Unified Endpoint Management UEM

Show video

Hello. Everyone my name is Rodney Peterson and I'm a Senior Product Marketing Manager and today, I'll give you a quick overview of Microsoft, interns Kabila T's to manage your, mobile devices PCs. And Macs in your organization, so you can able device choice for your employees and help, to protect your company data in, your environment I have a lot of demos in this presentation so I'll try to keep you entertained throughout, this presentation first. Just to get started I'll give you a quick overview of where, the industry is at right now and help, you understand, how we can help you solve, some of the challenges, that we see when, we talk to our customers, you. Might be well aware of the fact that the world has changed over the last 10 15 years and, their evolution of mobile devices the explosion, of cloud service and applications, have. Changed the world you now see that employees. Expect to be able to work, easily. From the device of their choice so it's not just about being, able to use Windows laptops for example, a lot of employees would like to use their mobile devices, as well as Mac's to get the work done they also would like to have an easy access to mobile applications in, this case it means that there won't be they don't want to call. Helpdesk or go through VPN configuration it's, just to be able to access their email or, files that are for applications, for example and a lot of employees nowadays, want to have self-service, again they want to be able to reset their own password, they want to be able to access applications or their own without, having to call helpdesk, without having to call, the IT or, create, tickets for example on, the other end IT also, has new challenges, right IT. Also needs to be able to secure access to company resources so the IT knows who, and under what conditions is accessing. Applications in, the past it was relatively easy because, most of the company data was stored on premises, but, now company. Data in this case email, applications, and files are not, just stored on premises they're also stored in the cloud so how do you manage access in this new world another. Challenge, variety is being able to protect company, data on this new endpoints, right and as many as I mentioned before it's. Not just Windows it's also iOS, Mac, and Android devices and, with. All these new challenges I t's, basically, asked to do more with the, same or. Resources. So basically, how do you solve all these challenges, with having the same resources. The same funds in, the organization, we, believe we have a solution that we. Can help you with with, enterprise mobility plus security in this case we enable. Productivity, for your employees, by enabling, device. Choice so I get you again, your employees can use devices, of their choice they can get easy access to resources, on-premises. And the cloud they, get self-service, capabilities and, they, also can use their, favorite applications, office applications, across all the operating systems and, I'll show you some of the demos in few minutes the, second item is data protection very important for me for many of our customers in this, case we focus on two things helping. To manage access to, your resources, and also, enabling, data protection, at the endpoint, once, the access is granted again we have some few, technologies in that space with, Intune and enterprise. Mobility plus security that I will show you in, a few minutes and last. But not least we also believe the simplifying, management for you is extremely important and we have a unified platform and unified admin experience all available from the cloud to, help you with that across all of your devices, as, well as deployment.

And Support, available for us parts description, so that we actually can get started with deploying our services, again, without having, to rely. Too, much on documentation, or, traditional. Methods of deployment. In this case so. I split, this presentation, in three separate chapters, the, first one is about enabling productivity. For you employees the second one is about data protection and the third one is about simply funding management, the, first part which I'll focus in a second is about end-user. Productivity. And the important, piece of that is the fact that employees. As I mentioned have different devices that they would like to use to, get the work done and there are also different use cases it's not just about you. Being able to distribute up like devices, to your users it's also usually. Being able to bring their own devices. And access, work, applications. And work files on their, own devices as well as use, cases where there's a kiosk device or you have contractors. So you have all these different scenarios. And use cases in your organization, that you have to manage and what. We offer to you is that is that one platform what, one cloud solution, can help you enable. All of these use cases across. Different device types and device, operating, systems as I mentioned before Windows. 10 iOS. Mac, OS and Android so all these use cases can be managed through Microsoft. Intune and I'll show you how all that can be done using one, admin console and one, management, platform, from, the cloud the. Second item which, is very important for end user productivity is, simplified. Access to applications, and what, we mean by that is by making it easier, for employees, to access applications, both. In the cloud and on-premises, using. Their favorite device one, of the ways we enable that is we enable single, sign-on to thousands, of SAS or software, as a service cloud applications, as well, as your own premises, applications, without, using, on-premises. Appliances. Or infrastructure. Or VPN, service so we can enable single, sign-on two popular, SAS applications, like office 365, Salesforce. Dropbox. For example as well as your own premises, of applications, again, without having to build on own premises infrastructure, and I'll show you that in a moment as well and the, last but not least in this section is, enabling. Self-service. Capabilities for, your employees, as I mentioned it's a very important topic for a lot of our customers and it's, a huge, space, to actually cut your expenses from the IT point of view because. Again, you can enable employees to, do things on their own right they don't have to call you to change their password, they don't have to call helpdesk to reset. Their multi-factor, authentication method, for example they, don't have to ask their manager, to get access to more applications, or manage. Their own groups so we enable, all that through, our our solution, again, across iOS, Android. Windows and, Mac as well so brings, a lot of power to the end-user so, they're more happy with the work they're doing and they, also don't have to bother the IT and that way that you can actually focus on more strategic. Tasks, versus, the help desk activities, so let, me show you quickly how this actually, it. Works, I will first switch. To my iPad and show. You an, end user experiences. On. A, managed. Device so I as an employee can, use my personal. IPad in this case to get. Access to applications, and get some work done so this, is my personal iPad. I will first launch, what, we call manage browsers so it's a. Application. Allows me to access my, as. Access. My application securely the, first thing you see here is that I'm asked to enter my pin is because this is the data protection policy. We set an in tune that says if, I'm trying to access company resources I have, to enter a pin, in this. Specific application and it, can be a pin it can be a password, or it can be a biometric like touch ID if I choose to enable that from my employees in this case I is a very simple pin so, I'm going to go ahead and enter that and, next. Thing we want to do is I. Will try to access all of my applications that, were, enabled, for me by. By, IT in a second, you will see that have I have lots of applications here, that I have access to and first. One I will try to do is a, very common one is I, will try to access my, mail, and what, you will see in a second I'm able to access my mail without, having, to enter my password, this is a technology, called single, sign-on enabled.

