(upbeat music) – So what do you think man? – A green screen? – Yeah this is the future of corporate film making – But we’ve done some really amazing things in the past With the airplane hangar (fast upbeat music) then we were in a theater last time (playful upbeat music) I don’t know its kind of being in a studio feels like a let down – Well if it makes you feel better, this is the same green screen they used to make the movie 300 – Really? – No (soft rumble) but, but, how ’bout this, we’re gonna try a couple tests We’ll just test it out, try a few ideas I have that way we’re not locked in and you just tell me what you think – Alright, let’s do it – Alright you stay right here, guys lets fire it up and do some tests (fast upbeat music) – There’s never been a greater time to be in IT and there’s never been a time when world class IT and world class IT leadership has been needed And so we’re excited to walk you through some things we have been working on To help you to empower your organizations to achieve more You know as I travel around the world and I get a chance to talk to all of you, what I hear is that the digital estate that you’re being asked to manage and secure is ever increasing You’re being asked to protect that data whether it’s behind the firewall, in the Cloud and increasingly as data moves more and more out into the Cloud, the traditional perimeter based security model that you’ve relied on is no longer effective And the attacks that you have to deal with They are incredibly sophisticated We get a chance to see these attacks and I can tell you, they are engineered by world class organizations and they are built to be able to infiltrate and to spread quickly and just to give you an idea what we see, we see that there are over 100 million identities attacked every single month We see 50,000 corporate identities that are actually compromised every single month We take a look at these attacks like WannaCry, it was engineered to get in and once it was in, it spread quickly It would spread across organizations in less than an hour and so what you have to deal with now is these engineered, sophisticated attacks and you don’t have days or weeks to react, you have minutes and so now what we’ve been able to do is put all of that telemetry that we collect across Microsoft, everything that we learned from the 450 billion authentications that we do every single month, from the 400 billion emails that we scan every month, from the billion PCs that we patch every month, all that now is being put to work to help you protect you and your organizations and that is the power of the Microsoft Cloud and the power of the Intelligent Security Graph We have hit the point where human minds and human hands can no longer do it on their own You have to have the power of intelligent clouds helping you and backing you up And I know many of you have spent incredible amounts of dollars and efforts to build out defenses but they’re complicated, they’re brittle and one of the things you have to keep in mind is complexity is the absolute enemy to security I’ve learned this as we built out the services here at Microsoft and so everything that we do, we’re constantly trying to simplify and yet I know that you deal with sophisticated and complex organizations and technologies, in fact the average enterprise has more than 60 security products deployed, 60 and there’s no way that those have been engineered to work together to give you that world class defend, detect and respond capabilities and so let’s look at how we can help you simplify your organization and there’s an elegance that comes from simplicity and that elegance, IT benefits and it flows all the way down to the user experience (horn blowing) so we’re gonna walk you through over the next few minutes Is the investments we’ve been making in Microsoft 365 and Microsoft 365 is that complete secure intelligent solution that helps you to enable your users to achieve more With Microsoft 365, we’ve also engineered this in a way that enables IT to deliver that experience in a way that also delivers what IT needs, the reliability, the security and the protection We integrated and engineered this to be used holistically There are capabilities where we have built through the Microsoft Cloud where all of the pieces are able to interact with each other in fact, we’re able to do things like when a request of information is made in real time we can determine, is this a trusted user, on a trusted device, using trusted applications and help you to defend your organizations while empowering your users I think we’ll look back at the release of Microsoft 365 in the same way that we did the release of Office 25 years ago, it fundamentally changed what the world understood and expected out of productivity Microsoft 365 will have that same effect ’cause it will fundamentally change what users expect and what organizations expect out of that modern workplace for their users Now at the heart of Microsoft 365 is intelligence

Now in this modern world and the modern attacks that we’re all dealing with, you have to have intelligent clouds backing you and giving you that insight to help you enable your users while you also protect the information and at Microsoft we have unique perspectives here We take what we’re able to learn every single day from all of the service that we operate But the benefit for you is all that is now put to work on your behalf, we can now help you protect your organizations as we learn from across the world and apply that learning to individual users, organizations, industries and honestly the world These are unique things that Microsoft is able to do through the intelligent cloud and specifically leveraging the Intelligent Security Graph There are four areas we’re gonna suggest and recommend you deploy and actions that you take the fully take advantage of Microsoft 365 The first one is deploy identity driven security The second one is protect your information wherever it is Third, deploy the advance threat protection capabilities and four, take a holistic approach to your security management So remember we’ve built a solution that is both loved by users and trusted by IT ♪ Trusted by IT, tru tru tru tru trusted by IT. ♪ ♪ Access acc- have to have Microsoft cloud solution, ♪ ♪ have to have, everything backing you up. ♪ ♪ Only trusted users, ♪ ♪ trust, access access, for your information. ♪ What we have delivered with Microsoft 365 is truly unique, it really is that solution you’re looking for that will give you that influence and that impact as an IT leader (fast upbeat music) the most important thing for you to protect are your user’s identities It seems like every week we’re reading about a new organization that has come out and talked about a breach that has happened and as we look at where that traces back to more than 80% of these breaches are being engineered to identify and steal your usernames and passwords These attacks are so well engineered, they’re so incredibly sophisticated and I can tell you, they’re being delivered by world class organizations They spend time getting to understand their targets and as they build these phishing attacks, it’s very hard to know and to see if this is an attack or if it’s actually the real pages that you’re being led to So when the phishing attack does make it through the defenses, what we see is that 32% of the users that actually receive one of these emails will open the email, and then 12% will actually click on the link or open the attachment Bottom line is we know every organization has someone who will click on anything And so you have to have an assumed breach posture And so what that means is while you build out the defenses and you go to great extent to make sure you’re delivering that protection you also have to have the ability to be able to detect there is something wrong, or when you think an identity may have been compromised and then take action to block access Now let me give you a little more data what we see at Microsoft Every single month we see over 100 million identities that are attacked We actually see more than 50,000 Enterprise identities that are actually compromised We’ve seen a more than 300% increase in the attacks on identities in just the last 12 months And so what we are now building and we’ve delivered, is the ability for us to take all of that knowledge and the intelligent security graph and put that to work on your behalf, every time a user asks for information whether that information is behind the firewall or that information is in the Cloud We’ve actually leveraged our own experiences as we have built Microsoft 365 and how we protect access to all the Office data and all the Office information That’s where we learn and then we’ve taken that and extended that to the rest of the industry We now can take our knowledge and our intelligence and put that to work on your behalf and ensure that it only is your users