Business and Technical Review Recap
The Microsoft Enterprise Mobility Suite (EMS) business and technical review conducted on [DATE OF ASSESSMENT]had the following goals:
1)Understand the existing challenges and tools [CUSTOMER NAME]is currently leveraging in key security scenarios.
2)Provide a deeper dive into core components of EMS that could augment [CUSTOMER NAME] existing security efforts.
3)Identify the specific value(s) and impact each component would provide to [CUSTOMER NAME].
4)Provide recommendations on how [CUSTOMER NAME] can leverage the components within EMS and provide detailed next steps.
Participants
[CUSTOMER NAME]
Name / Title / Email[PARTNER NAME]
Name / Title / EmailMICROSOFT
Name / Title / EmailCloud Identity
Azure Active Directory Premium (Azure AD Premium) is a comprehensive identity and access management cloud solution that provides a robust set of capabilities forusers and groups. It helps secure access to on- premises applications and more than 2,500 cloud apps.Key features of Azure AD Premium include:
- Company branding: To make the end-user experience even better, you can add your company logo and color schemes to your organization’s Sign In and Access Panel pages. Once you’ve added your logo, you also have the option to add localized logo versions for different languages and locales.
- Group-based application access: Use groups to provision users and assign user access in bulk to thousands of SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced-in from your on-premises Active Directory.
- Self-service password reset: Azure has always allowed directory administrators to reset passwords. With Azure AD Basic, you can now reduce Help Desk calls when users forget a password by giving all users in your directory the capability to reset their password, using the same sign-in experience they have for Office 365.
- Azure AD Application Proxy: Give your employees secure access to on-premises applications like SharePoint and Exchange/OWA from the cloud using Azure AD.
- Self-service group management: Azure AD Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests, and maintain their group’s memberships.
- Advanced security reports and alerts: Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are Machine Learning-based and can help you gain new insights to improve access security and respond to potential threats.
- Multi-Factor Authentication: Multi-Factor Authentication (MFA) is now included with Azure AD Premium and can help you secure access to on-premises applications (VPN, RADIUS, etc.), Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and thousands of non-MS Cloud services pre-integrated with Azure Active Directory. Simply enable MFA for Azure AD identities and users will be prompted to set up additional verification the next time they sign in.
- Microsoft Identity Manager (MIM): Azure AD Premium comes with the option to grant rights to use a MIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit tothe number of FIM servers you can use.However, MIM CALs are granted based on the allocation of an Azure AD Premium user license.
- Enterprise SLA of 99.9%: We guarantee at least 99.9% availability of the Azure AD Premium service.
- Password reset with write-back: Self-service password reset can be written back to on-premises directories.
- Azure AD Connect Health: Monitor the health of your on-premises Active Directory infrastructure and get usage analytics.
Business and Technical Review
[CUSTOMER NAME]internal Identity Management solution currently leverages [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. INCLUDE DETAIL ON EXISTING DIRECTORIES, FEDERATION, CLOUD APP USAGE, AND ANY EXISTING MFA OR SSO SOLUTIONS].
Impact, Value, and Key Differentiators
1)[OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION]
2)[OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT MEET CUSTOMER SECURITY NEEDS]
3)[OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES]
4)[OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]
Recommendations
Recommended Actions / Timeline- [DETAIL RECOMMENDATIONS FROM CLOUD IDENTITY SESSION WITH CUSTOMER.
/etc.
2.
3.
4.
5.
Mobile Device and Application Management
Microsoft Intune provides Mobile Device management and Mobile Application Management via the cloud. It enables organizations to provide their employees with access to corporate applications, data, and resources from virtually anywhere on virtually any device, while helping to keep corporate information secure. Key features of Intune include:
- Mobile Device Management (MDM): Intune helps provide secure management of personal and corporate-owned devices across the most popular platforms, including Windows, Windows Phone, iOS, and Android. You can provide users with the ability to enroll their own devices for management as well as install corporate applications from the self-service Company Portal. With Intune’s resource access policies, you can restrict users from accessing corporate resources on an unenrolled or non-compliant device. You can also apply device settings that can enable remote actions, such as passcode reset, device lock, data encryption, or full wipe of a lost or stolen device.
- Mobile Application Management (MAM) With Intune, manageability and data protection is built directly into the Office mobile apps that your employees are most familiar, helping to prevent leakage of company data by restricting actions such as copy, cut, paste, and save as between Intune-managed corporate apps and personal apps. Intune provides the flexibility to extend these capabilities to your existing line-of business apps with the Intune App Wrapping Tool and offer secure content viewing using the Intune Managed Browser, PDF Viewer, AV Player, and Image Viewer apps. You also have the ability to deny specific applications or URL addresses from being accessed on a mobile device and can push required apps automatically during enrollment. To further protect corporate information, you can selectively wipe managed apps and related data on devices that are unenrolled, no longer compliant, lost, stolen, or retired from use.
- No infrastructure required: Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.
- Enterprise integration: Extend your existing System Center Configuration Manager infrastructure through integration with Intune to provide a consistent management experience across devices on- premises and in the cloud.
- End-user based licensing:User-based licensing would provide the ability to enroll up to five devices per user.
