Pluralsight
Jump to navigation
Jump to search
Getting Started with EMS
What is it?
- Azure AD
- SSO and identity platform for cloud and on-premises apps
- Microsoft Intune
- Cloud-based mobile device management platform
- Azure Rights Management
- Encryption and authorization polices for corporate data
Why do you care?
- Provides users with SSO with self service password reset and MFA
- Manage all user devices from a single pane using MDM and MAM solutions
- Protect corporate data outside your organization through encryption, authorization and identity policies
Benefits of EMS
- Short Term
- Authentication for mobile workforce. Data leakage. Ability to scale up and down dramatically.
- Long Term
- Lower TCO (Total Cost of Ownership). Walled garden security approach. SSO.
In Short
- Rise of Cloud Computing
- BYOD!
- Security Gaps
- Microsoft Enterprise Mobility Suite
What's Included with Microsoft Azure AD Premium?
Single Identity with write-back integration to on-premises AD
- Self-service password reset
- Including on-premises users
- Branding (Outlook on the web)
- Multi-factor authentication
- Including on-premises users
- SSO for SaaS applications
- Azure AD Application Proxy
- Compliance reporting and auditing
- Dynamic Groups
Self-service password reset
- Azure AD -> DMZ -> On-premises (AADConnect and AD DS)
Branding (Outlook on the web)
- Self-explanatory
- Change login picture upon login, and add custom text to bottom of page
Multi-factor authentication
- Second layer of security
- Something you know, have or are
- Various methods available
- Phone call
- SMS
- Mobile app notification
- Mobile app verification
- OATH tokens
SSO for SaaS applications
- Company application (Facebook/Twitter) is managed through SaaS, and can be reset using user's AD SSO
Azure AD Application Proxy
- Securely publish on-premises applications to the cloud
- Remote Access as a Service
- Uses a connector installed on-premises
- Incoming web traffic hits Azure AD
Compliance reporting and auditing
- Reports anomalous activity and more
Dynamic Groups
- Auto add users to different groups/memberships (I.E. Auto-add to Marketing/Sales)
Securing Devices Using Microsoft Intune
Microsoft Intune Features:
- MDM
- Application Deployment
- Store/Developed
- Wi-Fi * VPN Profiles
- Conditional Access
- Microsoft Mobile Application Management
Microsoft Intune Benefits:
- Device choice
- Management of Office mobile apps
- Data protection
- No on-premises infrastructure
- Enterprise integration
- Licensing options such as EMS
More info can be found here: https://www.microsoft.com/en-us/cloud-platform/roadmap
Taking a closer look into the Intune Architecture
Intune Architecture
- Cloud
- Verifiable domain name
- Intune subscription
- Devices to manage
Intune Hybrid with SCCM
- Connector
- One-way encrypted conversation to Intune
- Extensions
- Add new features in SCCM
- New extensions are rolled into SP's
- The old extensions will disappear
Things to consider before configuring Intune
- Check here before starting: https://docs.microsoft.com/en-us/intune/setup-steps
Configuring Client Enrollment
- End-User: Downloads Microsoft Intune Company Portal app and sign-in to account
- Upon downloading/installing, signing into your company account, it'll add the appropriate profile to the device
- Intune supports DEP (deploy.apple.com)
Azure Rights Management Service (RMS)
- Cloud service
- Suite of technology to protect and encrypt
- Polices allow identity, encryption and authorization
- Protection stays with the documents
- Full featured logging and reporting