The prevalence of personal smartphones, tablets, and other mobile devices within the enterprise space has created a host of issues for IT administrators. The bring your own device (BYOD) trend is here to stay, and with nearly 7 billion devices in use worldwide, accommodating employees’ use of them extends beyond providing network access as mobile devices have become potential vectors of major threats to organizational security. Tech Republic’s Will Kelly provided a great assessment of Microsoft’s answer to these challenges with its Enterprise Mobility Suite (EMS).
“Microsoft Enterprise Mobility Suite (EMS) roared into the mobile device management (MDM) market last year that was awash in notable acquisitions and startup activity. Notably, EMS includes support for iOS, Android, and Windows Phone. While EMS came into the mobility market late, Microsoft was strategic about launching the solution. I split the MDM market into three parts:
- Those companies that have been acquired
- Those companies aiming (or struggling) to be acquired
I split Microsoft into its own part because their solution presented an all-encompassing suite covering identity and access management, mobile device, and mobile app management and data protection that leveraged their existing cloud offerings.
I recently had a chance to speak with Andrew Conway, senior director of enterprise mobility at Microsoft to discuss the Enterprise Mobility Suite (EMS) and get a view behind the scenes of their EMS strategy.
Elements of the Microsoft Enterprise Mobility Suite
Microsoft Enterprise Mobility Suite is built on the following Microsoft cloud platforms:
- Azure Active Directory Premium for identity rights management
- Microsoft Intune for MDM and mobile application management (MAM)
- Azure Rights Management for document and data security
EMS and rights management
I give Microsoft credit for weaving rights management into the EMS solution considering the potential data loss issues surrounding BYOD and enterprise mobility. The inclusion of Azure Rights Management as part of EMS should make the solution attractive to enterprises in compliance-based industries.
Conway explains rights management in EMS, “It’s essentially encrypting individual files and managing access to those files based on rights related to an individual’s active directory credentials.”
EMS and identity management
The emphasis on identity management in EMS via Azure Activity Directory is a big differentiator for the solution and enables EMS to keep pace with the growth of BYOD, Choose Your Own Device (CYOD), and subsequent growth in Software as a Service (SaaS) applications. Conway told me during our interview that Microsoft is investing super heavily in identity management and that it forms a key part that underpins EMS.
“What we see are enterprises are just coming to terms with maybe there’s a lot of unauthorized SaaS usage by their employees or they are getting their hands around departmental SaaS usage,” explains Conway. “One of the things around identity specifically, a cloud-based identity service like Azure ID allows you an access control point to SaaS applications.”
Conway cites the advantage of the identity management in EMS including:
- Single sign-on (SSO) for users
- Multiple reporting options for IT around which users are acceding what, and where the users are accessing it from
- Multifactor authentication
EMS brings the features to bear to enable enterprises to understand what some of the security issues may or may not be.
Device and application management in EMS
“We do device management as well and within the Enterprise Mobility Suite that is a feature of the Intune service,” Conway explains. “We manage at the level of the application too.” Intune takes a container or “wrapper approach” to security.
The InTune Service’s management features cover:
- Device management
- Settings management
- Device provisioning
- Remote wiping
EMS and Microsoft Office
The launch of Microsoft Office for iOS and later Office for Android were long overdue in my opinion. Conways pointed out to me that since last December, enterprises can manage Office mobile apps directly from InTune. In February, they extended Office support in Intune to the new Office for Android and the popular OneNote for iOS.”
You can find Will Kelly’s full article here, https://www.techrepublic.com/article/improving-byod-security-with-microsoft-enterprise-mobility-suite/.
-Joe Cappiello, PEI
 Dorrier, Jason, “There Are 7 Billion Mobile Devices On Earth, Almost One For Each Person,” https://singularityhub.com/2014/02/18/there-are-7-billion-mobile-devices-on-earth-almost-one-for-each-person/, 2/18/2014.