Transcription
Vertrouwen is goedmaar beveiligen isbeter, implementeerMicrosoft Zero Trust enbeveilig vertrouwenJeroen JansenProduct Marketing ManagerGlenn HabesChannel Sales Manager
Surge of cyber attacksduring the pandemic,especially ransomwareand phishing attacks.Continuous securityvulnerabilities to bere-evaluated after lastyear’s rush to scaleremote work services.Personal device use at homeis difficult to manage andprotect, especially whenaccessing work data throughpersonal devices and/orconsumer apps.Lack of skilled personnelto keep up with theincreased sophisticationof attacks.Keeping up withevolving complexityin data privacy orindustry regulations.
Verify explicitly Use least privilege access Assume ity Analytics Automation
ContextIdentitiesEndpoints80%of breaches involvethe use of lostor stolen passwords.60%of BYO devices arenot secured by IT.SecurityenforcementpolicyControlSource: “Verizon 2020 Data Breach Investigations Report”Source: ”Mobile security—the 60 percent problem” Brian Peck, Zimperium, April 7, 2020
“Digital transformation is somethingmany companies like ours areconsidering. Based on our experiencewith Azure AD, whenever I think aboutthe cloud, I now think about identitymanagement as the foundation. Thisfoundation must be strong to easilytransition to cloud services.”45%75%50%Mr. IchinoseIT ManagerMitsui & Co.80%deployment time savedwith Microsoft EndpointManager.Sources:Forrester based all savings estimates on the composite organizations developed for its TEI studies.“Since implementing a Zero Truststrategy using Microsoft 365technologies, our employees can fulfilltheir company duties from anywhere inthe world while maintaining tightcontrol over core security needs.”Igor TsyganskiyChief Technology OfficerBridgewater Associates
Modernize identity andendpoint managementSecure the hybridworkforceTransform employeeexperiencesCustomize secure accessfor all user types
Modernize identity andendpoint managementSecure the hybrid workforceTransform employee experiencesCustomize secure access for all user types
Why modernize your identity andendpoint managementImprove securityPrevent attacks on your on-premisesinfrastructure.81%of business leaders statethat they feel pressureto lower security costs.Source: Microsoft COVID Security Priorities, Aug 2020.Increase IT efficiencyReduce maintenance costs andoperational overhead.Accelerate digital transformationEnable business agility and efficientallocation of resources.
Modernize authenticationand manage identitiesin the cloud.Manage devicesfrom the cloud atyour own pace.Improve visibility andcontrol by unifyingapp management.
Azure ActiveDirectoryMigrate to modern authwith Azure AD Connectand staged roll-out.Block legacy authenticationby default withConditional Access.Use a common identity toaccess resources with AzureAD Connect or Azure ADConnect cloud sync.
misesclients and serversWin ServerMicrosoftIntuneWindows 10CM MDMWindows, macOS,and mobile devices
MicrosoftEndpointManagerAzure ActiveDirectoryConnect cloud appswith prebuiltintegrations in theAzure AD app gallery.Secure on-premises appswith Azure AD AppProxy and secure hybridaccess partners.Migrate apps onAD FS withAzure ADConnect Health.Manage andprotect mobile anddesktop apps withEndpoint Manager.
Modernize identities and endpointsSecure thehybrid workforceTransform employee experiencesCustomize secure access for all user types
Why secure the hybrid workforceProvide remote accessEnable remote workers tosecurely access the apps theyneed from anywhere.68%of business leaders feel theircybersecurity risks areincreasing.Source: The cost of cybercrime, Accenture, 2019Secure devices and appsEnable BYOD and unify managementacross devices and apps.Protect corporate resourcesEmpower IT to apply controls andprotect endpoints without getting inthe way of productivity.
Verify user identities withstrong authenticationmethods.Allow only compliantand trusted devicesaccess.Configure adaptiveaccess policies basedon context and risk.Safeguard resourceswith access lifecyclemanagement.
Passwords are the weakest link in asecurity chain.Prevent 99.9% of identity attacks withmultifactor authentication.Choose from a broad range ofmultifactor authentication options.Make sign-in even more seamless andsecure with passwordless authentication.
Apply data protection policies on mobiledevices and applications.Reduce risk of breaches by quicklyremediating detected threats.Manage device health with detectionand response integration and insights.Set risk-based Conditional Access fordevices to protect sensitive information.Microsoft Defender for Business comingsoon!
