Improving BYOD security with Microsoft Enterprise Mobility Suite
Microsoft Enterprise Mobility Suite (EMS) roared into the mobile device management (MDM) market last year that was awash in notable acquisitions and startup activity. Notably, EMS includes support for iOS, Android, and Windows Phone. While EMS came into the mobility market late, Microsoft was strategic about launching the solution. I split the MDM market into three parts:
Those companies that have been acquired
Those companies aiming (or struggling) to be acquired
Microsoft
I split Microsoft into its own part because their solution presented an all-encompassing suite covering identity and access management, mobile device, and mobile app management and data protection that leveraged their existing cloud offerings.
I recently had a chance to speak with Andrew Conway, senior director of enterprise mobility at Microsoft to discuss the Enterprise Mobility Suite (EMS) and get a view behind the scenes of their EMS strategy.
Elements of the Microsoft Enterprise Mobility Suite
Microsoft Enterprise Mobility Suite is built on the following Microsoft cloud platforms:
Azure Active Directory Premium for identity rights management
Microsoft Intune for MDM and mobile application management (MAM)
Azure Rights Management for document and data security
Microsoft Enterprise Mobility Suite is available through the Microsoft Enterprise Volume Purchasing plan.
Strategy behind EMS
When I asked Conway about some of the strategy behind EMS he explained that a trend Microsoft is seeing amongst their partners and customers is an increasing number of mobile devices people are using for work while at the same time seeing a rise in Software as a Service (SaaS) applications.
"It's the combination of these two trends that's interesting rather than just BYOD or device growth trends," says Conway.
The cloud and Bring Your Own Device (BYOD) were strong trends I saw in 2014, that I expect to see continue in 2015. EMS is positioned to capitalize on the intersection of these two trends.
Conway also points out that Office for iOS is a big part of the overall EMS strategy. More on Office as part of their strategy later.
"We take a very broad view of the space relative to some of the other solutions and for us it begins with the user, an individual, and their identity," Conway offers. "What we've seen is as the number of devices grows customers are shifting the way they manage it from an IT point of view away from a traditional device management approach into one that really centers on the user."
EMS follows in the steps of Microsoft's core PC management solution from a device-centric to a user-centric model. This pivot by Microsoft to users applies to management, inventory, and app delivery.
Conway also told me that user identity is proving to be a super useful control plane for IT in terms of getting their hands around these new challenges of mobile devices and cloud services. Microsoft aims for identity management in EMS to be the tooling for their customers to manage devices.
EMS and rights management
I give Microsoft credit for weaving rights management into the EMS solution considering the potential data loss issues surrounding BYOD and enterprise mobility. The inclusion of Azure Rights Management as part of EMS should make the solution attractive to enterprises in compliance-based industries.
Conway explains rights management in EMS, "It's essentially encrypting individual files and managing access to those files based on rights related to an individual's active directory credentials."
EMS and identity management
The emphasis on identity management in EMS via Azure Activity Directory is a big differentiator for the solution and enables EMS to keep pace with the growth of BYOD, Choose Your Own Device (CYOD), and subsequent growth in Software as a Service (SaaS) applications. Conway told me during our interview that Microsoft is investing super heavily in identity management and that it forms a key part that underpins EMS.
"What we see are enterprises are just coming to terms with maybe there's a lot of unauthorized SaaS usage by their employees or they are getting their hands around departmental SaaS usage," explains Conway. "One of the things around identity specifically, a cloud-based identity service like Azure ID allows you an access control point to SaaS applications."
Conway cites the advantage of the identity management in EMS including:
Single sign-on (SSO) for users
Multiple reporting options for IT around which users are acceding what, and where the users are accessing it from
Multifactor authentication
EMS brings the features to bear to enable enterprises to understand what some of the security issues may or may not be.
Device and application management in EMS
"We do device management as well and within the Enterprise Mobility Suite that is a feature of the Intune service," Conway explains. "We manage at the level of the application too." Intune takes a container or "wrapper approach" to security.
The InTune Service's management features cover:
Device management
Settings management
Device provisioning
Remote wiping
EMS and Microsoft Office
The launch of Microsoft Office for iOS and later Office for Android were long overdue in my opinion. Conways pointed out to me that since last December, enterprises can manage Office mobile apps directly from InTune. In February, they extended Office support in Intune to the new Office for Android and the popular OneNote for iOS.
Final analysis
EMS is another sign of more enterprise mobile Microsoft under CEO Satya Nadella. I've criticized Microsoft's mobile strategy (or lack thereof at the time) in the past, but I see EMS a strategic product for the company that builds on their enterprise legacy leading to a more mobile future.
Finally, with their cloud-based services approach to EMS and the newly announced monthly cadence to adding new EMS features should help gain the platform more customer attention and market traction in 2015.
See also:
