Microsoft Cloud Overview Scott Sample Sr. Cloud Strategist, State & Local Government

Cloud You Can Trust Office 365 Enterprise Mobility Suite

Azure

CRM Online

Government Clients that Trust MS Cloud

Continuous innovation with confidence and control Deliver new features and value

Build trust and compliance p

Respond to customer feedback through agile g development p

Continuous uous release cadence

Security rity comes first

Direct feedback db k

Minor & major updates

Evolving standards

Real-time information

Up-to-date, no patching

Common support issues

Insights to help manage change Direct to customer communications

|

Organizational readiness content

Office 365 Trust

Built-in capabilities and Customer Controls Security

Best-in-class security with over a decade of experience building Enterprise software & online services • Physical and data security with access control, encryption and strong authentication • Security best practices like penetration testing, defense-in-depth approach to protect against cyber-threats • Unique customer controls with Rights Management Services to empower customers to protect information

Compliance

Privacy

Commitment to industry standards and organizational compliance •

Enable customers to meet global compliance standards in ISO 27001, IRS 1075, HIPAA, FEDRAMP

•

Contractually commit to privacy, security and handling of customer data through Data Processing Agreements

•

Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational compliance

Privacy by design with a commitment to use customers’ information only to deliver services •

No mining of data for advertising

•

Transparency with the location of customer data, who has access and under what circumstances, ISO/IEC 27018

•

Privacy controls to regulate sharing of content and communications with external parties

Exchange Online features Large mailboxes Site mailboxes ***

●

●

Rich Outlook inbox experience, including enhanced conversation view and MailTips

●

●

Outlook Web App (Internet Explorer, Firefox, Chrome, and Safari support)

●

●

●

Mobile phone access (through EAS)

●

●

●

●

Apps for Outlook and Outlook Web App Anti-virus and anti-spam (through Exchange Online Protection)

● Advanced

Exchange ActiveSync mobile management policies

●

●

●

●

Hosted voice mail (Exchange Unified Messaging) Retention policies **

In-Place Archive ** Multi-mailbox search

●

●

●

●

●

In-Place Hold

●

Data Loss Prevention (DLP) **

●

eDiscovery Center ****

●

* Includes primary mailbox (50 GB) plus unlimited In-Place Archive ** Site Mailboxes, Outlook DLP PolicyTips, and In-Place Archive require Office Professional Plus / ProPlus 2013

*** SharePoint Online Plan 1 required for Site Mailboxes **** SharePoint Online Plan 2 required for eDiscovery Center

Apps

Collaboration

Search

App Catalog & Marketplace

●

●

●

Team Sites

●

●

●

Work Management

●

●

OneDrive for Business

●

●

Social*

●

●

External sharing

●

●

Basic Search

●

●

●

Standard Search*

●

●

●

Enterprise Search*

Content Management Business Intelligence

●

Content Management

●

●

Records Management

●

●

E-discovery, ACM, Compliance*

●

Excel Services, PowerPivot, PowerView

●

Scorecards & Dashboards Access Services

●

●

Visio Services

Business Solutions

●

Form Based Applications (InfoPath)*

●

SharePoint 2013 Workflow

●

Business Connectivity Services**

● ●

●

● ●

Consolidate multiple vendor services and solutions

Escalate a simple IM or phone call to a Skype for Business Meeting anytime

Single unified client for all conferencing – scheduled & spontaneous

Initiate Skype for Business Meetings directly from within Outlook, SharePoint and other business apps

Skype for Business Meetings are accessible to all information workers

Share PowerPoint and Word documents directly from within the apps

Quickly join and contribute from anywhere

Join Skype for Business Meetings from multiple types of smartphone and tablet form factor devices

Confidently create and lead a meeting

Browser-based meeting client for rapid access to scheduled meetings

Multiparty HD video conferencing brings life and expression to Skype for Business Meetings