coming through and getting access to your information Let me give you an idea of just how fast these solutions have to be When a user requests information, we have about 200 milliseconds each time access is requesting information to determine if this user, device, application and location meets your conditional access policies If we go past 200 milliseconds, the user starts to see a lag and the user experience is compromised (suspenseful slow music builds up) (groaning) now at the root of identity driven security, is what we call conditional access And conditional access allows you to express policy around information, around services, around devices, around users, and then in real time what we’re able to do is take a look at the policies that you tell us, that you won’t want to enforce about when you will allow access and when you wanna block access and in real time, we can enforce these policies And the great thing about conditional access is I can apply different policies to different data and different users based upon the value of that data the value of information as well as based upon the value of the individuals and the access that they have So what I wanna walk you through here is to start with some of the things we do around identity protection then show you how we build this into a conditional access policy So the first thing that you’re looking at here, this is in Microsoft 365 in what we call identity protection

and what this allows us to do is we can show you the types of events that we can look at and we monitor on those 450 billion authentications every month to look for those suspicious kinds of activities that tell us that a user account may be compromised So you can see here there are four different kinds of risk here that we’re giving here as an example First of all, at high risk, these compromised credentials these are individuals that we know for a fact that they’re username and password are currently up for sale on the internet As a part of our digital crimes unit, for years, we’ve gone out and scanned the places on the web where identities are put up for sale and what we do now if you were a Microsoft 365 user, is we just put all your domain names into that scan and we can actually come back and tell you when you’ve had an identity go up for sale You know, for most organizations, you can literally find an identity for less than a thousand dollars You can see here we do things like when we see a user authenticating from a device is trying to hide its IP address from us Well, normally users don’t do that so we automatically mark that user as medium risk You see this impossible travel scenario, this is where a user authenticated from one physical location and then authenticated from another physical location in an impossible time frame, like I authenticated in New York and then an hour later, tried to authenticate from London And then finally here, you can see this last one is, when a user signs in from an unfamiliar location, you might wanna take action just to verify that it is who the user says they are So what this now allows you to do, you can see the kind of things that we can now track every single second every single minute around your identities and you can now start to apply policy So now, you’re literally looking at the list of users that we’re telling you you should be concerned about because we have seen something in their authentication and the way that they’re working that tells us these user accounts may have been compromised I can go take a look at the one here that for example that is marked as high, and I can see why Microsoft in the intelligent security graph is saying that this user account has a high risk to it As I drill into this, you can see that we know that this user account is currently up for sale on the internet, the username and the password is up for sale Think about that for most organizations, this is the first time you’ve ever been able to get this kind of data Now what you wanna do is you wanna take this information, you wanna build your unique policies that are unique for your organization’s need and then have Microsoft enforce those every time a user requests access or information and that’s what we call conditional access So let’s take a look now at how you actually go out and build the policy here and what I’m looking at now is a policy that’s been built of the actions that I wanna have automatically taken any time a user requests access to information and that user identity is flagged as high risk in the intelligent security graph and so you can see here the policy that I’ve got built is, I want to enable access but I only want the user to be given access after they’ve passed a multifactor authentication Now the beauty of this is you don’t have to do anything aside from just define the policy You define the policy then literally every single time a user requests access information, in real time, we’ll take a look at that user risk and then we will go in and force the conditional access policies that you have expressed and again, we can apply this to your On-premise information as well as to your information in the Cloud But you know, its fantastic to have that solution with identity, but what organizations really want to do, is they wanna be able to take the risk factors coming in from the identity, from the device that is requesting information as well as the app that is being used And so organizations literally want to be able to understand that risk factor then have policies automatically take effect given the risk profile coming from the user, the device and the app that is requesting access to information And this is one of the unique things that Microsoft has built because we built the Microsoft 365 solution to work together not as disparate parts And so we’ve taken our identity as a service and then we’ve married that with our mobile device management, and mobile application management to give you conditional access, that takes a look at all of those different vectors and all those different threats in a holistic way And so now what I’m able to do here is I can go build a holistic conditional access policy that takes into consideration all that risk Now we call this protecting the front door because every organization wants to be able to ensure that when that information request is made, they can validate that the user’s in a trusted environment before they give access to that and open up the front door So now, let’s go build that policy And so you’re looking here the integrated experience for building conditional access policies across all these different threat vectors that come in and here is where you can go build a policy that allows us to understand the risk coming from the user that’s requesting the information, the device they’re using, the app they’re using and their physical location You can have different policies to different data based upon how secure or how valuable that data is You can have different policies to different individuals and groupings You may for example have a different policy on the executive staff than you have on a regular worker out in a store for example But in real time now, we’re able to enforce these conditional access policies that you express for us, that is unique to your organization and unique to your organization’s information So here you can see this integrated experience and right here, I’m now building out a policy that allows me to go and express the risk and the actions I want taken on identity, on device,

I go right in here for example and say what platforms I’m going to allow access and what this is really keying off of is does this device meet my mobile device management policy and is it compliant? I can then go and assign policies based upon the application that is being used Is it a known app, is it an unknown app, is it a native app is it a web app? One of the most common place that people use this is they wanna enable access to the rich Office applications in the web, the web applications, but they wanna have a different set of policies apply to those than to the native apps on compliant devices You can also now take into consideration location and I think the team did a wonderful job on this As we look at location, we actually do this based upon country code, and so we can actually understand where they user request is being made and then in real time, assign these policies and enforce these policies based upon what you want us to do Now you can go and assign different policies to different apps and so here you’re looking at the list of SaaS apps that I can assign policies to Then again here, here I gonna go and assign a policy to one of the Office 365 web apps but these policies could be applied to your On-Premises app, your line and businesses application that you’ve been using for years as well And then here’s where the power comes in, here are the controls And so now I can express the controls