What email address or phone number would you like to use to sign in to Docs.com?
If you already have an account that you use with Office or other Microsoft services, enter it here.
Or sign in with:
Signing in allows you to download and like content, and it provides the authors analytical data about your interactions with their content.
Embed code for: Desktop Strategy for Government
Select a size
Windows in Government
OGCIO’s latest Security Policy will require encryption for classified data
Bitlocker is used for Drive and USB encryption
Windows 7 Enterprise is required
Windows 7 will be end of life on 14th Jan, 2020
Intel’s 7th Generation CPU (Kaby Lake) can only work on Windows 10…
Windows 7 Enterprise Bitlocker
Securing the Resources - Protecting Sensitive Data
BitLocker and BitLocker to Go
Support e-token with X.509 certificate as encryption protector
Group Policy to Enforce BitLocker Drive Encryption
Operating System Volume Key Protectors (W7/10)
BitLocker offers a spectrum of protection allowing customers to balance ease-of-use against the threats that most concern them.
“What it is.”
Enhanced PIN can be used according to Group Policy settings
Dongle Only “What you have.”
TPM + PIN “What you know.”
Helps to protect against: SW-only attacks
TPM + Dongle “Two what I have’s.”
TPM + PIN + Dongle “What I know and two what I have’s.”
Helps to protect against: many hardware attacks
Ease of Use
Vulnerable to: HW attacks
Pre-operating system attacks
TPM breaking attacks
Vulnerable to: Social Engineering
Data Drive Key Storage (W7/10)
Pros: Ease of use, backward compatibility, BitLocker to Go reader
Pros: Uses a stronger key
Pros: Uses much stronger keys
Cons: Less secure, vulnerable to brute force and dictionary attacks
Cons: Specific to a single machine,
User context if removable
Cons: Requires hardware, not backward compatible
Benefits of Using Bitlocker
Bitlocker does not need agent deployment
License for using Bitlocker also covers Windows 10 Enterprise!
USB drive encrypted with Bitlocker can be accessed by Windows XP, Vista, 7, 8.1 and 10
Bitlocker provides offline protection to all types of files and folders
Bitlocker has tight integration with Active Directory to ease out Recovery Management
Group Policy to handle all configurations
Detailed Compliance Reports for the organization
Bitlocker has whole disk/used disk scenarios to reduce overall encryption time
Upgrade to Windows 10 Enterprise
Achieve more and transform your business with the most secure Windows ever.
Powerful, modern devices
Safer and more secure
Keeping up to date means keeping secure
Threat protection over time
Attackers take advantage of periods between releases
Game change with Windows and Software as a Services
Disrupt and out innovate our adversaries by design
Windows 7 Security features
BitLocker Admin and Monitoring
Trusted Platform Module
BitLocker to Go
Breach detection investigation & response
Windows 10 on Legacy Devices
Windows Information Protection
Windows Trusted Boot
Windows Hello Companion Devices
Windows Defender Advanced Threat Protection
Windows 10 Enterprise on Modern Devices
Virtualization Based Security
UEFI Secure Boot
Microsoft Edge Barcelona
sAFER AND MORE SECURE
Detect compromised devices quickly
Replace passwords, protect identities
Only run software
Protect sensitive corporate
Use behavioral detection, cloud, and human threat intelligence to quickly identify compromised devices
Strengthen auth. with biometrics and hardware-based multi-factor
Eliminate Malware on corporate devices
Automatic encryption with persistent protection
Windows Hello for Busineess
Companion Device Framework
New challenges require a new platform
Malware starts before Windows, takes control, and evades detection
Prevents malware from compromising system before OS and defenses can start
Passwords are easily stolen, multi-factor authentication hard and complex
Passwords can be replaced with biometrics and easy to use multi-factor authentication
User credentials are easily stolen on companies networks
User credentials are protected using hardware based virtualization/isolation
Next Gen app control and OS hardening gives IT complete control of what runs in their environment
Malware can bypass anti-virus and app control solutions
Users and apps can leak business data without restriction
Data separation and containment capabilities help prevent accidental data leaks
Enterprise Data Protection
3rd party solutions required to detect targeted attacks on devices
Detect and respond to breaches with built in behavioral sensors and cloud based analytics
Windows Defender ATP
Ongoing engineering development
Windows Insider Preview Branch
Current Branch for Business
Feedback and asks
Specific feature and performance feedback
Application compatibility validation
Deploy to appropriate audiences via WU for Business
Test and prepare for broad deployment
Stage broad deployment via WU for Business
Long Term Servicing Branch
Deploy for mission critical systems via WSUS
Flexible Enterprise Adoption Options
Long Term Servicing Branch (LTSB)
Current Branch for Business (CBB)
Enterprise use scenario
General information worker systems; salesforce, etc.