Joining a Skype for Business Meeting requires only a single click or touch

Skype for Business Features Rich Presence, IM (1:1 and multiparty), Office interoperability Skype federation for Presence/IM/voice Persistent Group Chat Lync to Lync calling (voice and HD video,1:1) Skill Search (requires SharePoint) Content Collaboration (desktop sharing, application, etc.) Multiparty (3+) audio/video/content collaboration (scheduled and ad hoc) Meeting Controls (Organizer, Lobby Experience, Join From) Enhanced in-meeting note taking Interoperability with 3rd party video systems Lync audio conferencing Interoperability with 3rd party audio conferencing providers Lync Multi-view Video PSTN Calling Lync PBX Replacement Functionality (Malicious Call Trace, E911, call park) Automated call distribution (unassigned number, attendant console, queuing) Lync Mobile Clients Lync Web App

● ● ● ● ● ● ● ● ● ● ●

● ●

● ●

●

● ● ● ● ●

● ● ●

●

●

● ●

● ● ● ●

●

● ●

Deploy Office fast without giving up control

Office for Android tablet

Integrated Social Networking

Skype for Business

FastTrack Fa ast ac for o

Multi-factor Authorization for

Outlook for iOS and Android

Office Graph and Delve

ProPlus

New Office for Mac Groups in Office 365

Power P ower B BII ffor or

Office for iPad

for Business unlimited storage Shared computer activation

Office universal apps Video Federation

upgrade

iPhone Ph hone & Android phones

upgrade

Professional Plus 2013

A Government Cloud You Can Trust Office 365 Government

Azure Government

CRM Online Government 24

The Microsoft Cloud 200+ cloud services 1+ million servers $15B+ infrastructure investment 1 billion customers 127 countries worldwide

Microsoft Intune

25

A Cloud You Can Trust At Microsoft, we never take your trust for granted We are serious about our commitment to protect customers in a cloud first world. We live by standards and practices designed to earn your confidence. We collaborate with industry and governments to build trust in the cloud ecosystem.

26

Trusted Cloud Principles The aspirational “north star” that guides the way we do business in the cloud Security

Privacy & Control

Transparency

Compliance

Strong security protects content and safeguards from hackers and unauthorized access by using state-ofthe-industry technology, processes, and certifications

Customers control their content, as well as permissions. They can always access their data, take it with them when they terminate an agreement, and delete it upon request

Customers know what is happening g with their content. Microsoft explains in clear, plain language how the cloud provider uses, manages, and secures content

Customers can store and manage their content in compliance with their obligations, applicable laws, regulations, and key international standards

27

Earning Your Trust Secures fingerprints, background checks and other criminal justice information

CJIS HIPAA

Protects health care information

IRS 1075

PCI

FERPA

Keeps student school records private

Confidentiality of federal tax returns and related information

Prevents credit card fraud

Ensures the security of DoD data

DISA Enterprise Cloud Service Broker (ESCB)

SOC1, SOC1, SOC2, SOC2, SSAE SSAE 16 16

FedRAMP

A mandatory program that standardizes an approach to security and monitoring of cloud services.

A series of accounting standards that measure the control of financial information for a service organization.

ISO 27001: 2013,ISO/IEC 27018:2014

Standards certificates that demonstrate the implementation internationally recognized controls and standards. 28

The #1 Government Cloud Transforming government with the Microsoft Cloud Citizens except their leaders to be productive, collaborative and responsive. That’s why governmental agencies across the U.S. use our cloud solutions to meet these high expectations, as well as rigorous compliance and security demands to further help protect the public.

More than 3 million government users.

More than 3 million U.S. Government workers use Office 365.

Law enforcement agencies in California, New York and Texas can easily use Office 365 because it meets the latest Criminal Justice Information Services (CJIS) requirements in those states.

Microsoft is the only Vendor That can offer a complete hybrid cloud platform approach.

629 U.S. federal government agencies and 3,866 state and local government agencies use Microsoft Office 365.

Explore the collaboration benefits of moving your government organization to the cloud.

More than 5,000 federal, state and local agencies. CJIS agreements covering >50% of U.S. population including California, New York and Texas. 8 of 10 largest cities including New York, Chicago and Houston.

