The last few posts have been about Azure Active Directory Premium, and there was an earlier series about Microsoft Intune. Both of these products are part of a larger suite called the Enterprise Mobility Suite (EMS). This Suite of products, which also includes Azure Rights Management, it Microsoft’s answer to BYOD and SaaS. These tools allow enterprises to manage, to a certain extent, BYOD devices that end users use to want to access company resources. It also enables enterprises to leverage hosted SaaS products using enterprise authentication, while also controlling access.
Azure Active Directory Premium
At the center of EMS is Azure Active Directory Premium. So far, there are two posts about Azure AD, so we will not go into much detail here. See those posts for information. I will say though that Azure AD is the foundation of EMS, much like on-premises AD is the foundation of Microsoft technologies for an organization. Also like on-premises, Azure AD is not required for Intune, though it is for Azure Rights Management. For an organization of any size, Azure AD will make life a lot easier, again just like in an on-premises environment.
Microsoft Intune
Intune provides device management. There was also a series about this, but it will be expanded to include some of the new features made available in November 2014 update. Intune provides MDM capabilities to PC’s, iOS, Android, and Windows Phone devices. This type service can be configured to be as stringent as SCCM, or as light as just being able to wipe a device if it is lost. This is the happy medium of MDM, allowing end users with BYOD devices to join to company resources in a secure manner. It provides administrators with the ability to ensure that their resources will be protected if an end user loses a device.
Intune provides software delivery and updates for Windows-based devices. It can also be used to enforce settings such as passcodes and screen locks, as well as automatically configure email accounts. Another important setting is the ability to control whether cloud services, such as iCloud, are allowed to run on devices. This can be a major security hole for most organizations, as it would allow users to save company documents to their personal cloud areas. Intune can also disable things like the camera and Wi-Fi tethering.
Azure Rights Management
Azure Rights Management enables things like multi-factor authentication and document encryption. This is a really cool feature, because unlike NFTS permissions, files protected with Azure Rights Management do not lose their permissions when sent through email, copied from one location to another, or copied to another computer. Those permissions, like who can read or edit the document, persist across any device.
Azure Rights Management can also do the same thing for emails. Users can control whether or not their emails can be forward, or rather the reply all option can be used. Imagine never having to worry about replying-all to a list with a joke that you think is funny, but can also land you in HR. Azure Rights Management can help with that.
I hope you will come back and learn more about Microsoft’s Enterprise Mobility Suite. It is a great topic, and a great way to manage your organization’s resources in a BYOD word.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.
