What is Microsoft Enterprise Mobility Suite?
Microsoft Enterprise Mobility Suite (EMS) is a set of tools that are deeply integrated to provide you with all you need to administer, provision and secure the devices that are used in your enterprise. With EMS, you can manage smartphones, tablets, and laptops in a single system where you can also manage user credentials, applications and security from a single place. In this series about Microsoft EMS, I will provide you with an overview of this suite. This first article in the series will give you a general overview of the services and components that make up the suite. In the next series of articles that follow, you will also be able to read about each of the components in more depth.
EMS is a great tool for enterprises that want to keep better control of their assets and intellectual property (IP), while minimizing the impact of human resources needed. Enterprise Mobility Suite can easily manage more workstations, laptops, tablets, smartphones, and apps with less resources because of its deep integration. Because the tools are cloud-based, there’s no need to worry about versioning, updating or upgrading the EMS platform, eliminating that cost from the equation.
“One pane of glass to manage PCs and Mobile devices integrated across all the things that you are doing.”
Brad Anderson, Corporate VP, Enterprise Client and Mobility
Through the use of Azure Active Directory, you can not only run a Windows domain for your local network, but also integrate thousands of apps into a single set of credentials. Think about how easy it is to use Outlook without having to log in with your domain credentials every time you start the application. This same level of integration is provided with thousands of third-party apps where the same credentials can be integrated. Enterprise Mobility Suite provides you with a Single Sign-On strategy right out of the box. Applications like Salesforce, Concur and Workday that are so common in today’s enterprises will just open up whenever you launch them without needing to remember yet another password.
When access needs to be prevented in multiple apps, admins need to spend a considerable amount of time on each system being managed. With Enterprise Mobility Suite, it only takes a few clicks to deny access to all managed systems. Employees can also use self-service management tools that lets them do minor maintenance that would have otherwise taken time from administrators.
EMS helps administrators manage all devices from a single console. Desktops, laptops, tablets and smartphones can be managed from this platform. What is more important, this is one of the very few platforms that supports management of devices from other platforms. Windows, iOS and Android integrate very well into EMS’ management platform. Windows 10 devices in particular benefit from an even deeper integration. Enterprise Mobility Suite is an ideal solution both for enterprises, where BYOD and corporate provided devices are used. Features as rich as deploying apps on registration help with making the user experience more consistent, even on different mobile device platforms.
In BYOD enterprises, device management is simplified when users are required to sign up and accept security policies that allow the removal of Enterprise intellectual property. In the other end of the spectrum, there are corporate provided devices that have been pre-joined and accepted such policies as well. Accepting those security policies is instrumental to protecting corporate information. Additionally, remote device wipe guarantees that intellectual property is protected at all costs by allowing an administrator to completely erase a device in case of loss or theft.
Enterprise Mobility Suite integrates through Identity services with thousands of apps across a similarly wide number of vendors as mentioned above, but there are mobile apps that integrate with this service, such as Office Mobile for all mobile platforms, where the integration happens aiming at protecting IP. This will be explained in detail when we take a look at security. Application integration on mobile devices also allows for automatic deployment of certain apps that pass a minimum set of requirements from the enterprise.
One of the integrated apps is the desktop, which is now available in virtualized mode. Enterprise Mobility Suite allows for access and management of desktop virtualization in such a way that users may take advantage of a virtual desktop or even virtualized applications to be able to run them in cases where there may be some compatibility or availability issue.
Security is an integral part of all these components, but it is worth mentioning how it works within Enterprise Mobility Suite. Through the implementation of Cloud Identity or Azure Active Directory, you are now effectively running your security in the cloud. This implementation makes your Enterprise’s AD impervious to server and hardware failure as it is guaranteed for high uptime via SLAs (Microsoft reimburses customers if uptime goal is not met).
Securing corporate intellectual property is now quick and easy with Enterprise Mobility Suite as it will allow or prevent, depending on your needs, sharing, emailing, attaching and copying files marked as containing IP owned by the enterprise. If IP assets are shared, that access can be revoked, recalled and removed whenever needed. If a file was in someone’s email, and it now becomes unauthorized to the user in question, the contents will no longer be visible. All these features come included along with the ability to natively encrypt and only decrypt if the right users are attempting to access the information.
Finally, Advanced Threat Detection is one of the smartest modules in the suite. According to Microsoft and industry statistics, it takes at least 200 days for a targeted attack to be detected. This means that an attacker could be lurking throughout enterprise systems for that long until their access is detected and removed. The sheer amount of proprietary information that could be gathered is just too much in such an amount of time. With the aid of usage metrics and behavioral analysis, EMS is able to know the usage patterns that your users have. One minor caveat; the system needs to be online analyzing patterns for at least 30 days to be useful. This will lead to the ability to detect any breaks from patterns and thus detect any intrusion in a much shorter period of time. Advanced Threat Analytics helps enterprises identify threats using a clear, actionable report with a simple attack timeline.
There’s no question that if an enterprise were to get these components as standalone services, it would achieve the same goals than they would with the suite. However, the fact remains that by purchasing access to EMS, the cost would be reduced to $8.75 (USD) per month per user at the time of writing this article. That is a 50 percent discount from purchasing the stand-alone services at $17.50 per month per user.
Overall Enterprise Mobility Suite is a great option for small and large enterprises, especially if they value the pragmatism mobility brings to the table. The high variety of devices poses no difficulty to administrators using EMS as long as those devices conform with the minimum requirements for running and executing the policies to be enforced. Azure Active Directory also helps users and administrators alike by reducing the work involved in managing credentials and part of the process of onboarding.
The security level that can be achieved by implementing the Advanced Threat Detection is a significant addition, especially for small companies or startups where human resources can be scarce and everyone usually wears multiple hats. Finally the pricing is extremely reasonable and a convenient addition to services, such as Office 365, which can be integrated.