By Azure, ad that, allows me as an employee I get easy access to my applications, I'll, show you a bit different example, with an on Microsoft, SAS application, in this case it will be Salesforce, which is also a popular, application for, our customers. So. I will click on Salesforce. And. Again. What you will see in a second that because this is a sense of application, I'm required, to, prove. That I am the right person this. Is a policy, I said in my organization, saying that if I'm trying to access Salesforce, I have, to prove I am the right person in. This case I'm getting a call on my mobile phone so. I'm gonna go ahead and answer it and, prove. That, yes I am, Who I am in this case Chris at contoso I build calm and I. Am trying to act this application and as you will see in a second the, access to this app will be granted and again this is because I, verified. That I am actually, Chris. In this case and what you'll see again. I'm able to access Salesforce, again. Without having to enter my password so, makes my life much easier let. Me show you one more example in this case is a it's a little bit different it cuz I'm actually trying to access an on-premises. Web. Application, without, having to use VPN so, in this case called contoso, retail, services, and what, you will see in a second again is that I'm able to get single, sign-on as an, end user to. My own premises web app in, this case it's. Enabled by technology called. A 3d application, proxy which. Again enables, single sign-on to, own prem web apps without, on-premises, appliance, or own, premises with VPN, infrastructure. So pretty powerful, again, in another way for you to save some cost in your environment another. Thing I can do as, an employee is the self-service, part which I mentioned earlier for example, I can add more. Applications if, I want to so for example if I need to get access to more apps that, I need to get my work done I can do it here as well again without having to coati I can. Also join, more. Groups or, manage, groups on my own so in this case if, I for example and. Working on new project, and I would like to join your groups I can get access to more application, I can do it here again without having to kuwaiti as. I mentioned earlier I can also reset. My password here, on my own I can also reset, or change my multi-factor, authentication method, so for example if my, MFA, is currently set to a mobile phone call I can change it to a text or I can change it to a mobile, app which is called Authenticator, so I can verify that, yes I am the right person using.

A Mobile application in this case so all these, self-service, capabilities are. Again are possible. For me to do one. One. Thing I would like to also the cover before I switch to a tip for experiences, is the fact that, in. This case because this device will. Enroll into management into in tune to get access to my email application. In. Turn automatically, installed, all the needed app mobile applications, on my iPad, this case so as you can see I have many Microsoft. And non-microsoft. Applications. Or mobile apps in this case installed, on my device. Automatically. By engine as soon as I enroll my, device for management and as, an employee I also, get access to more, mobile, application, applications. If I need to so in term company portal again, Able's that additional, service capabilities, for. Me to access more, mobile applications, for example in my environment see. What, devices that I have so all these devices belong to me and as an end user I can manage it from this application, myself. So for example if I lose a device I can, actually wipe this device myself. Using. Intern company portal again very powerful, to ensure that the company data stays, protected I can, get support information, in this case and go get notifications. That are important to me as an end users again all this awesomeness. Is available, for, our end users to get, the self-service, capabilities. Let. Me now switch to my surface, device here and show, you some of the IT pro capabilities. In this case how I can figure all this stuff for my employees so. What you see now is the, EMS. Or intern administrative. Dashboard so, here I have access to three. Major azure. Services, to manage my identity's devices. And data, protection so while, this services Microsoft, engine again this is the topic of this presentation, specifically, and Microsoft. In turn enables, me to again, manage all devices my environment so as. I mentioned you can manage your iOS Android. Mac. OS and Windows devices so for example here I can, create policies. For all this all. Of those operating systems so I'll show you one example just, so you can see all. The different policies, available to you as an IT professional. So. I'll create a new profile I'll. Choose a platform, so. As you can see all the major ones are available I will choose, one of them which is iOS and, what. You'll see here in a second is that there are different profile types available I can deploy, a Wi-Fi, profile, VPN. Certificate. Email. I can also have, device, restrictions, so if I'm looking to secure. The device as you can see here I have many policies, in this case categories, of policies, that, I can configure and then, I can, click, on one of the categories, and see all this settings. That are available to me to configure so this is where I can make, sure the devices are secured, when. They access to our company, resources. I can, also deploy, applications, mobile. Apps in this case so I can deploy, patience from, Apple. App Store Google Play Windows, Store I can also deploy Mac, applications, to my Mac device as well so again oldest, things that make my, employees, get. Ready for work faster, so I'll show you an example of apps you can deploy you'll. See here that as I mentioned all different applications, are available for you to deploy you can deploy, your line of business so, your own applications. As well and we, what we recently added you can also deploy off, 65. Applications. Directly, from the cloud for, example for. The windows 10 platform. Again. You can use in turn to automatically, deploy applications to. Your end users from the clouds again it reduces the infrastructure, need in your environment and makes. It easy for employees to get access to important.