when I see this integrated experience, I can now express one holistic set of policies based upon that risk of identity, device app and location and the system will automatically enforce it for me In some case I may wanna trigger a multifactor authentication, in some cases I may wanna block access, in some case I may wanna grant access only after the device in compliant with my policies But this is where you get to see that union and that marriage of the integration that we have done across all of these different solutions in Microsoft 365 And again we pioneered this concept of conditional access to the cloud services as we learn and built this with Office 365 but then we’ve taken that learning and shared that with the rest of the industry So we can now apply this to thousands of cloud apps around the world as well as to all your on-premises apps that you have behind the firewall, so you get that complete holistic solution that protects access at the front door and then we will only grant access if the conditions are met that you’ve defined here in this admin experience Let’s now take a look at this from the end user perspective And so the first thing that we wanna show you here is the fact that with Windows we can actually eliminate passwords And so you’re looking at Windows Hello here and I come up through the screen, it actually recognizes who I am, the facial recognition and I’m authenticated into the screen without even having to put a password in You know, you wanna protect your identity, the best way to do it is to use things like Windows Hello What now has happened is it’s taken me right into Office 365 and I wanna point out there that that was a single sign on, I wasn’t requested for username and password once it was identified by my face that it was Brad, when I went to these services, I got that great single sign on experience and I’m off and running So now, let’s go take a look what happens when I go to access one of the applications In this case, I’m gonna go access Salesforce and what happens right now is the user, device, application meets all the criteria and I’m automatically taken into Salesforce Again, single sign on, its a great user experience and this is all automated because all the conditional access policies are being met and its just this wonderful user experience Let’s now go take a look and kind of build one by one what happens when the conditional access policies are not compliant And let’s start with identity So I’m gonna go log in now as a separate user I’m gonna go put my username and password in and you’re gonna see again this great experience where I get that single sign on into Office 365 and all the apps that I have access to This time when I go to access Salesforce because the Intelligent Security Graph has sensed that there’s something wrong with my identity, its gonna automatically challenge me with a multifactor authentication and just like that I can feel my phone ringing and what’s happening here is it’s asking me for a multifactor authentication which in my case is just my thumbprint on my phone And just like that, I’m given access into the application because its verified that it is Brad and not somebody who’s trying to use Brad’s username and password Multifactor authentication and putting that layer of protection on your identities is critical It’s one of the things we require across all the engineering teams here at Microsoft, anybody who’s working on a service, it is one of the fundamental core building blocks of an identity driven security model So let’s go take a look at the next scenario (bubbles bubbling) (water swishing) Which is gonna be a trusted user who’s working on an unknown or untrusted device And so here I have an iPad, this device has not been enrolled for management so its currently not under MDM management I’m gonna go in and attempt to access email And what I want you to notice here is just the depth of integration we’ve done across Microsoft 365 When I go to access email, as a user, I actually get guided and led on what I need to do So here I understand that IT as a policy, that the device has to be managed and compliant to access email and right here, automatically takes me into the process to get this device enrolled for management, get a compliance so I can access my email This is an example of that end to end engineering that we’ve done across Microsoft 365 to make sure that your users love the experience and we help them to take whatever actions they need to do in order to get access to the things they need to do their jobs Let’s take a look at another scenario This time I’m going to try to go access email

from an untrusted or unapproved application And you know, one of the things that we hear day in and day out right now is organizations saying we actually wanna restrict corporate email to Outlook So we get all those rich policies that Microsoft 365 can deliver on Outlook So let’s walk you through the experience So I’m gonna go and attempt to access email from the inbox email app on my iPad And notice, basically says listen, your IT organization requires outlook in order to access company email And so it’ll take you right into the store andhelp you get Outlook download so you can get access to mail And here you can see I’ve now downloaded Outlook, I get access to all my email and this now, managed by all those mobile application management policies and protected by conditional access but again its engineered to make sure that we help guide the users to do what they need to do to get access to get their jobs done So let’s look at another scenario Let’s say that the operating system then has come out with a new release and you deem that release critical in order to get access to your organization’s information Well, using conditional access, you can go set a minimum OS version So then what happens is when a user attempts to access information, and we look at the conditional access policies, we’ll see that the device does not meet the minimum operating system version and then we will encourage and guide the user on what they have to do to bring the device up to the new version and therefore be compliant with your policies Again its all about enabling you to express those policies and then have us enforce that in real time as access is requested to data On-prem and in the Cloud Now let’s take a look at another fun scenario What if I’m a trusted identity on an untrusted device This is the classical I’m at grandma’s house and I need to go get some work done and I’m gonna use her PC What we’ve now been able to do with conditional access is we can actually enable users to work in that kind of environment But we can assure that the data never leaves the browser and what’s fundamental here is you do want to enable your users to access data, for example, using the Office web apps But what you wanna be able to guarantee is there’s never anything left, there’s no information left on that device when they user logs out and when the session is terminated And so we do this to what we call session based conditional access So here, you’re looking at Sharepoint online You can see all the files that I have access to so I’m gonna go highlight one of the files here And when I select that, when you can see here that on the toolbar the things like synchronized data or copy data is not enabled And if you take a look here and I say oh but I can only open into the web version of the Office app and for example Excel online By not being able to open to Excel, I’m able to keep all the data in the browser and so now, as IT I can enable my users to be productive on any device even on trusted devices and guarantee that that data never leaves the browser Look here’s another example If I try to copy and paste that data from the browser, notice that the copy function has been disabled Likewise, I can’t print, there’s no way for me to take this data outside of the browser And so we talk about this modern workplace is loved by users and trusted by IT This is such a wonderful experience of enabling users to get their job done on any device in the world even untrusted devices in a way, that guarantees that there’s no corporate information left on the device Now one of the things, by the time you’re watching this will be in preview is we’re gonna do this exact same thing with Exchange online and the request there is, I wanna enable my users to get access to Exchange online but I wanna guarantee that the data the attachments, never leaves the browser In the work that we’re out to Exchange online, you can open up attachments into Excel online, into Word online but the data is always kept in the browser just like you saw with Sharepoint online So the great thing about conditional access is it allows you to express the conditions under which you will allow access and the conditions under which you want to block access And then in real time we’re able to make a determination on the risk