• What is: • “The Tenant” • Cloud Strategy. M365, Dynamics 365, Azure, 3rd Party • High Level - What is 365 • Why: • Business alignment/Priority Agenda • Budget – Licensing and redundant spend • How: • Partner Ecosystem • Fast Track • Premier • Not on the agenda: • Technical Architecture What is the tenant, really? THE WORLD BEFORE MOBILITY & CLOUD

users devices apps data

On-premises / Private cloud CLOUD APPS & SAAS SERVICES

On-premises / Private cloud MOBILE AND PERSONAL DEVICES

On-premises / Private cloud ORGANIZATION & SOCIAL IDENTITIES

On-premises / Private cloud On-premises / Private cloud On-premises / Private cloud MICROSOFT CLOUD

Microsoft 365 Licensing and Roadmap Microsoft Internal & Partner Use Only

A complete, intelligent, secure solution to empower employees

Unlocks Built for Integrated Intelligent Creativity Teamwork for Simplicity Security

Windows 10 Enterprise Enterprise Mobility & Security

14 E5 value Microsoft 365 E5 adds incremental value to Microsoft 365 E3 across these solution areas

Microsoft 365 E5

Security Compliance Voice Analytics Extends identity and Brings together information Adds audio conferencing and Adds Power BI capabilities threat protection protection & advanced calling capabilities in the that help you realize to help stop damaging compliance capabilities to cloud to enable your teams significant business value attacks with integrated protect and govern data while from your data and automated security reducing risk Office 365 Enterprise Capabilities

APPS SERVICES SECURITY ANALYTICS VOICE Cloud Productivity & Rich Communication and Advanced Enterprise Complete Cloud Insights for Everyone Mobility Collaboration Protection Communication

Office Pro Plus: Exchange : Advanced Threat Protection: Power BI Pro: Audio Conferencing: Business-class email & Calendar Zero-day threat and malware Live business analytics and Worldwide dial-in for your Office apps on up to 5 PCs & protection visualization online meetings Macs OneDrive: Cloud Storage and file sharing Advanced Security Phone System: Mobile Office Apps: Management: Business phone system in the SharePoint: Office Apps for Tablet & Enhanced visibility and control cloud Team sites & internal portals Smartphones Threat Intelligence: for Business: Flow Actionable insights to global Online Meetings, IM, video chat Power Apps attack threats Microsoft Teams: Advanced Compliance: Stream Chat-based Collaboration Advanced eDiscovery, Advanced : Data Governance and Customer Private social networking Lockbox bundled together to provide an intelligent solution to Office 365 E3 meet compliance needs Office 365 E5

Microsoft Internal & Partner Use Only 16 Office 365 Government Roadmap Enterprise Mobility & Security Capabilities

Identity and access management Identity Driven Security Managed Mobile Productivity Information Protection

Azure Advanced Threat Analytics Information Premium P1 Intune Protection Premium P1

E3 Single sign-on to cloud and on- Identify suspicious activities & Mobile device and app Encryption for all files and storage premises applications. Basic advanced attacks on premises. management to protect corporate locations. Cloud based file

conditional access security Updated on an annual cadence. apps and data on any device. tracking EMS EMS

Existing Azure RMS capabilities E5

EMS EMS Azure Active Directory Azure Advanced Threat Microsoft Azure Information Premium P2 Protection Cloud App Security Protection Premium P2

Advanced risk based identity Identify suspicious activities & Bring enterprise-grade visibility, control, Intelligent classification, & protection with alerts, analysis, & advanced attacks on premises. and protection to your cloud applications encryption for files shared inside & and cloud data. remediation. Integrated with our Intelligent outside your organization Security Graph. Updates on a cloud Secure Islands acquisition cadence. Integration with Microsoft Threat Protection.

