MICROSOFT 365 Teams, Azure AD, Single SignOn, Azure Information Protection
Kort intro Infrastructure Specialists: Konsulentdirektør: Regional Director: Jakob Kvistgaard Klaus Østergren Kenneth Knude Lars Majgaard
Agenda 09.00 Velkomst og intro 09.15 Microsoft Teams i edgemo 09.30 Microsoft Teams, governance og Single SignOn 10.30 PAUSE 10.45 Conditional Access og Azure Information Protection 11.45 Opsummering og spørgsmål 12.00 Frokost og networking
Intro
Hvad er Microsoft 365? E3 E5 Exchange Sharepoint Teams Onedrive Skype for Business Delve Yammer Installation af Office apps PowerBI MyAnalytics Skype PBX* and Broadcast * Office 365 ATP Windows Enterprise SKU upgrade Windows Autopilot Desktop Optimization Pack Bitlocker Windows Information Protection Windows Hello Credential Guard Microsoft Intune: Device and application management, System Center Config Mgr (SCCM) Azure AD Premium P1: Azure Multifactor Authentication, Conditional Access, Self Service Password Reset, Azure AD Proxy Connector, Microsoft Identity Manager Azure Information Protection P1 Microsoft Advanced Threat Analytics Windows Defender ATP Cloud App Security Azure Information Protection P2: Automatic labeling / encryption Azure AD Premium P2: Privileged Identity management, Azure Identity Protection
Hvad er Microsoft 365? E3 E5 Exchange Sharepoint Teams Onedrive Skype for Business Delve Yammer Installation af Office apps PowerBI MyAnalytics Skype PBX* and Broadcast * Office 365 ATP Windows Enterprise SKU upgrade Windows Autopilot Desktop Optimization Pack Bitlocker Windows Information Protection Windows Hello Credential Guard Microsoft Intune: Device and application management, System Center Config Mgr (SCCM) Azure AD Premium P1: Azure Multifactor Authentication, Conditional Access, Self Service Password Reset, Azure AD Proxy Connector, Microsoft Identity Manager Azure Information Protection P1 Microsoft Advanced Threat Analytics Windows Defender ATP Cloud App Security Azure Information Protection P2: Automatic labeling / encryption Azure AD Premium P2: Privileged Identity management, Azure Identity Protection
edgemo Modern Workplace Microsoft 365 er as-a-service ALLE i edgemo kommer på! Vi gør, hvad vi siger! Jeres Microsoft 365 guides edgemo summit den 13. september: Opfølgning
Microsoft Teams i edgemo Kort om Teams Kærlighed ved første blik Min rolle som IT-ansvarlig og bruger Sådan bruger vi det i edgemo Er det perfekt og fejlfrit?
Teams arkitektur
Kærlighed ved første blik
Microsoft Teams i edgemo (IT ansvarlig/bruger)?
Sådan bruger vi det i edgemo
Er det perfekt og fejlfrit?
Microsoft Teams Adoption, use and best practices - Navnestandarder - Integrationer - Teams administration GUI og powershell Data governance - Rapportering - Retention policies - Audit Log Search Identity management - ADFS versus Seamless Single SignOn - Pass-through authentication
Teams adoption og best practices 1. Readiness 2. Politikker fx guest access og navnestandarder 3. Opstart pilotprojekt 4. Teams-licens til alle, tilføj alle brugere til ét stort companywide Team 5. Brug rapportering og feedback fra brugerne
Groups Naming Policy (public preview) Virker på tværs af workloads fx Outlook, Microsoft Teams, SharePoint, Planner Prefixes/suffixes kan være faste ord eller attributter Supporterede attributter: Department Company Office StateOrProvince CountryOrRegion Title Eksempel: en afdeling i edgemo Group naming Policy kræver Azure Active Directory Premium P1-licens til alle brugere, der er medlem af grupperne
Disable Office 365 Groups Creation Microsoft recommends that Microsoft Teams is enabled for all users in a company so that teams can be formed organically for projects and other dynamic initiatives. Even if you are deciding to pilot, it may still be helpful to keep Microsoft Teams enabled for all users, but only target communications to the pilot group of users. Definér Security Group med rettighed til at oprette O365 Groups Deaktivér oprettelse af grupper Gælder i alle O365 Groups på tværs af services Powershell
Group Naming + Groups Creation Policy
Brug af Teams Opret et Team Tilføj medlemmer Tilføj kanaler Tilføj faner med indhold E-mail til kanal Tilføj forbindelser Møder
Brug af Teams
Administration Admin Portal Teams Powershell AzureAdPreview Powershell
Administration
Governance Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization.* Office 365 tools: Retention Policies på tværs af services Audit Log Search Data lifecycle management (backup, restore) ediscovery Search Sådan! * http://www.businessdictionary.com/definition/governance.html
Rapportering https://portal.office.com/adminportal/home#/reportsusage Dashboard inkl. Team card Teams rapporttyper - Brugeraktivitet - Device-aktivitet Kan eksporteres til CSV Op til 180 dage
Backup / Restore Alle slettede O365 Groups gemmes i 30 dage soft delete! Kan restore igennem Exchange Online ECP eller Powershell Powershell eksempel: 1. Connect-AzureAD 2. Get-AzureADMSDeletedGroup 3. Restore-AzureADMSDeletedDirectoryObject -Id 17747bf9-4930-4beb-84cb-205bb2ab5b4f 4. Get-AzureADGroup -ObjectId 17747bf9-4930-4beb-84cb-205bb2ab5b4f Det kan tage op til 24 timer at restore et Team. Alt indhold inkl. samtaler og kanaler vil være restored.
