James Avery
Just another GEEK expressing his thoughts
RSS
  • Home
  • Resume
  • Blog
    • Microsoft Azure
      • Microsoft Intune
    • Access and Information Protection (AIP)
    • SC Configuration Manager 2012
      • Configuration Manager 2007
    • Windows Server-2012
    • Desktop Virtualization
    • Remote Desktop Services
  • e-Books
  • Contact

Series 1 of 5 – Access and Information Protection (AIP)

javery June 11, 2014 Access and Information Protection (AIP), Windows Server-2012

Author: Enterprise Mobility Team

Article…

Setting up the environment

Last week, we looked at desktop virtualization. Now, let’s turn our attention to Access and Information Protection.

In many ways, Access and Information Protection (AIP) are two sides of the same coin. When you think of the term access, you may first think of access controls—that is, permissions and other constraints—but that’s not how users think of access. They simply think of wanting to access “their” data and the applications that they need to work with, no matter where, no matter when, no matter what device they happen to be using.

In many parts of the world, users have ample access to affordable and fast cellular and Wi‑Fi networks. These users are increasingly mobile and want to blend access to personal and corporate data on their devices (whether owned by the company or the individual).

At the same time, your organization views that same data as a corporate asset, one that needs to be protected. As an IT pro, you must manage security, identity, and access control. You likely face increasingly stringent regulatory requirements, such as the Health Insurance Portability and Accountability Act Privacy Rule and Sarbanes-Oxley Act of 2002 if you’re in the United States (or do business there) and similar legislation in many other countries. Even if you don’t have a legislative or regulatory duty, you probably have standards that industry associations, payment processors (such as Payment Card Industry Data Security Standard), auditors, or senior management have imposed.

You need to retain control and compliance, deploy and configure capabilities for providing access and enabling both productivity and information protection. This is the realm of AIP.

To learn how our Access and Information Protection solutions can help secure your organization’s information, see the Access & Information Protection: Master of Mobility video.

That video illustrates what Microsoft Access and Information Protection solutions offer. Over the next few days, I’ll explore the technology more deeply through a five-part blog series.

Scenarios

Microsoft’s products are designed to enable access and provide information protection. In these products, Microsoft considers AIP from a people-centric IT point of view, where it contains three pillars:

  • Enable users to be productive
  • Protect your corporate data
  • Unify your environment

In this week’s series of posts, we won’t be discussing how to unify your environment: You’ve already seen elements of that, particularly in the discussions about Hybrid Identity. Instead, we will focus on enabling users while protecting your data.

Here are some examples:

  • Use Workplace Join (a feature of Active Directory Federation Services), Web Application Proxy, and Active Directory Domain Services (AD DS) to allow users to register devices to gain access to corporate resources.
  • Use Work Folders so that users can synchronize their work files across all of their devices.
  • Use Web Application Proxy so that the IT department can publish corporate resources to users working outside the LAN on various devices.
  • Use Microsoft Azure Multi-Factor Authentication (MFA) along with these other features to enforce additional user identity verification on access.
  • Use Dynamic Access Control and File Classification to ensure that compliance requirements are met.
  • Use Microsoft Rights Management services to protect corporate information at rest and in transit, and require authentication on open

Sounds exciting, doesn’t it? Are you ready to enter this new world, where access and information protection are ubiquitous?

Setting up your environment

Like most things in computer technology, some steps have to happen first. Each version of the operating system introduces new features, but another key component of Microsoft’s strategy is building on your existing investments.

The most important starting point is a consistent view of identity—of who your users are and what you know about them. We discussed this in some detail a couple of weeks ago, so if you didn’t read that at the time, you might want to review those posts.

The good news is that most of you are well on your way, because you’re probably already using Active Directory and Microsoft Azure Active Directory. About 93 percent of Fortune 500 organizations use Active Directory, and Azure Active Directory is currently completing over 2 billion authentications per day.

Your environment can be completely on-premises (AD DS) or completely cloud based (Azure Active Directory), but for most of us, there will be a combination of the two. Review the Hybrid Identity posts to learn about how to federate or synchronize between the two.

To use some of the new features, certain elements must be in place. Refer to the following table to see which features are available to you and where you might want to upgrade.

Feature Requires
Workplace Join Windows Server 2012 R2 Active Directory Federation ServicesAny of the following:

  • Windows 8.1
  • Windows 7
  • iOS 6 and above
  • Samsung Android (through KNOX)
Work Folders Windows Server 2012 R2 File ServicesAny of the following:

  • Windows 8.1
  • Windows 7
Web Application Proxy Windows Server 2012 R2 Remote AccessWindows Server 2012 R2 Active Directory Federation Services
Azure MFA Other than an Azure subscription, prerequisites vary between cloud-based and on-premises scenarios. Check out the download center page for more information.
Dynamic Access Control Windows Server 2012 or later
Automatic File Classification Windows Server 2012 or later
Rights Management services Microsoft Rights Management services are available either on-premises or cloud based.Windows Server 2012 R2 Active Directory Rights Management Services

Azure Rights Management Services

Now that you have an idea of what you need, tune in tomorrow to start making resources available to users.

Learn more about Access and Information Protection here.

.NET Micro Framework, Azure Service Bus and your own IoT OBD Recorder Series 2 of 5 – Access and Information Protection (AIP)

Related Posts

Access and Information Protection (AIP), Windows Server-2012

Series 5 of 5 – Access and Information Protection (AIP)

Author: Enterprise Mobility Team Subject: Registering BYOD devices View article… As Carol Burnett often said, “Seems we just get started, and before you know it…” We hope that you enjoyed this blog series (although there was no singing during its creation) and–more importantly–seen some of the newest features of identity, mobile device management, virtualization, and […]

Access and Information Protection (AIP), Windows Server-2012

Series 4 of 5 – Access and Information Protection (AIP)

Author: Enterprise Mobility Team Subject: Registering BYOD devices View article… Work Folders allow you to maintain control of corporate data by storing it on server file shares while making it available consistently across a user’s multiple devices, including when the user’s device is disconnected from the network. Users want to get at the data—which they […]

Access and Information Protection (AIP), Windows Server-2012

Series 3 of 5 – Access and Information Protection (AIP)

Author: Enterprise Mobility Team Subject: Registering BYOD devices View article… Registering BYOD devices There’s no doubt that an explosion of private, generally unmanaged devices is underway. Sometimes, organizations want to save money and so encouraged users to supply their own devices; sometimes, users would sneak devices in the back door without waiting for IT policy […]

Blog Categories

  • Access and Information Protection (AIP)
  • Desktop Virtualization
  • MDOP
  • Application Virtualization
  • Microsoft Azure
  • Remote Desktop Services
  • James Avery Resume
  • Tools
  • References
  • Exchange 2007
  • Windows-8-Desktop
  • Configuration Manager 2007
  • Microsoft Intune
  • SC Configuration Manager 2012
  • SMS 2003
  • Windows Server-2008
  • Windows Server-2012

Search

Tags

Cherished Moments Dreams family Friends Hobby Photography Romance Travel

Recent Posts

  • Scaling a standard Azure website to 380k queries per minute of 163M records with loader.ioScaling a standard Azure website to 380k queries per minute of 163M records with loader.io
    July 3, 2014
  • How to publish URL shortcuts to Windows 8.1
    July 3, 2014
  • Microsoft Virtual Machine Converter 2.0
    June 24, 2014

Social Media

© James Avery 2022
Powered by WordPress • Themify WordPress Themes