Majority of U.S. Cabinet Agencies including DOJ, USDA, HHS and Commerce. More at Microsoft Government Cloud Map. 29

Los Angeles Police Department

“Microsoft has exceeded the LAPD's expectations in this regard by taking on the difficult requirements of the CJIS regulatory regime and meeting them head-on.” Sanjoy Datta, Information Security Officer 30

Q&A

Exchange Online features Large mailboxes Site mailboxes ***

●

●

Rich Outlook inbox experience, including enhanced conversation view and MailTips

●

●

Outlook Web App (Internet Explorer, Firefox, Chrome, and Safari support)

●

●

●

Mobile phone access (through EAS)

●

●

●

●

Apps for Outlook and Outlook Web App Anti-virus and anti-spam (through Exchange Online Protection)

● Advanced

Exchange ActiveSync mobile management policies

●

●

●

●

Hosted voice mail (Exchange Unified Messaging) Retention policies **

In-Place Archive ** Multi-mailbox search

●

●

●

●

●

In-Place Hold

●

Data Loss Prevention (DLP) **

●

eDiscovery Center ****

●

* Includes primary mailbox (50 GB) plus unlimited In-Place Archive ** Site Mailboxes, Outlook DLP PolicyTips, and In-Place Archive require Office Professional Plus / ProPlus 2013

*** SharePoint Online Plan 1 required for Site Mailboxes **** SharePoint Online Plan 2 required for eDiscovery Center

Receiving and editing documents Exchange integration with Outlook and SharePoint helps solve one of email’s oldest pain points: working with attachments

Sharing documents

Manage your email with tools that help you focus on what’s important and work more efficiently Tame email overload with tools that help you focus on what’s important and work more efficiently

Faster, easier search Extensibility Inbox enhancements

Significantly faster search performance

Outlook and Exchange consistency More accurate results More complete results

Get valuable results – informed by you Search suggestions with fuzzy matching Search refiners

Inline previews for URLs

General enhancements

Additional enhancements for Outlook on the web

Inline video player Intelligent recipient selection and people search

Improved HTML rendering

Pin

One-click archive

Undo

Common typos/suggestions

Sweep

Contact linking improvements

Weather view

Import contacts from csv

Emojis

Better formatting controls

Single line view

Smarter actions button

Inline reply

Better attachment view

Insert images

Outlook 2016 Accomplish more on the go, with rich Outlook experiences on phones, tablets, desktop, and the Web Tame email overload with tools that help you focus on what’s important and work more efficiently

Outlook on the web Outlook for Windows 10 Outlook for iOS and Android Outlook for Mac

Security and compliance It is estimated over 904 million records were exposed in the first nine months of 2014, including credit card numbers, email addresses, log in credentials, and social security numbers. https://otalliance.org/system/files/files/resource/documents/dpd_20 15_guide.pdf

92% of corporations surveyed had lawsuits filed against them in the preceding 12 months. Norton Rose Fulbright Annual Litigation Trends Survey, April 15, 2014

Data loss prevention Protect your organization’s data and comply with legal requirements using tools that are integrated and easy to Tame email overload with tools that use help you focus on what’s important and work more efficiently

Auditing eDiscovery and archiving

Security and compliance features • • • • • • • • • • •

Archive mailboxes in Exchange Online In-Place Hold, Litigation Hold, and In-Place eDiscovery Inactive mailboxes in Exchange Online Data loss prevention (DLP) Exchange auditing reports Messaging records management (MRM) Information Rights Management in Exchange Online Office 365 Message Encryption S/MIME for message signing and encryption Journaling Transport rules

Compliance Center • Administer compliance features across Exchange, SharePoint, and Skype

for Business from one location • Intuitive management of DLP, eDiscovery, legal holds, auditing, and encryption • Give legal and compliance specialists the right tools with the right permissions

Archive mailboxes in Exchange Online Outlook

Outlook Web App

With an integrated InPlace Archive, users save time because they can manage their archive in the same way that they manage their mailbox Retain folder hierarchy

Retention Policies Policy details are displayed to the end user

Help preserve data granularly and transparently Policies can be centrally managed or user-assigned Automates data retention and deletion Right-click to assign a policy to an item, to a folder, or to all email

In-Place Hold and In-Place eDiscovery Estimate, preview, and copy search results Hold and preserve mailbox items without changing them

In-Place eDiscovery and In-Place Hold

Inactive mailboxes • Address the need to preserve

former employees’ email after they leave the organization.

