Cloud and Mobile Device Security and Protection

Are you using cloud applications?  Are you concerned about security?

There are several good solutions on the market for single sign-on, mobile device management and data loss prevention. In 2015, Gartner named AirWatch to the top right magic quadrant for mobile device management. Our customers have also used Okta, Ping, Centrify and IAMCloud for Indenity and Access Management including single sign-on (SSO).

While Okta, AirWatch and others have great products, we have recently started recommending the Microsoft Enterprise Mobility Suite (EMS) as a completely integrated solution.  In addition to single sign-on, two factor authentication is a major reason to evaluate solutions similar to Azure Active Directory Premium (part of the EMS Suite).  We believe the EMS suite of security products offers a lower total cost of ownership when compared with other solutions, especially for customers under 1,000 users.

Hoping to learn more about EMS?  Are you using AAD Sync, DirSync/Password sync, or Federated Identities and confused about the difference between single sign-on and same sign-on?  Contact us or check out the video below.



The transcription for the YouTube video is below…

Enterprise Mobility Suite (EMS) is a collection of tools from Microsoft that can help enable your organization to effectively address your customers and/or employees the consumerization of IT, bring your own device, and software as service challenges. The current reality is that organizations are struggling to address the explosion of Enterprise Mobility. With or without IT knowledge, many workers are accessing company information via their own personal devices and from multiple locations. According to Microsoft, 29% of today’s global workforce use three or more devices, work from multiple locations, and use multiple apps. 80% of employees admit to have used non-approved software as service applications in their job. Yet a leakage resulting from device loss or theft has been recognized as a top risk for using mobile devices.

In response, the solution by many IT departments has been to lock down access to crucial resources that employees need to get their jobs done. This often leads to frustration or even worse – people going outside of their IT department for solutions to their problems. Workers just want to get their jobs done, often not understanding the risks of circumventing the IT department. The Microsoft Enterprise Mobility Suite tool kit is comprised of three main tools. Microsoft Azure Active Directory Premium, Windows Intune, and Microsoft Azure Rights Management. The combination of these tools enables organizations to allow their workers the freedom to collaborate wherever, whenever, and however they want in order to reach their business goals, all while protecting corporate data and devices. In this video, we’re going to highlight some of the best features of the Enterprise Mobility Suite and how they relate to collaboration in SharePoint Online and Office 365.

The first tool within the EMS tool kit is called Azure Active Directory Premium. If you’re using Office 365, you’re already using Azure Active Directory as the user directory for members of your organization and any users you share content with through SharePoint and other services. Azure Active Directory Premium is the backbone of the EMS toolkit, as it contains any users or groups that you’ve created, either in a non-premise directory that’s been integrated or what has been created in the cloud. Azure Active Directory Premium brings additional features to the table that can be leveraged, such as a custom log-in portal to factor authentication and in some scenarios, a password writeback feature that allows users to reset their password via a mobile device and have that password written back to their on-premises active directory. This can help reduce the burden on IT and can empower users to get at the services they need quickly. As your implementation matures, Azure Active Directory Premium can be leveraged to provide a single identity across many other applications.

The second tool within the EMS tool kit is called Microsoft Intune. Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees a consistent company portal that provides access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping keep corporate information secure. Using Intune allows IT to protect endpoints regardless of whether they’re owned by the company or not. If a user leaves the organization, a feature called Selective Wipe can be used to remove data owned by the Enterprise. If a device is lost or stolen, Remote Wipe can be used to remove a user’s sensitive information. Intune can also be configured as a plug-in for a systems center, for organizations that are looking for a complete endpoint management environment, or just in the cloud for organizations that are implementing a bring-your-own-device policy or want to keep a more agile approach to device management.

The final part of EMS is Azure Rights Management. Microsoft Azure Rights Management (ARM) provides a comprehensive policy-based Enterprise solution to help protect your valuable information no matter whom you share it with. This can help you protect valuable content contained in SharePoint libraries or email messages. Your data is kept safe while it’s in the cloud, or if it’s downloaded to a local machine or device. You could also set up templates to help protect against information leakage so that policies can be automatically applied to certain types of PII, PHI, or credit card information. One of the coolest features is the ARM-sharing app allows you to apply protection Ad HOC to any type of file you’re sharing. This allows the Enterprise to feel comfortable sharing information using native tools like Office and collaboration tools like SharePoint, without worrying that someone will share the wrong information with the wrong people.

Now is a pivotal time for IT organizations as they prepare for the future of decentralized applications where identity is the primary key for enabling secure access to content and collaboration tools. Contact us for more information on how EMS and Xgility can help your organization enable your employees with the right tools and achieve transformational results.


Author: Dean Virag

Editor: Alex Finkel and Kurt Greening