Applications, From, the get-go so, that was that an interesting, part that I, would like to also cover for you is the fact that this, is a unified, admin console so you have, html5. Based modern, admin console, can be accessed. From any browser or from anywhere, because our cloud, services are running, in Azure so they are globally available and. You. Can not only manage your devices, here you can also manage your identities. And groups, and SAS. Applications, using, the same admin console so as IT. Professional, it's, easier, for me to get all these things done again, using one platform and one, admin. Experience. The, important, piece about data protection for, us is that we focus. On two specific areas that are important, to our customers, so one is about managing, access to, your resources so who, under what conditions, can access your resources and the, second one is once, the access is granted how, can you ensure that data is protected on those endpoints so again mobile devices, pcs or Macs for example, so let me go, deeper into each of those areas that again are very important for many customers from compliance. And security point, of view so. The, first one is access, control what, we call a TMS. Conditional. Access and the idea here is that you. Can define set of conditions, that the, employees have to meet before, -, in order to get access to your company, resources in this case you know files email applications, that are stored in the cloud and on-premises. And those, conditions can be from, what locations, the employees coming is device, managed or compliant, is, the user. Authenticated. What's, the user is the risk is. User potentially, compromised or not so all those conditions can be checked automatically, in the cloud and based, on the conditions, then you can define different controls, do you wanna block access, to your resources do you want to enable multi-factor, authentication they. Want to require, device to be enrolled for management or Intune or, you can also provide for, example limited access so all these things are available to you to. Configure and control from. The cloud so you don't have to maintain on-premises. Infrastructure, I would like to mention again that our conditional, access policies, work for both SAS. Applications, or your cloud apps as well as your own premises, web, applications, as well which is very important, for you because many of our customers again, have. Applications that are both on-premises. And in, the cloud and the. Second area is, protecting. Company data at the endpoint, so once the employees, or contractors, are. Able, to access company resources. Like email, or files for example what. Can we do to help you ensure that the company data stays, protected and this is where interns. Have protection, policies, coming into play and they, basically help you protect your company, resources at, the application, layer so you can define things like is dating. That at the endpoint or on, a mobile device or Windows Device for example do, they have to enter a pin to access applications can. They copy company, information and move it to the personal, storage, locations, or applications, for example can you wipe company, data and so on so all these things are also provided, by in turn to, help you feel. Comfortable with the fact that your, company, data is, protected even though it might be on different, devices out, of your company Network so. Again very powerful, very important from compliance and security point of view and, with, that said let me show you quickly how, that actually looks so, I will first start, with an iPad again to show you that. Conditional, access controls are available. To. You so, what you will see here this is my. Unmanaged. IPad, so if I go to settings you, will see that this device is not, damaged so it's a personal, device that I can, use to you know watch movies for example but.

Now I as, an employee would like to access company. Email so let, me try that so I'm going to go ahead and launch, outlook. Which is a mobile app that I, downloaded. From the Apple App Store and. As you, can see here I have my personal, email. Added here so at, outlook calm and I'm, going to try to add my company, email now so let me try that which, is in this case Chris. Of contoso build calm which is an email in Austria, t5 I'll. Click Add Account. And. I. Will enter my password and one cool thing you saw here is that when I put my user name the. Background, and the company, logo changed. Which helps me as an employee to know that I'm at the right place that this is not a phishing attack for example so again a little thing that helps. You with security so, I'll put my password click go and what. You'll see in a second it says hey we, know that you're the right person and you should you should be able to access this information this, case email but, the company policy, says that your device has, to be enrolled and compliant. Before you can access company resources so it gives you me a button in this case enroll now which, lets. The end-user download, intern company portal and go to the standard standard, iOS enrollment process again the idea here is that the, policy I said requires, device, management, and device compliance, before, I can access company email so, this is outlook outlook. App let, me try, something. Different let me try to add email, now from my iOS native email client so again another way I can technically, access, off, 65, email so I'll click. Add Account, choose exchange. Put. My the same email so Chris at. Contoso. Build. Com. Think. I spelled it right so, click. Next. Sign. In and you, will see that iOS. Added support. For the modern off now to some, modern modern authentication, so again you see the same background the same company logo password. Is already there so I'll sign in and you will, see the same message again I have, to get my device enrolled before, I can access my email even, from the iOS native email client and this.

Experience Is similar on Windows Device Mac. Device or Android. Device so again, it's cross-platform. Not just iOS, another. Way that I can technically, access email as an employee through browser so let me go ahead and launch, Safari. In this case, and. I will try. To access, my exchange online email from. My, browser so let me try that so I'll search it and, then. Try to login. Okay. I'll, choose Chris again the same account I will. Put my password again. And. What you'll see again and the same message that I have to get my device enrolled before, I can access company resource again this is a, functionality. Provided by a feature, in EMS called conditional, access that. Helps. You ensure that it's only the right people on the right condition, can, access, your on-premises. And cloud applications, again, without having you to maintain, an on-premises, infrastructure. Or VPN service so, this is conditional, access let. Me show you how, you can protect company, data on, iPad. In this case once the access, is granted so I am back to my managed. IPad and this case this iPad has in turn up protection, policies, that help, to protect company, data at the application, layer and. The demos I'm showing you here are on managed. Device but the same functionality, is also available on, unmanaged. Devices which again can enable. More scenarios, for you on for, BYOD use cases for example and, again, I'm showing you this demo on iOS device but it will work the same functionality is available on Android and Windows, 10 devices, so a very basic, example here, I will launch my Outlook. Email. Again. Which I use in this case as an employee to use my taxes. My personal, and company. Email. As. You can see here because this is a company email I have a policy, sorry, it's a company application, I have a Polish that says I have to enter my pin so, I'm gonna go ahead and enter my simple, pin again and again you. Can also enable, biometric. So touch ID to make it even easier for employees to, access application. So as. You can see here I have my both. My company. Email and my personal Outlook email available. Here so again I can use both accounts, in our data protection policies, are. Working. Well within. The application, because they have that idea of multi identity so they know, when. The company data is is when, the data is actually company, data and and when it's personal, so the protection itself, only follows, the company data so, let me show you a very common example so, I will open one. Of the emails here, which. Is a company email so this is my office 365, email and I'll, try to copy some, text here. Which. Is a company information text, I will, now, open my notes app and. Try. To paste, this. Information here so. You will see here, I'll, you know try to paste something here and, what you will see here that I'm getting a message back saying hey. Your, organization's, data cannot, be pasted, here again, because the policy, was said in turn says you cannot move company, data from a company. Account, or application, to a personal, account or applications, that's why employee. Our guidance saying hey you cannot really you shouldn't do this because this is this is against the policy in your organization, but, let me now try to open word which, is also in this case managed, by intern so it's a company, protected, application, and I. Will try to do the same action, I'll try to pay. Company. Information in this case into a word file. So. I will open one. Of the files that. Is stored in onedrive, for business, and. It. Will download, and open this file within my world application. Now. I will try to page the same content, here and. What. You will see is that now I'm able to do it because the policy, I said an intern says you're able to move company. Data between managed. Applications. In this case both outlook and word are managed so this operation is, allowed another. Common use case is being, able to save data. Into storage locations, things. Like onedrive or Dropbox, for example so I can continue, working on my projects, so, I will try to save a copy and. Let's. Say I'll, try to save it into onedrive. Personal, so it's my personal, onedrive account and. What you'll see in a second is that this action, is not allowed again because of the policy, was set in June but, if I try to save this file into onedrive.

