Getting a Handle on Apps and Mobile Devices
Conference calls from airport lounges. Business deals over coffee. Work orders completed, printed and signed at project sites. Thanks to the ubiquity and growing sophistication of mobile devices, work is increasingly conducted outside of the office.
Whether employees use personal or enterprise devices, they have grown accustomed to doing work anytime, anywhere. Few need to be convinced of the value of mobility. The potential for both productivity and work/life balance is clear. However, the market is flooded with an array of smartphones, tablets, phablets (a smartphone with a tablet-sized screen), notebooks and peripheral mobile equipment, not to mention tools to manage and secure them. While devices can usually run on their own, complexities often arise when they are paired with other hardware and software. What’s more, managing a complex mobile infrastructure can be labor-intensive and costly.
Microsoft has addressed this complexity by compiling a comprehensive suite of mobile products designed to provide employees with limitless mobility without compromising security. It offers tools that let administrators set parameters regarding how mobile devices are used and what happens to the data they access. In addition to Surface tablets, Office 365 and System Center, Microsoft now offers the Enterprise Mobility Suite, which includes Intune, Azure Active Directory Premium and Azure Rights Management.
Microsoft’s Enterprise Mobility Suite
As effective as they are on their own, these best-in-class tools are designed to work together, making the suite easier to use and manage than many stand-alone mobility products. They integrate seamlessly with the Microsoft tools that companies have used for years, and their integration gives users added features and benefits. Rather than devote months to implementing new infrastructure, the organization can integrate Microsoft’s mobility suite within days and know that it has comprehensive coverage.
The suite consists of three main elements:
- Cloud-based mobile application and mobile device management provided by integrating Intune into SCCM
- Identity and access management through Azure Active Directory Premium, which allows single sign-on and uniform authentication across all devices and applications (essentially, taking the user accounts from Active Directory which IT uses for on-premises machines and applying them to mobile devices that connect to the cloud)
- Data protection through Azure Rights Management Services, which protects data on a mobile device
With EMS, IT staff can manage:
Users with a consistent identity: IT departments have long struggled to keep corporate data and infrastructures secure without preventing employees from accessing the devices, systems and content they need to do their jobs. EMS extends the Azure Active Directory identity management services that many organizations already use in their corporate data center to the devices and applications that employees access via the cloud. Whether a user is sitting at a desktop in the office or working on a tablet at a construction site, he or she uses the same password to log on to the device and access Office 365, as well as thousands of other cloud-based applications.
Access-control tools in EMS also keep devices and data secure. For instance, Azure Active Directory enables multifactor authentication, which offers an additional layer of security to prevent unauthorized users from gaining access if a password is compromised. The directory also accumulates data for reporting and learns security patterns. For example, it would flag suspicious behavior if a user were to log in from Los Angeles one minute, then Malaysia an hour later.
Azure Active Directory lets users reset passwords after answering a few questions online. Since password resets are one of the top services performed by call centers, making it a self-service task can result in big cost and time savings for IT departments.
PCs and mobile devices: Intune integrates with SCCM to extend its reach to cloud-based devices. Using Intune and SCCM, IT departments can configure and manage Windows, iOS and Android devices from one console. If a device is lost or stolen or if an employee leaves the company, an administrator can remotely lock the device, reset the password or wipe data from it. If it is a personal device used for business, the administrator can do a selective wipe and erase only the corporate data and apps from the device.
Mobile, desktop and cloud-hosted applications: Not only does EMS manage Microsoft applications on the desktop, it also manages 2,500 cloud and mobile apps. Users can access managed apps without remembering multiple user names and passwords. Intune can push apps from the Google Play, iTunes and Microsoft stores to user devices, or users can download them from a self-service company portal.
File-level data protection: The Azure Rights Management System (RMS) manages and keeps the data itself secure. RMS lets administrators set policies that dictate who has permission to access data — within and outside of the company — and it enables encryption of files both at rest and in transit.
The Enterprise Mobility Suite combines in a single license all the tools necessary to manage an on-premises and mobile infrastructure. The tools were designed to work together efficiently, are easy to implement and help to streamline updates across the organization.
EMS is also more cost-effective than purchasing piecemeal solutions. It operates on a per-user basis (rather than by number of devices or applications). Therefore, it can cut the cost of mobility management in half. Organizations can deploy multiple devices per of Software as a Service applications without worrying about growing costs. EMS offers a simple, cloud-based alternative to incorporating stand-alone tools into an existing infrastructure. The services within EMS —Azure Active Directory, Intune and Azure RMS — are delivered via the cloud. When integrated with other Microsoft products, they give businesses a complete, central solution for managing and protecting all of their IT resources.
For more information on the value and complexities of mobility, read the white paper “The Tools to Power a New Way to Work.”