Enterprise Mobility Suite Overview

Enterprise Mobility Suite (EMS)

Enterprise Mobility Suite (EMS) is a Microsoft solution for empowering users with anytime access and anywhere access, while making sure IT can protect users and data, and easily manage the environment.

Enterprise Mobility Suite includes the following 3 products:

  1. Microsoft Azure Active Directory Premium
  2. Microsoft Windows Intune
  3. Microsoft Azure Rights Management Service

Now let’s look at what these products are.

Microsoft Azure Active Directory Premium

Azure Active Directory Premium is a service that provides identity and access management capabilities in the cloud.

Active Active Directory Premium edition is a paid offering of Azure AD and includes the following features (As it is originally posted in Message Ops):

  • Company branding: You can put your logo and color schemes in your company’s Sign In and Access Panel pages. Once you’ve added your logo, you also have the option to add localized versions of the logo for different languages and locales.
  • Group-based application access– Use groups to provision users and assign user access in bulk to over 1200 SaaS applications.
  • Self-service password reset – Azure has always provided self-service password reset for directory administrators.
  • Self-service group management – Azure Active Directory Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests and maintain their group’s memberships.
  • Advanced security reports and alerts – Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are machine learning-based and can help you gain new insights to improve access security and respond to potential threats.
  • Multi-Factor Authentication – Multi-Factor Authentication is now included with Premium and can help you to secure access to Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and over 1200 Non-MS Cloud services preintegrated with Azure AD. Simply enable Multi-Factor Authentication for Azure AD identities, and users will be prompted to set up additional verification the next time they sign in.
  • Forefront Identity Manager (FIM) – Premium comes with the option to grant rights to use a FIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit on the number of FIM servers you can use, however, FIM CALs are granted based on the allocation of an Azure AD premium user license.
  • Enterprise SLA of 99.9% – Guaranteed at least 99.9% availability of the Azure Active Directory Premium service.

Microsoft Windows Intune

Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.

As per Microsoft, following are the benefits of Microsoft Windows Intune:

Device choice
Provide employees with the ability to register, enroll, and manage their devices as well as install corporate applications from the self-service Company Portal – all from the devices of their choice.

Unparalleled management of Office mobile apps
Help maximize productivity by enabling your employees to access corporate resources with the Office mobile apps they know and love while applying policies that can help prevent leakage of company data.

Data protection
Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on the enrollment status of the device and the compliance policies set by the administrator.

No infrastructure required
Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.

Enterprise integration
Extend your existing System Center Configuration Manager infrastructure through integration with Intune to provide a consistent management experience across devices on-premises and in the cloud.

Flexible licensing
Spend less time counting devices with per-user licensing for Intune. Intune is also included as part of the Enterprise Mobility Suite, the most cost-effective way to acquire Intune, Azure Active Directory Premium, and Azure Rights Management.

Microsoft Azure Rights Management Service

Use Microsoft Azure Rights Management (Azure RMS) to help you protect your organization’s sensitive information from unauthorized access, and control how this information is used. Rights Management uses encryption, identity, and authorization policies to help secure your files and email. In comparison to standard access controls, such as NTFS permissions, protection that is applied by using Rights Management stays with the files and emails, independently of the location—inside or outside your organization, networks, file servers, and applications. You remain in control of your data even when it is shared with other people.

Useful Resources

12 Minute Enterprise Mobility Suite Demo

Microsoft Enterprise Mobility Suite Overview

Microsoft Enterprise Mobility Suite Overview

Microsoft Enterprise Mobility Suite: Mobile Device Management