For Business which, is a company, approved storage, location, I will, be able to save it again because the policy, in turn allows me to do it again this really helps me as an employee to, do the right things to make sure that the company data stays, protected even, if I'm using my own personal, iPad to get the work done so employees. Get the productivity, boost and from, the IT perspective we get the peace of mind that our data doesn't go into the places that we don't have control anymore so. Let me show you now how this can be configured from, the IT pro, point of view so I will switch back to my surface, here and go, to the admin console I'll, go back to this dashboard and I'll first. Show you conditional, access capabilities, so how you can manage access, to your resources, so. I will, click, on the azure ad blade. Here and. Click. On conditional, access we. Have few policies, already defined in my environment but, I'll create a new one to show you how how easy it is to configure conditional. Access policy, the, first thing you need to decide is which, users, or user groups you'd like to protect and these, are the same groups, and users Darville laughs 65, because the back end of office 365 is. A GED it's, the same users same, user groups that you can reuse in, this case four into an azure ad and EMS because again the back end is the same so. I can choose all users, or I can choose specific groups, if I want to and you can also exclude groups if needed as well so for example if you would like to exclude your a. CEO. For example, or your, IT management you can do it from here that way they will not be affected by this conditional. Access policy, so, I'll click done the. Next thing is you need to choose which, applications. You would like to protect, again. As I mentioned before you, can protect, both cloud. Applications. So almost. 3,000, SAS applications, that actually, already, federates. With you, can enable. Or, select, applications, from your on-premises, applications, and. You can basically enable, any, other cloud. Application, as well through. Different. Methods that azure ad enables, so in this case for, a very simple example I will choose. Exchange. Online which is a very common applications, that many, customers would like to protect I click select I will. Click done and, the next one is very important is the conditions, so, this is where you define different. Conditions, that the employees, or users have to meet before, they can access. Applications. In this case of 65, so while them is signing the risk so. How risky. Is the user or the same activity, and this is where as your, ad identity.

Protection Uses machine learning and vast data, pool that Microsoft, has access to to, basically analyze, user behavior, in the sign-in behavior, of the user to, see and basically, calculate, the risk of the user and based on that risk we, can automatically, block, access, or enforce, multi-factor. Authentication as, employees. Try to access your company. Resources and again we, calculate, the risk based on user, behavior sometimes. Location, change the, out, of work, change basically. We analyze different patterns to figure out if whatever, the user is doing is abnormal, and that's based on the machine, learning algorithms, that we have at. Microsoft, the, other thing is device, compliance, so they, want your devices, to be, managed. And device and compliant. Before they can access comp, and resources and again many the. Most, customers, choose this as well they want, the devices, that access company resources be. Secure be, managed, and be compliant. Next. Condition you can select is, allocations. So, you can define trusted, locations, so, if the user for example is coming from United. States and you can say that is trusted, so I don't really need to enforce anything from conditional, access point of view but, if the user for example is coming from North, Korea, I would, like to enforce, multi-factor. Authentication so, again that's under your control, as well and, you can also select, specific applications. That you would like employees, to use for example if you would like employees, to only, use, manage. Applications, so the ones that are protected by in turn and no, other applications, you have that control. In your hands as well so that's available to you as well and based. On this on these conditions. Then you can define, controls. Right, do you want to just block. Access, or do. You want to enable access but require, multi-factor, authentication, requires. I mentioned device to be complied, with engine policies. Require. For example Windows, devices to be joined to the on-premises. Active directory and Azure ad do. You want to only allow, specific. Applications, to be able to access cloud, services, or. Do you want to require Terms of Use that needs to be signed. By the end-user so there are different controls. Available to you that. You can enforce, on the, users that try to access company resources. On-premises. And. In the clouds again this, is the functionality. That we call conditional access very, powerful, a lots of customers use it already across. In turn and as your ID that, work together to make this happen purely, from the cloud without, having to maintain any, on-premises, infrastructure.

So. This is conditional. Access let, me show you. Internal, protection this is where you can define. Data. Protection controls, at the application, layer so I will go to the intern blade here, go. Into the mobile app section. Then. Select. In a protection, policies. And this is where you can again, define those, copy, paste save as encryption controls, so I'll create a new one just to show you how it works as I, mentioned before you. Can do this across iOS Android, and Windows 10, you. Can select which, applications. You would like to protect as, you can see here we have many. Microsoft. And nine microcell plication available, for you to and beyond. These applications, you can also enable this for your own line. Of business applications, as well through, into, an app SDK, or through the internet prepping, tool so this. Is also available to your own line. Of business applications, and. After. Choosing applications. You can also choose, all these data protection. Controls, again as I mentioned you. Know things like the one that enforce copy/paste save, as, encryption. Per, app access, control. What's. The minimum version, of the operating system employees, have to use to use applications, what's, the minimum version of the applications, they have to use to have many different controls at the application, level that you can define to, ensure that your company data and this is again email. Or files are, protected on, endpoints. Again, that our iOS Android, and Windows 10 and again as I, mentioned before. But I would like to restate again this. Technology, in this case internal, protection works. For both. Managed. And unmanaged applications. So even if you have a unmanaged. Android device you can enable this app level controls. Without, having to require your employees, to, use to, enroll their devices for management so it's a really, nice enabler. For many use cases for some, of our customers, especially around, bring-your-own-device, scenarios. Or, scenarios, where you have contractors, or vendors that try to access your company, information but, they're not your employees, so you cannot really manage their devices. The, thing about management, is that when we talk to our customers. There, are different, challenges, they really have to solve many, of our customers have a currently, a separate, windows. Management solution. So they have a on premises, solution to manage Windows devices most. Often it's a CCM but, now they're also asked to have a separate, solution to manage their mobile devices, on top of again not, just having two solutions, to maintain, most. Of these solutions are on premises, again it that means that you have to have resources and the knowledge to maintain the. Infrastructure, and as, I mentioned before there also ask our IT professionals.

