http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com We face increasing challenges keeping users productive while protecting company information.

Download Report

Transcript http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com We face increasing challenges keeping users productive while protecting company information.

http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://developer.microsoft.com
We face increasing challenges
keeping users productive while
protecting company information
Simply said, you have sensitive
data, and you need to protect it.
You manage users: who, when.
You manage devices: which, where.
You need to manage information: who,
where, which and when.
87%
87% of senior managers admit
to regularly uploading work
files to a personal email or
cloud account.*
58% have accidentally sent
sensitive information to the
wrong person.*
58%
?%
Focus on data leak prevention
for personal devices, but
ignore the issue on corporate
owned devices where the risks
are the same
Enabling data to flow from one organization to another
Sharing data
Securely share any file type,
from within common user
experiences
Between organizations
Authenticate users from other
organizations (without having to
implement point to point
federation)
Maintain control
Enlightened applications such as
Office and PDF readers offer the
ability to enforce rights.
Key learnings from our customers
Data privacy is important
and is often mandated
Regulatory requirements
are on the rise
The perimeter is fading…
Mobile workforces, BYOD,
outsourcing, virtual orgs
Many models of
data protection polices
are more reactive
We need data to be born
encrypted and to maintain a
persistent protection
IT must ‘reason over data’
as they do high value
services
Waiting for the “ultimate
data protection solution” is
tempting
Peer to Peer federation is not
practical or scalable
Point to point encryption
fails them today
… yet data is leaking now
There has to be a better way
Our approach
Protect any file type
Protect in place,
and in flight
Share with anyone
Delight with Office docs,
PDF, Text, and Images.
Data is protected all the time
B2B sharing is most
important with
B2Consumer on the rise
Important applications and
services are enlightened
Meet the varied
organizational needs
CSOs and Services can
‘reason over data’
Delight with Office docs,
PDF, Text, and Images.
Protection enforced in the
cloud, or on-premises; with
data in both places.
Delegated access to data
with bring-your-own-key
How Azure RMS works
Rights Management 101
Important: RMS never sees your DATA,
only your keys
Azure RMS deployment options
We’re all in for the cloud! We’re adopting
O365 and we need simple, secure
collaboration.
Cloud Ready
Integration
Sync
BYO Key
We’re ready for some cloud! We have on premises
Exchange, SharePoint, and Windows Server. We
might adopt O365, but we need simple secure
collaboration now.
Cloud Accepting
Integration
Sync
BYO Key
Azure RMS
Connector
We’re not ready for the cloud yet! We have on
premises Exchange, SharePoint, and Windows Server.
We still need simple secure collaboration.
Cloud Reluctant
Integration
Sync
BYO Key
Azure RMS
Hub
Traditional Collaboration via P2P Trust
Using Azure AD as the Trust Fabric
The end user experience
protecting documents.
DEMO: RMS Applications
Native Applications and Generic
protection using Protected File (PFILE)
Custom administrator
defined policies
I can protect and share information
securely across device types
Sharing documents securely
Use Microsoft Azure RMS to securely share
documents with colleagues and business
partners
Sharing protected files with anyone
Email Receiver
Quartely_Sales_Report.xslx
Quartely_Sales_Report.ppdf
A protected PDF copy is sent for easy access
on all platforms
Getting email notifications for document use
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected];
[email protected] opened RMS blog post – Aug2014.docx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetWithCharts.xlsx.pdf
[email protected] was denied access to BudgetwithCharts.xlsx.pdf
Application Integration: Right Management Services
Scenario
Read only
experience, but
still secure
Get started quickly with data
protection and governance
Get started quickly with Azure RMS
1
Get started quickly
with a single click
2
Manage templates and
create with ease
3
Simple wizard driven
template definition
Working with Azure RMS templates
3
Expire content based on a
specified date
5
Manage template lifecycle
4
Enforce online connection or
allow offline access
Policy driven information protection with Office 365
A simple yet powerful rules generation
experience with pre-canned templates makes
it easy to quickly implement and provision
data protection policies
Data governance
Powerful rules based policies can enforce the
automatic application of RMS to email and
documents that include sensitive information.
Protect SharePoint document libraries with onexit protection of documents
Enforce Data Loss Protection policies in e-mail
with content scanning including attachments
Automated RMS in File
Classification policies
A strong and growing partner ecosystem
Other new capabilities
AD RMS to Azure RMS Migration toolkit
Deployment controls for end user rollout
Mac Outlook 2015 with Azure RMS support
Windows 10 EDP with Azure RMS support
Departmental Templates
Coming Soon
CY15
Q1
Doc tracking experience (see who accessed my protected docs)*
Preview
Document revocation – expire a doc after sharing*
Preview
Azure RMS Hub (deployable w/on-premises key management)*
Preview
Secure sharing to consumer email (Outlook, Gmail, Yahoo)
* Indicated an EMS/Azure RMS premium feature not in O365/RMS
Q2
Preview
Recap
Our North Star: Protect any
file; shared with anyone
Supporting customers of
all types
Microsoft RMS now does
more than ever
Microsoft and our partners
are working with us to make
this happen
‘Cloud Ready’ orgs can use
RMS in Office 365 with
unprecedented ease
Nearly automatic with Office
365 and Microsoft RMS
We’re not done yet, but
we’ve come a long way
‘Cloud Accepting’ orgs can
use Azure RMS with the RMS
connector
‘Cloud Reluctant’ orgs can
use Azure RMS hub on
premises
Some will use Hardware
Security Modules with BYOK
Enables hybrid organizations
with Azure RMS and the RMS
Connector
Protects any file type with
RMS app; enlightened
applications do better
Next Steps
 Follow @ Twitter @TheRMSGuy
 IT Pro blog @ http://blogs.technet.com/b/rms
 Learn more @ http://www.Microsoft.com/rms  RMS developer blog @ http://blogs.msdn.com/b/rms
 Discover @ http://curah.microsoft.com/56313  Sign up @ http://portal.aadrm.com
 Email [email protected] for questions  Download @ http://portal.aadrm.com/home/download