Microsoft Cloud Overview Scott Sample Sr. Cloud Strategist, State & Local Government
Cloud You Can Trust Office 365 Enterprise Mobility Suite
Azure
CRM Online
Government Clients that Trust MS Cloud
Continuous innovation with confidence and control Deliver new features and value
Build trust and compliance p
Respond to customer feedback through agile g development p
Continuous uous release cadence
Security rity comes first
Direct feedback db k
Minor & major updates
Evolving standards
Real-time information
Up-to-date, no patching
Common support issues
Insights to help manage change Direct to customer communications
|
Organizational readiness content
Office 365 Trust
Built-in capabilities and Customer Controls Security
Best-in-class security with over a decade of experience building Enterprise software & online services • Physical and data security with access control, encryption and strong authentication • Security best practices like penetration testing, defense-in-depth approach to protect against cyber-threats • Unique customer controls with Rights Management Services to empower customers to protect information
Compliance
Privacy
Commitment to industry standards and organizational compliance •
Enable customers to meet global compliance standards in ISO 27001, IRS 1075, HIPAA, FEDRAMP
•
Contractually commit to privacy, security and handling of customer data through Data Processing Agreements
•
Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational compliance
Privacy by design with a commitment to use customers’ information only to deliver services •
No mining of data for advertising
•
Transparency with the location of customer data, who has access and under what circumstances, ISO/IEC 27018
•
Privacy controls to regulate sharing of content and communications with external parties
Exchange Online features Large mailboxes Site mailboxes ***
●
●
Rich Outlook inbox experience, including enhanced conversation view and MailTips
●
●
Outlook Web App (Internet Explorer, Firefox, Chrome, and Safari support)
●
●
●
Mobile phone access (through EAS)
●
●
●
●
Apps for Outlook and Outlook Web App Anti-virus and anti-spam (through Exchange Online Protection)
● Advanced
Exchange ActiveSync mobile management policies
●
●
●
●
Hosted voice mail (Exchange Unified Messaging) Retention policies **
In-Place Archive ** Multi-mailbox search
●
●
●
●
●
In-Place Hold
●
Data Loss Prevention (DLP) **
●
eDiscovery Center ****
●
* Includes primary mailbox (50 GB) plus unlimited In-Place Archive ** Site Mailboxes, Outlook DLP PolicyTips, and In-Place Archive require Office Professional Plus / ProPlus 2013
*** SharePoint Online Plan 1 required for Site Mailboxes **** SharePoint Online Plan 2 required for eDiscovery Center
Apps
Collaboration
Search
App Catalog & Marketplace
●
●
●
Team Sites
●
●
●
Work Management
●
●
OneDrive for Business
●
●
Social*
●
●
External sharing
●
●
Basic Search
●
●
●
Standard Search*
●
●
●
Enterprise Search*
Content Management Business Intelligence
●
Content Management
●
●
Records Management
●
●
E-discovery, ACM, Compliance*
●
Excel Services, PowerPivot, PowerView
●
Scorecards & Dashboards Access Services
●
●
Visio Services
Business Solutions
●
Form Based Applications (InfoPath)*
●
SharePoint 2013 Workflow
●
Business Connectivity Services**
● ●
●
● ●
Consolidate multiple vendor services and solutions
Escalate a simple IM or phone call to a Skype for Business Meeting anytime
Single unified client for all conferencing – scheduled & spontaneous
Initiate Skype for Business Meetings directly from within Outlook, SharePoint and other business apps
Skype for Business Meetings are accessible to all information workers
Share PowerPoint and Word documents directly from within the apps
Quickly join and contribute from anywhere
Join Skype for Business Meetings from multiple types of smartphone and tablet form factor devices
Confidently create and lead a meeting
Browser-based meeting client for rapid access to scheduled meetings
Multiparty HD video conferencing brings life and expression to Skype for Business Meetings
Joining a Skype for Business Meeting requires only a single click or touch