Are Asked to do more now with, either same. Or less resource again it's it's it's becoming harder, and harder for them to be able to achieve, their goals what, we believe, is that from our perspective we do enabled, solutions. To all of these challenges, because, in, turn and enterprise, mobility plus, security or surely EMS provides. A, unified. Endpoint, management, platform. So you have one cloud platform, to not only manage your, mobile, devices, but also Windows 10 devices and Mac, as well so you have one, cloud platform. That, you can use, to manage all of your devices, again, without having to maintain on-premises. Infrastructure, you have one unified, admin, console as I showed you before you have admin. Console, in Azure portal that helps you to manage your iOS. Windows, Android. Mac devices, as, well as identities, SAS, applications. Access, controls, again one admin console is great. We're, also enabled, intern in, Microsoft. Graph so we enable intern api's in Microsoft graphs and now you can programmatically. Access engine. Controls and interns data without, having to use admin, console and that's very powerful because that enables automation. Integration. And advanced. Reporting scenarios, for you and, your. IT. Members. Or colleagues as well so very powerful, and again, as I mentioned before because we're cloud service we can scale to any number of devices. And users need to manage or, available, globally and we, also include. Deployment, and support services, in the subscription so you don't have to pay additional money, to get to get started, or get helped to, get with you to get help with your deployment, or get assistance if things, don't work well for. Example let. Me go deeper. In each of these areas I will, first start with, Windows. Management and, there. Is a lot of interest, from many of our customers to, modernize. Windows management because, it does bring many benefits to them some. Of them include a better end-user experiences. Again because, in the users can use their own Windows. 10 devices they, can get self-service, capabilities they. Can use their you, know latest. Up-to-date Office. ProPlus applications. For example so. That's a benefit to the end-user we, also believe this. Ability to manage Windows 10 devices from the cloud enables. Simpler management, so that way again you don't have to maintain on-premises. Infrastructure, you can just manage your Windows, devices just the same way you manage your mobile devices from, the cloud using the MDM. Api's that. Are available in, Windows 10 so it makes your life a bit easier from, the IT perspective, we, also believe that this new, cloud-based. Modern. Management approach of Windows 10 devices provides, a more secure. Experience. Because you can leverage all. That awesome tech, security technology, enabled, which enabled, with each release of Windows 10 things like a Windows, Defender a TP exploit. Guard credentials. Guard device, guard application. Controls, and there are many more security, features are that are being released in each release of Windows that you can now manage from, the cloud the, other benefit, of that from security perspective is that when you manage twice from the cloud you, can really use that cloud telemetry, and machine. Intelligence to, help. Discover. Attacks, against your environment, one cool example, is defender. ATP that basically, analyzes. Your devices, your Windows devices using machine learning algorithms, to figure out if you have a sophisticated, attack. Against the organization, so all, of those use cases will, be even, more powerful as, we get more telemetry in the cloud to help you fight, against the bad guys and the, last but not least we also believe, that this modern, management approach, of Windows devices provides. A lower. Total cost of ownership for you and your gun is a in this case again you because you don't have to maintain on-premises. Infrastructure, you in you, will have less. Expenses, that, you have to manage which means you'll have more resources to focus on more strategic, projects.

For Your company, and become a strategic. Partner, versus. That cost Center we envision. Modern. Windows, management, in. A way that you'll. Be able to use our cloud, services in. This case as ready and in, tune to, deploy. Provision. Managed, secure, and, keep up to date all, of your Windows devices on top of the, mobile devices that we already manage and Mac devices as well while the cool parts, of this modern management approach that were working, very actively with. The windows team for the past two. Years is, a, technology, called Windows autopilot, that allows, you, to basically deploy. Windows. 10 devices without having, to do, imaging so it's a new technology, that allows employees. To bring their own devices for example their own Windows 10 devices put the device the first time provide, their company credentials, and then, we do the magic in the backend to basically enroll. The device into. Intune registered. Device with Azure ad and provision, all the necessary configurations. Applications. And profiles, to, make the device work, ready within a very short period of time for you and users so in this case you can basically replace your traditional, imaging. Process. For new. Windows devices or for updates, with this new technology called Windows autopilot, that it's, closely, integrated integrated. With Azure ad in in tune to enable this new modern. Deployment. Experience for, you and for, your employees, let. Me quickly show you how this works from the end-user perspective. So imagine. An, user got. A new surface device that. You sent to the person or they just went to a store. Nearby, and bought a Windows 10 device themselves, the, boot the device the first time and go. To the traditional. Out-of-the-box. Experience, that you, know many of us are used, to at this point they. Choose a few settings and then, they're asked to connect the Wi-Fi again, because this technology, requires, internet, connection. Be able to get device registered, and enrolled with, our services, if, you have you know Terms of Use you can enable that as part of your Wi-Fi. Enrollment, or you know Wi-Fi. Page. But this is this is optional. Once, the advice gets connected to the Internet, it basically, knows, through the auto pilot service, that this, device belongs to cantos organization, so it knows that this device belongs to me in this case the user Brad and all, I'm asked to do is enter, my credentials, with, credentials which is the azure ad or, r65. Credentials, and what, happens next is that as I mentioned before his device. Gets registered, with Azure ad, automatically. Enrolled, into Microsoft, Intune and then in turn deploys all, the necessary configuration. Security, settings and applications that, IT, needs, before. The device, is ready to be used by the employee, and. What. We see, when we talk, to our customers that this process, significantly. Shortens. The amount of time that IT. Spends. On getting. Devices, ready so again imaging, process is usually. Time consuming, and complex in this case is much simpler with this approach and. Also makes it easier, for employees, because, they go through a normal part, of the block experience, but within minutes they have access, to work applications, and work, files. On their Windows 10 devices. So, this is this is pretty cool what about customers, are really excited about this technology and, we, are working very actively with, Windows team on, enhancing. These experiences, with every release of Windows, 10 so, let me show. You now all, the different windows controls, that are available in in Zune so I will switch back to my surface, device here. And. What you will see here is that I'll go back to the. Dashboard my admin dashboard here go. To the Intune, blade. And. Then. I'll, go to the device development section and I, will show you that we. Are in - in this case already integrates, with Windows autopilot, so. Again we make this experience. Much. More simplified, for you as an IT professional and. Employees. And I guess I mentioned before they, have a lot of cool stuff coming in the, next. Release of Windows tensor on spring of 2018. As well as the fall 2018, is a lot of really cool stuff happening there again. Which you will see in a relatively short time you, can configure, a few settings here with autopilot as. Of right now but you. Know again bit later this year in 2018, you'll be able to see even more controls, from, the autopilot integration, perspective with, in.