Microsoft Internal & Partner Use Only 18 What is the difference Features P1 Directory Objects1 No Object Limit User/Group Management (add/update/delete). User-based provisioning, Device registration Available between Azure AD P1 & P2? Single Sign-On (SSO). Free, tiers + self-service app integration templates5 No Limit B2B Collaboration7 Available Self-Service Password Change for cloud users Available Only in Azure AD P2 Connect (Sync engine that extends on-premises directories to Azure Active Directory) Available Security/Usage Reports Advanced Reports Identity Protection Group-based access management/provisioning Available Self-Service Password Reset for cloud users Available • Detecting vulnerabilities and risky accounts: Company Branding (Logon Pages/Access Panel customization) Available • Providing custom recommendations to improve overall security Application Proxy Available posture by highlighting vulnerabilities SLA Available • Calculating sign-in risk levels Premium Features • Calculating user risk levels Advanced group features8 Available • Investigating risk events: Self-Service Password Reset/Change/Unlock with on-premises writeback Available Device objects 2-way sync between on-premises directories and Azure AD (Device write- • Sending notifications for risk events Available • Investigating risk events using relevant and contextual information back) • Providing basic workflows to track investigations Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Available • Providing easy access to remediation actions such as password reset Microsoft Identity Manager user CAL4 Available Cloud App Discovery9 Available • Risk-based conditional access policies: Connect Health6 Available • Policy to mitigate risky sign-ins by blocking sign-ins or requiring multi-factor authentication challenges Automatic password rollover for group accounts Available • Policy to block or secure risky user accounts Conditional Access based on group and location Available • Policy to require users to register for multi-factor authentication Conditional Access based on device state (Allow access from managed devices) Available 3rd party identity governance partners integration Available Advanced Identity Governance Terms of Use Available SharePoint Limited Access Available • Privileged Identity Management (PIM) • Access Reviews OneDrive for Business Limited Access Available 3rd party MFA partner integration Preview Available Microsoft Cloud App Security integration Available What is the difference Features P1 Azure Information Protection content consumption by using work or school Available between AIP P1 & P2? accounts from AIP policy-aware apps and services Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Available Microsoft OneDrive for Business content

Only in AIP P2 Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 Available Custom templates, including departmental templates Available

Protection for on-premises Exchange and SharePoint content via Rights Available • Configure conditions for automatic and Management connector recommended classification Azure Information Protection developer kit for protection for all Available • Azure Information Protection scanner for platforms including Windows, , iOS, Mac OSX, and Android Protection for non- file formats, including PTXT, PJPG, and PFILE Available automated classification, labeling, and (generic protection) protection of supported on-premises files Azure Information Protection content creation by using work or school accounts Available

• Hold Your Own Key (HYOK) that spans Office 365 Message Encryption Available

Azure Information Protection and Active Administrative control3 Available

Directory (AD) Rights Management Manual, default, and mandatory document classification Available

for highly regulated scenarios Azure Information Protection scanner for content discovery of on-premises files Available matching any of the sensitive information types

Azure Information Protection scanner to apply a label to all files in an on-premises Available file server or repository

Rights Management connector with on-premises Windows Server file shares by Available using the File Classification Infrastructure (FCI) connector

Document tracking and revocation Available Windows 10 Enterprise Capabilities

The most trusted platform More productive More personal The most versatile devices

Enterprise Data Protection Azure Active Directory Join User Experience Virtualization (UX-V) Windows 10 for Industry Devices Prevent accidental leaks by separating Streamline IT process by harnessing the OS and app settings synchronized across Turn any inexpensive, off-the-shelf personal and business data power of the cloud Windows instances device, into an embedded, handheld, or

E3 kiosk experience Windows Hello for Business MDM enablement Granular UX Control Enterprise grade biometric and Manage all of your devices with the Enterprise control over user experience

companion device login simplicity of MDM E5

Credential Guard Windows Store for Business, Protects user access tokens in a Private Catalog hardware-isolated container Create a curated store experience for employee self-service AppLocker Block unwanted and inappropriate Application Virtualization (App-V) apps from running Simplify app delivery and management

Device Guard Cortana Management Windows Windows 10Enterprise Device locked down to only run fully Create, personalize, and manage Cortana

trusted apps profiles through Azure Active Directory Windows Windows 10Enterprise Microsoft Threat Protection (See slide 15-18) Behavior-based, attack detection Built-in threat intelligence Forensic investigation and mitigation Built into Windows

Microsoft Internal & Partner Use Only 21 Three simple paths to Microsoft 365 E5

Microsoft 365 E5

Compliance $10 Audio $4 Power BI3 $10 Information Protection & Compliance Conferencing (Office 365 Advanced Compliance, Azure Information Protection Plan 2) or or Phone System $8

Step up Step $25 for Security $12 Via Identity & Threat Protection (Microsoft Cloud App Security1, Azure Active Directory Plan 2, Office 365 ATP Plan 22, Azure ATP, Windows Defender ATP)

