Let’s be honest, mobility and the principle of bringing your own device (BYOD) is probably giving you a headache. You’re being forced to evolve in a complex landscape that includes user privacy, device management, application deployment and much more. Most cloud-based apps are a double-edged sword: they’re a joy for your users while being a nightmare for you.
Worried you missed a spot in your clients’ security? Take our security assessment and build your offering on the right foundation
Microsoft 365 makes digital transformation safer
The on-premises world of data accessibility—through enterprise-controlled devices and limited connectivity channels—is outdated. The line between laptops and mobile devices is blurrier than ever. Android and iOS devices are scaling up their processing power to match entry level laptops, providing high performance for running productivity applications. This comes with its share of challenges, especially for the security of your content. Employees’ interactions with external users, devices, apps, and data have become increasingly more complex, generating new blind spots for you.
Managing identities and devices, protecting information and addressing new cyberattacks have turned into complex platforms. These require governance planning concerning security and identity management. Microsoft Enterprise Mobility + Security (EMS) was designed to help manage and protect users, devices, apps and data. This integrated suite of products enables companies to manage who has access to corporate resources, while protecting and securing business and customer information on all devices, anywhere, in real-time.
The following three features demonstrate how Microsoft EMS can help secure your Microsoft 365 tenants, and in turn protect your information and investments.
3 Microsoft Enterprise Mobility + Security features that protect your Microsoft 365 tenants
1) Identity management
Your users want single sign-on authentication for multiple applications and honestly, we all hate remembering multiple IDs and passwords. This is why you use on-premises identity management technologies like Microsoft Active Directory. Given the extent of Microsoft 365 usage, if you connected every SaaS application directly to your on-premises identity management technology, you would end up having every cloud application connected to your Active Directory. This would result in chaos.
Fortunately for you, there’s a simpler approach. You can use a cloud solution for identity management: Azure Active Directory (AD) Premium. Your on-premises directory service is still essential, but you can connect it to Azure AD and it will connect directly to each SaaS application. Azure AD currently provides single sign-on to more than 2,000 cloud applications, including Microsoft 365, Salesforce.com, Box and ServiceNow. This service does more than just single sign-on authentication, it also offers the following features:
Built-in multi-factor authentication (MFA)
With multi-factor authentication, your users are required to provide a password and another piece of information, such as a code that was sent to their mobile phone, to sign in.
Risk-based conditional access
Conditional access offers an intelligent assessment of granting or blocking access. It’s enforcing multi-factor authentication based on factors such as group membership, application sensitivity, device state, location and sign-in risk.
Privileged access management
Privileged access management provides additional control over user identities that require privileged access, including the ability to discover, restrict, and monitor them.
Secure remote access
Secure remote access enables protected access to on-premises applications published with Azure AD without having to use a virtual private network (VPN). Azure Active Directory Premium features multi-factor authentication, access control based on device health, user location and identity. It also provides security reports, audits, and alerts.
Cross-organizational collaboration makes it easier to grant vendors, contractors, and partners with risk-free access to in-house resources with Azure AD B2B collaboration.
How Microsoft EMS protects the identity of your users using Advanced Threat Analytics:
2) Device management
Managing mobile devices such as phones and tablets has become essential for most organizations. Mobile device management (MDM) is a feature that lets you manage devices through the Security and Compliance center in Microsoft 365. You can also manage the applications on those devices through a subset of MDM, known as mobile application management (MAM).
Microsoft Intune is another feature of Microsoft Enterprise Mobility + Security that provides more advanced features and benefits such as:
Mobile application management (without enrollment)
Mobile application management without enrollment gives you the flexibility to control Office Mobile and other applications on your users’ iOS, Android, and Windows devices without enrolling their device on Intune.
Multi-identity management enables users to access both their personal and work accounts using the same Office mobile apps, while only applying the MAM policies to their work account. This provides employees with a seamless experience while they are on the go.
Selective wipe of corporate data
Selective wipes of corporate data remove apps, email, data, management policies, and networking profiles from user devices remotely, while leaving personal data intact.
Unified endpoint management solution
The unified endpoint management solution lets you manage your organization’s mobile devices and desktop PCs from the same administrative environment. This is made possible through the tight integration Microsoft has created between Intune and System Center Configuration Manager.
Self-service capabilities enable users to perform tasks like updating passwords and joining and managing groups via a single portal to help save your IT helpdesk time and money. This applies across all iOS, Android, and Windows devices in your mobile ecosystem.
How to enroll a device to Microsoft EMS:
3) Information protection
With Microsoft 365 applications such as OneDrive, SharePoint & Exchange, important questions around security and identity management are raised:
- Who is allowed to access a particular document?
- What kind of access is permitted: reading, writing, or something else?
- How do you make sure the data is protected from it’s creation, and that the protection travels with the data wherever it goes?
Having this kind of control was important even before mobile devices and cloud computing. Today, in a mobile-first, cloud-first world, with users and applications spread all over the planet, it matters even more. Azure Information Protection provides many benefits, including:
Classify, label and protect data
Classifying, labeling and protecting data at the time of creation or being able to modify it later is a key feature. You can use policies to classify and label data in intuitive ways based on its source, context and content. The classification can be fully automated, user-driven or based on a recommendation. Once data is classified and labeled, protection can be applied automatically on that basis.
Simple and intuitive controls
You need to provide your users with simple and intuitive controls that protect their data but don’t hinder their productivity. Data classification and protection controls are integrated into Office and other common applications. This simple one-click option is made to secure data that users are working on. In-product notifications provide recommendations to help users make the right decisions.
Visibility and control over shared data
Document owners can track activities on shared data and revoke access when necessary. You can use logging and reporting to monitor and analyze shared data.
Cloud and on-premises data protection
Protect data whether it is stored in the cloud or on-premises and choose how your encryption keys are managed with Bring Your Own Key options.
Below is a representation of how Microsoft EMS prevents your users from downloading (either accidentally or intentionally) the content to unapproved applications. It also prevents them from sending sensitive information to unauthorized users.
Increase productivity while remaining secure, anywhere
Microsoft EMS lets you empower your people to be productive on the devices they love while protecting your company’s assets. By moving what were on-premises services to the cloud, EMS helps your organization be more productive, better managed, and more secure in today’s digital transformation. By integrating these services with one another, you’re providing a complete solution.