Skype for Business Features Rich Presence, IM (1:1 and multiparty), Office interoperability Skype federation for Presence/IM/voice Persistent Group Chat Lync to Lync calling (voice and HD video,1:1) Skill Search (requires SharePoint) Content Collaboration (desktop sharing, application, etc.) Multiparty (3+) audio/video/content collaboration (scheduled and ad hoc) Meeting Controls (Organizer, Lobby Experience, Join From) Enhanced in-meeting note taking Interoperability with 3rd party video systems Lync audio conferencing Interoperability with 3rd party audio conferencing providers Lync Multi-view Video PSTN Calling Lync PBX Replacement Functionality (Malicious Call Trace, E911, call park) Automated call distribution (unassigned number, attendant console, queuing) Lync Mobile Clients Lync Web App
● ● ● ● ● ● ● ● ● ● ●
● ●
● ●
●
● ● ● ● ●
● ● ●
●
●
● ●
● ● ● ●
●
● ●
Deploy Office fast without giving up control
Office for Android tablet
Integrated Social Networking
Skype for Business
FastTrack Fa ast ac for o
Multi-factor Authorization for
Outlook for iOS and Android
Office Graph and Delve
ProPlus
New Office for Mac Groups in Office 365
Power P ower B BII ffor or
Office for iPad
for Business unlimited storage Shared computer activation
Office universal apps Video Federation
upgrade
iPhone Ph hone & Android phones
upgrade
Professional Plus 2013
A Government Cloud You Can Trust Office 365 Government
Azure Government
CRM Online Government 24
The Microsoft Cloud 200+ cloud services 1+ million servers $15B+ infrastructure investment 1 billion customers 127 countries worldwide
Microsoft Intune
25
A Cloud You Can Trust At Microsoft, we never take your trust for granted We are serious about our commitment to protect customers in a cloud first world. We live by standards and practices designed to earn your confidence. We collaborate with industry and governments to build trust in the cloud ecosystem.
26
Trusted Cloud Principles The aspirational “north star” that guides the way we do business in the cloud Security
Privacy & Control
Transparency
Compliance
Strong security protects content and safeguards from hackers and unauthorized access by using state-ofthe-industry technology, processes, and certifications
Customers control their content, as well as permissions. They can always access their data, take it with them when they terminate an agreement, and delete it upon request
Customers know what is happening g with their content. Microsoft explains in clear, plain language how the cloud provider uses, manages, and secures content
Customers can store and manage their content in compliance with their obligations, applicable laws, regulations, and key international standards
27
Earning Your Trust Secures fingerprints, background checks and other criminal justice information
CJIS HIPAA
Protects health care information
IRS 1075
PCI
FERPA
Keeps student school records private
Confidentiality of federal tax returns and related information
Prevents credit card fraud
Ensures the security of DoD data
DISA Enterprise Cloud Service Broker (ESCB)
SOC1, SOC1, SOC2, SOC2, SSAE SSAE 16 16
FedRAMP
A mandatory program that standardizes an approach to security and monitoring of cloud services.
A series of accounting standards that measure the control of financial information for a service organization.
ISO 27001: 2013,ISO/IEC 27018:2014
Standards certificates that demonstrate the implementation internationally recognized controls and standards. 28
The #1 Government Cloud Transforming government with the Microsoft Cloud Citizens except their leaders to be productive, collaborative and responsive. That’s why governmental agencies across the U.S. use our cloud solutions to meet these high expectations, as well as rigorous compliance and security demands to further help protect the public.
More than 3 million government users.
More than 3 million U.S. Government workers use Office 365.
Law enforcement agencies in California, New York and Texas can easily use Office 365 because it meets the latest Criminal Justice Information Services (CJIS) requirements in those states.
Microsoft is the only Vendor That can offer a complete hybrid cloud platform approach.
629 U.S. federal government agencies and 3,866 state and local government agencies use Microsoft Office 365.
Explore the collaboration benefits of moving your government organization to the cloud.
More than 5,000 federal, state and local agencies. CJIS agreements covering >50% of U.S. population including California, New York and Texas. 8 of 10 largest cities including New York, Chicago and Houston.
Majority of U.S. Cabinet Agencies including DOJ, USDA, HHS and Commerce. More at Microsoft Government Cloud Map. 29
Los Angeles Police Department
“Microsoft has exceeded the LAPD's expectations in this regard by taking on the difficult requirements of the CJIS regulatory regime and meeting them head-on.” Sanjoy Datta, Information Security Officer 30
Q&A
Exchange Online features Large mailboxes Site mailboxes ***
●
●
Rich Outlook inbox experience, including enhanced conversation view and MailTips
●
●
Outlook Web App (Internet Explorer, Firefox, Chrome, and Safari support)
●
●
●
Mobile phone access (through EAS)
●
●
●
●
Apps for Outlook and Outlook Web App Anti-virus and anti-spam (through Exchange Online Protection)
● Advanced
Exchange ActiveSync mobile management policies
●
●
●
●
Hosted voice mail (Exchange Unified Messaging) Retention policies **
In-Place Archive ** Multi-mailbox search
●
●
●
●
●
In-Place Hold
●
Data Loss Prevention (DLP) **
●
eDiscovery Center ****
●
* Includes primary mailbox (50 GB) plus unlimited In-Place Archive ** Site Mailboxes, Outlook DLP PolicyTips, and In-Place Archive require Office Professional Plus / ProPlus 2013
*** SharePoint Online Plan 1 required for Site Mailboxes **** SharePoint Online Plan 2 required for eDiscovery Center
Receiving and editing documents Exchange integration with Outlook and SharePoint helps solve one of email’s oldest pain points: working with attachments
Sharing documents
Manage your email with tools that help you focus on what’s important and work more efficiently Tame email overload with tools that help you focus on what’s important and work more efficiently
Faster, easier search Extensibility Inbox enhancements
Significantly faster search performance
Outlook and Exchange consistency More accurate results More complete results
Get valuable results – informed by you Search suggestions with fuzzy matching Search refiners
Inline previews for URLs
General enhancements
Additional enhancements for Outlook on the web
Inline video player Intelligent recipient selection and people search
Improved HTML rendering
Pin
One-click archive
Undo
Common typos/suggestions
Sweep
Contact linking improvements
Weather view
Import contacts from csv
Emojis
Better formatting controls
Single line view
Smarter actions button
Inline reply
Better attachment view
Insert images
Outlook 2016 Accomplish more on the go, with rich Outlook experiences on phones, tablets, desktop, and the Web Tame email overload with tools that help you focus on what’s important and work more efficiently
Outlook on the web Outlook for Windows 10 Outlook for iOS and Android Outlook for Mac
Security and compliance It is estimated over 904 million records were exposed in the first nine months of 2014, including credit card numbers, email addresses, log in credentials, and social security numbers. https://otalliance.org/system/files/files/resource/documents/dpd_20 15_guide.pdf
92% of corporations surveyed had lawsuits filed against them in the preceding 12 months. Norton Rose Fulbright Annual Litigation Trends Survey, April 15, 2014
Data loss prevention Protect your organization’s data and comply with legal requirements using tools that are integrated and easy to Tame email overload with tools that use help you focus on what’s important and work more efficiently
Auditing eDiscovery and archiving
Security and compliance features • • • • • • • • • • •
Archive mailboxes in Exchange Online In-Place Hold, Litigation Hold, and In-Place eDiscovery Inactive mailboxes in Exchange Online Data loss prevention (DLP) Exchange auditing reports Messaging records management (MRM) Information Rights Management in Exchange Online Office 365 Message Encryption S/MIME for message signing and encryption Journaling Transport rules
Compliance Center • Administer compliance features across Exchange, SharePoint, and Skype
for Business from one location • Intuitive management of DLP, eDiscovery, legal holds, auditing, and encryption • Give legal and compliance specialists the right tools with the right permissions
Archive mailboxes in Exchange Online Outlook
Outlook Web App
With an integrated InPlace Archive, users save time because they can manage their archive in the same way that they manage their mailbox Retain folder hierarchy
Retention Policies Policy details are displayed to the end user
Help preserve data granularly and transparently Policies can be centrally managed or user-assigned Automates data retention and deletion Right-click to assign a policy to an item, to a folder, or to all email
In-Place Hold and In-Place eDiscovery Estimate, preview, and copy search results Hold and preserve mailbox items without changing them
In-Place eDiscovery and In-Place Hold
Inactive mailboxes • Address the need to preserve
former employees’ email after they leave the organization.
• You can archive former employees’
mailboxes without incurring a monthly subscription cost for the mailbox
New DLP sensitive information types added to Exchange
PolicyTips added to Excel and other Office applications
DLP capabilities extended to include documents in SharePoint
Initial release
Mobile Policy Tips, Doc. fingerprinting
SharePoint and OneDrive search
• Two types of audit logging:
• Administrator audit logging • Mailbox audit logging – needs to be enabled
• Reports can be exported • Predefined reports through EAC • • • • • •
non-owner mailbox access report administrator role group report per-mailbox litigation hold report in-place discovery and hold report admin audit log report external admin audit log report
Initial Release
One Time Passcode
iOS & Android Apps
• Similar to the Inbox rules • Take action on messages
while they’re in transit
• Contain a richer set of
conditions, exceptions, and actions
• Provides flexibility to
implement policies
Office 365 Admin Center
Actions Exceptions Conditions
Service health and planned maintenance
Management tools
Role-based access control
Exchange Administration Center (EAC)
Manage mailboxes
Mailbox management
Manage Groups
Group management
Manage migration Migration flow
Migration management
Hybrid
Supports a wide range of email platforms Email only (no Calendar, Contacts, or Tasks)
Cutover Exchange Migration (CEM) Good for fast, cutover migrations No migration tool or computer is required on-premises
Staged Exchange Migration (SEM) No migration tool or computer is required on-premises Requires the DirSync tool with on-premises Active Directory
Hybrid Deployment You can manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy off-boarding
Exchange Server 5.5
Q
Exchange 2000 Server
Q
Exchange Server 2003
Q
Q
Q
Q
Exchange Server 2007
Q
Q
Q
Q
Q
Exchange Server 2010
Q
Q
Q
Q
Exchange Server 2013
Q
Q
Notes/Domino
Q
GroupWise
Q
Other
Q
Additional options are available with tools from migration partners
Q&A
Staged migration 2010 hybrid 2013 hybrid
IMAP migration
Simple migrations
IMAP Migration
Cutover migration
Summary of migration options
Q
What is SharePoint Online? Mobile
Simple
Secure
SharePoint Online vs SharePoint Server Features
Experiences
Enterprise Search
Office Delve
Why SharePoint Online?
Easily access documents and data online without operational overhead or infrastructure investment
Provide everyone on the team with access to critical business information when and where they need it (through browser or mobile phone)
Share information with employees, partners, and customers in a way that prioritizes security and reliability
What can I do with SharePoint Online? COLLEAGUES
PARTNERS
SHARE
CUSTOMERS
Simple Collaboration Office Online Project Web App Versioning
Live document previews Drag and drop upload See who documents are shared with Edit, Share, and Follow Documents with a single click
Microsoft Word Microsoft Excel PowerPoint OneNote
Create and Edit documents in the browser with Office Online
Rich workbook editing and viewing in the browser
Office Online allows multiple people to view and edit documents simultaneously
Changes are highlighted within the document
Use the Project Center in PWA to see and act on all types of task lists and projects in your portfolio
Stay informed and make better decisions by using the portfolio, project, and timeline views in PWA
Version control to track and manage changes
See and manage all of the projects in your portfolio in Project Online
Share documents with customers and partners
Team aliases keep communications organized
Single location for email and documents
Create, share, and publish apps for your organization
SharePoint Online is connected to the Office Graph and sharing actions are reflected in Delve to make it easy to find and discover useful and relevant content
Organize and discover people and information
Rich and immersive people experiences powered by the Office Graph
Share your expertise with simple, ready-to-go blogs
Use Yammer document conversations inline to collaborate on documents—ask questions, exchange ideas and find expertise
Keep up to date with community posts and more…
Follow, Documents, Tags, People, and Sites
Organize, create, and discover videos with Channels
See preview and popular videos throughout your organization
Discover Groups across your organization
Participate in conversations, schedule meetings and events and store Group files
Quickly get started with offline and data mobility
Synchronize online documents in OneDrive for Business or other SharePoint library with your local device
Browse and create Sites, Files, and more…
Keep up with important discussions online from anywhere
Easily navigate between the newsfeeds that are important to you Capture and share information that is relevant to several of your peers Easily get to everything you are following
Interact with your organization’s SharePoint social network
eDiscovery Manage existing holds
Identify and Hold sensitive content on demand
Records Management
Secure and protect artifacts as records across the organization
Auditing
Rich auditing reports across the site and document lifecycle
Compliance
Unified compliance center for applying compliance policies across Office 365 workloads
Document Policies
Create and manage site and document retention policies across the organization
Office 365 Trust
Recovery of deleted items
Lists Libraries List items Documents Web Part pages Site collections
SharePoint Online Administration Farm Administrations
Service Administration
Quickly see the health status of SharePoint Online within the Office 365 admin center
Site Collections Manage existing site collections: storage, ownership, and external sharing
Create, manage, and recover site collections
User Profiles Adjust user profile properties and the level of user self-management
Place company-wide sites on everyone’s Personal Site
Term Store Assign Term Store administrators
Upload and manage company-wide sets of terms
Records Management Create and manage send-to connections for the powerful, rules-based Records Centers
Search Manage all aspects of the Search experience for end users, and improve the relevancy of results according to your content and metadata
Apps Manage the Apps Catalog to create a tailored experience for approved apps and app requests
Monitor app usage and errors, and manage how apps access SharePoint Online
General Settings Manage external sharing for external access to sites, and manage guest links for sharing individual documents, even anonymously Enable Information Rights Management (IRM) to help further protect documents stored in SharePoint Online document libraries
Enable and configure selfservice site creation so users can create new sub-sites directly from their Personal Site
Windows PowerShell
Browser Support Browser
Supported
Internet Explorer 11
X
Internet Explorer 10
X
Internet Explorer 9
X
Internet Explorer 8
X
Not supported
Internet Explorer 7
X
Internet Explorer 6
X
Google Chrome (latest released version)
X
Mozilla Firefox (latest released version)
X
Apple Safari (latest released version)
X
Hybrid Scenarios
Migration to the cloud
Maintaining a hybrid model
Migrate at your own pace to the cloud with little or no disruption to existing service
Continue to maintain hybrid model providing services on-premises or online based on the organization needs
Pilot Online Services with a subset of users
Continue to use existing customizations on-premises Enrich traditional on-premises scenarios with cloud innovation such as Delve, search, data loss prevention, and Extranets
Migrate remote users physically distant from On-Premise deployment to Online for better experience Host certain data in particular locations Online for Compliance or data sovereignty reasons Advantage of moving to cloud infrastructure ((TCO) where ever possible
Core Identity Scenarios with Office 365 Cloud identity