factors, on the identity, the device, the app, the user’s physical location and back all of that with the Intelligent Security Graph and the intelligence of a Microsoft Cloud And ensure that only when those conditions are met, are your users granted access to the data Now we talked about identity driven security and at the core of identity driven security is the concept of conditional access that enables us to apply policy in real time that only grants access to your organization’s information underneath the conditions that you tell us are the right conditions So you may be asking, why Microsoft and why now? Hopefully its been clear to you as you’ve seen these demos how we are putting to work the unique data that Microsoft has (upbeat music) – Beautiful, this is looking really really good – This is a lot of fun – So, there’s a couple more things I wanna test on the green screen, so stay right here and I’m gonna go watch on the monitor and tell you what to do – You got it – Alright So first off, I want you to give me skiing Think skiing (electric buzzing) – What does this have to do with anything – Just picture it in your mind, this is the alps, you’re flying down the mountain, you are skiing! (upbeat music) Beautiful! Now watch out behind you ’cause the mountain is covered in monsters – What? – It’s beautiful. Now sit down on that box You’re in a river, it’s a raging river (river gushing)

(fires exploding) okay Brad, we have a T-Rex behind you – What? – Well just run from it, look scared – What does this have to do with anything – I said run Anderson – What does this have to do with Microsoft 365? (microphone echo fades) (upbeat music) Let’s now talk about information protection You know we talk about security and the industry talks about security but it all ultimately is about protecting your information These attacks are all trying to get access to your information whether that’s financial, whether that’s customer information, whether that’s innovation and patents Information protection is key to protecting enabling your organization to progress to its next level Now one of the interesting things about information protection is historically we’ve used this metaphor of building walls around the data And so we started with building these VPN and these network walls around all of our information and that was our security But as the data now moves out into the Cloud, that perimeter based security model is just ineffective and so the industry has resorted to well let’s build smaller fences, let’s build a fence around the device that the data’s on, I’m trying to protect at the device level And then let’s build around the application and try to keep all that app, all the data contained in the application Well ultimately, files should be self protecting Files should know who have rights to open ’em and what rights they have The ultimate information protection is when the information protects itself This is incredible innovation What we’ve actually enabled here, is at the time when a user creates a new document, they can actually classify and label that document and it automatically gets encrypted and automatically has all the rights assigned to it, the file knows But we also know that users sometimes forget to do things And so we also have the ability for that file to automatically be classified and labeled based upon the rules that you define for your organization You know, 58% of Enterprise users actually admit to having sent sensitive information to the wrong person Well if you’re using Microsoft 365 and our information protection capabilities, you know, those things don’t matter because the file actually knows who has rights to it and who can open it and what they can do With Microsoft 365, what we’ve engineered, again as a way for files and information to become self protecting, so all the needs of IT are met, but it’s done in a way that makes sense for the user and it’s a simple, easy, and fluid experience for the user Again, this concept of loved by users and trusted by IT Let’s actually look at how it works (flames burning) Now the innovation, and the value here is we want to enable users at the time of creation to be able to classify and label documents You know really, who knows better than the user at the time of creation what the classification should be, but we also again know that users often forget so we wanna back that up with automation But let’s show you what the experience looks like so here i am in Word and the first thing I wanna draw your attention to is this bar at the top, where you actually see the labels Those labels are customizable by you as an organization you can have different labels, you can have different classifications And this something we use broadly across Microsoft because it does fundamentally change how you secure data when information becomes self protecting So what I’m gonna do here now is I’m gonna go label this document as confidential and when I label it as confidential, notice what happens. So first of all, there’s the watermark that’s placed across the document The second thing, notice that a header is put in place The document has also been encrypted Now what’s really cool about this is now with this document, I can now assign who has rights to this and as I do that only those individuals will have access to the document Now we know that sometimes users forget Let me show you what the automation looks like Here I am in Excel, and I’m gonna go ahead and copy and paste some credit card numbers into the Excel spreadsheet Now what happens on the file save action is all of the policies are looked at and we see here that there’s a policy that my organization has put in place, it says when I see credit card numbers or social security numbers, I automatically wanna classify that document as confidential and so we give you that backup so even in the case where humans forget to do it, we can automatically enforce that policy through automation Now these files are self-protecting Now, the beauty of this as well is we understand that people use our applications in their personal life and in their business life, and in this specific case this spreadsheet that I’m working on is actually a personal document And so right here I can basically say, hey, this does not apply ’cause this is a personal document I do have to give it a justification ’cause everything is logged when one of the policies is overwritten by the user, but this ability to be able to use these applications in my personal life and my business life and have the business policies only apply when it’s a business document is key to everything we do at Microsoft One of the fascinating questions I ask just about every customer I meet with is what percentage of the documents that gets created and shared in your organization are Office documents Commonly I hear its 85-90%, and so I’ll ask the question

well, okay over and above Office, what’s the next application or document type that you use and without exception it’s Adobe Well one of the great things about this is that the ecosystem is building around Microsoft 365 and these same capabilities now apply to Adobe as well And so inside of Adobe, I can do the exact same things where documents can be classified, rights can be assigned The document becomes self protecting And so for most organizations, because we’re now able to do this to Office and to Adobe and there’s an SDK that allows you to apply these same kind of policies to any application that you build or any ISV that you have You can now protect your data, your files can become self protecting across any application Now one of the things I love about what we built here is how all these pieces actually work together And so we talked about identity driven security a few mins ago and the concept of conditional access Let’s show you how we now apply conditional access to the labeling and the classification that comes here with Microsoft 365 So let’s go back to that same scenario I’m on an untrusted device, and I’m trying to access corporate information I’m gonna go access a particular document here on Sharepoint online So now when I request access to that file, because the conditional access policy requires me to pass an MFA if I’m on an untrusted device, my phone is now asking me to pass or give that second factor authentication So just like that, I give it my thumb print, and I’m given access into the document You see how all these pieces are now working together that gives that beautiful experience and that empowering experience for users, we guide them to get their job done but it also meets all the needs of IT ’cause IT has that security whether its a cloud data, whether its data behind the firewall, you now have the ability to have this level of information protection across all that you need Now, one of things I love about what we’ve done in Microsoft 365, is we also now give you the ability to track usage and if necessary, revoke