Microsoft, Intune so, that's out of pod integration, so the, other thing is being. Able to configure Windows 10 devices from the cloud and again this is very important. For many customers. Because they would like to be able to manage. Windows 10 from the cloud but they're usually ask how. Many controls, do I have right so let me show you all, this all the stuff that we added to Microsoft, Intune so, I will choose the platform, in this case Windows. 10 and. As with iOS Android and Mac you have different, profile types available from, Wi-Fi. VPN configuration, to. Email to. Windows Defender ATP configuration. As. Well as the device restriction so like a lot of security controls I'll, show you some of them the. One thing you should notice is that take. A look at how many categories. We have of things you can configure so we have probably. More than you know 200 controls. You can define here using, into an MDM policies, and as Windows. Adds, more, controls, that can be configured to NGM more, of them will be enabled, in engine console as well because again we work very closely with the windows team so, for example I'll take a look at you. Know for. Example here, Windows Defender antivirus, management, so just, one category and I have 31 settings here that I can configure from. Using. Interim that can be enforced on a Windows 10 device from, the cloud so again again. Instead, of maintaining on-premises. Solution. I'm very, often ice configuration. Manager System Center Configuration Manager, you can do the same thing now from, the cloud, another. Thing is being. Able to deploy. Applications as. I mentioned before in. Turn can deploy applications from. Windows. Store from. For business you can deploy your line. Of business applications and. It, can also deploy. Very. Cool is the off, five Pro, Plus applications, too so now you can deploy those apps from. The cloud and again as I mentioned earlier in this presentation a lot, of customers are very excited, about this functionality. Another. Thing that's important, to our customers, is being able to manage updates, and, you can also do it from the cloud now, Windows. Microsoft, Intune, integrates, with the Windows Update for business so now you can actually manage. Windows updates, from. The cloud again using, Windows. Updates for business and Internet. Services so which. Means that again you don't have to maintain your on-premises. Infrastructure, here you can just use cloud, services, to make sure that your devices, are always, up to date because. They will provide the best end, user experiences, for your people, as well as the best, security, for your organization, as well while. This is really awesome again we see many customers, embracing. This modern management approach we'll also see many, customers, who have already. Done investments, for your on-premises, management, so your traditional, management. Of Windows devices with solutions. Like System Center Configuration Manager, which, basically, almost. Nearly, all customers, used currently to manage windows devices and for, them it's a bit more challenging to move from this traditional. Windows management world to this new cloud-based. Modern. Management world with Azure, ad and in tune and while. Many of them are looking for it they're looking for moving, to this new world, they're. Trying different methods to get there right so some. Organizations, that start, basically. Are. Brand new they don't really have on premises investments, they can just go, and start with the cloud so just basically start using Azure ad and in tune to deploy manage and secure Windows 10 devices however. The majority of customers do have on-premise investments, and they, have tried a few methods so one of them that we often, hear is what, we call big switch transition, where, they would just try to basically.

Turn Off your on-premises, Active Directory and, configuration, manager and start, managing everything from the cloud using. Internet as ready well, we haven't seen many successes, yet with that because it requires, a lot of planning a lot of things to manage a lot, of risk so we haven't seen that much of success even though it's you know it's still a valid approach, some, customers, take depending on the size of your environment. And the complexity, of your environment, another. Often. A use case is the group, transition, where you, know where our customers, tried to enable modern management approach for, some users for example your salespeople, or, your consultant. Which, is great for those users. But it leaves the rest of your organization, with this traditional, management, approach that might not provide, the best end user experiences, for your employees it might not provide the best security, and. Not lower your total. Cost of ownership so for, that reason we. Worked, really hard for the past year, or two on this new way. Of moving, to the modern, management world what we call Co, management, what, commandment allows it's basically it allows you, to manage a Windows 10 device with a, configuration, manager. And intern at the same time which. Is which was not possible in the past well, this allows you to do is while. You can manage the, device with, two solutions at the same time then. You can slowly move some, workloads, from, configuration manager. To intern while, maintaining configuration. Manager for other workloads for example you, can move your device compliance. Check from configuration manager, to in tune Windows. Update Manager for example while, maintaining configuration. Manager for other tasks, like AB deployment, or really. Deep device configuration. So this gives you more flexibility. To move. To this new modern management approach in small, step with, more control so basically you can take less risk and do it on your own terms we, release this in the fall. Of 2017 we. See many customers, already trying this in their environment and we're really excited to see. How. This works out from any customers because we see a lot of excitement in space because what, we hear from our customers is that Commandment provides really. Ability, for them to move, to this new world without. Taking, huge steps which, is a very, important very. Important for us and it's very important for our customers. As, well so, let me show, you how this works, in. A configuration, manager, console so, what. You will see here in a second is that I will try, to first. Connect. Configuration. Manager with, in tune so, what this basically does is that it allows those. Two products, to talk to each other so. That way they know what. Product. Is responsible, for what part of the management so that way configuration, vendor knows that it's responsible, for for. Example for app deployment and engine is responsible, for device. Compliance, check in that case they, don't have conflict so they basically have what conflicts, between each other so they're smart, enough to have the ability to talk with each other. Then I can decide do. I want to automatically. Enroll. My. Configuration, managed. Windows, 10 devices into in turn so that way you know basically, I can say that all of my Windows. 10 devices that are currently managed, by configuration, manager, can. Be automatically, enrolled. For in turn to enable this command and functionality, that then I can use to slowly, start, moving some, workloads, to engine and in, this screen I can actually now start. To say which, workloads, I would like to move from. Configuration, manager to engine and again it's a very easy process you can just move, the slider here for the workloads you would like to manage and then, with the work in a back-end to make that happen again, between configuration. Manager and. In turn you, can decide, which, device, groups this policy. Applies to and which ones you would like to exclude as you would expect to, have, these capabilities and in configuration, manager and in. The full release of, configuration. Managers of for 2017, was, version 17 10 we, enabled three workloads that can be moved to intern and will be enabling more with, every release of configuration.

