Delivered a session for C# Corner Bangalore Chapter Meet on the following topic : Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance.
Event Url: http://www.c-sharpcorner.com/events/learn-azure-microsoft-teams-and-office-365
Presentation on how to chat with PDF using ChatGPT code interpreter
Understanding the benefits of Azure AD, EM+S and Tips to get prepared for GDPR Compliance
1. Ravikumar Sathyamurthy @shakthiravi
Microsoft MVP | Office Servers and Services
Understanding the benefits of Azure Active Directory,
Enterprise Mobility + Security (EM+S) and Tips to get
prepared for GDPR Compliance.
18/11/2017 www.anywherexchange.com
2. • Identity as a Control Plane – Setting the Stage
• Azure AD and EM+S an Overview
• Understanding the benefits of Azure AD & EM+S
• Microsoft 365 Enterprise Introduction
• GDPR Overview
• Tips to get Prepared for GDPR Compliance
• Q&A
6. Built on top of the free offering, provides a
robust set of capabilities to empower
enterprises with demanding needs on identity
and access management
Additionally, Azure AD premium offers:
• An Enterprise SLA of 99.9%
• Usage rights to Identity Manager Server
and CALs
Azure Active Directory Premium
Azure AD Editions: http://bit.ly/1gyDRoN
7. • Advanced user lifecycle
management
• Low IT overhead
• Monitor your identity bridge
• Cloud-connected seamless
authentication experience
• Single sign-on to 1000s pre-
integrated apps/ Your own apps
• Secure remote access to on-premises
apps
• SSO to mobile apps
• Support for lift-and-shift to the cloud
• Control access to resources
• Safeguard user authentication
• Respond to advanced threats with
risk-based policies and monitoring
• Mitigate administrative risks
• Governance of on-premises and
cloud identities
• Ease of use for end users
/Integration with Office
• Cross-organization collaboration
• Any time, any place productivity
with Windows 10
• Support for consumer facing
applications
1000s of apps,
1 identity
Provide one persona to the
workforce for SSO to 1000s of
cloud and on-premises apps
Manage access
at scale
Manage identities and
access at scale in the cloud
and on-premises
Cloud-powered
protection
Ensure user and admin
accountability with better
security and governance
Enable business
without borders
Stay productive with universal
access to every app and
collaboration capability
8. Every Office 365 and Microsoft Azure customer uses Azure Active Directory
272K 90%56K950M12.8M
+30%
YoY
+45%
YoY
+74%
YoY
+200%
YoY
9. Conditional
Access
Multi-Factor
Authentication
Addition of
custom cloud
apps
Remote Access to
on-premises
apps
Privileged Identity
Management
Dynamic Groups
Identity
Protection
Azure AD DS
Office 365 App
Launcher
Group-Based
Licensing
Access
Panel/MyApps
Azure AD
Connect
Connect Health
Provisioning-
Deprovisioning
Azure AD Join
Self-Service
capabilities
MDM-auto
enrollment /
Enterprise State
Roaming
Security
Reporting
Access Reviews
HR App
Integration
B2B collaboration
Azure AD
B2C
SSO to SaaS
Microsoft
Authenticator -
Password-less
Access
10. I want to provide my employees secure
and easy access to every application
from any location and any device
I need my customers and partners
to access the apps they need from
everywhere and collaborate seamlessly
I want to quickly deploy applications to
devices, do more with less and automate
Join/Move/Leave processes
I want to write applications that work with my
corporate identities in Azure Active Directory
I want to protect access to my
resources from advanced threats
I need to comply with industry regulation
and national data protection laws
Conditional
Access
Multi-Factor
Authentication
Addition of
custom cloud
apps
Remote Access
to on-premises
apps
Privileged
Identity
Management
Dynamic Groups
Identity
Protection
Azure AD DS
Office 365 App
Launcher
Group-Based
Licensing
Access
Panel/MyApps
Azure AD
Connect
Connect Health
Provisioning-
Deprovisioning
Azure AD Join
Self-Service
capabilities
MDM-auto
enrollment /
Enterprise State
Roaming
Security
Reporting
Access Reviews
HR App
Integration
B2B
collaboration
Azure AD
B2C
SSO to SaaS
Microsoft
Authenticator -
Password-less
Access
1
2
3
4
5
6
11.
12.
13. ENTERPRISE MOBILITY + SECURITY
Holistic, intelligent,
innovative security to keep
up with new threats.
Identity-driven
security
Secure your enterprise fast –
while keeping what you have
and saving money.
