Enterprise Mobility and Security Blog

RSS

For those of you keeping score at home, earlier today the Office 365 blog announced that the mobile device management (MDM) capabilities within Office 365 are now generally available.

That’s the good news.

The really good news is that these features are available at no additional cost.

We first announced that a subset of MDM Intune capabilities would be embedded directly into Office 365 last October. I talked about this being one of the EMM game changing announcements of the year – and, as we have seen the adoption of O365 accelerate, that statement looks truer than ever. If you have not had the opportunity to read about the details of what MDM capabilities are now included in Office 365 – check out the Office 365 Blog or this TechNet site.

As I noted in an earlier post, much of the infrastructure work we do is ultimately targeted at protecting the apps and the data that is getting created, accessed, and used. With this in mind, it’s no big secret what app everyone wants to protect first:  E-mail!

With today’s GA, the first app every organization will look to secure and protect now comes with MDM capabilities natively built into it. This means IT admins can set up security policies on devices to ensure that O365 corporate e-mail and data can be accessed only on phones and tablets that are managed and compliant.

What this Means for Your IT Goals

For years, Office has been the gold standard of productivity software and has grown to meet the needs for secure, mobile productivity. This emphasis on security and productivity goes far beyond today’s MDM news – in fact, the EMS and O365 have been architected to work together. Customers all over the world are already using these solutions for multi-layer mobile security with identity and access management (via Azure Active Directory Premium), mobile application management (via Intune), data protection (via Intune and Azure Rights Management Services), along with an upcoming set of robust enterprise-grade features in Windows 10.

The pivot of managing Office via Intune is a big (and really proactive) step for the industry. In fact, Intune now sits as the only comprehensive MDM solution on the market that can manage the recently released Office mobile applications on iOS and Android. This enables the workforce to utilize the apps they love, while preventing data leakage – and it empowers IT teams to constantly improve and streamline the services they deliver while maintaining strict security.

The cloud-based nature of Intune means that it is frequently updated (we are currently on a monthly update cadence) and fine-tuned based on the growing needs and scenarios of our users. Consider the two most recent waves of updates (here and here) and the new features that have come with them.

What MDM Means for Your Identity

There is one area in particular that sets Microsoft’s enterprise mobility management (EMM) approach apart from every single competitor: Identity management.

I’ve written about identity management a lot on this site (here and here, for example), and this topic simply can’t be overemphasized when it comes to maximizing both productivity and security. In the mobile world, identity is at the center of everything we do, and should be at the center of your Enterprise Mobile strategy. For corporate access to be secure, it MUST be based on the ability to identify the individual and the device accessing your services and data.

And with more and more apps and services being cloud-based (e.g. Office 365, Salesforce.com, Box, etc.), we have worked tirelessly to extend the centralized identity management and access solution, Active Directory, to the cloud with Azure Active Directory (AAD).

Azure Active Directory is an internet-scale cloud directory that delivers single sign-on to these popular SaaS applications, including O365, and also to on-premises applications via the Azure AD Application Proxy.

To answer the obvious question about the security of cloud-based identity management, consider this: Microsoft does not require you to store any user passwords in the cloud from the synchronized on-premises identities. Additionally, all access attempts are monitored and logged and can be displayed via a simple set of reports that can track inconsistent access patterns (unknown source logins, multiple failed logins, or logins from multiple geographies). This is all delivered through Azure Active Directory Premium – which is one of the components of the Enterprise Mobility Suite.

Whenever I look at the scale and usage of Azure Active Directory, I am really impressed. AAD services, on average, manage 2 billion authentication requests every day and there are 4+ million organizations using AAD to manage access to their Microsoft Enterprise services (e.g. Azure, Office 365, EMS, etc.).

This is an incredibly high quality foundation you can use to build your Enterprise Mobility strategy.

* * *

These new MDM features in O365, alongside the incredible functionality offered by the EMS, empower enterprises to solve short-term IT challenges, while proactively planning and building for the future. With the functionality and familiarity of Office 365, end-users will become increasingly more productive, and with the IT tools of the EMS, any organization’s infrastructure will become more reliable, more secure, and better equipped to deal with the increasingly challenging demands of the modern workforce.

To dive deep on these new MDM features for Office 365, check out the official TechNet page.

 

In_The_Cloud_Logos