In the current Bring Your Own Device (BYOD) era of Information Technology, companies are taking a close look at how they manage mobile devices and they are asking questions such as:
- What mobile management capabilities do we currently have?
- What mobile management capabilities do we want to have?
- What security concerns do we need to address?
Of course, this is only the tip of the iceberg. Inevitably, companies are looking at various tools to start addressing mobile device management in a mature manner, and Microsoft’s Enterprise Mobility Suite (EMS) is a great answer to many of the questions that enterprises have in this space. EMS seeks to address four main pillars:
Briefly, Identity is the concept that an End User can sign into countless applications with their same company credentials. The Devices are of course the mobile devices that you’re managing and include iOS, Android, and Windows devices. Your Apps are the applications that users need in order to get their job done. And lastly, your Data consists of the files and information you wish to encrypt and restrict access to.
EMS consists of Azure Active Directory Premium (AADP), Microsoft Intune, and Azure Rights Management. Azure Active Directory Premium is a service that provides comprehensive identity and access management capabilities in the cloud. Microsoft Intune is a solution that helps you to manage your computers and mobile devices and to secure your company’s information. Azure Rights Management uses encryption, identity, and authorization policies to help secure your files and email across multiple devices—phones, tablets, and PCs.
Microsoft was recently chosen as a visionary in the Enterprise Mobility Management space, and is improving their toolset at a pace that would impress any CEO. This is a testament to Microsoft’s hard work in this space. I have been working a great deal in this area, especially in recent months, and I wanted to share the parts of EMS that I find the most intriguing.
#1: Free Trials and Overall Value
Microsoft offers free trials of pieces of the EMS offering. This is a great way to try before you buy, as they say. From there, when you see how great EMS is, you can buy into it at a great price!
|Identity and access
|Mobile device and
|Total cost (per user/month)||$7.60*
*Microsoft Open ERP per user per month pricing for EMS as of 3/1/2015. Includes Azure Active Directory Premium, Azure Rights Management and Microsoft Intune.
#2: Conditional Access to E-mail
Conditional Access is protecting content by requiring criteria to be met before access to content is granted. In this case Microsoft Intune’s Conditional Access to corporate email means that until you sign up to be managed by Microsoft Intune on your mobile device, you will be unable to access your corporate email from your mobile device. It is a great way to force users to register with Intune for Mobile Device Management and Mobile Application Management. If they fail to comply, they will not be able to check their email from their device.
#3: Secure Files, even if files leave the company.
Azure Rights Management allows companies to encrypt files and tie those files to corporate user accounts so that the files cannot be opened by anyone outside the company. This means that even if a file “walks” out of the company via a USB flash drive, or via an email, the data still won’t be readable unless accessed by a corporate account with access granted.
#4: Managing devices from all the big players.
Managing any modern device is the goal of Microsoft Intune and the other pieces of EMS. So you will find support for:
- Apple iOS 6.0 and later (Note: New devices must be running iOS version 7.1 or later in order to enroll in Intune. Version 6.0 will continue to be supported on devices that are already enrolled in Intune.)
- Google Android 4.0 and later (includes Samsung KNOX)
- Windows Phone 8.0 and later
- Windows RT and Windows 8.1 RT
- Windows 8.0 and later computers (managed as mobile devices)
#5: Azure Active Directory Premium
Okay okay, so Azure Active Directory Premium (AADP) is extremely broad. AADP enables so many cool capabilities, I couldn’t resist. Here’s a taste of what it does for Windows 10:
- Self-provisioning of corporate owned devices.
- Use existing organizational accounts.
- Automatic MDM enrollment.
- Single Sign-On to company resources in the cloud.
- Single Sign-on for on-premises
- Access to an Enterprise-ready Windows store.
- Support for modern form factors.
- OS State Roaming.
More on these things can be found here.
If you haven’t looked at EMS already, it is worth your time. If you have looked at EMS already, look again because it is being updated aggressively to bring new features. The suite is worth your time investment, and with free trials you don’t have to invest your company’s money until you are ready.