Special systems: Air Traffic Control; Hospital ER, etc.
Features released to the marketplace on an ongoing basis
Value of the latest features as they are released
Customers will consume these feature updates after they’ve been tested in the market for at least x days
Several months to consume feature updates
Modern and compatibility web browsing choices
IE11 and/or “Spartan” available for CBB;
IE11 will be available for LTSB customers
Support for Universal Office
and 1st party Universal apps
LTSB customers will be able to acquire universal apps separately, but MSFT makes no commitment to support them as part of OS
Support for Win 32 Office
Mainstream and extended support for a total of 10 years during which no features will be delivered but security and critical fixes will be
Ongoing security updates for the lifetime of the branch
Upgrade to Config Manager vNext
Config. Manager 2012 support
CBB customers have to take feature updates after deferral period in order to continue receiving security updates – move 90 days and 5+ 5 years up
No feature upgrade required to stay supported
Keep Windows up to date
KEEP WINDOWS UP TO DATE
Windows 10 management with new Configuration Manager
Windows 10 features supported
Windows Servicing Model supported
System Center Configuration Manager
Generally available on 12/8/2015 with updates released periodically throughout the year
New features, security updates, and bug fixes
Can defer updates for up to 12 months before you must deploy updates to maintain support
Windows 10 Current Branch, Current Branch for Business, and Long Term Servicing Branch
Current Branch (version yymm)
Periodic updates every few months
Current Branch (version 1511)
Technical Preview (version yymm)
Configuration Manager with Intune (hybrid)
Devices Supported (In Addition To Mobile Devices)
Windows PCs (x86/64, Intel SoC)
Windows to Go
Mac OS X
System Center 2012 R2 Configuration Manager SP1+ with Microsoft Intune
Build on existing Configuration Manager deployment
Single pane of glass for device management
Deep policy control requirements
Large scale – 50k+-300k
Extensible administration tools (RBA, PowerShell, SQL reporting services)
Configuration Manager console
System Center Configuration Manager
Windows Phone, iOS, Android
Windows PC & Server, Mac, Linux
SCCM (Current Branch, 1511)
Windows 10 and SCCM
Windows 10 Servicing in deployment.
Compliance settings for devices running Windows 10 team
Manage Windows Defender ATP in Windows 10 in SCCM
Integration with Windows Hello for business(formerly MS Passport for Work).
View Windows 10 Device attestation status in SCCM
On-premise MDM for Windows 10
MDM with Intune
Limit the number of device for enrollment.
Specify terms and condition before user can start enroll device.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Hello, I am excited to have the opportunity to speak with you today.
My name is….
A little about me…
I have talked about more personal computing, and how it is driving digital transformation in every sector of the economy, and how we’ve made investments in Windows to help you better navigate this digital revolution.
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
[Complete slide talk track below.]
Key points to land
Passwords need to be replaced with something more secure, but we don’t stop there, we drive a series of innovations that will both protect identities and delight users.
Running only the software you trust is a key to protecting your devices. Windows does this to help eliminate malware.
Windows Information Protection (formally called EDP) products against accidental data leakage.
Windows Defender ATP provides post breach protection to quickly detect suspicious behavior.
Replace Passwords & Protect corporate identities]
It starts with replacing passwords and protecting corporate identities.
