access is granted?
 Mobile devices

PCs
Data Apps

Web browsers

The perimeter
Access control cannot help protect
to corporate data stored in the cloud
data today
 Enterprise
Mobility Suite

SharePoint Exchange
Online Online

Access control and data protection

integrated natively in the apps, devices,
and the cloud
Conditional access control
User attributes
User identity
Group memberships
Auth strength (MFA)

Devices
Intune/ConfigMgr managed
Compliant with
Intune/ConfigMgr policies
Domain joined

Application
Business sensitivity

Other
Network location

On-premises applications
 Situation Ensure that only compliant devices
Health system uses cloud-based can access corporate data
tools to boost mobility and Solution Deploy Intune conditional
improve quality of care. access policies

SharePoint Exchange Benefits • Only managed and compliant

Online Online devices can access Office 365
and on-premises Exchange
2013
• Employees can access company
mobile and SaaS apps from
their mobile devices
Policy
verification Policy compliance verification

Deploy apps

Microsoft Intune
How do I secure How do I ensure How do I accelerate
access to that corporate deployment and
corporate data isn’t leaked optimize
resources from from mobile management of
mobile devices? devices once the Windows 10?
access is granted?
 Multi-identity policy
Managed
Managed apps
apps Corporate
data

Personal
User data IT

Maximize mobile productivity and protect corporate

resources with Office mobile apps – including multi-identity
support
Extend these capabilities to your existing line-of-business
apps using the Intune App Wrapping Tool
Personal
Personal apps
apps

Enable secure viewing of content using the Managed Browser,

PDF Viewer, AV Player, and Image Viewer apps
Enforce corporate data Prevent data leakage Enforce encryption App-level
access requirements on the device of app data at rest selective wipe
Managed apps

IT
IT

Perform selective wipe via self-service

company portal or admin console

Remove managed apps and data

Personal apps
Keep personal apps and data intact
Data protection at the file layer

Data Access Document

encryption control tracking

Share internally Authentication and collaboration Share externally

On any device

z
Identity

Device

Application

Data
Demo
Managed mobile productivity
How do I secure How do I ensure How do I accelerate
access to that corporate data deployment and
corporate isn’t leaked from optimize
resources from mobile devices management of
mobile devices? once the access is Windows 10?
granted?
Intune standalone (cloud only) ConfigMgr integrated with Intune (hybrid)

Intune web console Configuration Manager console

System Center
Configuration
Manager

IoT/Kiosk devices

Mobile devices and PCs Domain joined PCs Mobile devices

Simplify deployment
• Azure AD Join with Intune auto
enrollment
• Provisioning packages and
profiles for bulk enrollment
• In-place upgrade to Windows 10
with ConfigMgr
Configure Windows 10
• Expanded MDM settings
• Per-app VPN
• Microsoft Passport policies
and certificates
• Windows Universal and Win32 apps
• Support Volume purchase of apps

User IT
Unify device Manage and protect
management • Corporate data leakage prevention
through Enterprise data protection
• Intune integration with
(EDP) policies
ConfigMgr to manage all of the
devices in the environment • RMS integration for securing
shared documents/files
• New in ConfigMgr
• Device Guard and AppLocker policies
• Faster and easier
ConfigMgr updates • Advanced conditional access policies
• Windows 10 servicing • Integration with Windows health
attestation service
• On-prem MDM
 Integration with Windows health
attestation service
Additional compliance rules:
• Is device patched?
3. Request 4. Approval
• Is firewall enabled?
• Is antivirus and real-time
protection enabled?
5. Here is my proof
• and more…..
2. Prove to me you
are compliant

1. Access please Corporate

network
Configure and manage EDP policies with
Intune/ConfigMgr and Azure Rights Microsoft Intune
Management &
Separate personal and corporate data with Azure Rights
limited impact to employee’s day-to-day Management
activities
Control app access to corporate data and Apply policies
prevent copy and paste-related data leaks
Save
Protect data at rest and wherever it may File share
roam*
User
Secure content collaboration through Save Personal
integration with Azure Rights Management storage

Share files and

enforce policies

Corporate
network
* Some roaming scenarios use Azure Right Management
Infrastructure
Active Directory
• 6 primary sites Federation Server
• 13 secondary sites Azure Active
• 300 distribution points Directory
MS Online Directory
Sync
PCs and Devices User
• ~350,000 clients discovery
• ~125k mobile devices (EAS)
System Center Intune
Users Configuration subscription
Manager
• ~98k FTEs Connector
• ~82k Vendors site role

Microsoft
Intune

Device Mgmt. Redmond Site 1 Redmond Site 2 North & South Europe, Australia & Asia
Site 75k Clients 90k Clients America MidEast, Africa 75k Clients
~15K devices 50k Clients 50k Clients
 1 2 3 4 5

80% FTE 1 Year 95% FTE 8 Months 95% FTE 3 Months 95% FTE 5 Weeks 95% FTE 5 Weeks

Series1 Series2 Series3

Demo
Azure AD Join with Intune auto enrollment
Enterprise data protection (EDP)
Microsoft Intune • Continuous support for managing new Windows 10 capabilities
• Enhanced conditional access and data protection capabilities
• Apple OS X support
• New apps that support MAM
• Including Skype for Business

System Center • Support for managing new Windows 10 capabilities at ConfigMgr GA

Configuration Manager
(includes hybrid deployment option)
• New “Updates and Servicing” node for ConfigMgr that provides better support for frequent OS release cadence
across platforms (Windows, iOS, Android) and minimizes client updates
• New option for hybrid customers to manage Windows 10 devices via MDM with on-premises infrastructure
• Ongoing updates for ConfigMgr integrated with Microsoft Intune (hybrid) to achieve feature parity with Intune
standalone (cloud only)
Manage access to Prevent data Accelerate deployment
corporate resources leakage from and improve management
from mobile device mobile devices of Windows 10
Intune standalone (cloud only) ConfigMgr integrated with Intune (hybrid)

Intune web console Configuration Manager console

System Center
Configuration
Manager

IoT/Kiosk devices

Mobile devices and PCs Domain joined PCs Mobile devices

Security reports, Self-service Single sign-on
audit reports, password reset to over 2,400
Active Directory Premium
multi-factor and group popular SaaS
authentication management applications

Mobile device Mobile application Conditional

settings management with access and
management Office mobile apps selective wipe

Information Document tracking Bring your

protection own key Rights Management