Windows Strategy for Business Devices and Experiences Users Love Enterprise Grade Solutions Businesses Require.
Download ReportTranscript Windows Strategy for Business Devices and Experiences Users Love Enterprise Grade Solutions Businesses Require.
Windows Strategy for Business Devices and Experiences Users Love Enterprise Grade Solutions Businesses Require NOKIA LUMIA 620 NOKIA LUMIA 820 NOKIA LUMIA 925 NOKIA LUMIA 1320 NOKIA LUMIA 1020 NOKIA LUMIA 1520 NOKIA LUMIA 920 NOTE: Availability of particular products may vary by region and by service provider. NOKIA LUMIA 720 NOKIA LUMIA 625 NOKIA LUMIA 520 Windows Phone 8.1 for the Enterprise Enterprise grade security Platform Alignment (Phone, Tablet, Desktop) Mebromi, similar it MyBIOS, is a trojan and bootkit Infects Award BIOS and controls the boot up process Used in combination with another malware package Mebromi is to provide persistence to malware that uses the MBR to boot If an antimalware solution is able to clean the system of malware infected BIOS redeploys it By living in the firmware Mebromi can remain hidden from most antimalware solutions Additional malware that Mebromi deploys helps with persistence and tampers with AV Unified Extensible Firmware Interface (UEFI) A modern replacement for traditional BIOS A Windows client and phone certification requirement architecture-independent solution initializes device and enables operation (e.g.; mouse, apps) Secure Boot - Ensures only signed and trusted OS’s start Eliminates bootkit threat by securing device start-up Mimikatz enables the export of certificates from a device Certificates can be passed to malicious users who wish to impersonate you Mimikatz is a hacker tool designed for Windows PC’s. A hypothetical attack phones Windows Phone is designed inherently to be immune to such an attack, but… In today’s word we need to assume an operating system’s defenses will be breached Solution - bind sensitive information to the device and prevent access even if exported Trusted Platform Module (TPM) A processor for performing cryptographic operations Internationally recognized standard for crypto processing A Windows Phone certification requirement Provides means to determine hardware and OS integrity Can generate and store keys used for encrypting data Includes tamper-proofing and anti-hammer capability Use TPM for more than just device encryption Based on data from 2014 Cisco Cloud and Web Security Report Chart from the 2014 Cisco Cloud and Web Security Report End to end protection from power on to power down Boot Core Post Boot Ensures secure start-up and integrity validation of all operating system Eliminates the potential for rootkits and system components tampering Platform designed to prevent execution of unsigned and untrusted applications Consumer apps must be signed, can only be installed via store Corporate apps must be signed, require trusted signature, several provisioning options Training Requirements Design Implementation Verification Release Response AppContainer Support Plug-In-less in Immersive (including Adobe Flash) Password protection using Credential Locker Do Not Track protection Allows or blocks URL access based on cloud based URL reputation service Support for Internet Explorer and Windows Store Apps Results: Over 230 Million phishing warnings Over 17 Trillion reputation lookups Allows or blocks URL access based on cloud based URL reputation service Support for Internet Explorer and Windows Store Apps Results: Over 230 Million phishing warnings Over 17 Trillion reputation lookups Disable removable storage card policy Users with even the best intentions will use applications that put your organization’s data at risk Well intentioned apps may be used to leak corporate data and malicious apps will harm or steal it App White and Black listing can put IT back in control of which application can and can not be used using policy based white and black lists (App Allow/Deny list) Users can enroll BYOD devices with an MDM to access corporate data and apps regardless of device or location Personal Apps and Data Company Apps and Data Policies Management with Intune or 3rd Party MDM Users can enroll BYOD devices with an MDM to access corporate data and apps regardless of device or location MDM provides IT with the ability to control user access to the data and apps. MDM’s that make use of technologies like Windows 8.1’s Remote Business Data Removal and others can wipe data and apps or make them permanently inaccessible Personal Apps and Data Company Apps and Data Policies Management with Intune or 3rd Party MDM Trustworthy Hardware Security and integrity rooted in standards based hardware Malware Resistance Market leading malware resistance Information Protection Information protection while data is at rest, use, and in motion Identity & Access Control Platform differentiation can be found in one of the most important areas of security • Secure device firmware and operating system start-up with UEFI • TPM provides a Hardware based crypto processer for verifying device integrity • Platform integrity with Trusted Boot and trustworthy apps from the Windows Phone store • Online safety and phishing protection using Internet Explorer and URL Reputation • Persistent encryption enables sharable data on the device, removable media, over the wire. • IT maintains total control of the apps that can be used and can securely wipe data on demand • Use certificate based authentication for accessing resources (VPN, Wi-FI, S/MIME) • Build in two factor authentication options (Virtual Smartcards, Windows Azure MFA) The State of Windows 8.1 Security: Malware Resistance - May 12th 4:45PM; Room: 371A Malware Hunting with Mark Russinovich - May 15th 10:15AM; Room: Grand Ballrm C Bulletproofing Your Network Security - May 12th 1:15 PM; Grand Ballrm A Social Engineering: Targeted Attacks, and IT Security - May 13 5:00 PM - 6:15 PM Room: Grand Ballrm A Implementing Endpoint Protection in SCCM - May 13th 10:15; AM Room: Hall E ILL Room 3 Implementing Endpoint Protection in SCCM - May 15th 8:30; AM Room: Hall E ILL Room 3 windows.com/enterprise windowsphone.com/business microsoft.com/springboard microsoft.com/mdop microsoft.com/windows/wtg developer.windowsphone.com http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn