Microsoft Enterprise Mobility and Security: Do you need it?
Nowadays, office staff can go log in to their user account using any PC in the office. Additionally, they’re not limited to the office — they can work practically wherever they want and use all sorts of portable devices like laptops, tablets, and smartphones. They can save work files on those devices or retrieve documents from the cloud. Greater mobility and flexibility increase productivity, but they also make securing company data more challenging.
For this reason, Microsoft aims to help businesses simultaneously leverage portable technology and secure their data with a suite of products called Microsoft Enterprise Mobility + Security (EMS). Let’s take a look at what EMS is and how it can benefit businesses like yours.
What is Microsoft EMS?
Microsoft EMS is a collection of software products that allow organizations to manage all work devices and virtual identities assigned to parties who are authorized to use company data. In simpler terms, EMS enables employees to work wherever they want, on whichever device while also granting employers the power to secure and control access to company data.
EMS has four main components, namely Azure Active Directory Premium, Microsoft Intune, Azure Rights Management, and Microsoft Advanced Threat Analytics.
Azure Active Directory Premium simplifies identity and access management
Your team uses many cloud-based apps and on-premises software, such as email, project management apps, text editors, virtual meeting apps, and customer relationship management programs. Considering that every app they use requires them to create user profiles — and access credentials to go with these profiles — work can get pretty messy pretty fast.
Azure Active Directory Premium simplifies software utilization by assigning each user a virtual identity and then linking that to all of the other logins that the user has. That user can log in to Azure Active Directory Premium and gain immediate access to all of the other apps they use. This feature is commonly known as single sign-on, or SSO.
Other features of Azure Active Directory Premium are:
● Login reporting and access request metadata tracking
● Conditional access to prevent users from logging in when certain criteria are not met
● Multifactor authentication for increasing access requirements as needed
Microsoft Intune simplifies mobile device management
Company data and cloud-based IT resources should be kept secure, regardless of whether these are accessed on a device that’s company-issued or personally owned by the user. Microsoft Intune fulfills this requirement by linking a user’s Active Directory company-issued profile to the devices they use. Work-related activities are monitored and recorded through this corporate profile, so app usage and data access can be effectively managed and controlled via Intune. And since this corporate profile is separate from the user’s personal profile, the user doesn’t have to surrender complete control of their devices to the IT department.
Intune can also be used to:
● Deploy company apps to devices
● Apply software updates and security patches as soon as these become available
● Allow users to download apps approved by the company
● Block access to data, apps, devices, and users
Azure Rights Management allows you to implement document-level security
Azure Rights Management enables you to protect sensitive data by applying access controls over the documents they live in. That is, you can stop people from accessing protected documents according to criteria such as:
● Employment status (e.g., a terminated employee won’t be able to open company files, even those stored on external hard drives)
● Viewing date (i.e., you can allow users to view documents during a specific time period)
● User’s security clearance and/or role in the company (e.g., someone from marketing can’t view documents from HR)
Microsoft Advanced Threat Analytics enables real-time threat mitigation
Advanced Threat Analytics compiles data from every user and device, recording login locations, access requests, files opened, and much more. From all of these emerge patterns of normal behavior, which serve as a backdrop against which suspicious activities and cyberattacks can be more easily spotted.
If your company heavily relies on tech like mobile devices and the cloud, then it may benefit greatly from Microsoft Enterprise Mobility + Security. Set a consultation appointment with our IT experts at SimplyClouds to learn more.
Categories: Microsoft Azure, Identity and access management
Tags: Microsoft Azure, Microsoft EMS, multi factor authentication, Microsoft InTune, Microsoft Advanced Threat Analytics, Mobile device management, Azure Active Directory Premium, Document-level security, Azure Rights Management, Single sign-onShare