SlideShare a Scribd company logo

Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance

Ravikumar Sathyamurthy
Ravikumar Sathyamurthy

Delivered a session for C# Corner Bangalore Chapter Meet on the following topic : Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance. Event Url: http://www.c-sharpcorner.com/events/learn-azure-microsoft-teams-and-office-365

Technology
1 of 40
Download to read offline
Ravikumar Sathyamurthy @shakthiravi Microsoft MVP | Office Servers and Services Understanding the benefits of Azure Active Directory, Enterprise Mobility + Security (EM+S) and Tips to get prepared for GDPR Compliance. 18/11/2017 www.anywherexchange.com
• Identity as a Control Plane – Setting the Stage • Azure AD and EM+S an Overview • Understanding the benefits of Azure AD & EM+S • Microsoft 365 Enterprise Introduction • GDPR Overview • Tips to get Prepared for GDPR Compliance • Q&A
Windows Server Active Directory Azure Public cloud Microsoft Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
• Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
Every Office 365 and Microsoft Azure customer uses Azure Active Directory 272K 90%56K950M12.8M +30% YoY +45% YoY +74% YoY +200% YoY
Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access
I want to provide my employees secure and easy access to every application from any location and any device I need my customers and partners to access the apps they need from everywhere and collaborate seamlessly I want to quickly deploy applications to devices, do more with less and automate Join/Move/Leave processes I want to write applications that work with my corporate identities in Azure Active Directory I want to protect access to my resources from advanced threats I need to comply with industry regulation and national data protection laws Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access 1 2 3 4 5 6
ENTERPRISE MOBILITY + SECURITY Holistic, intelligent, innovative security to keep up with new threats. Identity-driven security Secure your enterprise fast – while keeping what you have and saving money. Comprehensive solution Encourage secure work habits by providing the best apps with built-in security. Managed mobile productivity
Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5
Azure Protection
Mobile device & app management Information protection Holistic and innovative solutions for protection across users, devices, apps and data Protect at the front door Detect & remediate attacks Protect your data anywhere Azure Active Directory Premium Microsoft Intune Azure Information Protection Microsoft Cloud App Security Microsoft Advanced Threat Analytics Identity and access management Threat detection
Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities ● Microsoft Intune Mobile device and app management to protect corporate apps and data on any device ● ● Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking ● ● Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization ● Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications ● Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics ● ● Identity and access management Managed mobile productivity Information protection Threat Detection
Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Azure AD for O365+ • Advanced security reports • Single sign-on for all apps • Advanced MFA • Self-service group management & password reset & write back to on-premises, • Dynamic Groups, Group based licensing assignment MDM for O365+ • PC management • Mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps) • Secure content viewers • Certificate provisioning • System Center integration RMS for O365+ • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Advanced Security Management • Insights into suspicious activity in Office 365 Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Azure AD Premium P2 • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
Windows 10 Enterprise Mobility +Security • Single sign-on for business cloud apps • Device setup and registration for Windows devices • Windows Store for Business • Traditional domain join manageability • Manageability via MDM and MAM • Encryption for data at rest and generated on device • Encryption for data included in roaming settings • Conditional access policies for secure single sign-on • MDM auto-enrollment • Self-Service Bitlocker recovery • Password reset with write back to on-premises • Cloud-based advanced security reports and monitoring • Enterprise State-Roaming • Mobile device management • Mobile app management • Secure content viewer • Certificate, Wi-Fi, VPN, email profile provisioning • Agent-based management of Windows devices (domain- joined via ConfigMgr and internet-based via Intune) • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for content stored in Office and Office 365 & Windows Server on premises Windows Defender Advanced Threat Protection • Identify advanced threats focused on Windows 10 behavioral sensors Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Behavioral analytics for advanced threat detection Azure AD Premium • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
Microsoft 365 A complete, intelligent, secure solution to empower employees Intelligent security Unlocks creativity Built for teamwork Integrated for simplicity Microsoft 365 powered device The best way to deliver Microsoft 365 to your employees. Office 365 + Windows 10 + Enterprise Mobility + Security