Comprehensive
solution
Encourage secure work habits
by providing the best apps
with built-in security.
Managed mobile
productivity
14. Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
Azure Information
Protection Premium P2
Intelligent classification and
encryption for files shared
inside and outside your
organization
(includes all capabilities in P1)
Azure Information
Protection Premium P1
Encryption for all files and
storage locations
Cloud-based file tracking
Microsoft Cloud
App Security
Enterprise-grade visibility,
control, and protection for
your cloud applications
Microsoft Advanced
Threat Analytics
Protection from advanced
targeted attacks leveraging
user and entity behavioral
analytics
Microsoft Intune
Mobile device and app
management to protect
corporate apps and data on
any device
Azure Active Directory
Premium P2
Identity and access
management with advanced
protection for users and
privileged identities
(includes all capabilities in P1)
Azure Active Directory
Premium P1
Secure single sign-on to
cloud and on-premises apps
MFA, conditional access, and
advanced security reporting
EMS
E3
EMS
E5
16. Mobile device &
app management
Information
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Azure Active Directory
Premium
Microsoft
Intune
Azure Information
Protection
Microsoft Cloud
App Security
Microsoft Advanced
Threat Analytics
Identity and access
management
Threat
detection
17. Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Azure Active Directory
Premium P2
Identity and access management with advanced protection for
users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect corporate apps
and data on any device ● ●
Azure Information Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information Protection P2
Intelligent classification and encryption for files shared inside
and outside your organization ●
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your
cloud applications ●
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and access
management
Managed mobile
productivity
Information
protection
Threat Detection
18. Enterprise
Mobility
+ Security
Basic identity mgmt.
via Azure AD for O365:
• Single sign-on for O365
• Basic multi-factor
authentication (MFA) for O365
Basic mobile device
management
via MDM for O365
• Device settings management
• Selective wipe
• Built into O365 management
console
RMS protection
via RMS for O365
• Protection for content stored in
Office (on-premises or O365)
• Access to RMS SDK
• Bring your own key
Azure AD for O365+
• Advanced security reports
• Single sign-on for all apps
• Advanced MFA
• Self-service group management
& password reset & write back
to on-premises,
• Dynamic Groups, Group based
licensing assignment
MDM for O365+
• PC management
• Mobile app management
(prevent cut/copy/paste/save as
from corporate apps to
personal apps)
• Secure content viewers
• Certificate provisioning
• System Center integration
RMS for O365+
• Automated intelligent
classification and labeling of
data
• Tracking and notifications for
shared documents
• Protection for on-premises
Windows Server file shares
Advanced Security
Management
• Insights into suspicious activity in
Office 365
Cloud App Security
• Visibility and control for all cloud
apps
Advanced Threat Analytics
• Identify advanced threats in on
premises identities
Azure AD Premium P2
• Risk based conditional access
Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
19. Windows
10
Enterprise
Mobility
+Security
• Single sign-on for business
cloud apps
• Device setup and registration
for Windows devices
• Windows Store for Business
• Traditional domain join
manageability
• Manageability via MDM and
MAM
• Encryption for data at rest and
generated on device
• Encryption for data included in
roaming settings
• Conditional access policies for
secure single sign-on
• MDM auto-enrollment
• Self-Service Bitlocker recovery
• Password reset with write back
to on-premises
• Cloud-based advanced security
reports and monitoring
• Enterprise State-Roaming
• Mobile device management
• Mobile app management
• Secure content viewer
• Certificate, Wi-Fi, VPN, email
profile provisioning
• Agent-based management of
Windows devices (domain-
joined via ConfigMgr and
internet-based via Intune)
• Automated intelligent
classification and labeling of
data
• Tracking and notifications for
shared documents
• Protection for content stored in
Office and Office 365 &
Windows Server on premises
Windows Defender Advanced
Threat Protection
• Identify advanced threats focused
on Windows 10 behavioral sensors
Cloud App Security
• Visibility and control for all cloud
apps
Advanced Threat Analytics
• Behavioral analytics for advanced
threat detection
Azure AD Premium
• Risk based conditional access
Information
protection
Identity-driven
security
Managed mobile
productivity
Identity and access
management
20. Microsoft 365
A complete, intelligent, secure solution to empower employees
Intelligent
security
Unlocks
creativity
Built for
teamwork
Integrated
for simplicity
Microsoft 365 powered device
The best way to deliver Microsoft 365 to your employees.