Manager That happens a few, times a year traditionally. That was cool Co management the next topic to, discuss is, which, is again very important, for our customers is, having. The ability to access. Intern, programmatically, and what that means is that when. We moved, into a renamed, Internet and Azure infrastructure. We, also basically. Redesigned. The product so it was redesigned, to run in Azure with, microservices architecture, and we also enabled in tune in Microsoft. Graft what that means is that intern, api's are now available to the Microsoft, graph so, you can programmatically, access interns, controls, and data with. Your favorite tools like a powershell for example or python the cool thing about this is that when, we build in turn on Azure we, basically build the admin console, on. The top of the api's, so in, turn admin console on in Azure portal, calls, in to the api's. Of engine and Microsoft, graph to do whatever you wanted to do in the admin console what, this basically means is that in theory any person, can also build their own admin console for Internet like the one we have so we, wouldn't recommend that but that's possible, because again we, build, this solution with the mind of there's, an underlying cloud service there's, a API layer and there's also the. Admin. Console layer so all these layers talk to each other to. Make this a really cool experience, what this also allows is that because the api's. Are publicly available then, you can also use your favorite. Reporting. Or analytics, tool to, be able to access to interns data and control so for example you can use your power, bi or, tableau to access intern data to create, and generate custom. Reports. Or provide, some custom analysis, analysis, that you need in your organization, another. Benefit, that the API is provide is the fact that now you can automate. And integrate, your. Workflows, and solutions, with intern because the API is our public for example you can create PowerShell, scripts that automate, some actions some. Of our partners for example around the world use. This functionality, to to. Speed up the deployment, of intern for their own customers, so for example instead of having to, go to into. An admin console and you know add 20, applications one-by-one that customers, need you can create a PowerShell, script that automatically, basically. Guest applications, that you need from let's say Google, Playstore and add, them into intern with. Within, like 15 seconds, versus you doing it manually, for, you know few minutes in the admin console so that really speeds, up the whole process another. Benefit of that is the fact that you, can now integrate, your. Custom. Solutions, or custom applications, with into them through the API so again a really cool way. For you to really take into the next level because. You can interact with it with so many different ways now not just to the admin console you can now interact to your reporting. Tool through, PowerShell, and other other. Programming. Language. Or own. Applications. Your own workflows, do integration. With into and through the graph API. So. Let me show you that how, that works. It's on, my surface device here so, first I will. Switch. To, my. PowerShell. Here. And, what. I told you earlier is that I can now use PowerShell, to. Access in turn controls. And data through. The engine API as in Microsoft graft so let me show, you a simple. Script so. We have few scripts, available for our customers, to. Start. Playing with this, so. I'll switch to directory, I will, show you one of the scripts here to. Get the manage. Devices overview, in my environment I will, first have to authenticate. To. My. Environment so that way power so has the. Basically. Rights to access my data. You. Need to. Provide. The right credentials. So. Field. Come. Put. My password. And what you will see in a second is that PowerShell, will use the rest restful.

Api To connect. With engine API in Microsoft, graph and get, the information about my devices, and. Make it presentable to, me here, in PowerShell, another. Example for example I can do here is, see. All. The applications that, are installed on my devices, in. My environment so again I can automate this process you can see here using PowerShell, and it's not just about getting information you can also add. Remove. Edit. Data. In engine. Using this PowerShell, commands. So again from, automation. Integration. Perspective this opens a lot of possibilities, for. Our customers. Developers. In partners, so we're really excited to see what. Our again partners and customers will, do with, all this power, they now have in their in. Their hands this is fully available generally. Available to all the customers that use Internet service and, nearly. Everything that can be done from the engine admin console can, be done through the engine api's in. Microsoft, graph and the, second benefit here by having. The API, is publicly, available is that I can, now use my, reporting, tools in this case power bi to access. Intern. Data so in this case you, know intern has built-in, reports, but, if I'm looking for more custom, reports, or advanced analytics, I can, use power bi to get the additional information I need in my environment that, I can then again analyze or past my data science person to do it for, me so we, have a few, templates available to, you that you can access from the in-zone admin, console to get you started but again, people, who are really good with power bi or other reporting. Tools that can create their own you. Know tables, their own graphs to get the information they need in, the environment, and we also have, audit. Logs that. You can use to see what, ch's have been made in your in your environment, we, have internal information stored, for, up to 90 days through engine data warehouse so that way you have historical, data available. To. You as well again for custom. Reporting and analysis. So all this stuff is is enabled, through the internet. Eyes in Microsoft. Graph that we, made generally available at. The beginning of 2018, what, I showed you so far we're, mostly, use cases for, our enterprise. Customers but we also have into until it for other use cases as well that are specific. To different type, of customers, for example we, have intern available, in first. Line so in my case at 365 f1, where intern, functionality, is available for use cases to manage. Your kiosks. Digital, signage, or shared device scenarios. Again in those, use cases in doing can provide value. As well another. And space, is the small. Business customers. So basically. Through. Microsoft, 65 business. SKU in this case in turn, controls. Are exposed, through the office 65, admin console for some of our small, and midsize customers, that can use the office admin. This experience, not only to enable productivity. Experiences. For you know exchange. Or, SharePoint but also get the management. Data protection through, interns so in turn controls. Are exposed to the estate's t-5 admin console as well and. We, also enable. In tune through for. Our education, customers, so we have a specialized. Intern, for education, admin console, that's, tailored, for the IT, professionals. In schools, and that prize a more simplified experience, to get, devices, managed and enrolled through, intern so it's, also available through the azure portal but provides a more of a simplified. As an experience, that again is tailored specifically, for schools, and we have many, schools and universities, using it now to manage the devices for their students, teachers, and professors for example so again, the idea here is that we not, only provide instant, for our end enterprise, customers, but also for small businesses, and schools. As, well so again and we listen to feedback to improve those experiences, in these different categories, what.

