With the big push to the cloud, the Enterprise Mobility and Security offering emphasizes Microsoft’s mobile first, cloud first strategy.  EMS focuses on three areas:

• Hybrid and Cloud Identity – Enabled through Azure Active Directory Premium
• Mobile Device Management -Microsoft Intune.
• Data Protection and Security – Azure Information Protection/ MS Advance Threat Analytics.

In this article, we will review each of these offerings and how it can help your business.

Azure AD Premium

Is a single sign-on or connection that links a user to multiple applications and multiple cloud solutions including social media accounts and other SaaS applications.  Almost all organizations have different applications users access; personal and business from the same device.  Azure AD also includes a full suite of identity management capabilities including multi-factor authentication (identifies the user) , self-service password management (retrieve password) , self-service group management and security monitoring and alerting (identify threats).

Intune

One of the number one questions asked around the BYOD concept is “what happens if my employee leaves”  One of the features of Intune is Selective Wipe, which allows IT staff to wipe corporate data remotely from that device via self-service company portal or admin console, but not touch the individuals personal applications (Facebook as an example).

In addition to mobile device management, it also helps IT administrators with the ability to push company apps automatically and allow users to easily install corporate apps from the self-service company portal.

One other feature of Intune is email.  If a company wants to protect an attachment through Intune security, IT administrators can set protection parameters on that attachment that will prevent the user from copying and pasting into another application.  Let’s say you have a company spreadsheet with private financial information.  In order to prevent  the user of just copying that application into another spreadsheet or word docs, the IT admin can use Intune to prevent unauthorized distribution.

Azure Information Protection (Azure Rights Management)

Using the email example above, Azure Info Protection allows an IT admin to set permissions of who can receive not receive the email.  As an example, let’s say you send an email to a vendor with personal information, using Azure Info Protection, the sender can set a no-forward policy or even an email expiration in which the email will auto delete so no unauthorized users can access that email.

Microsoft Advance Threat Analytics 

MS Advance Threat Analytics is a preventative security measure to protect the user from unauthorized use of personal information.  A credit card is a good example.  Using behavioral analytics, Advance Threat Analytics (ATN) will notice unusual activity on a customer’s account.

How to buy

You can purchase the EMS offering through various channels and programs.  Similar to most program, buying EMS as a package is more cost competitive than buying as individual components.

Volume Licensing:  When customers who purchased Windows Server CAL, Microsoft System Center Configuration Manager, System Center Endpoint Protection and Microsoft Active Directory Rights Management Services CALs via the Microsoft Enterprise Volume Licensing agreements they will have the ability purchase the Enterprise Mobility + Security Add-on.  This is much cheaper than buying the full user license since you already made the investment in certain technologies.

CSP: When working with a CSP partner, you can either resell or consume EMS for your own internal use.  When using CSP, you either provide the support (as a CSP Direct/Tier 1 provider) or work with a distributor (CSP Indirect/Tier 2) to sell to your end customers as a managed service provider.  The cost varies depending on number of users and the support offering.

I hope this provides some insight into EMS.  More articles on this coming soon!

Thanks for reading,

CSP Man