蓝色述职报告工作总结通用PPT模板.ppt

1、Todays challenges,People-centric IT,Enable your end usersAllow users to work on the devices of their choice and provide consistent access to corporate resources.,Unify your environmentDeliver a unified application and device management on-premises and in the cloud.,Protect your dataHelp protect corp

2、orate information and manage risk.,Management. Access. Protection.,Access and Information Protection,Empower users,Simplified registration and enrollment for BYO devicesAutomatically connect to internal resources when neededAccess to company resources is consistent across devices,Challenges,Solution

3、s,Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources.Users want an easy way to be able to access their corporate applications from anywhere.IT departments want to empower users to work this way, but they also need to

4、 control access to sensitive information and remain in compliance with regulatory policies.,Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources.Users can enroll their devices, which provides them wi

5、th the company portal for consistent access to applications and data, and to manage their devices.IT can publish access to corporate resources with conditional access based on the users identity, the device they are using, and their location.,Empower users,Enabling IT to empower users,IT can publish

6、 access to resources with the Web Application Proxy based on device awareness and the users identity,IT can provide seamless corporate access with DirectAccess and automatic VPN connections.,Users can work from anywhere on their device with access to their corporate resources.,Users can register dev

7、ices for single sign-on and access to corporate data with Workplace Join,Users can enroll devices for access to the Company Portal for easy access to corporate applications,IT can publish Desktop Virtualization (VDI) for access to centralized resources,Registering and Enrolling Devices,IT can publis

8、h access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.,Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As

9、 part of this, a certificate is installed on the device,Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications,As part of the registration process, a new device object is created in Ac

10、tive Directory, establishing a link between the user and their device,Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud,Demo,Workplace Join,Publish access to resources with the Web Application Proxy,Users can access

11、 corporate applications and data wherever they are,IT can use the Web Application Proxy to authenticate users and devices with multi-factor authentication,Use conditional access for granular control over how and where the application can be accessed,Active Directory provides the central repository o

12、f user identity as well as the device registration information,Developers can leverage Windows Azure Mobile Services to integrate and enhance their apps,Demo,Web Application Proxy,Users can sync their work data to their devices. Users can register their devices to be able to sync data when IT enforc

13、es conditional access,IT can publish access directly through a reverse proxy, or conditional access can be enforced via device registration through the Web Application Proxy,IT can configure a File Server to provide Work Folder sync shares for each user to store data that syncs to their devices, inc

14、luding integration with Rights Management,IT can selectively wipe the corporate data from Windows 8.1 clients,Make corporate data available to users with Work Folders,Active Directory discoverability provides users Work Folders location,Access Policy,Demo,Work Folders,Effective working with Remote A

15、ccess,Can originate admin connection from intranet,Connection tointranet is always active,Cannot originate admin connection from intranet,With DirectAccess, a users PC is automatically connected whenever an Internet connection is present.,Traditional VPNs are user- initiated and provide on-demand co

16、nnectivity to corporate resources.,An automatic VPN connection provides automated starting of the VPN when a user launches an application that requires access to corporate resources.,Unify your environment,Challenges,Solutions,Providing users with a common identity when they are accessing resources

17、that are located both on-premises in a corporate environment, and in cloud-based platforms.Managing multiple identities and keeping the information in sync across environments is a drain on IT resources.,Users have a single sign-on experience when accessing all resources, regardless of location.User

18、s and IT can leverage their common identity for access to external resources through federation.IT can consistently manage identities across on-premises and cloud-based identity domains.,Expanded domain join capabilities,Not Joined,Workplace Joined,Domain Joined,User provided devices are “unknown” a

19、nd IT has no control. Partial access may be provided to corporate information.,Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information,Domain joined computers are under the full control of IT and can be provided with complete access t

20、o corporate information,Browser session single sign-on,Seamless 2-Factor Auth for web apps,Enterprise apps single sign-on,Desktop Single Sign-On,Active Directory for the cloud,Run Active Directory at scale with support for virtualization and rapid deployment through domain controller cloning.,Develo

21、pers can integrate applications for single sign-on across on-premises and cloud-based applications.,Leverage cloud platforms to run Windows Server Active Directory and Active Directory Federation Services to reduce infrastructure on-premises.,Manage Active Directory using Windows PowerShell, use the

22、 improved deployment experience and leverage the Active Directory Administrative Center for centralized management,Activate clients running Office on at least Windows8 or Windows Server 2012 automatically using existing Active Directory infrastructure.,Users get access through accounts in Windows Az

23、ure Active Directory to Windows Azure, Office 365 and 3rd party applications,Managing cloud identities,IT can provide users with a common identity across on-premises or cloud-based services leveraging Windows Server Active Directory and Windows Azure Active Directory,Users are more productive by hav

24、ing a single sign-on to all their resources,IT can use Active Directory Federation Services to connect with Windows Azure for a consistent cloud based identity.,Developers can build applications that leverage the common identity model,Dirsync keeps user attributes in sync across directories.,Increas

25、ing the value in Active Directory Federation Services,Users can register their devices to gain access to corporate data and apps and single sign-on through device authentication,Conditional access with multi-factor authentication is provided on a per-application basis, leveraging user identity, devi

26、ce registration & network location,Organizations can federate with partners and other organizations for seamless access to shared resources,Organizations can connect to SaaS applications running in Windows Azure, Office 365 and 3rd party providers,Enhancements to ADFS include simplified deployment a

27、nd management,Resources in other businesses or identity realms,Demo,ADFS,Corporate identity management,Allow users to manage their identity with an easy to use portal, tightly integrated with Office.,Self-service group and distribution list management, including dynamic membership calculation in the

28、se groups and distribution lists, is based on the users attributes.,Users can reset their passwords via Windows logon, significantly reducing help desk burden and costs.,Sync users identity across directories, including Active Directory, Oracle, SQL Server, IBM DS, and LDAP.,Manage the complete life

29、 cycle of certificates and smart cards through integration with Active Directory.,User provisioning, de-provisioning, and role updates,Built-in workflow for identity management,Automatically synchronize all user information to different directories across the enterprise,Automate the process of on-bo

30、arding new usersReal-time de-provisioning from all systems to prevent unauthorized access and information leakage,LDAP,Certificate Management,Protect your data,Challenges,Solutions,As users bring their own devices in to use for work, they will also want to access sensitive information and have acces

31、s to this information locally on the device.A significant amount of corporate data can only be found locally on user devices.IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance.,Users can w

32、ork on the device of their choice and be able to access all their resources, regardless of location or device.IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents.IT can centrally audit and report on information

33、access.,Policy based access to corporate information,IT can publish resources using the web application proxy and create business-driven access policies with multi-factor authentication based on the content being accessed.,IT can audit user access to information based on central audit policies.,User

34、s can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.,IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.,Protecti

35、ng information with multi-factor authentication,1. Users attempts to login or perform an action that is subject to MFA,2. When the user authenticates, the application or service performs a MFA call,3. The user must respond to the challenge, which can be configured as a txt, a phone call or using a m

36、obile app,5. IT can configure the type and frequency of the MFA that the user must respond to,4. The response is returned to the app which then allows the user to proceed,User,Demo,Windows Azure Active Authentication (PhoneFactor)Dependent on network connectivity ,Protect data with Dynamic Access Co

37、ntrol,Centrally manage access control and audit polices from Windows Server Active Directory.,Automatically identify and classify data based on content. Classification applies as files are created or modified.,Integration with Active Directory Rights Management Services provides automated encryption

38、 of documents.,Central access and audit policies can be applied across multiple file servers, with near real-time classification and processing of new and modified documents.,File classification, access policies and automated Rights Management works against client distributed data through Work Folde

39、rs.,Demo,Dynamic Access Control,Recap: Access and Information Protection,Empower users,Simplified registration and enrollment for BYO devicesAutomatically connect to internal resources when neededAccess to company resources is consistent across devices,Related content,Access & Information Protection

40、 Booth,Breakout Sessions, 2018 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of

41、Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.,