Business and Technical Review
[CUSTOMER NAME]internal Identity Management solution currently leverages [THIRD-PARTY MDM VENDOR – THEN COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. BE SURE TO HIGHLIGHT ANY USE OF SYSTEM CENTER PRODUCTS THAT COULD BE LEVERAGED FOR BETTER TOGETHER STORY].
Impact, Value, and Key Differentiators
1)[OUTLINE TIME AND RESOURCES REQUIRED TO MAINTAIN EXISTING SOLUTION. HIGHLIGHT ANY COMPLEXITY CONCERNS]
2)[OUTLINE POTENTIAL TIME AND RESOURCE SAVINGS BY IMPLEMENTING EMS COMPONENTS THAT MEET CUSTOMER SECURITY NEEDS]
3)[OUTLINE POTENTIAL COST SAVINGS BY ELIMINATING REDUNDANT TECHNOLOGIES]
4)[OUTLINE KEY EMS FEATURES THAT PROVIDE BETTER/DIFFERENT PROTECTION]
Recommendations
Recommended Actions / Timeline- [DETAIL RECOMMENDATIONS FROM MOBILE DEVICE AND APPLICATION MANAGEMENT SESSION WITH CUSTOMER.
/etc.
2.
3.
4.
5.
Breach Defense
Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence. Itdelivers clear and relevant threat information on a simple attack timeline. ATA leverage deep packet-inspecting technology, as well as information from additional data sources, Security Information and Event Management, and Active Directory to build an Organizational Security Graph and detect advance attacks in real time. Key features include:
Business and Technical Review
[CUSTOMER NAME]currently leverages[COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. HIGHLIGHT ANY LIMITATIONS OF EXISTING TOOLS OR LACK OF INTEGRATION].
Impact, Value, and Key Differentiators
1)[OUTLINE IF/WHEN CUSTOMER EXPERIENCED BREACH-RELATED ISSUES]
2)[OUTLINE FEATURES OF ATA/PAM COULD IMPROVE THREAT DETECTION]
3)[OUTLINE SPECIFICS OF HOW ATA COULD ELIMINATE TIME/RESOURCES NEEDED TO COME UP WITH RESPONSE PLAN]
4)[OUTLINE HOW ATA COULD IMPROVE OVERALL RISK VISIBILITY BY INTEGRATING WITH EXISTING CONSOLES]
Recommendations
Recommended Actions / Timeline- [DETAIL RECOMMENDATIONS FROM BREACH DEFENSE SESSION WITH CUSTOMER.
/etc.
2.
3.
4.
5.
Self-Protecting Documents
Azure Rights Management (Azure RMS) is an information protection solution for organizations that want to protect their data in today's challenging work environment.
These challenges include allowingaccess to company data on the road and home by users who bring personal devices to work. They also includeemployees sharing sensitive information with important business partners. And even as part of daily work, users share information by using email, file-sharing sites, and cloud services. Unfortunately, traditional security controls (such as access control lists and NTFS permissions) and firewalls have limitedeffectiveness to protect company data – and often make it harder for users to work efficiently.
Azure RMS can protect your company’s sensitive information in all these scenarios. It uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within and outside your organization because that protection remains with the data – even when it leaves your organization’s boundaries. For example, employees might email a document to a partner company, or they may save a document to their cloud drive. The persistent protection that Azure RMS provides not only helps to secure your company data, but might also be legally mandated for compliance, legal discovery requirements, or simply good information management practices.
It works with major device platforms, including iOS, Android, and Windows, and is compatible with virtually every file type. It has deep integration with Microsoft Office as well.
Business and Technical Review
[CUSTOMER NAME]currently [COMPLETE WITH INFORMATION GAINED FROM REVIEW SESSION. DO THEY USE OFFICE 365 RMS TODAY? HOW HAVE THEY LEVERAGED IT? WHAT OTHER DLP TOOLS DO THEY HAVE DEPLOYED? HAVE THEY HAD ANY DATA LEAKS?].
Impact, Value, and Key Differentiators
1)[OUTLINE SPECIFICS OF RMS COULD HELP RESOLVE LEGAL DEPT CONCERNS]
2)[OUTLINE SPECIFICS OF HOW RMS COULD HELP RESOLVE HR DEPT CONCERNS]
3)[OUTLINE HOW RMS COULD HELPS RESOLVE FINANCE DEPT CONCERNS]
4)[OUTLINE HOW RMS COULD HELP PROTECT EXECUTIVE COMMS]
Recommendations
Recommended Actions / Timeline- [DETAIL RECOMMENDATIONS FROM SELF-PROTECTING DOCUMENTS SESSION WITH CUSTOMER.
/etc.
2.
3.
4.
5.
Summary
The Enterprise Mobility Suite business and technical reviewprovides[CUSTOMER NAME], [PARTNER NAME], and Microsoft the opportunity to gain additional insights into areas where [CUSTOMER NAME]would benefit from the components and services that complement or help redefine existing security approaches. Our recommendations would help [CUSTOMER NAME]quickly move forward to realize these benefits and leveraging [PARTNER NAME]can help accelerate this process. Microsoft provides deployment vouchers with you Enterprise Agreement and we recommend leveraging those to engage [PARTNER NAME] to start detailing each deployment plan. [CUSTOMER NAME]will work with you directly on next steps.
/ 1