The document summarizes Microsoft's enterprise mobility and security solution. It focuses on identity-driven security, managed mobile productivity, and providing a comprehensive solution through products like Azure Active Directory, Microsoft Cloud App Security, Azure Information Protection, and Intune. These products help secure users, devices, apps and data across cloud apps, SaaS, and on-premises environments through features such as identity management, data classification, labeling, encryption, access controls and monitoring/response capabilities.

2. Enterprise Mobility + Security
The Microsoft vision
Identity Driven Security
Managed Mobile Productivity
Comprehensive Solution
AppsDevices DataUsers

3. Azure Information
Protection
Protect your data,
everywhere
Microsoft Cloud App Security
Azure Active Directory
Detect threats early
with visibility and
threat analytics
Advanced
Threat Analytics
Extend enterprise-grade
security to your cloud
and SaaS apps
Intune
Protect your users,
devices, and apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Enterprise Mobility +Security
The Microsoft solution

4. Azure Information
Protection

5. Unregulated,
unknown
Managed mobile
environment
How much control
do YOU have?
On-premises
Perimeter
protection
Identity, device
management protection
Hybrid data = new normal
It is harder to protect

6. DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
Respond
LABELINGCLASSIFICATION
Classify &
Label
ENCRYPTION
Protect
ACCESS
CONTROL
POLICY
ENFORCEMENT

7. Azure Information
Protection DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
Respond
LABELINGCLASSIFICATION
Classify &
Label
ENCRYPTION
Protect
ACCESS
CONTROL
POLICY
ENFORCEMENT
Full Data
Lifecycle

8. Classification
+ Automation + Protection + Reporting + Collaboration

10. Confidential
Restricted
Internal
Public
IT admin sets policies,
templates, and rules
Personal
Classify data based on sensitivity
Start with the data that is most
sensitive
IT can set automatic rules; users can
complement it
Associate actions such as visual
markings and protection

11. ReclassificationAutomatic Recommended Manual

12. FINANCE
CONFIDENTIAL
Persistent labels that travel with the document
Labels are metadata written to
documents
Labels are in clear text so that other
systems such as a DLP engine can read
Labels travel with the document,
regardless of location

14. VIEW EDIT COPY PASTE
Email
attachment
FILE
Protect data needing protection by:
Encrypting data
Including authentication requirement and a
definition of use rights (permissions) to the data
Providing protection that is persistent and travels
with the data
Personal apps
Corporate apps

15. aEZQAR]ibr{qU@M]
BXNoHp9nMDAtnBfr
fC;jx+Tg@XL2,Jzu
()&(*7812(*:
Use rights +
Secret cola formula
Water
Sugar
Brown #16
PROTECT
Usage rights and symmetric
key stored in file as “license”
Each file is protected by
a unique AES symmetric
License protected
by customer-owned
RSA key
Water
Sugar
Brown #16
UNPROTECT

16. Use rights
+
Azure RMS never
sees the file content,
only the license
Apps protected with
RMS enforce rights
SDK
Apps use the SDK to
communicate with the
RMS service/servers
File content is never sent
to the RMS server/service
aEZQAR]ibr{qU@M]B
XNoHp9nMDAtnBfrfC
;jx+Tg@XL2,Jzu
()&(*7812(*:
Use rights
+
LOCAL PROCESSING ON PCS/DEVICES

19. Monitor use, control and block abuse
Sue
Joe blocked in Ukraine
Jane accessed from France
Bob accessed from North America
MAP VIEW
Jane
Competitors
Jane access is revoked
Sue
Bob
Jane

20. Logs & Reporting
More
Soon

22. Share internally, with business partners, and customers
Bob
Jane
Internal user
*******
External user
*******
Any device/
any platform
Sue
File share
SharePoint
Email
LoB

23. Azure Active Directory
On-premises organizations
doing full sync
On-premises organizations
doing partial sync
Organizations completely in cloud
…and all of these organizations
can interact with each other.
Organizations created
through ad-hoc signup
ADFS
Using Azure AD for authentication

25. Authentication & collaboration
RMS connector
Authorization
requests via
federation
(optional)
Data protection for
organizations at different
stages of cloud adoption
Ensures security because
sensitive data is never
sent to the RMS server
Integration with on-premises
assets with minimal effort
AAD Connect
ADFS
Service supplied Key BYOK

26. Authentication & collaboration
RMS connector
Authorization
requests via
federation
(optional)
Data protection for
organizations at different
stages of cloud adoption
Ensures security because
sensitive data is never
sent to the RMS server
Integration with on-premises
assets with minimal effort
Hold your key on premises
AAD Connect
ADFS
HYOK
Service supplied Key BYOK
for
Regulated Environments

27. Classification only Understand your data classification needs, enable the service
and define a default policy so all documents are labelled.
+ Automation
+ Protection
+ Reporting
+ Collaboration
Define content based actions to automatically classify and label
documents or make recommendations to users to confirm.
For sensitive information, define protection policies that require
authentication and enforce use rights.
Gain insights into the types of information you have, users that
work with different sensitivity levels and trends in data
creation.
Securely share documents and email with internal and external
recipients.

28. Check out more sessions:
Tuesday:
BRK2127 Adopt a comprehensive identity-driven solution for protecting
and sharing data securely – 9am
THR2107 Collaborate securely using Azure Information Protection – 12:05
pm
Wednesday:
THR2108 Ensure comprehensive protection of your data with Azure
Information Protection – 11:05 am
BRK3095 Learn how classification, labeling, and protection delivers
persistent data protection – 12:30 pm
BRK2128 Protect and share data with anyone securely using Azure
Information Protection – 4 pm
Friday:
BRK3323 Meet Azure Information Protection customers and learn about
their success stories – 9:15 am (General Motors)

29. Try Enterprise Mobility + Security for free, today:
www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial
See Microsoft Cloud App Security in action
https://www.microsoft.com/en-us/cloud-platform/cloud-app-security-trial
Evaluate and try Microsoft Advanced Threat Analytics now
www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics
Explore Identity + Access Management
www.microsoft.com/en-us/cloud-platform/identity-management
Learn more about Azure Information Protection
www.microsoft.com/en-us/cloud-platform/information-protection
Discover new MDM and MAM solutions with Microsoft Intune
www.microsoft.com/en-us/cloud-platform/mobile-device-managementlink
Check out new Desktop virtualization capabilities
www.microsoft.com/en-us/cloud-platform/desktop-virtualization

30. From your PC or Tablet visit MyIgnite at
http://myignite.microsoft.com
From your phone download and use the Ignite
Mobile App by scanning the QR code above or
visiting https://aka.ms/ignite.mobileapp
Please evaluate this session
Your feedback is important to us!