There are at least 5 quick wins you can get from implementing
Microsoft’s Enterprise Mobility Vision: Epic Reports that tell you about
potential security breaches; get a handle on where your data is going
with Cloud App Discovery; be better than passwords with simple to
implement multi factor authentication; understand your users devices
with workplace join and give your users devices they’ll love.
The client management space is changing: when we look at information from Forrester we see that 40% of companies said that BYOD programs are a high priority and that many of us (classed as information workers) are using more than one device. That doesn’t mean that the traditional client management space goes away, rather that it’s augmented with new capabilities to support those workloads. A few months back Brad Anderson, CVP Enterprise + Client Mobility started an excellent blog series defining and expanding upon our enterprise mobility vision:
On that note, let’s get specific – tell me your mobility challenges in the comments, I promise to read them all and help solve some of them.
This
is showing that one of my users logged on from places she couldn’t have
travelled between in time and was attempting to mask her IP. This is
telling you that her account has probably been compromised. I bet you
don’t get that with on-prem only AD or any other identity provider.
Show this to your ITSec or CIO and they’ll ask you to show them more.
The best thing is that the other reports are even better: I call them
“big data for the IT admin” but that’s for another post in the series.
Let’s not stop with the quick wins though.
In the report above you can see that one of my users has used a variety of services, the types of those services, the names of them and the amount data they’ve transferred. As a bonus all the apps with logo tiles in the top right quadrant can instantly be managed as SaaS apps through the portal, but again more in a later post. For now though, download the Windows 8.1 evaluation, install it and then try Cloud App Discovery.
The client management space is changing: when we look at information from Forrester we see that 40% of companies said that BYOD programs are a high priority and that many of us (classed as information workers) are using more than one device. That doesn’t mean that the traditional client management space goes away, rather that it’s augmented with new capabilities to support those workloads. A few months back Brad Anderson, CVP Enterprise + Client Mobility started an excellent blog series defining and expanding upon our enterprise mobility vision:
…to help organizations enable their users to be productive on devices they love while protecting the company.
This is the first post in a series during which I’m going to expand
on some of Brads key points and give you practical ways that you can
immediately start to give value back to your business by implementing
our vision. I’ll help you solve your mobility challenges (please
note that doesn’t mean I’m going to solve the issue of you being
stalked on Facebook by that ex, let’s keep this on enterprise mobility!)On that note, let’s get specific – tell me your mobility challenges in the comments, I promise to read them all and help solve some of them.
Step Zero – Try Stuff
The very first thing you’re going to want to do is to try things out. We all like to build a lab to understand the technology intimately. To be able to do this you’ll need to lay your hands on some evaluations and trials, luckily we’ve done everything we can to make that easy for you: Take the Empower Workforce Mobility learning path on the TechNet Evaluation Center. Of course I’m not going to leave you to do that on your own, you can sign up for the trials you need and I created this handy video to help you out.Quick Win 1: Epic Reports
This is my favorite first thing to show people about our mobility offering because it’s simple to implement. As soon as you’ve created an Azure AD tenant (which the above video shows you how to do!) and you’ve created a user either in the cloud (IT Pro test: figure this bit out yourself) or you have some users synced from on-prem AD then you can get going. Follow these steps and in about 5 minutes you’ll see the power of Azure AD reports…- Download the TOR browser (do this in a lab that’s NOT on your corporate network)
- Use one of your user accounts to log into myapps.microsoft.com a few times (do it about 5 times)
- Go to the Azure portal and using your admin account go to your Directory then go to Reports and select Users with anomalous sign in activity.
This
is showing that one of my users logged on from places she couldn’t have
travelled between in time and was attempting to mask her IP. This is
telling you that her account has probably been compromised. I bet you
don’t get that with on-prem only AD or any other identity provider.
Show this to your ITSec or CIO and they’ll ask you to show them more.
The best thing is that the other reports are even better: I call them
“big data for the IT admin” but that’s for another post in the series.
Let’s not stop with the quick wins though.Quick Win 2: Know where your data is going
You know your users are getting around your “no personal cloud storage” policy but you don’t know how or to what extent. I hear this all the time from the admins I talk to (and the CIO is probably loosing sleep over this too). Again we have a tool that can give you quick insight: Cloud App Discovery. This tool is very simple but highly effective, install the agent onto Windows PCs in your company and the PC will report back to YOUR Azure tenant information about the cloud services being used on it. So if your user decides to copy data to Box.com through the browser – you see it in the report, or it they do it through installed software – you see it in the report. You can also see who the user signed into the PC was and how much date they transferred.In the report above you can see that one of my users has used a variety of services, the types of those services, the names of them and the amount data they’ve transferred. As a bonus all the apps with logo tiles in the top right quadrant can instantly be managed as SaaS apps through the portal, but again more in a later post. For now though, download the Windows 8.1 evaluation, install it and then try Cloud App Discovery.
Quick Win 3: Be Better than Passwords with MFA
As soon as you have users in the cloud and you have Azure AD Premium you can enabled Azure Multi-Factor Authentication (you have trial if you followed the advice in Step Zero). Once enabled for a user when that user signs in next they will be asked to verify their contact phone number by opting to receive a call or text. Subsequently their sign on will be a little different but a lot safer:- They attempt to sign on
- Correctly enter their password
- Azure MFA steps in and calls or texts them
- They answer or get the SMS code and enter it
- Their sign-on is complete.
Quick Win 4: Know your users devices with Workplace Join
When a conversation gets passed “I don’t know what cloud apps my users are using” the conversation normally moves onto “I don’t know what devices they’re using”. For the past 15 years we’ve had Domain Joined devices – company owned, company managed devices. The real point of domain membership is to give Windows devices identity – but you probably don’t want devices that the company doesn’t own joined to you domain (and users really don’t want the GPO that deploys the corporate wallpaper on their device!). iOS and Android devices obviously don’t support Domain Join either. Workplace join steps in and helps out. It works with all the most common devices and you can use it to permit and deny access to corporate resources with conditional access. It takes a while to implement a Workplace Join scenario so why do I call it a quick win? Well not all quick wins happen in 10 minutes: sometimes they take a while to implement but become fruitful quickly. If you implement workplace join you’ll quickly start finding out what devices your users are trying to use – that can inform policy – but policy you’ll be able to implement quickly. Luckily you can try it out in about an hour with the labs in our tech journey!Quick Win 5: “devices they love”
The quickest win I can think of is to stop trying to please everyone all the time – it just makes everyone unhappy. Your users will love (and therefor keep using) devices that get the job done for them in the way they want it done. Sometimes that will be them selecting the device, sometimes if will be IT selecting an array of devices for them to choose from…sometimes it will be a task-specific device. In essance the quick win is to think of managing only three device types:- Employee owned, company enabled
- Company owned, employee enabled
- Company enabled only.
Post a Comment