Identity and Data protection with Enterprise Mobility Security in ottica GDPR
1 like407 views
The document discusses the integration and management of identity and access for employees, partners, and customers within cloud and on-premises environments, emphasizing the use of Azure Active Directory (AD) for single-sign-on, authentication, and application access. It highlights security measures like multi-factor authentication, privileged identity management, and data protection strategies to safeguard sensitive information. Additionally, it outlines Microsoft’s comprehensive approach to data handling, classification, and protection through Azure Information Protection and the challenges organizations face regarding data security and compliance.
More Related Content
Similar to Identity and Data protection with Enterprise Mobility Security in ottica GDPR (20)
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
- 2. of employees say mobile business apps change how they work 80% of employees use non-approved SaaS apps for work 50% 85% of enterprise organizations keep sensitive information in the cloud On-premises
- 4. On-premises
- 5. THE PROBLEM The security you need integrated with the productivity tools you want Productivity Secure On-premises OR
- 6. Apps and Data SaaS Malware Protection Center Hunting Teams Security Response Center Device CERTs and other partners Infrastructure Antivirus Network PaaS IaaS Identity INTELLIGENT SECURITY GRAPH Cyber Defense Operations Center Law Enforcement Digital Crimes Unit
- 7. Microsoft Intelligent Security Graph Unique insights, informed by trillions of signals
- 8. Windows Server Active Directory Azure Public cloud Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
- 9. 1. Single-sign On to thousands of 3rd party SaaS application from any device 2. More options for authentication than any other vendor. 3. Unmatched Office 365 Integration. 4. Secure remote access to on-premises apps. Remote Access to on-premises apps SSO to SaaS Office 365 App Launcher Azure AD Connect
- 10. — Identity and access management for employees, partners, and customers — Conditional Access Multi-Factor Authentication Addition of custom cloud apps Remote Access to on-premises apps Privileged Identity Management Dynamic Groups Identity Protection Azure AD DS Office 365 App Launcher Group-Based Licensing Access Panel/MyApps Azure AD Connect Connect Health Provisioning- Deprovisioning Azure AD Join Self-Service capabilities MDM-auto enrollment / Enterprise State Roaming Security Reporting Access Reviews HR App Integration B2B collaboration Azure AD B2C SSO to SaaS Microsoft Authenticator - Password-less Access
- 11. Securing Identity Modern “identity & access management as a service” Spans cloud and on-premises Provides full spectrum of services • Hybrid Identity • Federation & SSO • Identity management • Device registration • User provisioning • Conditional Access control • Data protection • B2B & B2C • App integration • MFA and security features Apps in MS Cloud Third-party web apps & SaaS clouds Microsoft Cloud Microsoft Identity Manager (MIM) Web Apps on-premises AAD App Proxy Web App Proxy (DMZ) Azure AD App Proxy Connectors Employees Everywhere access Partners Everywhere access AAD B2B Customers Everywhere access B2C Azure AD Connect Other ID stores Other Active Directories Active Directory Federation Services (ADFS)
- 12. Conditional Access Application Per app policy Type of client (Web, mobile rich app) Cloud and On-premises applications Microsoft, 3rd party and LOB User attributes User identity Group memberships Devices Are domain-joined Are compliant Platform type (Windows, iOS, Android) Lost or stolen Other Location (IP Range) Risk profile (with Azure Identity Protection) ENFORCE MFA ALLOW BLOCK IDENTITY-DRIVEN SECURITY
- 13. Azure Multi-Factor Authentication (MFA)
- 14. Privileged identity management Enforce on-demand, just-in-time administrative access when needed Use Alert, Audit Reports and Access Review Domain User Global Administrator Discover, restrict, and monitor privileged identities Domain User Administrator privileges expire after a specified interval
- 15. What is your favorite food? Self Service Password Reset for WW use with a handful of click Default or custom security questions Email to external verified mail Mobile phone call or TXT Office phone call Self-service password change: The user knows their password but wants to change it to something new. Self-service password reset: The user is unable to sign in and wants to reset their password by using one or more of the following validated authentication methods. Self-service account unlock: The user is unable to sign in with their password and has been locked out. The user wants to unlock their account without administrator intervention by using their authentication methods.
- 16. Corporate network Microsoft Azure Active Directory Connectors are deployed usually on corpnet next to resources Multiple connectors can be deployed for redundancy, scale, multiple sites, and different resources Users connect to the cloud service that routes their traffic to resources via the connectors A connector that auto-connects to the cloud service Azure Active Directory Application Proxy 1000s OF APPS, 1 IDENTITY DMZ https://app1- contoso.msappproxy.net/ Application Proxy http://app1
- 17. SharePoint Online & Office 365 apps Assign B2B users access to any app or service your organization owns Add B2B users with accounts in other Azure AD organizations Other organizations Add B2B users with MSA or other Identity Provider accounts Other Identity Providers* Microsoft Account On- premises Microsoft Azure Active Directory
- 18. Securely authenticate your customers using their preferred identity provider Capture login, preference, and conversion data for customers Provide branded (white-label) registration and login experiences Social IDs Business & Government IDs contoso Customers Analytics Apps Microsoft Azure Active Directory
- 19. Data Protection with AIP - Azure Information Protection
- 20. Enterprise Mobility + Security Protect your data anywhere of workers have accidentally shared sensitive data to the wrong person 58% Stroz Friedberg
- 21. How much control do you have over data? OUT OF YOUR CONTROL
- 22. MICROSOFT’S APPROACH TO INFORMATION PROTECTION Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Comprehensive protection of sensitive data throughout the lifecycle – inside and outside the organization Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation
- 23. The evolution of Azure RMS DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT
- 24. Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
- 25. Configure policies to discover, classify, label and protect on premises data Periodically scan on premises repositories to label and protect data Run in discovery or enforce modes Critical for migration scenarios and compliance with regulations such as GDPR Azure Information Protection scanner
- 26. Automatic classification - example Due Diligence Documentation Due Diligence Category Documentation Task Owner Status Business Plan, Corporate Structure, Financing Business plan Current five-year business plan Prior business plan Corporate organization Articles of incorporation Bylaws Recent changes in corporate structure Parent, subsidiaries, and affiliates Shareholders’ agreements Minutes from board meetings
- 27. Recommended classification - example
- 28. Reclassification and justification - example
- 29. User-driven classification - example