Governance
Brugeroplevelsen Flere muligheder end nogensinde.
Pass-through Authentication Samme password i onprem og cloud services Validering af bruger i on-premises Authentication Agent Flere Authentication agents kan installeres for redundans Nemt at implementere Virker med Azure conditional access og Azure MFA Ikke nødvendigt at synkronisere password hashes
Pass-through Authentication
Seamless Single SignOn Seamless SSO Validering af brugeren via Kerberos i brugerens browser Computer account til Kerberos oprettes igennem AADConnect Kan bruges med enten password hash sync eller pass-through Udrulning med GPO (local intranet) Fordele Brugerne behøver ikke at logge ind i cloud services fra domain joined computere
Seamless Single Signon
Federated SSO eller Seamless SSO?
Spørgsmål?
De 5 vigtigste take aways 1. I gang med Teams, men gør det rigtigt 2. Hjælp brugerne i gang desktop + mobile 3. Giv brugerne den bedste oplevelse med SSO 4. Brug rapporteringsmulighederne og udnyt dem 5. Lær værktøjerne at kende
Agenda 09.15 Microsoft Teams i edgemo 09.30 Microsoft Teams, governance og Single SignOn 10.30 PAUSE 10.45 Conditional Access og Azure Information Protection 11.45 Opsummering og spørgsmål 12.00 Frokost og networking
Conditional Access Definition: Hvordan en BRUGER i en given KONTEKST tilgår en APPLIKATION under virksomheds-definerede BETINGELSER
Conditional Access User Company applications
Conditional Access User Device or browser Company applications
Conditional Access User Device or browser Conditional Access Company applications Conditional access conditions User / Group Cloud application Device State Location (IP based) Client application Sign-in Risk (AADP P2)
Conditional Access User Device or browser Conditional Access Company applications Conditional access conditions User / Group Cloud application Device State Location (IP based) Client application Sign-in Risk (AADP P2) Azure AD Premium Microsoft Intune Azure AD Premium Azure AD Premium Secure and manage identities Secure and manage devices Define Access rules to company applications (cloud and on-premises) Federate with Azure AD applications and publish on-premises applications
Conditional Access User Device or browser Conditional Access Possible MFA prompt Company applications Conditional access conditions User / Group Cloud application Actions Allow access Or Device State Location (IP based) Client application Sign-in Risk (AADP P2) Enforce MFA per user/per app Block access Azure AD Premium Microsoft Intune Azure AD Premium Azure AD Premium Secure and manage identities Secure and manage devices Define Access rules to company applications (cloud and on-premises) MFA Federate with Azure AD applications and publish on-premises applications
Conditional Access: Oprettelse af regel
Conditional Access: Fra en brugers synspunkt
Conditional Access: Opsamling
Azure Information Protection Beskyt data hele tiden Opnå sikker deling af filer (internt og eksternt) Gør brugerne istand til at vælge rigtigt Bevar overblikket og kontrollen
Azure Information Protection: Hvordan?
Azure Information Protection: Hvordan?
Azure Information Protection: Hvordan?
Azure Information Protection: Hvordan?
Azure Information Protection: Hvordan?
Azure Information Protection: Klassificering
Azure Information Protection: Klassificering Automatisk Anbefalet Omklassificering Bruger defineret
Azure Information Protection: SharePoint Site
Azure Information Protection: Klassificering Automatisk Anbefalet Omklassificering Bruger defineret
Azure Information Protection: Anb. klassifikation
Azure Information Protection: Omklassificering
Azure Information Protection: Omklassificering
Azure Information Protection: Omklassificering
Azure Information Protection: Omklassificering
Azure Information Protection: Omklassificering
Azure Information Protection Hele tiden
Azure Information Protection Hele tiden
Azure Information Protection Hele tiden
Azure Information Protection Hele tiden
Azure Information Protection: opsamling Azure Information Protection kan beskytte Jeres data Man kunne ønske sig et samlet overblik https://msip.uservoice.com nok ikke kun mig
Spørgsmål?
De 5 vigtigste take aways 1. Implementér Azure Information Protection og please din IT-revision det er et værktøj, som er en god hjælp til GDPR. Overblik 2. Start med en pilot på Azure Information Protection test og tilret i forhold til ekstern deling, mobile enheder, revisionsspor, brugeroplevelse og der kommer sikkert mere 3. Microsoft 365 indeholder utrolig meget lad os sammen definere jeres ibrugtagen og businesscase 4. Beskyt adgangen til data og beskyt data husk brugeroplevelsen! 5. Beskyt jeres identiteter husk brugeroplevelsen!
VENT ET ØJEBLIK! - nu er der evaluering og lodtrækning
Kontaktinfo Jakob Kvistgaard jkv@edgemo.com Klaus Østergren klo@edgemo.com Kenneth Knude kkj@edgemo.com Lars Majgaard lma@edgemo.com