Get in touch with us!

What is EMS (Enterprise Mobility Suite) and should you get it?

This blog post will break down EMS (Enterprise Mobility Suite) by first giving you an overview including some YouTube videos.
And you will then get a detailed look at the three different services that Enterprise Mobility Suite is built upon.

You might think that many of these features are included in licenses or services that you already own?
Well the second part of the blog post will describe the differences in detail and you will see that its not really the case as Enterprise Mobility Suite includes much more and got a lot of great features that you cant get anywhere else.

These particular features makes Enterprise Mobility Suite a must have and it gets our strong recommendation to buy with any Office 365 plan.

Remember that you can always contact us if you have any questions regarding Office 365 or Enterprise Mobility Suite on phone: +468239600 or email:  cs@altitude365.com

 

Now let us start with the basics of Enterprise Mobility Suite.

The Enterprise Mobility Suite is a comprehensive suite of cloud services to address your consumerization of IT, BYOD (Bring Your Own Device), and SaaS (Software as a Service) challenges.
The suite is the most cost effective way to acquire all of the included Microsoft cloud services:

Please take a few minutes to watch the videos to get a better understanding of what Enterprise Mobility Suite can do for your organizations.

 

 

Hybrid Identity and access management, Azure AD Premium delivers robust identity and access management from the cloud, in sync with your existing on-premises deployments:

  • -Cloud-based self-service password reset for your employees
  • -Group Management, including user self-service management of groups
  • -Group-based provisioning and access management for hundreds of Software as a Service applications-
  • -Machine learning-driven security reports to show log-in anomalies and other threats
  • -Rich and robust synchronization of user identities from on-premises directories, including write back of changes
  • -Reduce risk and support compliance requirements with comprehensive Multi-Factor Authentication (MFA) options Mobile device management

 

 

Windows Intune enables you to manage PCs and mobile devices from the cloud. People can use the devices they love for work while protecting corporate data and adhering to security policies:

  • -Deliver and manage apps across a broad range of devices.
  • -Manage a variety of device types, from Windows, Windows RT, and Windows Phone 8 to Apple iOS and Google Android.
  • -Configure and deploy policies, and inventory hardware and software. Data protection

 

 

Azure AD Premium and Azure Rights Management can help protect your corporate assets:

  • -Deliver information protection in the cloud or in a hybrid model with your existing on- premises infrastructure.
  • -Integrate information protection into your native applications with an easy-to-use software development kit (SDK).

 

 

Now that you have a basic understanding of Enterprise Mobility Suite lets break it down even more and look at the details, what is it that you really get for your bucks!

 

 

Comparing Azure Active Directory and Azure Active Directory Premium

Azure AD Premium has more advanced capabilities to help streamline Enterprise-level administrative tasks and make an admins life easier.
The following table describes common admin benefits and how signing up for Azure AD Premium helps to simplify them.
And remember the Azure AD Free is what you already got if you signed up for Office 365.

 Admin Benefits Features Azure AD Free Azure AD Premium
Manage your cloud directory and how your accounts are synchronizedDirectory as a service       
Up to 500K objects 1
        
No object limit
Directory synchronization tool – For syncing between on-premises Active Directory and Azure AD               
Forefront Identity Manager (FIM) server licenses – For syncing between on-premises databases and/or directories and Azure AD        
High availability SLA uptime (99.9%)        
Centrally administer accounts and control access to your applicationsUser and group management using UI or Windows PowerShell cmdlets               
User-based application access management and provisioning               
Access Panel portal for SSO-based user access to SaaS and custom applications       
Up to 10 apps per user 2
        
No app limit
Group-based application access management and provisioning        
Customization of company logo and colors to the Sign In and Access Panel pages        
Empower your users & reduce support costsSelf-service change password for cloud users               
Self-service group management for cloud users        
Self-service reset password for cloud users        
Monitor security and enforce additional verification methods to mitigate risksStandard security reports               
Advanced anomaly security reports (machine learning-based)        
Advanced application usage reporting        
Multi-Factor Authentication service for cloud users        
Multi-Factor Authentication server for on-premises users        
  • 1. The 500k object limit does not apply for Office 365, Windows Intune or any other Microsoft online service that relies on Azure AD for directory services.
  • 2. With Azure AD Free, end users who have been assigned access to each SaaS app, can see up to 10 apps in their Access Panel and get SSO access to them (assuming they have first been configured with SSO by the admin).
    Admins can configure SSO and assign user access to as many SaaS apps as they want with Free, however end users will only see 10 apps in their Access Panel at a time.

 

 

Windows Intune features.

Now let’s look at Windows Intune and to do that comparison I have included a sheet that compares it with its on-premises step brother and what you get if you mix them both.

 

Scenario

System Center 2012 R2 Configuration Manager

Windows Intune

System Center 2012 R2 Configuration Manager and Windows Intune

Platform Support
Microsoft WindowsYesYesYes
Microsoft Windows ServerYesNoYes
Windows PhoneNoYesYes
Windows RTNoYesYes
iOS NoYesYes
Android NoYesYes
Mac OS XYesNoYes
Unix/Linux ServersYesNoYes
Compliance Settings
Extensible Windows PC Device Configuration Settings (e.g., WMI, Registry)YesNoYes
Extensible Mac OS X Configuration SettingsYesNoYes
Mobile Device Configuration SettingsNoYesYes
Deployment
Application DeploymentYesYesYes
Windows Operating System DeploymentYesNoYes
Security and Privacy
Software UpdatesYesYesYes
Endpoint ProtectionYesYesYes
Administration and Reporting
Software MeteringYesNoYes
Hardware and Software InventoryYesYesYes
Custom hardware and software inventoryYesNoYes
Role-based Administration and ReportingYesNoYes
Unified Reporting for Cloud- and Corporate-connected DevicesNoNoYes
Cloud-based ReportingNoYesNo
Data Protection for mobile devices
Security SettingsYesYesYes
Remote WipeYesYesYes
Remote LockNoYesNo
Passcode ResetNoYesNo

For a list of settings that you can configure on mobile devices, see:

For information about new features in Windows Intune, see Windows Intune Service Updates.

 

 

Azure Rights Management

Azure Rights Management lets you encrypt and assign usage restrictions to content when your organization subscribes to Microsoft online services. Rights Management helps protect content that is created and exchanged by using Microsoft Office as well as other applications or services that have been updated to integrate with the Rights Management service. By implementing a cloud-based rights management service, Rights Management provides an alternative for organizations seeking information protection capabilities within Microsoft Office 365.

Information Rights Management (IRM)

  • -Help protect data across different workloads such as SharePoint, Exchange, and Office documents by easily applying Information Rights Management to set up policy-based permissions rules
  • -Help protect emails against unauthorized access by applying different IRM options to your email messages.
  • -Enhance security of your SharePoint libraries by using IRM to set up appropriate permissions.
  • -Help keep your information safe, online or offline, because your files are protected whether they’re viewed using Office Online or downloaded to a local machine.
  • -Seamless integration with all Office documents helps guard your organization’s intellectual property.
  • -Apply custom templates based on your business needs in addition to using default Rights Management Services templates.
  • -Safeguards sensitive information.   Applications and services such as Microsoft Office 2010 and Microsoft Office Professional Plus 2013, SharePoint Online and Microsoft Exchange Online are enabled to help safeguard sensitive information. Users and administrators can define who can open, modify, print, forward, or take other actions with the information. Organizations are provided usage policy templates such as “Company Confidential – Read Only” that can be applied directly to the information.
  • -Provides persistent protection.   Rights Management persists protection of file data when at rest and in motion. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information.
  • -Supports closer management of usage rights and conditions.   Organizations and individuals can assign usage rights and conditions using rights management that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire.
  • -Integrates rights management with Office 365.   Rights Management is integrated with SharePoint Online, Exchange Online, and other Office 2010 and Office Professional Plus 2013 applications to provide rights management functionality across the Microsoft Office suite.

Office 365 Message Encryption

Deliver confidential business communications with enhanced security, allowing users to send and receive encrypted email as easily as regular email directly from their desktops.

  • -Send encrypted emails to anyone, independent of which mail service the recipient uses.
  • -Grow your organization’s brand by enhancing the contents of the mail and your users’ experience with your custom logo or disclaimer.
  • -Strong integration with Exchange transport rules allows you to set up encryption/decryption using a single action.
  • -The clean Office 365 user interface makes it easier to read, review and respond to encrypted mail.
  • -Help protect the entire conversation by encrypting an entire email thread without requiring any service subscription for recipients.

 

And to finally compare it with what you might already have on-premises

Azure Rights Management Active Directory Rights Management Services (AD RMS)
Supports information rights management (IRM) capabilities in Microsoft Online services such as Exchange Online and SharePoint Online, as well as Office 365.Also supports on-premises Microsoft server products, such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).Supports on-premises Microsoft server products such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).
Enables implicit trust between organizations and users in any organization. This means that protected content can be shared between users within the same organization or across organizations when users have Microsoft Office 365, or Azure Rights Management, or users sign up for RMS for individuals.Trusts must be explicitly defined in a direct point-to-point relationship between two organizations by using either trusted user domains (TUDs) or federated trusts that you create by using Active Directory Federation Services (AD FS).
Provides two default rights policy templates that restrict access of the content to your own organization; one that provides read-only viewing of protected content and another template that provides write or modify permissions for the protected content.You can also create your own custom templates. For more information, see Configuring Custom Templates for Azure Rights Management.In addition, users can define their own set of permissions if the templates are not sufficient.Provides two default rights policy templates that restrict access of the content to your own organization; one that provides read-only viewing of protected content and another template that provides write or modify permissions for the protected content.You can also create your own custom templates. For more information, see AD RMS Policy Template Considerations.In addition, users can define their own set of permissions if the templates are not sufficient.
Minimum supported version of Microsoft Office is Office 2010, which requires the RMS sharing application.Microsoft Office for Mac 2011 is not supported.Minimum supported version of Microsoft Office is Office 2007.Microsoft Office for Mac 2011 is supported.
Supports the RMS sharing application for Windows and mobile devices.Supports the RMS sharing application for Windows.
Minimum supported version of the Windows client is Windows 7.Minimum supported version of the Windows client is Windows Vista Service Pack 2.
Mobile device support includes Windows Phone, Android, iOS, and Windows RT.Email support by using Exchange ActiveSync IRM is also supported on all mobile device platforms that support this protocol.Mobile device support is restricted to Windows Phone.Email support by using Exchange ActiveSync IRM is supported on all mobile device platforms that support this protocol.
Supports Cryptographic Mode 2 without additional configuration, which provides stronger security for key lengths and encryption algorithms.For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.Supports Cryptographic Mode 1 by default and requires additional configuration to support Cryptographic Mode 2 for stronger security.For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.
Supports outbound migration from Azure Rights Management to Active Directory Rights Management Services (AD RMS).Does not currently support migration from AD RMS.Supports migration from Azure Rights Management and migration from Windows Server 2003 AD RMS.

 

And please feel free to contact us if you have any questions regarding Office 365 or Enterprise Mobility Suite on Phone: +468239600 or email: cs@altitude365.com

Submit a Comment

Your email address will not be published. Required fields are marked *