Microsoft 365 E3 1 43 Consolidates O365 CAS and MCAS value MyAnalytics is now included in all O365 E3 and M365 offerings 2 Consolidates O365 Threat Intelligence and O365 ATP Plan 1 value

*Pricing for Microsoft 365 E3 customers before volume discounts. Microsoft’s Enterprise Class Security Technology

Identity & access Threat Information Security management protection protection management

Secure identities to Help stop damaging Locate and classify Strengthen your security reach zero trust attacks with integrated and information anywhere posture with insights automated security it lives and guidance

Infrastructure security Intelligent Security in Microsoft 365

Cloud-powered security solutions help you protect users, data, and everything in between

6.5 trillion signals analyzed daily

3,500 Microsoft security professionals

$1B Annual Security Investment Identities Endpoints

Secure your organization against Microsoft 365 E5 advanced threats Security across your entire digital estate Infrastructure Email and Documents

Cloud Apps Conditional Access

Azure AD ADFS Conditions Controls MSA 40TB Google ID Employee & Partner Users and Roles Allow/block Android Session access Risk iOS Machine Trusted & learning 3 Limited Microsoft MacOS Compliant Devices access Cloud App Security Windows Windows Defender ATP Require Real time MFA Evaluation Engine Force Geo-location Physical & password ****** Virtual Location reset Corporate Network Policies Effective policy Block legacy Client apps & authentication Auth Method Browser apps

Client apps Holistic Identity Protection Azure SCENARIO: A third-party site is hacked and user Advanced Threat Protection credentials are exposed on the dark web. Recognizes compromised accounts and lateral movement, alerts you, and visualizes the attack timeline Azure Active Directory

Proactively identifies suspicious login attempts and challenges them with MFA Microsoft Intelligent Security Graph

Microsoft Cloud App Security

Detects anomalous behavior and reduces threats by limiting access to data and applications Microsoft Cloud App Security Extends protection & conditional Protection across the attack kill chain access to other cloud apps

Office 365 ATP Azure AD Identity Malware detection, safe links, Protection and safe attachments Identity protection & conditional access Exfiltrate data

Brute force account or use Attacker accesses Attacker collects stolen account credentials sensitive data Phishing Open reconnaissance & mail attachment configuration data

Click a URL Exploitation Command & Installation & Control

Browse to a website User account Attacker attempts Privileged account Domain is compromised lateral movement compromised compromised

Windows Defender ATP Azure ATP Endpoint Detection and Response Identity protection (EDR) & End-point Protection (EPP) Because Minutes Matter

Malicious emails found

Threat signal shared with WDATP for auto remediation User anomalies suggest identity compromise Automatic remediation actions complete Centralized security management Microsoft 365 Security Center

• Dedicated security workspace for security administration and operations teams

• Centralized visibility, control and guidance across Microsoft 365 security

• Actionable insights help security administrators assess historic and current security postures

• Centralized alerts and tools help security operations better manage incident response

Integrated Compliance in Microsoft 365

Microsoft’s trust principles & compliance expertise

Built-in information protection and governance capabilities across devices, apps, and cloud services

Intelligent tools to simplify risk assessment and regulatory response Microsoft’s Integrated Compliance Technology

Assess Protect Respond

Simplify assessment of compliance Integrated protection and Intelligently respond to data risk and posture with actionable governance of sensitive data across discovery requests by leveraging AI insights devices, apps and cloud services to find the most relevant data Discover & Assess Risk Classify Data Protect and govern sensitive data throughout its Microsoft 365 E5 lifecycle and Compliance effectively meet compliance Respond Automatically requirements Intelligently apply policies

Control access Actionable Intelligence with Advanced eDiscovery Intelligently explore and analyze unstructured data to quickly identify what’s relevant

Minimize Use predictive coding to train the system to find likely relevant documents and reduce what’s sent to review

Organize Use near duplicate detection to organize the data and email threading to reconstruct email conversations

Recognize Use Themes to understand the topics represented in the unstructured data set

Search and Tagging Ad-hoc searches, ability to save search queries, and tag search results with case specific labels Advanced eDiscovery 2.0 Advanced Data Governance in Office 365 Leverage intelligence to automate data retention and deletion