access to these documents Yeah I have to tell yeah there’s often times I’ve sent out a document, and I’ve often asked myself, how many people actually opened it and read it? Here I get that Now just a couple other key scenarios here to kind of help put in your mind on this How many times if you worry about an individual leaving your organization and taking a bunch of files with him or her Well if your using Microsoft 365 as soon as their identity is disabled, they can no longer access the files that they had access to so even in that case your information is secure and protected How often have you worried about an individual leaving data on a thumb drive that gets lost Well, again because its all centered on identity and because the files are self protecting, even in the case where those files are left on a thumb drive or they’re somehow sent to the wrong person, because the files know your information is secure and safe and protected This is unique innovation to Microsoft that Microsoft has been working years on in a way that we’ve embedded this natively into the experience Again that delights users and delivers what IT needs Now here’s another interesting scenario that has been impossible in the past How many times have you needed to send an email to somebody outside of your company and even someone to consumer email service You know, I’ve been nervous about this in the past, where I’ve needed to send somebody some information but historically when you’ve sent that information in email, you’ve now lost control and you have no idea where that information gets sent and how it gets used Now one of the great innovation with Microsoft 365 is we have the ability to secure your email even when you’re sharing that to consumer email services Let me show you how it works Here I’m creating an email that I need to send to somebody’s Gmail account This email contains confidential information and I do not want it to be forwarded Now historically, I could not do this But let me show you how easy it is now I simply create the email and because I’m using Microsoft 365 and the secure email capabilities, I’m now able to send it to people confident that the rights and the privileges that I need to have enforced are in fact enforced I’m now gonna take a look at this particular inbox in Gmail You can take a look here, I open the email and it says hey, to read this message, you need to open it up in the envelope of Microsoft 365 I authenticate with my Gmail account and just like that, I then get to see the email Now take a look here, I go and I try to actually forward it and notice that the forward option has been blocked You know the innovation on this is remarkable because I can now share information securely and confident that the rights and the policies that I need to have enforced are enforced Even when its outside of my organization Now one of the other things that we’ve done here is we’ve done a significant amount of integration across the Microsoft 365 capabilities and specifically the Microsoft 365 CASB CASB allows us to look at how information is being used in cloud services around the globe and one of the amazing things about Microsoft 365 is we’ve done innovation with literally, you know, thousands, tens of thousands of cloud apps to deliver this kind of capability Now look at how amazing this is The first thing I wanna do, is I wanna see of all the cloud services that my end users are using, whether they’re sanctioned or unsanctioned where there is confidential information, information that’s been flagged and labeled

as confidential stored You can take a look here, I can see that information, you know I gotta tell you for the first time for most organizations, this is the first time they’ve ever had this view where they can actually see within all the Cloud apps their users are using where confidential information is being stored at Here I can see that this particular document which is labeled confidential is being shared And the sad thing about this is this document is accessible to anybody on the web without even requiring a username and a password Right here, I can take action and assure that that document is no longer accessible in this kind of a forum Now this is great once that’s happened but wouldn’t it also be great if when somebody tried to copy up one of these confidential documents up into the Cloud we were able to block the copy Well, that again is one of those integrations across Microsoft 365 where we’ve now done that integration where based upon classifications, we can now allow or block the upload of documents into these different cloud services, again helping you to protect the data And the innovations that we’ve done in Microsoft 365 that enable us to protect your data, protect your information at the file level, is just incredibly unique ‘Cause if you think about it, you know, to do this in a way that feels natural and fluid for users, it has to be engineered into the way that the applications work You can now be confident that your users can be able to share data, your data can be protected whether its On-Premise, whether its in the Cloud, whether it’s in email, whether it’s in motion, whether it’s lost on a thumb drive The information protection capabilities of Microsoft 365 are simply unsurpassed because the files become self protecting and it builds upon all the identity driven security and all the conditional access policies that are so broadly being used right now (electronic buzz) (glass clinking) (rocket exploding) (upbeat music) (high pitch buzz) (explosion) (happy upbeat music) – Okay that was really, really good – Yeah I’m not quite sure, sometimes it feels like its going well but other times I’m just not quite sure – No, no, its really really good I wanna tweak the hair and makeup a little bit but no, really really good I like this I like this a lot Its subtle, its tasteful yet its bold – Tasteful, mm hmm – So this is a yes So this is not a yes (slow upbeat music) – And so a question I have for you If you were to be breached today, how long would it be before you knew? And then how long would it be before you were able to respond and ensure that everything was safe again? The reality is that most organizations just simply cannot find that people and the expertise, nor do they have the sophistication to have these world class detection and response capabilities And this is why it is so important to partner with organizations like Microsoft with solutions like Microsoft 365 who are taking all of that intelligence from the Cloud and applying that day in and day out, every minute of everyday to help you protect your organizations Let’s just talk about some of the challenges associated with this First of all, as we look at the malware that comes in right now, 93% of the malware is polymorphic What that means is every time we see it, it’s different and so you have to have capabilities that are again based upon that intelligence that comes from the AI and that machine learning in the Cloud to be able to combat that kind of an attack This is why these solutions have to be engineered to work together, you can’t just take a bunch of disparate products, put ’em together and have both the security and the end user experience that is necessary and so with Microsoft 365 if you could get a picture of how the backend works, you’d be amazed at the amount of engineering that’s gone into this All these Microsoft 365 services are constantly in communication with each other and we understand and communicate when we see things And so even in the case where a breach happens, the first service that identifies that is able to alert all the other services through the Intelligent Security Graph and the system can work in a holistic manner This is how IT is able to simplify and as you simplify, you get more secure, and you deliver that better end user experience ( bird screeching) Now let’s talk about some of the things we’ve done from a threat protection First of all, there’s a whole list of things that we’ve done to just harden the platforms themselves like Windows 10 and Office 365 You know, Windows 10, we built it to be the modern operating system that is aware of and understands how to block and defend against modern attacks We have ways to store your credentials in the hardware so its harder to get access to You can actually use Windows Hello so you don’t even have to use usernames and passwords any longer Things like the ability to have an application run in a container so that application is contained and even if something were to come through an application that cannot affect the rest of the operating system,

