Into the Cloud with Microsoft Enterprise Mobility Suite

What exactly is Enterprise Mobility Suite (EMS)?

Microsoft has a number of technical solutions that can manage devices and applications as well as (organizational) access and people. Each solution is a separate product, but they work so well together, that they can be considered as a suite of software. This is Enterprise Mobility Suite (EMS). The products that make up EMS are:
• Azure Active Directory Premium
• Microsoft Intune
• Azure Rights Management
• Microsoft Advanced Threat Analytics

EMS is part of Microsoft’s SaaS solution and is convenient for organizations that want to be more flexible by moving into the cloud. The components of EMS work seamlessly with each other. To understand how, we will discuss each one individually.

Azure Active Directory Premium (Azure AD)

Azure AD is an identity management service based on multi-tenant cloud based directories, all incorporated within MIM. For Business Information management and Business Analysts, Azure AD easily provides SSO employee-access to countless SaaS applications. The Premium version has no limits as to the number of applications and users.
Azure AD can be used as a complete solution for identity management, with functionalities like multi-factor authentication (MFA), self-service portals- and management, privileged account management (PAM), role based access control (RBAC), and auditing and monitoring. Access- and usage reports and analyses can also be composed and provided.

An important feature of Azure AD Premium is Cloud App Discovery. This feature can discover unmanaged or unrestricted (cloud) applications that users have installed on their PC. An example of an unmanaged application that stores its data in the cloud is Evernote. Evernote, like One Note, is an application that stores notes in the cloud and allows syncing across multiple devices, but initially is not managed. Cloud App Discovery can analyse the usage (and not the information!) for ‘normal’ behaviour (compared to, for example, a login attempt from a foreign PC or unusual timeframes). Normal and abnormal behavioural can be presented in a usage-report, and SSO can be utilized for usage- and access management.

Azure AD premium also simplifies implementation of a hybrid IAM environment, a combination of on-premise and cloud solutions. This is possible because complex architecture is made easy with MIM.
In a special portal for the feature Connect Health warnings about aspects that require attention are provided, but current statuses are monitored as well as providing deeper usage analyses. It is possible to look at entire information streams from a bird’s eye view, as well as zoomed into a specific service.

Microsoft Intune

Intune is a software solution that completely focuses on mobile devices and mobile applications. Access to Microsoft products, such as Exchange, can be managed with Intune. Access (and temporary access) certificates for, in example, VPN and Wifi connections can be provided. When using Intune, it is not necessary to purchase any other hardware or building infrastructure. Everything is safely managed in the cloud, only accessible by those with correct permission certificates.

Azure Rights Management (Azure RMS)

Azure AD and Intune mainly focus on (continuously) changing access rights for applications and accounts. Azure RMS focuses on the content, the data one needs access to. Azure RMS makes it possible to keep control over the fate of, for example, Office 365 or SharePoint files, folders, and messaging. Management and control is not restricted to who can see, adjust, or copy when using a Microsoft online application. Azure RMS upholds the rules for accessing a secured object on offline, local devices as well.

The term “Information management” would be more applicable to Azure RMS since Office 365 messaging can be encrypted as well. Azure RMS itself thus actually exists out of two components: Information Rights Management (IRM) and Office 365 Message Encryption. IRM offers multiple options for protecting e-mail and protects content whether it is accessed online or offline. IRM also improves the security of SharePoint data libraries. Office 365 Message Encryption makes sharing files and messages safe, secure, and encrypted.

Microsoft Advanced Threat Analytics (ATA)

Advanced Threat Analytics (ATA) is the latest feature added to Enterprise Mobility Suite. Your company data is under continuous threat by those with malicious intent. Hackers may already be present in your database by way of social engineering, seeking their holy grail: credentials of admin accounts. ATA learns in an autodidactic manner what the habits of account users are. By knowing the usual manner of working, ATA can recognize abnormal activity such as login attempts on different geographical locations. The reaction ATA performs after abnormal activity can be set up by users themselves. Read more about ATA in one of our previous articles.

Microsoft Enterprise Mobility Suite is composed of four solutions which, when taken together, can be more than the sum of individual parts. EMS makes it possible to access databases, applications, mobile applications, account- and account data, in a safe manner. Your data in Office 365, SharePoint, and Exchange can be encrypted and shared in a reliable way. ATA recognizes potential threats to the system and alerts the user- and administrator to these threats. ATA responds how you want it to respond, just like the entirety of EMS.