Automatic Classification Classify data based on automatic analysis (age, user, type, sensitive data and user provided fingerprints)

Intelligent Policies Policy recommendations based on machine learning and cloud intelligence

Take Action Apply actions to preserve high value data in-place and purge what’s redundant, trivial or obsolete. Data growing at exponential rate

Unified approach Comprehensive policies to protect and govern your most important data – throughout its lifecycle

Discover Classify Label

Unified approach to discover, classify & label Apply policy Protection Governance Automatically apply policy-based actions → Encryption → Retention → Restrict Access → Deletion → Watermark → Records Management → Header/Footer → Archiving Proactive monitoring to identify risks Monitor Broad coverage across locations → Sensitive data discovery → Policy recommendations → Data at risk → Proactive alerts → Policy violations Why move to Microsoft 365 now? (Not later) Cloud Economics Productivity

• Firstline Workers save 140 minuet per week

• Reduce the time to deliver new services by 14 Days

• Mobile workers save 24 minuets per day

• Reduced downtime by 15+ hours annually/user

• Decision Makers improve time to decision by 15%+

• Online meetings replace travel costs Cloud Economics Security

• $400k/Year reduction in breach communication

• $4M Reduction in remediation effort (3 year)

• 4 hours/user reduction of security related downtime

• $220k reduction in compliance related costs

• $1M+ year PV third Party tool replacement Redundant Spend Reduction

Capability Provider Type Users Annual Cost Web/Audio/Video Conferencing WebEx/GoToMeeting, Blue Jeans, etc. Eliminate Cost 17,458 $288,229 Email Anti-Virus/Anti-Spam Proofpoint, Trend Eliminate Cost 17,458 $117,317 Archiving Symantec Enterprise Vault Eliminate Cost 17,458 $958,596 eDiscovery Symantec Vault Eliminate Cost 17,458 $5,222,196 Encrypted Email Secure Mail Eliminate Cost 17,458 $147,948 *Rights Management, Data Loss Prevention, Information Classification, Eliminate Cost 17,458 $1,895,714 Automated Information Classification Voicemail Avaya Eliminate Cost 17,458 $802,370 Threat Intelligence Splunk Eliminate Cost 17,458 $268,984 Hosted PBX Avaya Eliminate Cost 17,458 $4,608,912 Telephony PRI Multiple Vendors Estimate Cost 17,458 $3,394,863 Business Intelligence Tableau Eliminate Cost 17,458 $26,021 Mutli-Factor Authentication RSA Eliminate Cost 17,458 $284,688 Mobile Device/App Management Meraki Enterprise Eliminate Cost 17,458 $162,920 Client Anti-Virus Protection McAfee Eliminate Cost 17,458 $116,906 **Self Service Password Reset Eliminate Cost 17,458 $17,901 Total Annual Costs $14,310,266 Intelligent security

Identity & access management

Information protection

Threat protection

Security management Compliance – Shared Responsibility

HITRUST CSF Requirement Statement Responsibility Microsoft Responsibilities

The organization creates and documents the Office 365 Office 365 is responsible for managing hard- process/procedure the organization intends drive data deletion prior to disposal, transfer, to use for deleting data from hard-drives or exchange. prior to property transfer, exchange, or disposal/surplus. Visitor and third-party support access is Office 365 Office 365 is responsible for implementation, recorded and supervised unless previously configuration, management, and monitoring of approved. physical access control methods and mechanisms in relation to its service provision environment. Repairs or modifications to the physical Office 365 Office 365 is responsible for implementation, components of a facility which are related to configuration, management, and monitoring of security (e.g., hardware, walls, doors and system maintenance methods and mechanisms locks) are documented and retained in in relation to its service provision environment. accordance with the organization's retention Apolicy. visitor log containing appropriate Office 365 Office 365 is responsible for implementation, information is reviewed monthly and configuration, management, and monitoring of maintained for at least two years. physical access control methods and mechanisms in relation to its service provision environment. Physical authentication controls are used to Office 365 Office 365 is responsible for implementation, authorize and validate access. configuration, management, and monitoring of physical access control methods and mechanisms in relation to its service provision environment. An audit trail of all physical access is Office 365 Office 365 is responsible for implementation, maintained. configuration, management, and monitoring of physical access control methods and mechanisms in relation to its service provision environment. Visible identification that clearly identifies the Office 365 Office 365 is responsible for implementation, individual is required to be worn by configuration, management, and monitoring of employees, visitors, contractors and third physical access control methods and parties. mechanisms in relation to its service provision environment. Physical access rights are reviewed every Office 365 Office 365 is responsible for implementation, ninety (90) days and updated accordingly. configuration, management, and monitoring of physical access control methods and mechanisms in relation to its service provision environment. Doors to internal secure areas lock Office 365 Office 365 is responsible for implementation, automatically, implement a door delay alarm, configuration, management, and monitoring of and are equipped with electronic locks. physical access control methods and mechanisms in relation to its service provision environment. O365 Compliance Manager Built for teamwork