core fundamental security investments that we made to protect against threats in the modern world Likewise, in Office 365 there’s a couple of amazing things that we’ve built First one’s this concept of a detonation chamber What the detonation chamber does is whenever an email comes in that has a URL in it or an attachment, it automatically gets placed in the detonation chamber Then we let it go and execute and we watch what it does and if it does something that it’s one of those tell tale signals of a piece of malware, then we automatically quarantine that and keep it out of the inboxes, but then we learn from that and start to apply that to the rest of the world You know, as we built this detonation chamber, one of the fascinating things to watch is once all the attackers understood there was a detonation chamber, the actions that they took to try to get around it And so its this continual innovation as they innovate, we innovate and the whole world gets more and more secure But the reality is the attacks will get ever more sophisticated, and so the defenses have to be costly innovating as well And that’s what you get with Microsoft 365 We have these wonderful capabilities that help us to understand phishing attacks and attacks against your identities, against the devices, against your information Let me just give you a quick view of what we do inside of Office to give you guidance on where your next step should be because that’s actually one of the biggest challenges that we hear from organization is we don’t know where to start And so you’re looking here at the Office 365 dashboard And what the Office 365 dashboard does is it gives me a view of my security posture, I can see it relative to others in the industry and the average But more importantly it shows me here the next steps I should take to start to raise my score and make me more secure And in this case, notice the first thing it points out is to enable MFA Again, going back to identity driven security and the need to protect your identities And so here you have your basically your punch list And if you just follow what Office 365 says you should do here, you can increase your security posture and make your organization more secure And remember we’ve engineered this in a way so that IT gets what they need but we deliver to the users in a way that feels familiar and just natural to users But no matter how much we do to help you protect your organizations, the reality is we’ll all get breached You know jokingly people will say there are two kinds of organizations in the world, those who have been breached and those who haven’t admitted it As the attacks continue to get more and more sophisticated, they innovate just like what we do You must have world class detection capabilities and world class response capabilities because you literally, have to be able to do this in real time now So let’s walk you through now, some of the things that we’ve done is we’ve connected all of the pieces in Microsoft 365 through the Intelligent Security Graph And again the piece that I want you to see as we’re going through all of this is how all of the services are all working together We talked about the need to simplify, we’ve talked about the need to have these integrated solutions that have been engineered to work together, its the only way you’re gonna be able to take action fast enough against these threats So here, I’m in my Sec Ops console, and what I see here is that first of all, I get a prioritization of the things that I should be looking at so I see right here, based in priority, based on risk, there are a number of high priority issues that I need to go take a look at So I’m gonna go drill into this and the first place that I’m gonna go look at, as I’m doing my investigation, I’m gonna look at the PCs So here I have a list of the PCs that are being flagged for me as having some kind of an event that has happened on it I’m gonna go drill under this one particular PC and right here I notice right off is there’s a process running on this particular PC, it’s been flagged for me as high risk, and there’s a process that is being escalated due to a kernel exploit I know there’s something here I need to go look at So I’m actually gonna take a look at this particular process and what you see here is that it now gives me a timeline of all the things that are happening And as I scroll down through this, I notice that it looks like there was some kind of an attachment that came through Outlook And so I wanna go explore on that and do some further investigation on that So I can take a look here at what the attachment was And sure enough if I go take a look here, Office 365 has already flagged this now as malware Now the thing I wanna point out to you here, this is literally patient zero This particular PC is the first patient in this organization to see this attack It was identified by Windows, Windows then communicated with Office 365, this particular attack was coming through a particular email. What Office did is it then went and looked at that email and if it went to anywhere else in the organization and if it did, it took it out of the inboxes Office then has gone and learned and started to apply this policy automatically around the globe to every other organization So the beauty of this is we can see these attacks and as we see it in one part of the world, we automatically apply our learning to the whole world to protect everybody This is the power of what you get when go with a solution like Microsoft 365 because of all that intelligence that’s constantly coming into our service and just the continual learning that we do Now I’m concerned that the user who may have been on this particular PC may also be having issues And so I’m now gonna go – actually go take a look at the identity, again we come back to identity and I can see right here, that this particular identity has now been added into a particular group that he actually has no right being a part of, but is clear to me

that this particular identity has been compromised and this identity is now about trying to spread Now this is amazing types of investigation What I just showed you here in what, two minutes? For more organizations would’ve taken months to get to Because what most organizations that do not have this kind of detection and response capabilities, what they’d have to do is they’d have to go start pulling logs, generally speaking they pull in a third party to come and help them do the investigation, but it literally is like trying to find a needle in the haystack to get to this level of detail But because Microsoft has built all of the Microsoft 365 services to work together, building upon all that knowledge all that intelligence that comes into the Microsoft Cloud, this is the kind of detection capabilities that you get when you’re using the solution from Microsoft Now, won’t it be amazing, if you could have actions automatically taking you, you’d have responses that were pre-configured so that when these attacks come in, and when these breaches happen, they can be detected and automatically responded to and stopped in its tracks Let’s show you what Microsoft 365 does there as well So we talked about the need for speed here, given the current and the modern attacks, you have minutes to respond, not days and not weeks And so I’m gonna go back into the console here and show you how we can automate all of this So first of all, I’m looking here at my security operations dashboard, what I love about this experience is is I can actually watch the automation in action So looking at the top right here, I can see that there are currently ten active investigations, three that are waiting some kind of approval If you take a look at that next set of data down below there, I can see that there have been 206 investigations that have been completed, 189 were successfully remediated and the amazing thing is look at that number right next to the 189 The average times to remediate, those 109 investigations was one minute and six seconds That is the kind of automation, that is the kind of automated process you have to have to defend against today’s attacks But I’m curious about what the active investigations are so let’s go take a look at a little more information here So now, you’re looking at the list of the active investigations I can see which are running, when one changes from running to fully remediated, I can actually go see what happened Let’s go take a look at the one in this bottom here and actually see what happened and what the process was to remediate this So I love this administrative experience because while everything is being automated in the backend, I can actually come in and I can see what has happened and what is happening and I can learn So first of all, I can see it in this particular investigation, the initial alert came in from Windows Defender ATP Then going counter clockwise, I can see that this particular process or this software was detected on two endpoints And then I can look at the investigation, what happened, how many files were analyzed, how many processes, how many services Over at three o’clock, I can see where data was pulled at, where intelligence and information was collected in order to