Single identity in the cloud, suitable for small organizations, with no integration with on-premises directories
Cloud identity with directory synchronization
Single identity, suitable for medium and large organizations without federation
Federated identity
Single, federated identity and credentials, suitable for medium and large organizations
SLA, RPO, and RTO Office 365 provides data protection to help prevent the loss of SharePoint Online data. Backups are performed every 12 hours and retained for 14 days Service continuity management
SharePoint Online has a recovery point objective (RPO) and a recovery time objective (RTO) for use in the event of a disaster:
SharePoint Online is hosted in Microsoft-managed, enterprise-level data centers that are designed to operate highly available online services. Because of this, the Microsoft service-level agreement (SLA) with SharePoint Online subscribers is 99.9% availability
24-hour RTO: Microsoft provides an RTO to help organizations resume service within 24 hours after a service disruption if a disaster incapacitates the primary data center
For updated information, see:
http://microsoftvolumelicensing.com/DocumentSearch.aspx? Mode=3&DocumentTypeId=37
12-hour RPO: Microsoft provides a copy of an organization’s SharePoint Online data that is no more than 12 hours old
Related Information Office 365 [http://www.microsoft.com/en-us/office365/enterprise-home.aspx] Office 365 Trust Center [http://www.microsoft.com/enus/office365/trust-center.aspx] Office 365 Service Descriptions [http://technet.microsoft.com/en-us/library/jj819284.aspx] Office Frequently Asked Questions [http://www.microsoft.com/office/preview/en/faq]
Personal al
Corporate Managed Browser & Viewer Apps
Manage all of your corporate apps and d data with Intune’s mobile device and application management solution Complete mobile application management • Securely access corporate information using Office mobile apps, while preventing company data loss by restricting actions such as copy/cut/paste/save in your managed app ecosystem • Extend these capabilities to existing line of business apps using the Intune app wrapper • Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Mobile device management •
Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled for management
•
Enable bulk enrollment of task-worker devices to set policies and deploy applications on a large scale
•
Provide a self-service Company Portal for users to enroll their own devices and install corporate apps User
PC management • •
• • •
Provide lightweight, agentless management from the cloud Connect Intune to System Center 2012 R2 Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers, and mobile devices from a single management console Provide real-time protection against malware threats on managed computers Collect information about hardware configurations and software installed on managed computers Deploy software based upon policies set by the administrator
Device configuration
Inventory mobile devices that access corporate applications Remote factory reset (full device wipe) Mobile device configuration settings (PIN length, PIN required, lock time, etc.) Self-service password reset (Office 365 cloud only users) Provides reporting on devices that do not meet IT policy
Office 365
Group-based policies and reporting (ability to use groups for targeted device configuration)
Root cert and jailbreak detection Remove Office 365 app data from mobile devices while leaving personal data and apps intact (selective wipe)
Self-service Company Portal for users to enroll their own devices and install corporate apps Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile application management) Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune Remote device lock via self-service Company Portal and via admin console PC management (e.g. inventory, antimalware, patch, policies, etc.) OS deployment (via System Center ConfigMgr)
PC software management Single management console for PCs and mobile devices (through integration with System Center ConfigMgr)
Typical EMM stack Native device MDM
DMZ/ Perimeter network
Custom data container provides mobile productivity apps integrated with content and access systems
Containers Custom email app
Custom SDK/wrapper enables line-of-business apps to be managed
Custom collab app
Custom file app
Depends on specific DMZ infrastructure
Firewall
Mobile application management
Corporate network
Firewall
Standard MDM provides device configuration and management
Active Directory
Exchange Server
Works onpremises only
SharePoint Server
SDK/wrapper, managed browser, managed viewers
Microsoft’s EMM stack
Office 365: Mobile productivity
Native device MDM
Cloud integration
SharePoint Online
Azure AD: Access control to Office 365 and SaaS apps Intune: App restrictions for Office mobile and LOB apps
Standard on-premises integration
Azure Rights Management: Information protection at the file layer Extensibility based on Azure AD and Intune Enable business apps to interoperate with Office mobile apps
Exchange Online
Managed Office productivity and more
DMZ/ Perimeter network
Corporate network
Firewall
Intune: Cross-platform MDM
Firewall
PC management
Premium mobile device & app management
Prevent access to corporate email and documents based upon device enrollment and compliance policies
Active Directory
Intune App SDK Intune App Wrapping Tool
Exchange Server
SharePoint Server
On-premises
User
IT
Protect corporate data accessed from devices
Protect corporate data stored on devices
Conditional access with EMS Conditional access policies
Corporate apps
IP Range
User
Device State Cloud
Advanced Windows 10 options User Group On-premises