Configure real-time adaptive accesspolicies with Conditional Access.Set flexible policies based on: Sign-in risk User risk Device state Device platform Location ApplicationsExtend real-time policy controls basedon event changes during a user sessionwith Continuous Access Evaluation.ConditionsEmployee andpartner usersControlsAllowaccessTrusted andcompliant devicesLimitaccessRequireMFAUserPhysical andvirtual locationClient appsandauth method******DenyaccessForcepasswordreset
Provide appropriate accesspermissions based on roles andgroup membership.Reduce risk by reviewing, extending,or revoking access rights foremployees and guests.Simplify the audit process withdetailed reports and logs.Azure AD
Modernize identities and endpointsSecure the hybrid workforceTransform employeeexperiencesCustomize secure access for all user types
Why transform theemployee experienceImprove productivityProvide employees quick access andconsistent sign-in experiences to allapplications.49Mof remote workers report that ittakes days—and even weeks—to get issues fixed.1E American Remote Work Survey, July 20, 2020Reduce IT frictionEmpower employees to be moreproductive by enabling them toresolve IT helpdesk issues.Foster collaborationRemove silos between employees andpartners and improve collaboration.
Onboard employeesquickly with streamlinedprovisioning.Connect yourworkforce to all appswith single sign-on.Reduce IT overheadand empower selfservice experiences.Facilitate seamlesscollaboration acrossorganizationalboundaries.
Onboard users quickly with HR-driven userprovisioning and enable day-one productivity.Welcome to your first day.We’ve already got things ready for you.Provision new devices and applications directto-employees, ready for use.Enroll new devices automatically for easyendpoint management.John Smith
Enable SSO for cloud apps and on-premisesapps with a single identity solution.Deploy consistent experiences across apps andendpoint platforms with built-in protection.Empower employees to discover and launchapps from a centralized app portal.
Enable employees to self-service passwordresets.Empower employees and guests to manage andrequest access packages.Manage security contact information and detectand report risk sign-in behavior.
Verify explicitly Use least privilege access Assume ity Analytics Automation
Microsoft 365 Business PremiumOne solution to run your business from anywhere, with peace of mindComprehensive and easy to useReduces costsEnterprise grade technologyOne solution for productivity and securityEliminates costs of multiple point solutionsAdvanced security; trusted by enterprisesCloud platform simplifies deploymentReduces helpdesk costsAI powered threat intelligenceGets you up and running quicklyEases licensing complexityTop rated security vendor
Microsoft 365 Business PremiumCollaborate in realtimeEnable secure accessand protect Identity Video Conferencing MFA Group Chat Conditional Access Easy access to files, Co-authoring App Proxy Phone system (Business Voiceadd-on) Dynamic Groups App integrations Azure Virtual DesktopDefend againstcyberthreats and data loss Microsoft Defender for Office 365 Azure Information Protection Office 365 DLP Cloud App Discovery Coming soon! MicrosoftDefender for BusinessEasily Secure andManage Devices Intune Device Management Intune Mobile App Management Autopilot
ChallengeWork data on personal devicesA Northwind Traders marketing manager is using herpersonal phone to check company email. Shereceives a confidential business plan and saves it forlater reference. She accidently saves to a personalshare which is not secure.Save topersonal storage1Source:Microsoft Internal Research of SMBs (2-299 employees)64%of SMBs allow employees to access work data onpersonal phones and computers.1
SolutionPersonal appsManaged appsProtect work data on personal devices1Source:Save to OneDrivefor BusinessWith Microsoft 365 Business Premium, you can set up Intune AppProtection Policies, so work apps can be separated from personalapps. Administrators can specify that work documents andattachments are only saved on authorized and secure work share likeOneDrive for Business, safeguarding sensitive work information.58%of employee devices on average are configured withproper security protocols and fewer than 1 in 5saying that all employees undergo security training.1A commissioned study conducted by Forrester Consulting on behalf of Microsoft, October 2019 survey of SMBs (1-499 employees)
Summary – What should be top of mindModernize identity andendpoint managementSecure the hybridworkforceTransform employeeexperiencesReduce on-premises infrastructure.Manage identities and endpoints in the cloud.Ensure device compliance.Turn on MFA.Enforce Conditional Access policies.Secure all apps with an integrated Identity &Endpoint management solution.
1Ask your Microsoftrepresentative for adiscovery session onZero TrustFoundations.2Get startedmodernizing identitiesand endpoints withFastTrack.3Advance your ZeroTrust journey bydiving deeper withus on a specific area.
Microsoft 365 Business Basic to Business PremiumUpsell Guidesfor Partnershttps://aka.ms/M365BPPlaybookMicrosoft 365 Business Standard to Business Premium
Volg ons op LinkedInvoor meer informatieover MicrosoftSecurity ChampWanted!Glenn Habes LinkedInRegistreer je voor devolgende sessies lingamazingvirtuallyJeroen Jansen LinkedIn
Q&A
Thank you
Connect cloud apps with prebuilt integrations in the Azure AD app gallery. Secure on-premises apps with Azure AD App Proxy and secure hybrid access partners. Migrate apps on AD FS with Azure AD Connect Health. Manage and protect mobile and desktop apps with Endpoint Manager.