I Covered. So far was, mostly. About Microsoft, Intune so that's about device management, but. We are part of the larger, product, family in, Microsoft. Enterprise mobility, plus, security or shortly EMS, and we have multiple products that are enabled, through EMS. So while, the ones that I also covered, to, some extent that there was as your Active Directory that provides a Denon, access management from the cloud for your cloud. Applications on per applications, users, groups. And, so on we. Also have a solution called as your information, protection it provides a, ability. For you to encrypt and protect files. Themselves. So even if the file is stolen. Or moved. To a place that you don't have control the, file itself is encrypted, it knows who can access the file and who cannot and also, provide some additional functionality like, tracking. Classification. Labeling. And. So on it's a very powerful tool, for, some of your most confidential. Information another. Service, we have enabled in EMS called cloud app security that. Helps you to discover, and monitor SAS, applications, so if you're looking to figure out what, SAS applications, your employees, are using this. Is the tool to use and also helps to be, compliant. With the policies because it helps you to protect. Company data within, those SAS applications, as well and last. Not but least we also have a product called advanced, threat analytics which. Is on-premises, product that that, connects to on-premises. Active Directory and, analyzes. The behavior, of users to. See if the user accounts, are compromised. And it's very important, from security, point of view because the. Majority of breaches. Happen because the credentials, are compromised, so with solutions, like advanced. Threat analytics and, Azure ad identity. Protection you can help. You can discover the attacks much faster, against, your user identities, so you can respond faster to those attacks and stop, the breach before it happens. EMS. Is available, in two. SKUs. So one is e five that provides a lot of azure ad functionality. It includes intern and configuration, manager, includes. A lot of edge information protection, functionality. And advanced. Or analytics and we also have the e5 SKU that includes everything in a three plus, a lot of security, specific.

Functionality, Across, EMS. Product, so what you'll see here is a lot of our customers, right. Now are getting. The five SKU because, of the security concerns in the, organizations, that, you. Know happen pretty. Often, what. I mentioned, earlier and I'd like to restate, again is that deployment. Assistance. Support, is included, in, the subscription so, you don't have to pay additional money, for that what this means is that we have a service called fast, track that, has Microsoft, engineers, that can help you get started with deploying. Our services, again, as part of the subscription without additional cost and the, support, is also included so if things don't go the work right your, support. Costs. Are also included, in the subscription so you can always get assistance to fix issues in your environment. One. Thing that I would like to cover is the fact that we, saw and, still see a tremendous. Growth. In EMS, from both sales. Interest. And deployment. Perspective we, now, increased, our install, base to over sixty million we, have more than 65,000. Customers, trusting, EMS to manage their devices, identities. And provide users security in, tune has been growing at a tremendous rate, growing. You know more than a hundred, percent year-over-year, for, the last 12 months so we see a lot of customers, actually deploying into in their environment, and we, see that growth actually increasing, over the next few years again because of the fact that we moved into into Azure we have lots of new functionality available and, the, fact that a lot of customers now look into a modern, way to manage, Windows 10 devices and Macs, in their environment, from, the configuration. Manager perspective we, also saw a lot of growth from the deployment, perspective we. Have more, than I believe 60,000, customers now managing. More than 100, million devices, using configuration. Manager current branch again it's a huge product, with lots of organizations, that trust configuration. Manager to manage their Windows devices and we, also see a growth in customers. Deploying, Windows, 10 interesting, statistic we have in configuration, manager is that we see customers, upgrade. Or deploy Windows 10 devices in less than seconds, so basically every second, we, see a new Windows 10 device getting. Added into configuration, manager for management and we, expect this to continue, for, the next two years because the upcoming, end of support for Windows 7 that will be in 2020 so, if you're still having those seven devices in your environment I would highly encourage you to start. Upgrading. To Windows 10 so, you can take advantage of the new security and, productivity, features as well, as the management, features, and security features from configuration, manager. And. Intern again, which is very important in, this world. On. That one. Lasting, the electric cover is the fact that enterprise. Mobility plus, security, is available, as part of the larger, product called Microsoft, 365. Which provides an intelligent, modern workplace for. Your employees, and also provides a modern. Management, security, solution for, your IT professionals. Microsoft. 365 includes. Enterprise, mobility plus security Windows. 10 and off, 65, and all of our engineering teams working are working close together on daily, basis to provide a modern experience, again. For your employees, and your IT. Professionals, I would. Highly encourage you, to, visit our product, website Microsoft. Comm, /e. MS to learn more about our capabilities and also, get a free trial you, get a free trial, for 90 days you. Just by, filling out a simple online webform, and you can test it out see how it works reorganizations.

You Can make a decision if this is something that you, can use in your company, to solve this mobility, and security challenges in, your organization, with. That I would like to thank you again for. Listening to this presentation I hope it was helpful, and, if, you have any questions, about this presentation we have an amazing tech community, that you can actually use to ask, questions, get, feedback, and. Provide airport help to other people so I highly encourage you to check, it out if you'd, like to stay more up-to-date into what's happening around in tune I would also encourage you to check the, EMS blog so if you just search online microsomia. Mass blog we have blog. Blogs. Published. On daily basis so you can stay up to date with all the new stuff that's coming up with, our products and we have a lot to come because of a us being a cloud service we have a lot of

2018-06-28

Show video