Difference between revisions of "Pluralsight"
Jump to navigation
Jump to search
(Created page with "=Getting Started with EMS= ==What is it?== ===Azure AD=== SSO and identity platform for cloud and on-premises apps ===Microsoft Intune=== Cloud-based mobile device manageme...") |
|||
| Line 1: | Line 1: | ||
=Getting Started with EMS= | =Getting Started with EMS= | ||
==What is it?== | ==What is it?== | ||
| − | + | *Azure AD | |
| − | + | **SSO and identity platform for cloud and on-premises apps | |
| − | + | *Microsoft Intune | |
| − | + | **Cloud-based mobile device management platform | |
| − | + | *Azure Rights Management | |
| − | + | **Encryption and authorization polices for corporate data | |
| + | |||
| + | ==Why do you care?== | ||
| + | *Provides users with SSO with self service password reset and MFA | ||
| + | *Manage all user devices from a single pane using MDM and MAM solutions | ||
| + | *Protect corporate data outside your organization through encryption, authorization and identity policies | ||
| + | |||
| + | ==Benefits of EMS== | ||
| + | *Short Term | ||
| + | **Authentication for mobile workforce. Data leakage. Ability to scale up and down dramatically. | ||
| + | |||
| + | *Long Term | ||
| + | **Lower TCO (Total Cost of Ownership). Walled garden security approach. SSO. | ||
| + | |||
| + | ==In Short== | ||
| + | *Rise of Cloud Computing | ||
| + | *BYOD! | ||
| + | *Security Gaps | ||
| + | *Microsoft Enterprise Mobility Suite | ||
| + | |||
| + | =What's Included with Microsoft Azure AD Premium?= | ||
| + | |||
| + | ==Single Identity with write-back integration to on-premises AD== | ||
| + | *Self-service password reset | ||
| + | **Including on-premises users | ||
| + | *Branding (Outlook on the web) | ||
| + | *Multi-factor authentication | ||
| + | **Including on-premises users | ||
| + | *SSO for SaaS applications | ||
| + | *Azure AD Application Proxy | ||
| + | *Compliance reporting and auditing | ||
| + | *Dynamic Groups | ||
| + | |||
| + | ===Self-service password reset=== | ||
| + | *Azure AD -> DMZ -> On-premises (AADConnect and AD DS) | ||
| + | |||
| + | ===Branding (Outlook on the web)=== | ||
| + | *Self-explanatory | ||
| + | **Change login picture upon login, and add custom text to bottom of page | ||
| + | |||
| + | ===Multi-factor authentication=== | ||
| + | *Second layer of security | ||
| + | *Something you know, have or are | ||
| + | *Various methods available | ||
| + | **Phone call | ||
| + | **SMS | ||
| + | **Mobile app notification | ||
| + | **Mobile app verification | ||
| + | **OATH tokens | ||
| + | |||
| + | ===SSO for SaaS applications=== | ||
| + | *Company application (Facebook/Twitter) is managed through SaaS, and can be reset using user's AD SSO | ||
| + | |||
| + | ===Azure AD Application Proxy=== | ||
| + | *Securely publish on-premises applications to the cloud | ||
| + | *Remote Access as a Service | ||
| + | *Uses a connector installed on-premises | ||
| + | *Incoming web traffic hits Azure AD | ||
| + | |||
| + | ===Compliance reporting and auditing=== | ||
| + | *Reports anomalous activity and more | ||
| + | |||
| + | ===Dynamic Groups=== | ||
| + | *Auto add users to different groups/memberships (I.E. Auto-add to Marketing/Sales) | ||
| + | |||
| + | =Securing Devices Using Microsoft Intune= | ||
| + | *MDM | ||
| + | *Application Deployment | ||
| + | **Store/Developed | ||
| + | *Wi-Fi * VPN Profiles | ||
| + | *Conditional Access | ||
| + | *Microsoft Mobile Application Management | ||
| + | |||
| + | ==Taking a closer look into Intune== | ||
Revision as of 20:10, 20 December 2017
Getting Started with EMS
What is it?
- Azure AD
- SSO and identity platform for cloud and on-premises apps
- Microsoft Intune
- Cloud-based mobile device management platform
- Azure Rights Management
- Encryption and authorization polices for corporate data
Why do you care?
- Provides users with SSO with self service password reset and MFA
- Manage all user devices from a single pane using MDM and MAM solutions
- Protect corporate data outside your organization through encryption, authorization and identity policies
Benefits of EMS
- Short Term
- Authentication for mobile workforce. Data leakage. Ability to scale up and down dramatically.
- Long Term
- Lower TCO (Total Cost of Ownership). Walled garden security approach. SSO.
In Short
- Rise of Cloud Computing
- BYOD!
- Security Gaps
- Microsoft Enterprise Mobility Suite
What's Included with Microsoft Azure AD Premium?
Single Identity with write-back integration to on-premises AD
- Self-service password reset
- Including on-premises users
- Branding (Outlook on the web)
- Multi-factor authentication
- Including on-premises users
- SSO for SaaS applications
- Azure AD Application Proxy
- Compliance reporting and auditing
- Dynamic Groups
Self-service password reset
- Azure AD -> DMZ -> On-premises (AADConnect and AD DS)
Branding (Outlook on the web)
- Self-explanatory
- Change login picture upon login, and add custom text to bottom of page
Multi-factor authentication
- Second layer of security
- Something you know, have or are
- Various methods available
- Phone call
- SMS
- Mobile app notification
- Mobile app verification
- OATH tokens
SSO for SaaS applications
- Company application (Facebook/Twitter) is managed through SaaS, and can be reset using user's AD SSO
Azure AD Application Proxy
- Securely publish on-premises applications to the cloud
- Remote Access as a Service
- Uses a connector installed on-premises
- Incoming web traffic hits Azure AD
Compliance reporting and auditing
- Reports anomalous activity and more
Dynamic Groups
- Auto add users to different groups/memberships (I.E. Auto-add to Marketing/Sales)
Securing Devices Using Microsoft Intune
- MDM
- Application Deployment
- Store/Developed
- Wi-Fi * VPN Profiles
- Conditional Access
- Microsoft Mobile Application Management