Collaborate in a chat-based workspace

Stay in sync with group email and calendars

Create content and intranets in a central location

Connect openly across the organization

Co-author with others using Office apps Integrated for simplicity

Modern Desktop

Flexible device management

Integrated administration

Built-in compliance Unlocks creativity

Create compelling content with intelligent apps

Work naturally with ink, voice, and touch

Visualize insights from data sets

Find what you need with personalized search

Connected experiences across devices “I think it is the golden age of being able to build products for everyone. And that's our mission.”

Satya Nadella Microsoft Ability Summit May 2018 Microsoft 365 enables creating more productive, inclusive and compliant workplaces with built-in accessibility

Unlocks creativity Built for teamwork Integrated for simplicity Intelligent security

Inclusively designed capabilities Intuitive controls in Office 365 Availability of assistive Office 365 designed to built-in: Learning Tools and such Accessibility Checker and technologies for all without the meet global accessibility standards, Dictate to aid in reading and Automatic alt-text to efficiently need to disclose or ask for verified by DHS Trusted Tester writing and enhanced Windows create accessible content accommodations code-based inspection process 10 Ease of Access settings to personalize experiences Automatic captions for videos and Reduced spend on add-ons to recorded meetings with Microsoft create accessible content & to Better support for 3rd party Stream, live subtitles with the free accommodate people with print assistive technologies Presentation Translator add-in for disabilities PowerPoint Microsoft customers are creating more productive, inclusive and compliant workplaces with Microsoft 365 accessibility

Unlocks creativity Built for teamwork Integrated for simplicity Intelligent security

“I have a computer without a “Group projects are really easy “By providing tools where people “We see Microsoft as a leader in screen, and that’s intentional now. If everyone creates can self-accommodate, it doesn’t inclusive technology and a great because all I need is a keyboard accessible documents by using force someone to put up their partner. and some headphones. styles and the check accessibility hand. feature, I can work really easily In fact, we now take it for granted I can now open up Excel or with them. It allows them to find ways to that the experiences within PowerPoint or Word and I can make their own computing Microsoft 365 are going to work produce content that someone With Immersive Reader I’m able experience much more well for our employees.” across the world would look at to change the way I read text to comfortable so they can be and never know a blind person suit me – so I don’t hold anyone productive.” Stephen Cutchins CIO Accessibility Lead, had a role in that production.” up. It’s really, really cool.” Accenture Customer Story Bert Floyd Jack Mendez Jacob Assistive Technology Lead, Instructor & Director of Technology, Ulladulla High School student, TD Bank (Canada) Customer Story Louisiana Center for the Blind, NSW Dept of Education Story Inclusion in Action Series How do I begin the cloud journey? Deployment Resources

• Fast Track

• Premier

• Partners (SI) FastTrack Benefit - Services Office 365 Supporting you through onboarding, migration, and driving adoption of Exchange Online Microsoft 365 SharePoint Online

Skype for Business Online

Microsoft Teams

Yammer Enterprise

Direct assistance provided by Microsoft experts who will assist with various onboarding Office 365 ProPlus

activities using a combination of tools & guidance. OneDrive for Business

Automated checks and configuration tools to assess your current state, chosen identity Project Online solution, and domain configuration. Microsoft StaffHub

Data migration services & experienced experts assigned to help you transition data with you to Microsoft 365. Enterprise Mobility Suite

Adoption and change management experts engaged to help transform your organization Intune through workshops, communications, guidance and coaching. Azure Active Directory Premium

End User training & excitement through online, classroom sessions, documentation and video collateral Desktop Deployment

Windows 10 [email protected] [email protected] [email protected]