make sure I understood what was going on And then down at the bottom, I can see exactly what happened This was a real threat, this was a Trojan I can see that I needed to have some approval and I waited for 36 seconds for that approval to come in But the result here is that, this was fully remediated In an automated way and it was done in minutes This is the kind of world class detection and response capabilities, you absolutely must have These attacks have been engineered to get in quick, to get in fast, and to spread And if you don’t have solutions that automatically respond, you’re vulnerable But this is the value that comes from using this integrated solution from Microsoft 365 because this how all these services work together Look at what this does for you It simplifies your IT, it make you more secure, and it does it in a way that is just lightning fast Now the reality is, even with all of this, there are gonna be times when a piece of malware or an attack makes it in and causes damage One of the most recent things we’ve all dealt with in the last calendar year was some of these ransomwares Let’s take a look at some of the innovation now that Microsoft 365 has done to even help you in the case where ransomware made it through and compromised your files So this is a real live scenario that far too many people saw last year I’m working along on my desktop and you know, boom – just like that, I see the WannaCry come up and my files have been encrypted They’re unusable to me You know, there’s my personal life and my business life, this is a devastating event But Microsoft 365 has done some amazing things to help us even in the case where these things make it through an take action that’s detrimental for us We can recover So what you’re looking at here is in OneDrive for business, I can actually take a look at the actions and the things that have happened on my files that are stored on OneDrive for business And notice in this timeline, its in a T-minus kind of a model and you can see the T-minus three, four, five, six of those days, there was a tremendous amount of action that happened on my files, far more than is average That is when all the files were being encrypted by WannaCry. So what I can do now, is I can just go back to T-minus seven and restore back to that last known good state It asks me here, are you sure you wanna restore your OneDrive, I do and then you can sit here and you can watch as your files are restored,

notice here they all have the WannaCry extension on them As your files are restored back at that last known good state, all your files come back and you’re off and running back as if it never happened again It’s just another world class example of having had world class defense, detection and response capabilities You have to have a model where you assume that you’ve been breached while you do everything you can to defend This is such an amazing scenario where you see how all the pieces are working together to even help in the case where something makes it through and takes actions, we can help you recover, so your users in your organization continues to press forward (upbeat music) – That was great You look great, I got an idea for what we do next – Alright – I’m thinking something like a training montage – This is a rehearsal – Well, you know, what is a rehearsal except a training montage for the rest of the film – I don’t understand what you’re trying to do – Think about it You’re a fit dude, it makes sense (upbeat music) awesome right? – Nope – Are you sure? – Absolutely not (upbeat music) Let’s now talk about the fourth area of suggestion that we’ve given to you, about how you can use Microsoft 365 to increase your security posture and make your organization more secure and more safe And we’ve taken a lot of this learning from what we’ve done here at Microsoft as we built out these incredible services that we operate around the globe And just to kind of give you some of the data points on this, we have close to a billion identities now in Azure Active Directory We have 120 million monthly active users of Office 365 These are services that are used every single day by organizations around the globe of all sizes and in all industries They are mission critical What that also means is that we have to do a world class job of protecting them, and to give you an idea of the investment here, we spend more than a billion dollars in just R and D on security For us, security just has to be a part of everything that we build and so our mantra for us is security has to be built in, not a bolt on And far to often we see when we work with our customers, is security isn’t integrated in the same way that it is in these cloud services that we built from the ground up So as you think about what your security posture is going forward and think about how you’re doing it in a modern way, bringing intelligence from the Cloud and having the Cloud provide you automation and intelligence, has to be core and has to be fundamental to everything you do from a security picture as you move forward And this is where Microsoft 365 brings you intelligence, brings you actions that can be taken automatically, but it also simplifies for you what you have to do As you build out these services and as you build out a security environment, complexity is the absolute enemy to security With complexity, there’s more moving parts to configure, there’s more things that can go wrong, there’s more things to integrate And so what we have found, in our own services that we have built is simplicity as a principle, also has made us more secure And we see this playing out with customers around the globe We see as organizations are moving to Microsoft 365, they’re able to reduce the number of moving parts they have to build, deploy, manage to a much more finite number. It’s easier that simplicity is great for IT, but that simplicity also feeds its way all the way out to the user experience You know, IT professionals are amazing But it’s just about impossible to hide a complex back end to your end users And so with Microsoft 365, we have spent years engineering these solutions to think holistically, to act holistically and to give you that security that you need to really defend your organizations in the light of the modern threats And let me just give you this one example, just something I’m going through right now with a customer This customer is getting ready to move to Microsoft 365 and they shared with me a deck a few days ago that showed on their Windows 7 and Windows 8 deployments, the number of agents, the number of configurations that they have deployed It was 50 different things that they did on a device before it was sent to the user As they are moving to Microsoft 365 that number reduces down to 12. Fewer agents, fewer things to have to worry about, fewer things to have to keep healthy. Better battery life, faster login for your users You know, there’s such a win that comes with simplicity for IT and for users And so as we think about how we have built this, simplicity has been a pillar and an architectural principle We believe as we’ve walked through all the investments that we’ve made over the last half an hour with you, and you see some of the additional pieces you see how we’ve thought holistically about how we secure your environment, how we manage your identities your devices, your files, your cloud services, how we protect information whether its behind the firewall, on devices, in the Cloud, in transit being sharing Security has to be holistic, because what’s happening

is the attackers are looking for that little chink in the armor, they’re looking for that piece where there is a seam between solutions and so these solutions that are integrated, that are holistic are far more secure (thundering) So let’s start by showing you some of the innovations that we’ve done looking at the ways that we give you guidance on how to think about security holistically Here, you’re looking at a security dashboard and in this dashboard, look at all the things that we bring together Each one of those bars right there, is a separate security solution for most organizations but in Microsoft 365 it’s one integrated whole So you’re anti malware, your software updates, all those pieces are brought together in one dashboard And as you look, we give you an overall score so you can benchmark how you are doing relative to the industry We also give you in each one of those categories, the next step that you should take to make yourself more secure Now one of the fundamental things here is OS security updates, I just cannot express enough and cannot overstate the important of staying current This mantra of get current and stay current has just got to be foundation of how you think about your security As I think about WannaCry in 2017, the particular update that would’ve prevented organizations from being affected by WannaCry was released close to 60 days