Windows Hello and Microsoft Passport are the most personal and secure way to access Windows devices and services and today. They provide enterprise grade security with fingerprint, facial, and iris recognition.
We make good on the promise to enable you to use you phone to remotely unlock your Windows 10 PC’s, we’ll start with Windows Phone and Android this year and follow up with iOS next year. Adding a second factor of authentication just got a lot easier and cost effective for your organization.
But phones are just one type of device you want to use for authentication. So we’re introducing Windows Hello for Business which includes the companion device framework. This means that hardware vendors can more easily innovate and create devices of all types In addition, this framework allows you to extend multi-factor auth to sites and services on the web!
These devices will range from traditional ID cards or smart cards, to wearables, or even IoT devices. Each of these devices can offer the same enterprise grade security that you’re used to today. This means you can choose the solution right for you—including defense, financial, retail, and health care—just to name a few.
You will see devices from partners like Yubico, HID, and others. One interesting device is the Nymi band. The Nymi band can monitor your heart rate to uniquely identify you, and log you in when you get close to your device.
In addition to authentication, we continue to harden the OS to protect corporate identities (certificates, tokens, tickets, etc.). This includes using hardware based virtualization to isolate and protect logins from attacks, heading off an entire category of attacks.
This means that, if an employee falls victim to an attack, Windows 10 has technologies, such as Credential Guard, to help contain the breach and prevent the attacker from moving beyond that device.
In the past, attackers could spread across your network from one device using a technique known as “Pass the Hash.” With Windows 10, these attacks (in their current form) no longer work.
[Only run software you trust]
We have to rethink our approach to running only software we trust. Today we run anti-malware programs and try to look for malware signatures. While important, we need to do more. In one study almost half of the PCs breached lacked any currently detectable malware on them. Hackers often compile specific code for specific attacks and they go after the weak like, the users, to get them to install it.
Windows protects the applications you run so you can ensure only software your IT department has signed is trusted and runs with a technology called Device Guard. Even if an employee accidently downloads dangerous software your devices can be protected against it.
[Protect enterprise data against leaks, theft, or accidental disclosure.]
We are also making advances to help protect sensitive intellectual property.
With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data disclosure through apps and services that are outside of the enterprise’s control like email, social media, and the public cloud.
Many of the existing solutions try to address this issue by requiring employees to switch between personal and work containers and apps, which can lead to a less than optimal user experience. Windows Information Protection (formerly called EDP) offers a better user experience, while helping to better separate and protect enterprise apps and data against accidental disclosure risks across both company and personal devices, without requiring changes in environments or apps. Additionally, WIP when used with Rights Management Services (RMS), can help to protect your enterprise data by persisting the protection even when your data roams or is shared.
[Detect suspicious behavior quickly]
Even with all of the defenses Windows 10 introduces it’s hard to keep every intruder out. Sometimes they find and exploit vulnerabilities that aren’t known, or more often they find ways around the best defenses with social engineering and attacking the user. Regardless of how they get in, if you don’t know they are there they can do real damage. While we will continue to invest heavily in building stronger defenses you should also use a mindset that assumes breach to provide additional protections.
Everything we have talked about so far is about working to better keep the users out of your devices and network. To help protect our enterprise customers, we are developing Windows Defender Advanced Threat Protection, a new service that will help enterprises to detect, investigate, and respond to advanced attacks on your network and devices.
Let’s talk more about Windows Defender ATP… CLICK…
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
Windows 7 was great for it’s time but the modern security landscape requires a new platform.
We’ve looked at a lot of the new security technologies built into Windows. You can see that these new challenges your business faces require a new platform to protect your assets.
It’s these new challenges that are leading many companies and organizations to switch to Windows 10.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
System Center Marketing only software we trust. Today we run anti-malware programs and try to look for malware signatures. While important, we need to do more. In one study almost half of the PCs breached lacked any currently detectable malware on them. Hackers often compile specific code for specific attacks and they go after the weak like, the users, to get them to install it.
Windows protects the applications you run so you can ensure only software your IT department has signed is trusted and runs with