Office 365 Enterprise Chat- centric workspace Email & Calendar Voice, Video & Meetings Office applications/ co-authoring Sites & Content Management Analytics Advanced Security & Compliance Enterprise Mobility+ Security Identity & Access Management Managed Mobile Productivity Information Protection Identity Driven Security Windows 10 Enterprise Advanced Endpoint Security Designed For Modern IT More Productive Powerful, Modern devices Microsoft 365 Enterprise
https://docs.microsoft.com/en-us/microsoft-365-enterprise/
FastTrack for Microsoft 365 Move to the cloud with confidence Migrate email, content, and light up Microsoft 365 services Deploy and securely manage devices Enable your business and gain end-user adoption Delivered by Microsoft engineers as part of your subscription Tight integration with qualified partners for additional services Maximized ROI Faster Deployment Higher Adoption FastTrack.microsoft.com
The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. EU General Data Protection Regulation Enhanced personal privacy rights Increased duty to protect data Mandatory breach reporting Significant penalties for non-compliance
When must we be compliant? What if we are not compliant? Who needs to be compliant? Organizations inside or outside of the EU that process personal data of EU residents. Companies can be fined up to €20m or 4% of annual global turnover, whichever is greater, for failure to meet GDPR requirements. The European Parliament approved and adopted the GDPR in April 2016 and enforcement begins on May 25, 2018.
2012 May 25 2018Spring 2014 April 27 2016 2016/20172015 EU Council reaches agreement Separate negotiations within Council and European parliament European Commission publishes legislative proposal EP reaches agreement Negotiations and approval among the three institutions Regulation published in the Official Journal Two-year implementation phase EU general data protection regulation European Commission European Parliament Regulation applies going forward
What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Organizations will need to: • Train privacy personnel & employees • Audit and update data policies • Employ a Data Protection Officer (if required) • Create & manage compliant vendor contracts Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Individuals have the right to: • Access their personal data • Correct errors in their personal data • Erase their personal data • Object to processing of their personal data • Export personal data Organizations must: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies
Personal data Any information related to an identified or identifiable natural person including direct and indirect identification. Examples include: • Name • Identification number (e.g., SSN) • Location data (e.g., home address) • Online identifier (e.g., e-mail address, screen names, IP addresses, device IDs) Sensitive personal data Personal data afforded enhanced protections: • Genetic data (e.g., an individual’s gene sequence) • Biometric Data (e.g., fingerprints, facial recognition, retinal scans) • Sub categories of personal data including: • Racial or ethnic origin • Political opinions, religious or philosophical beliefs • Trade union membership • Data concerning health • Data concerning a person’s sex life or sexual orientation How the EU GDPR defines personal data
Protecting customer privacy with GDPR What does this mean for my data?
31 Microsoft Confidential – for internal only use by partners. Discover Identify what personal data you have and where it resides1 Manage Govern how personal data is used and accessed2 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches3 Report Keep required documentation, manage data requests and breach notifications4 Step-by-Step GDPR Compliance
Bing Xbox Live OneDrive Microsoft Digital Crimes Unit Microsoft Cyber Defense Operations Center Azure Microsoft Accounts Skype Enterprise Mobility + Security Azure Active Directory
Access granted to data Apps Risk MICROSOFT INTUNE AZURE ACTIVE DIRECTORY MICROSOFT CLOUD APP SECURITY AZURE INFORMATION PROTECTION MICROSOFT ADVANCED THREAT ANALYTICS ! Device ! CONDITIONAL ACCESS Location Classify Audit Protect Label ! !
DEMOS!
IF Privileged user? Credentials found in public? Accessing sensitive app? Unmanaged device? Malware detected? IP detected in Botnet? Impossible travel? Anonymous client? High Medium Low User risk 10TB per day THEN Require MFA Allow access Deny access Force password reset****** Limit access High Medium Low Session risk Azure Bing OneDrive Microsoft Cyber Defense Operations Center Microsoft Cybercrime Center Xbox Live Microsoft Accounts Skype
Enforce on-demand, just-in-time administrative access when needed Use Alert, Audit Reports and Access Review Domain User Global Administrator Discover, restrict, and monitor privileged identities Domain User Administrator privileges expire after a specified interval
https://servicetrust.microsoft.com/
Microsoft.com/GDPR Microsoft Online Services and GDPR • Microsoft Azure • Office and Office 365 • Microsoft Dynamics 365 • Enterprise Mobility Suite • Windows and Windows Server • SQL Server
Q&A