before the attack was leveled You have to stay current with us One of your fundamental architectures, one of your fundamental pillars of all your investments has to be stay current So let’s look at some of the things we’re doing to help you stay current So I’m gonna walk you through now what the experience looks like in Intune This is our solution from the Cloud for managing all of your devices but I’m gonna focus on what we do to help you to deploy patches in this case or updates to Windows And the concept here, is you create rings And so you wanted to have an automated way where you start deploying updates the day they come out, put it out to a small number and then increase that over a period of days to where it goes broad in the entire organization And so I’m gonna show you the rings that I built here for this particular deployment and in this, you can see that I’ve got pilot ring, in this pilot ring roughly think about 1% of the organization and I wanna start deploying to that immediately so on day zero, patch Tuesday on those quality updates come out and security updates I wanna start deploying them What I then wanna do is assuming that everything goes well on day three, I wanna automatically have those go out to a broader pilot group and maybe this is 10% of your organization And is reflective of the different apps and the different configurations you have across the broader organization I then wanna let that run and if everything goes well, on day seven, I wanna have that patch or those updates automatically go to all of my organization This kind of an environment where its automated and in each step just automatically builds on the success of the other, is how you can do it in a hands free, automated way And of course for any reason, there’s a problem you can simply go right click and pause the deployments and the deployment rings will pause at that point This is what you have to get to You have to get to a model to where you start doing more testing in production than you do today Let me give you some of the insights we’ve seen from the configuration management data so you can understand how to benchmark yourself and then think about what you wanna do going forward So you have 105 million device that tell you that are reporting back telemetry to us in ConfigMgr I went and looked the other day ’cause I wanted to see what the average time it took for those 105 million devices to deploy security updates and the average across them is 14 days So first of all just benchmark yourself today, how long does it take you from the time that Microsoft comes out with security updates to get them deployed on the average across that more than 100 million is 14 days At Microsoft, we do it in seven We can actually do it in two if we have to And so we’ve written some blogs to talk about how we update but we start deploying on day zero across the entire organization And what we do is we actually roll out the deployments and we deploy them in the background in silent mode and then we wait for the users to reboot their PC Now at Microsoft because so many of us are running in dog food, at Microsoft 80% of the company reboots their PC in a given week So for that 80%, they never even see a patching alert coming up because it’s already done The patch is deployed in the background and then when it reboots, it’s automatically taken effect And so at Microsoft only 20% of our users on a regular basis even see the dialogue to reboot their PCs And I would argue, the best patch experience is no patch experience. So my advice and my challenge to you: benchmark where you’re at at today on getting quality updates You have to get current and stay current If you are not doing it in days, like less than 10 days, think about how you change your process and start doing more of that testing and production and have that in an automated way flow out across organizations because fundamental to keeping your organizations secure and safe is staying updated across all the operating systems with all the updates (birds chirping and dog barks) so there you have it, there are the innovations and the things that we have been doing inside of Microsoft 365 to help you and your team secure your organizations I mentioned in the beginning that there’s no greater time to be an IT professional There is no greater time for you to take that leadership position to help drive the digital change that has to happen and to help drive the culture in your organizations I fundamentally believe that today is a time when IT

is looked on to help push the organization forward and there’s no better time than today for IT to help drive that cultural change that needs to happen in organization as they transform With Microsoft 365, we have built out these four areas of investment, we encourage you to get deployed So first and foremost, make sure you deploy identity driven security. Second, protect your data anywhere it is Third, deploy advanced threat detection and response capabilities. And fourth, think about your security in a holistic manner This is why we built Microsoft 365 and we think that as you embrace this and as you deploy it, you’re gonna see those benefits Your organization will be more secure You as IT will have a broader impact Now if you’re wondering are these things being deployed, let me give you just a couple of data points that help you understand just how fast they’re being deployed First of all, we have just shy of a billion Azure Active Directory identities that are being used around the globe, a billion We have more than 120 million monthly active users of Office 365 What’s more critical for organizations than their files and their email? Plus, you think about identities coming under protection and devices coming under protection We have seen a greater than 400% growth in usage while we’ve seen, 13 consecutive quarters of greater than 100% growth on the revenue of the licenses There are now more than 60,000 unique organizations that have purchased EMS, it’s the fastest growing product in the history of the company So if you’re wondering where to get started, you know, my biggest piece of advice is just start doing something Many of you already own Microsoft 365 and are just looking for what’s that first place you should start at My biggest advice is take advantage of the programs that we’ve built like FasTrack, like the customer experience teams that exist across all the engineering teams One of the fundamental shifts that we’ve done at Microsoft is the engineering teams are now all incented and our goals are all set around usage We wanna learn from you and wanna work with you So we make sure the product we’ve built, can be deployed and used in your unique organization So look for these URLs and go get educated and be aware of the programs that exist They’re free of charge, they’re delivered by the engineering teams to help you get deployed and seeing value from using Microsoft 365 We think we have an incredible, unique set of capabilities for you here There’s been years and years of engineering in building this out and I think as we look back at 2017 and 2018 we’ll look back at the the time when Microsoft 365 was announced and we’ll see how it fundamentally changed how organizations, how IT professionals like you were able to empower their users to achieve more Now throughout the last few minutes, we talked about your need to heave multiple intelligent clouds giving you back up to protect your organizations It does take multiple clouds. At Microsoft we think we have some very unique knowledge and some very unique intelligence But we’re working across the industry to bring what they have that is unique together, as well with ours And so, we’ve been working with partners whether its in the hardware, with OEM partners, with ISVs that focus on security or protection or management The ecosystem around Microsoft 365 is the broadest in the industry and it not only provides you the solution that you need, but it brings together the intelligence and we can bring that intelligence together in a way that is continually put to work on your behalf and on behalf of your organizations (upbeat music) (buzzing buzzer) so that’s it, we’re done right? – This looks awesome, you’re doing great You are definitely ready to go – I- it’s gonna be a lot of fun I get what you wanna do now with this I think this’ll be very effective So we’re gonna record tomorrow? – Well that’s the thing You’re ready I just, I don’t know about the whole green thing – So, so wait, now you’re saying this isn’t gonna work? – I mean, with the right amount of editing, we could do it – You can make it work – Well the one thing we have going for us is this studio actually is a really cool AI that helps with the post production process (playful electronic sound) (upbeat music) – This is gonna be great

You Want To Have Your Favorite Car?

We have a big list of modern & classic cars in both used and new categories.