• You can archive former employees’

mailboxes without incurring a monthly subscription cost for the mailbox

New DLP sensitive information types added to Exchange

PolicyTips added to Excel and other Office applications

DLP capabilities extended to include documents in SharePoint

Initial release

Mobile Policy Tips, Doc. fingerprinting

SharePoint and OneDrive search

• Two types of audit logging:

• Administrator audit logging • Mailbox audit logging – needs to be enabled

• Reports can be exported • Predefined reports through EAC • • • • • •

non-owner mailbox access report administrator role group report per-mailbox litigation hold report in-place discovery and hold report admin audit log report external admin audit log report

Initial Release

One Time Passcode

iOS & Android Apps

• Similar to the Inbox rules • Take action on messages

while they’re in transit

• Contain a richer set of

conditions, exceptions, and actions

• Provides flexibility to

implement policies

Office 365 Admin Center

Actions Exceptions Conditions

Service health and planned maintenance

Management tools

Role-based access control

Exchange Administration Center (EAC)

Manage mailboxes

Mailbox management

Manage Groups

Group management

Manage migration Migration flow

Migration management

Hybrid

Supports a wide range of email platforms Email only (no Calendar, Contacts, or Tasks)

Cutover Exchange Migration (CEM) Good for fast, cutover migrations No migration tool or computer is required on-premises

Staged Exchange Migration (SEM) No migration tool or computer is required on-premises Requires the DirSync tool with on-premises Active Directory

Hybrid Deployment You can manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy off-boarding

Exchange Server 5.5

Q

Exchange 2000 Server

Q

Exchange Server 2003

Q

Q

Q

Q

Exchange Server 2007

Q

Q

Q

Q

Q

Exchange Server 2010

Q

Q

Q

Q

Exchange Server 2013

Q

Q

Notes/Domino

Q

GroupWise

Q

Other

Q

Additional options are available with tools from migration partners

Q&A

Staged migration 2010 hybrid 2013 hybrid

IMAP migration

Simple migrations

IMAP Migration

Cutover migration

Summary of migration options

Q

What is SharePoint Online? Mobile

Simple

Secure

SharePoint Online vs SharePoint Server Features

Experiences

Enterprise Search

Office Delve

Why SharePoint Online?

Easily access documents and data online without operational overhead or infrastructure investment

Provide everyone on the team with access to critical business information when and where they need it (through browser or mobile phone)

Share information with employees, partners, and customers in a way that prioritizes security and reliability

What can I do with SharePoint Online? COLLEAGUES

PARTNERS

SHARE

CUSTOMERS

Simple Collaboration Office Online Project Web App Versioning

Live document previews Drag and drop upload See who documents are shared with Edit, Share, and Follow Documents with a single click

Microsoft Word Microsoft Excel PowerPoint OneNote

Create and Edit documents in the browser with Office Online

Rich workbook editing and viewing in the browser

Office Online allows multiple people to view and edit documents simultaneously

Changes are highlighted within the document

Use the Project Center in PWA to see and act on all types of task lists and projects in your portfolio

Stay informed and make better decisions by using the portfolio, project, and timeline views in PWA

Version control to track and manage changes

See and manage all of the projects in your portfolio in Project Online

Share documents with customers and partners

Team aliases keep communications organized

Single location for email and documents

Create, share, and publish apps for your organization

SharePoint Online is connected to the Office Graph and sharing actions are reflected in Delve to make it easy to find and discover useful and relevant content