Recommended

Application Architecture
Application ArchitectureApplication Architecture
Application Architecture
Lars-Erik Kindblad
 
Getting started with Azure Active Directory
Getting started with Azure Active DirectoryGetting started with Azure Active Directory
Getting started with Azure Active Directory
Sasha Rosenbaum
 
Publish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorPublish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event Aggregator
Lars-Erik Kindblad
 
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationLeverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Capgemini
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure Platform
David Chou
 
AAD with MVC App
AAD with MVC AppAAD with MVC App
AAD with MVC App
Sasha Rosenbaum
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
Sasha Rosenbaum
 
SPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSPOF - Single "Person" of Failure
SPOF - Single "Person" of Failure
Sasha Rosenbaum
 

Recommended

Application Architecture
Application ArchitectureApplication Architecture
Application Architecture
Lars-Erik Kindblad
 
Getting started with Azure Active Directory
Getting started with Azure Active DirectoryGetting started with Azure Active Directory
Getting started with Azure Active Directory
Sasha Rosenbaum
 
Publish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event AggregatorPublish & Subscribe to events using an Event Aggregator
Publish & Subscribe to events using an Event Aggregator
Lars-Erik Kindblad
 
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud MigrationLeverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Leverage the Power of SAP HANA with Microsoft Azure Cloud Migration
Capgemini
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure Platform
David Chou
 
AAD with MVC App
AAD with MVC AppAAD with MVC App
AAD with MVC App
Sasha Rosenbaum
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
Sasha Rosenbaum
 
SPOF - Single "Person" of Failure
SPOF - Single "Person" of FailureSPOF - Single "Person" of Failure
SPOF - Single "Person" of Failure
Sasha Rosenbaum
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
Ravikumar Sathyamurthy
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
Chris Dufour
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
Sasha Rosenbaum
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azure
Eduardo Castro
 
Single point of failure
Single point of failureSingle point of failure
Single point of failure
Sasha Rosenbaum
 
PSEG TCS SAP Collections Management
PSEG TCS SAP Collections ManagementPSEG TCS SAP Collections Management
PSEG TCS SAP Collections Management
Tata Consultancy Services
 
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSInnovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Tata Consultancy Services
 
How to build a digital insurance company
How to build a digital insurance companyHow to build a digital insurance company
How to build a digital insurance company
Tata Consultancy Services
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
Tata Consultancy Services
 
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MATCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
Tata Consultancy Services
 
Digital Blurring Business Boundaries
Digital Blurring Business BoundariesDigital Blurring Business Boundaries
Digital Blurring Business Boundaries
Tata Consultancy Services
 
Digital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyDigital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case Study
Tata Consultancy Services
 
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
Tata Consultancy Services
 
Transforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTransforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud Applications
Tata Consultancy Services
 
TCS PoV on Digitize
TCS PoV on DigitizeTCS PoV on Digitize
TCS PoV on Digitize
Tata Consultancy Services
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

More Related Content

Viewers also liked

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
Chris Dufour
 
How to build a digital insurance company
How to build a digital insurance companyHow to build a digital insurance company
How to build a digital insurance company
Tata Consultancy Services
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
Tata Consultancy Services
 
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MATCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
Tata Consultancy Services
 

Viewers also liked (15)

Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azure
 
Single point of failure
Single point of failureSingle point of failure
Single point of failure
 
PSEG TCS SAP Collections Management
PSEG TCS SAP Collections ManagementPSEG TCS SAP Collections Management
PSEG TCS SAP Collections Management
 
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCSInnovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
Innovation Leadership in the Digital Age by K. Ananth Krishnan, VP and CTO, TCS
 
How to build a digital insurance company
How to build a digital insurance companyHow to build a digital insurance company
How to build a digital insurance company
 
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
TCS Innovation Forum 2012 - Day1: May 1 and 16, Le Meridien Cambridge, Boston...
 
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MATCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
TCS Innovation Forum 2012 - Day2: May 15 and 16, Le Meridien Cambridge, MA
 
Digital Blurring Business Boundaries
Digital Blurring Business BoundariesDigital Blurring Business Boundaries
Digital Blurring Business Boundaries
 
Digital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case StudyDigital Insurance Enterprise: The Nest Case Study
Digital Insurance Enterprise: The Nest Case Study
 
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
TCS Point of View Session - Analyze by Dr. Gautam Shroff, VP and Chief Scient...
 
Transforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud ApplicationsTransforming Enterprises through Next-generation Cloud Applications
Transforming Enterprises through Next-generation Cloud Applications
 
TCS PoV on Digitize
TCS PoV on DigitizeTCS PoV on Digitize
TCS PoV on Digitize
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance

  • 1. Ravikumar Sathyamurthy @shakthiravi Microsoft MVP | Office Servers and Services Understanding the benefits of Azure Active Directory, Enterprise Mobility + Security (EM+S) and Tips to get prepared for GDPR Compliance. 18/11/2017 www.anywherexchange.com
  • 2. • Identity as a Control Plane – Setting the Stage • Azure AD and EM+S an Overview • Understanding the benefits of Azure AD & EM+S • Microsoft 365 Enterprise Introduction • GDPR Overview • Tips to get Prepared for GDPR Compliance • Q&A
  • 3.
  • 4. Windows Server Active Directory Azure Public cloud Microsoft Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
  • 5.
  • 6. Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Azure Active Directory Premium Azure AD Editions: http://bit.ly/1gyDRoN
  • 7. • Advanced user lifecycle management • Low IT overhead • Monitor your identity bridge • Cloud-connected seamless authentication experience • Single sign-on to 1000s pre- integrated apps/ Your own apps • Secure remote access to on-premises apps • SSO to mobile apps • Support for lift-and-shift to the cloud • Control access to resources • Safeguard user authentication • Respond to advanced threats with risk-based policies and monitoring • Mitigate administrative risks • Governance of on-premises and cloud identities • Ease of use for end users /Integration with Office • Cross-organization collaboration • Any time, any place productivity with Windows 10 • Support for consumer facing applications 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability
  • 8. Every Office 365 and Microsoft Azure customer uses Azure Active Directory 272K 90%56K950M12.8M +30% YoY +45% YoY +74% YoY +200% YoY
  • 9. Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access
  • 10. I want to provide my employees secure and easy access to every application from any location and any device I need my customers and partners to access the apps they need from everywhere and collaborate seamlessly I want to quickly deploy applications to devices, do more with less and automate Join/Move/Leave processes I want to write applications that work with my corporate identities in Azure Active Directory I want to protect access to my resources from advanced threats I need to comply with industry regulation and national data protection laws Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access 1 2 3 4 5 6
  • 11.
  • 12.
  • 13. ENTERPRISE MOBILITY + SECURITY Holistic, intelligent, innovative security to keep up with new threats. Identity-driven security Secure your enterprise fast – while keeping what you have and saving money. Comprehensive solution Encourage secure work habits by providing the best apps with built-in security. Managed mobile productivity
  • 14. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5
  • 16. Mobile device & app management Information protection Holistic and innovative solutions for protection across users, devices, apps and data Protect at the front door Detect & remediate attacks Protect your data anywhere Azure Active Directory Premium Microsoft Intune Azure Information Protection Microsoft Cloud App Security Microsoft Advanced Threat Analytics Identity and access management Threat detection
  • 17. Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities ● Microsoft Intune Mobile device and app management to protect corporate apps and data on any device ● ● Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking ● ● Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization ● Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications ● Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics ● ● Identity and access management Managed mobile productivity Information protection Threat Detection
  • 18. Enterprise Mobility + Security Basic identity mgmt. via Azure AD for O365: • Single sign-on for O365 • Basic multi-factor authentication (MFA) for O365 Basic mobile device management via MDM for O365 • Device settings management • Selective wipe • Built into O365 management console RMS protection via RMS for O365 • Protection for content stored in Office (on-premises or O365) • Access to RMS SDK • Bring your own key Azure AD for O365+ • Advanced security reports • Single sign-on for all apps • Advanced MFA • Self-service group management & password reset & write back to on-premises, • Dynamic Groups, Group based licensing assignment MDM for O365+ • PC management • Mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps) • Secure content viewers • Certificate provisioning • System Center integration RMS for O365+ • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for on-premises Windows Server file shares Advanced Security Management • Insights into suspicious activity in Office 365 Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Identify advanced threats in on premises identities Azure AD Premium P2 • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
  • 19. Windows 10 Enterprise Mobility +Security • Single sign-on for business cloud apps • Device setup and registration for Windows devices • Windows Store for Business • Traditional domain join manageability • Manageability via MDM and MAM • Encryption for data at rest and generated on device • Encryption for data included in roaming settings • Conditional access policies for secure single sign-on • MDM auto-enrollment • Self-Service Bitlocker recovery • Password reset with write back to on-premises • Cloud-based advanced security reports and monitoring • Enterprise State-Roaming • Mobile device management • Mobile app management • Secure content viewer • Certificate, Wi-Fi, VPN, email profile provisioning • Agent-based management of Windows devices (domain- joined via ConfigMgr and internet-based via Intune) • Automated intelligent classification and labeling of data • Tracking and notifications for shared documents • Protection for content stored in Office and Office 365 & Windows Server on premises Windows Defender Advanced Threat Protection • Identify advanced threats focused on Windows 10 behavioral sensors Cloud App Security • Visibility and control for all cloud apps Advanced Threat Analytics • Behavioral analytics for advanced threat detection Azure AD Premium • Risk based conditional access Information protection Identity-driven security Managed mobile productivity Identity and access management
