Microsoft’s new Enterprise Mobility Suite
In keeping with Microsoft’s new focus on cloud and mobility, they have picked the perfect time to announce their Enterprise Mobility Suite (EMS). Microsoft is leveraging the company’s existing technologies to create a management system that will cover many different device types in a unified security environment. Microsoft is combining their cloud-based management Intune with the on-premises management of System Center Configuration Manager (SCCM) to allow organizations to manage devices from a single pane.
Here are some of the high points of the upcoming EMS rollout.
Microsoft’s new EMS uses the on-premises management capabilities of SCCM and integrates it with the cloud-based capabilities of Windows Intune, Azure Active Directory of Identity, and Azure Rights Management for data processing. This unified platform of services enables a simplified management of several environments such as Windows, Windows Phone 8, Apple iOS, and Android Devices.
EMS offers administrators the ability to manage all devices (from desktop to mobile) from a single pane. This unified environment lowers costs by allowing the administrator to save time and money (by not buying multiple monitoring tools) and control Windows PCs, tablets, servers, Windows Embedded devices, MACs, iOS/Android smartphones and tablets, and even Linux/Unix servers.
- A portal that allows users to install/remove programs from their devices, review their manage devices, synchronize work data between devices, and provide a consistent work experience by discovering and installing corporate applications across all managed devices.
- Native deployment of certificates, VPN/Wi-Fi profiles enabling quick access for users to internal resources due to the pre-configured VPN/Wi-Fi connectivity automatically installed on devices (no calls to the help desk).
- Integrated Intune web service into the Configuration Manager administrator console and infrastructure.
- Administration to configure and remove email profiles and remote wipe devices of corporate information with affecting personal information.
- Remote lock a device if lost or stolen and reset passwords if user has forgotten theirs.
- Enhanced integration between Intune and SCCM in the area of email profile and data protection configuration settings.
- Devices can be grouped into corporate vs. personal with different policies applied to each group.
- Associate device to a user allowing for appropriate security access based on user profile.
- Apply core set of policies to keep devices in compliance with legal/organizational requirements.
- Apply technical lifecycle to devices including deployment/discovery, application provisioning, and retirement/data wipe.
- Single pane view into environment allowing management of all types of devices, platforms, and form factors.
- Single pane view into environment allowing management of all applications.
- User interface allowing installation/removal of applications based on user profile.
The new EMS has both jailbreak and root detection allowing IT Administrators to discover “at risk” devices. This allows IT decision makers to take appropriate action where needed in a timely manner (before the security breach occurs). The options span from simply removing the device’s permission to access the environment to a remote wipe of the device. All detected “at risk” devices are reported back to a SCCM database for reporting or alerts. Stolen or lost devices can be remotely wiped by the end user and thereby save time and potential risk exposure by not having to contact the IT Department.
Microsoft has only recently announced their new Enterprise Mobility Suite (EMS) which will include the Windows Intune (for mobile device management), Azure AD Premium (for identify and access), and Azure Rights Management Services (for data protection). Licensing will only be available through Microsoft’s Volume Licensing Programs, but the long-term pricing looks like it will be $7.50 per user per month.