Organize and discover people and information

Rich and immersive people experiences powered by the Office Graph

Share your expertise with simple, ready-to-go blogs

Use Yammer document conversations inline to collaborate on documents—ask questions, exchange ideas and find expertise

Keep up to date with community posts and more…

Follow, Documents, Tags, People, and Sites

Organize, create, and discover videos with Channels

See preview and popular videos throughout your organization

Discover Groups across your organization

Participate in conversations, schedule meetings and events and store Group files

Quickly get started with offline and data mobility

Synchronize online documents in OneDrive for Business or other SharePoint library with your local device

Browse and create Sites, Files, and more…

Keep up with important discussions online from anywhere

Easily navigate between the newsfeeds that are important to you Capture and share information that is relevant to several of your peers Easily get to everything you are following

Interact with your organization’s SharePoint social network

eDiscovery Manage existing holds

Identify and Hold sensitive content on demand

Records Management

Secure and protect artifacts as records across the organization

Auditing

Rich auditing reports across the site and document lifecycle

Compliance

Unified compliance center for applying compliance policies across Office 365 workloads

Document Policies

Create and manage site and document retention policies across the organization

Office 365 Trust

Recovery of deleted items

Lists Libraries List items Documents Web Part pages Site collections

SharePoint Online Administration Farm Administrations

Service Administration

Quickly see the health status of SharePoint Online within the Office 365 admin center

Site Collections Manage existing site collections: storage, ownership, and external sharing

Create, manage, and recover site collections

User Profiles Adjust user profile properties and the level of user self-management

Place company-wide sites on everyone’s Personal Site

Term Store Assign Term Store administrators

Upload and manage company-wide sets of terms

Records Management Create and manage send-to connections for the powerful, rules-based Records Centers

Search Manage all aspects of the Search experience for end users, and improve the relevancy of results according to your content and metadata

Apps Manage the Apps Catalog to create a tailored experience for approved apps and app requests

Monitor app usage and errors, and manage how apps access SharePoint Online

General Settings Manage external sharing for external access to sites, and manage guest links for sharing individual documents, even anonymously Enable Information Rights Management (IRM) to help further protect documents stored in SharePoint Online document libraries

Enable and configure selfservice site creation so users can create new sub-sites directly from their Personal Site

Windows PowerShell

Browser Support Browser

Supported

Internet Explorer 11

X

Internet Explorer 10

X

Internet Explorer 9

X

Internet Explorer 8

X

Not supported

Internet Explorer 7

X

Internet Explorer 6

X

Google Chrome (latest released version)

X

Mozilla Firefox (latest released version)

X

Apple Safari (latest released version)

X

Hybrid Scenarios

Migration to the cloud

Maintaining a hybrid model

Migrate at your own pace to the cloud with little or no disruption to existing service

Continue to maintain hybrid model providing services on-premises or online based on the organization needs

Pilot Online Services with a subset of users

Continue to use existing customizations on-premises Enrich traditional on-premises scenarios with cloud innovation such as Delve, search, data loss prevention, and Extranets

Migrate remote users physically distant from On-Premise deployment to Online for better experience Host certain data in particular locations Online for Compliance or data sovereignty reasons Advantage of moving to cloud infrastructure ((TCO) where ever possible

Core Identity Scenarios with Office 365 Cloud identity

Single identity in the cloud, suitable for small organizations, with no integration with on-premises directories

Cloud identity with directory synchronization

Single identity, suitable for medium and large organizations without federation

Federated identity

Single, federated identity and credentials, suitable for medium and large organizations

SLA, RPO, and RTO Office 365 provides data protection to help prevent the loss of SharePoint Online data. Backups are performed every 12 hours and retained for 14 days Service continuity management

SharePoint Online has a recovery point objective (RPO) and a recovery time objective (RTO) for use in the event of a disaster:

SharePoint Online is hosted in Microsoft-managed, enterprise-level data centers that are designed to operate highly available online services. Because of this, the Microsoft service-level agreement (SLA) with SharePoint Online subscribers is 99.9% availability

24-hour RTO: Microsoft provides an RTO to help organizations resume service within 24 hours after a service disruption if a disaster incapacitates the primary data center