  • 20. Microsoft 365 A complete, intelligent, secure solution to empower employees Intelligent security Unlocks creativity Built for teamwork Integrated for simplicity Microsoft 365 powered device The best way to deliver Microsoft 365 to your employees. Office 365 + Windows 10 + Enterprise Mobility + Security
  • 21. Office 365 Enterprise Chat- centric workspace Email & Calendar Voice, Video & Meetings Office applications/ co-authoring Sites & Content Management Analytics Advanced Security & Compliance Enterprise Mobility+ Security Identity & Access Management Managed Mobile Productivity Information Protection Identity Driven Security Windows 10 Enterprise Advanced Endpoint Security Designed For Modern IT More Productive Powerful, Modern devices Microsoft 365 Enterprise
  • 23. FastTrack for Microsoft 365 Move to the cloud with confidence Migrate email, content, and light up Microsoft 365 services Deploy and securely manage devices Enable your business and gain end-user adoption Delivered by Microsoft engineers as part of your subscription Tight integration with qualified partners for additional services Maximized ROI Faster Deployment Higher Adoption FastTrack.microsoft.com
  • 24.
  • 25. The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. EU General Data Protection Regulation Enhanced personal privacy rights Increased duty to protect data Mandatory breach reporting Significant penalties for non-compliance
  • 26. When must we be compliant? What if we are not compliant? Who needs to be compliant? Organizations inside or outside of the EU that process personal data of EU residents. Companies can be fined up to €20m or 4% of annual global turnover, whichever is greater, for failure to meet GDPR requirements. The European Parliament approved and adopted the GDPR in April 2016 and enforcement begins on May 25, 2018.
  • 27. 2012 May 25 2018Spring 2014 April 27 2016 2016/20172015 EU Council reaches agreement Separate negotiations within Council and European parliament European Commission publishes legislative proposal EP reaches agreement Negotiations and approval among the three institutions Regulation published in the Official Journal Two-year implementation phase EU general data protection regulation European Commission European Parliament Regulation applies going forward
  • 28. What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Organizations will need to: • Train privacy personnel & employees • Audit and update data policies • Employ a Data Protection Officer (if required) • Create & manage compliant vendor contracts Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Individuals have the right to: • Access their personal data • Correct errors in their personal data • Erase their personal data • Object to processing of their personal data • Export personal data Organizations must: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies
  • 29. Personal data Any information related to an identified or identifiable natural person including direct and indirect identification. Examples include: • Name • Identification number (e.g., SSN) • Location data (e.g., home address) • Online identifier (e.g., e-mail address, screen names, IP addresses, device IDs) Sensitive personal data Personal data afforded enhanced protections: • Genetic data (e.g., an individual’s gene sequence) • Biometric Data (e.g., fingerprints, facial recognition, retinal scans) • Sub categories of personal data including: • Racial or ethnic origin • Political opinions, religious or philosophical beliefs • Trade union membership • Data concerning health • Data concerning a person’s sex life or sexual orientation How the EU GDPR defines personal data
  • 30. Protecting customer privacy with GDPR What does this mean for my data?
  • 31. 31 Microsoft Confidential – for internal only use by partners. Discover Identify what personal data you have and where it resides1 Manage Govern how personal data is used and accessed2 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches3 Report Keep required documentation, manage data requests and breach notifications4 Step-by-Step GDPR Compliance
  • 32.
  • 33. Bing Xbox Live OneDrive Microsoft Digital Crimes Unit Microsoft Cyber Defense Operations Center Azure Microsoft Accounts Skype Enterprise Mobility + Security Azure Active Directory
  • 34. Access granted to data Apps Risk MICROSOFT INTUNE AZURE ACTIVE DIRECTORY MICROSOFT CLOUD APP SECURITY AZURE INFORMATION PROTECTION MICROSOFT ADVANCED THREAT ANALYTICS ! Device ! CONDITIONAL ACCESS Location Classify Audit Protect Label ! !
  • 36. IF Privileged user? Credentials found in public? Accessing sensitive app? Unmanaged device? Malware detected? IP detected in Botnet? Impossible travel? Anonymous client? High Medium Low User risk 10TB per day THEN Require MFA Allow access Deny access Force password reset****** Limit access High Medium Low Session risk Azure Bing OneDrive Microsoft Cyber Defense Operations Center Microsoft Cybercrime Center Xbox Live Microsoft Accounts Skype
  • 37. Enforce on-demand, just-in-time administrative access when needed Use Alert, Audit Reports and Access Review Domain User Global Administrator Discover, restrict, and monitor privileged identities Domain User Administrator privileges expire after a specified interval
  • 39. Microsoft.com/GDPR Microsoft Online Services and GDPR • Microsoft Azure • Office and Office 365 • Microsoft Dynamics 365 • Enterprise Mobility Suite • Windows and Windows Server • SQL Server
  • 40. Q&A