Office 365 + Windows 10 + Enterprise Mobility + Security
21. Office 365 Enterprise
Chat- centric workspace
Email & Calendar
Voice, Video & Meetings
Office applications/ co-authoring
Sites & Content Management
Analytics
Advanced Security & Compliance
Enterprise Mobility+ Security
Identity & Access Management
Managed Mobile Productivity
Information Protection
Identity Driven Security
Windows 10 Enterprise
Advanced Endpoint Security
Designed For Modern IT
More Productive
Powerful, Modern devices
Microsoft 365 Enterprise
23. FastTrack for Microsoft 365
Move to the cloud with confidence
Migrate email, content, and light up Microsoft 365 services
Deploy and securely manage devices
Enable your business and gain end-user adoption
Delivered by Microsoft engineers as part of your subscription
Tight integration with qualified partners for additional services
Maximized
ROI
Faster
Deployment
Higher
Adoption
FastTrack.microsoft.com
24.
25. The General Data Protection Regulation
(GDPR) imposes new rules on organizations
in the European Union (EU) and those that
offer goods and services to people in the EU,
or that collect and analyze data tied to EU
residents, no matter where they are located.
EU General Data
Protection Regulation
Enhanced personal privacy rights
Increased duty to protect data
Mandatory breach reporting
Significant penalties for non-compliance
26. When must we be compliant?
What if we are not compliant?
Who needs to be compliant?
Organizations inside or outside of the EU
that process personal data of EU residents.
Companies can be fined up to €20m or 4% of
annual global turnover, whichever is greater,
for failure to meet GDPR requirements.
The European Parliament approved and adopted
the GDPR in April 2016 and enforcement begins
on May 25, 2018.
27. 2012 May 25 2018Spring 2014 April 27 2016 2016/20172015
EU Council
reaches
agreement
Separate negotiations
within Council and
European parliament
European
Commission publishes
legislative proposal
EP reaches
agreement
Negotiations
and approval
among the
three
institutions
Regulation published
in the Official
Journal
Two-year
implementation
phase
EU general data
protection regulation
European
Commission
European
Parliament
Regulation
applies going
forward
28. What are the key changes to address the GDPR?
Personal
privacy
Controls and
notifications
Transparent
policies
IT and
training
Organizations will need to:
• Train privacy personnel &
employees
• Audit and update data
policies
• Employ a Data Protection
Officer (if required)
• Create & manage compliant
vendor contracts
Organizations will need to:
• Protect personal data using
appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing data
processing
Individuals have the right to:
• Access their personal data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations must:
• Provide clear notice of data
collection
• Outline processing
purposes and use cases
• Define data retention and
deletion policies
29. Personal data
Any information related to an identified or identifiable
natural person including direct and indirect identification.
Examples include:
• Name
• Identification number (e.g., SSN)
• Location data (e.g., home address)
• Online identifier (e.g., e-mail address, screen names,
IP addresses, device IDs)
Sensitive personal data
Personal data afforded enhanced protections:
• Genetic data (e.g., an individual’s gene sequence)
• Biometric Data (e.g., fingerprints, facial recognition,
retinal scans)
• Sub categories of personal data including:
• Racial or ethnic origin
• Political opinions, religious or philosophical beliefs
• Trade union membership
• Data concerning health
• Data concerning a person’s sex life or sexual
orientation
How the EU GDPR
defines personal data
31. 31
Microsoft Confidential – for internal only use by partners.
Discover
Identify what personal data you have and
where it resides1
Manage
Govern how personal data is used
and accessed2
Protect
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breaches3
Report
Keep required documentation, manage data
requests and breach notifications4
Step-by-Step GDPR Compliance
34. Access
granted
to data
Apps
Risk
MICROSOFT INTUNE
AZURE ACTIVE
DIRECTORY
MICROSOFT CLOUD
APP SECURITY
AZURE INFORMATION
PROTECTION
MICROSOFT ADVANCED
THREAT ANALYTICS
!
Device
!
CONDITIONAL
ACCESS
Location
Classify
Audit
Protect
Label
!
!
36. IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk
Azure
Bing
OneDrive
Microsoft
Cyber Defense
Operations Center
Microsoft
Cybercrime Center
Xbox Live
Microsoft
Accounts
Skype
37. Enforce on-demand, just-in-time administrative access when needed
Use Alert, Audit Reports and Access Review
Domain
User
Global
Administrator
Discover, restrict, and monitor privileged identities
Domain
User
Administrator
privileges expire after
a specified interval