For updated information, see:

http://microsoftvolumelicensing.com/DocumentSearch.aspx? Mode=3&DocumentTypeId=37

12-hour RPO: Microsoft provides a copy of an organization’s SharePoint Online data that is no more than 12 hours old

Related Information Office 365 [http://www.microsoft.com/en-us/office365/enterprise-home.aspx] Office 365 Trust Center [http://www.microsoft.com/enus/office365/trust-center.aspx] Office 365 Service Descriptions [http://technet.microsoft.com/en-us/library/jj819284.aspx] Office Frequently Asked Questions [http://www.microsoft.com/office/preview/en/faq]

Personal al

Corporate Managed Browser & Viewer Apps

Manage all of your corporate apps and d data with Intune’s mobile device and application management solution Complete mobile application management • Securely access corporate information using Office mobile apps, while preventing company data loss by restricting actions such as copy/cut/paste/save in your managed app ecosystem • Extend these capabilities to existing line of business apps using the Intune app wrapper • Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Mobile device management •

Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled for management

•

Enable bulk enrollment of task-worker devices to set policies and deploy applications on a large scale

•

Provide a self-service Company Portal for users to enroll their own devices and install corporate apps User

PC management • •

• • •

Provide lightweight, agentless management from the cloud Connect Intune to System Center 2012 R2 Configuration Manager to manage all of your devices including PCs, Macs, Unix/Linux Servers, and mobile devices from a single management console Provide real-time protection against malware threats on managed computers Collect information about hardware configurations and software installed on managed computers Deploy software based upon policies set by the administrator

Device configuration

Inventory mobile devices that access corporate applications Remote factory reset (full device wipe) Mobile device configuration settings (PIN length, PIN required, lock time, etc.) Self-service password reset (Office 365 cloud only users) Provides reporting on devices that do not meet IT policy

Office 365

Group-based policies and reporting (ability to use groups for targeted device configuration)

Root cert and jailbreak detection Remove Office 365 app data from mobile devices while leaving personal data and apps intact (selective wipe)

Self-service Company Portal for users to enroll their own devices and install corporate apps Deploy certificates, VPN profiles (including app-specific profiles), and Wi-Fi profiles Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile application management) Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for Intune Remote device lock via self-service Company Portal and via admin console PC management (e.g. inventory, antimalware, patch, policies, etc.) OS deployment (via System Center ConfigMgr)

PC software management Single management console for PCs and mobile devices (through integration with System Center ConfigMgr)

Typical EMM stack Native device MDM

DMZ/ Perimeter network

Custom data container provides mobile productivity apps integrated with content and access systems

Containers Custom email app

Custom SDK/wrapper enables line-of-business apps to be managed

Custom collab app

Custom file app

Depends on specific DMZ infrastructure

Firewall

Mobile application management

Corporate network

Firewall

Standard MDM provides device configuration and management

Active Directory

Exchange Server

Works onpremises only

SharePoint Server

SDK/wrapper, managed browser, managed viewers

Microsoft’s EMM stack

Office 365: Mobile productivity

Native device MDM

Cloud integration

SharePoint Online

Azure AD: Access control to Office 365 and SaaS apps Intune: App restrictions for Office mobile and LOB apps

Standard on-premises integration

Azure Rights Management: Information protection at the file layer Extensibility based on Azure AD and Intune Enable business apps to interoperate with Office mobile apps

Exchange Online

Managed Office productivity and more

DMZ/ Perimeter network

Corporate network

Firewall

Intune: Cross-platform MDM

Firewall

PC management

Premium mobile device & app management

Prevent access to corporate email and documents based upon device enrollment and compliance policies

Active Directory

Intune App SDK Intune App Wrapping Tool

Exchange Server

SharePoint Server

On-premises

User

IT

Protect corporate data accessed from devices

Protect corporate data stored on devices

Conditional access with EMS Conditional access policies

Corporate apps

IP Range

User

Device State Cloud

Advanced Windows 10 options User Group On-premises