Enterprise Mobility and Security Blog


This is Part 1 of a 3-part blog series based on the new eBook, “Protect Identities, Devices, and Your Company Information in Today’s Device-Centric World.”  Check out Part 2 and Part 3.

Right now there is no shortage of management options for every possible infrastructure – be it on-prem, cloud-based, PC-centric, device-centric, etc. – and that puts IT in a bit of a predicament.

The fact that management is so widespread is not an indicator that all the management options are equal or even capable of the same performance. In my opinion, amidst so many options, and with hundreds of new objects being added to the infrastructure of an average company every day, management is more important than ever.

What your organization needs isn’t more management, however – it needs better management. At Microsoft, we’ve worked very hard to develop a way for you to benefit from intelligent management.

IT teams all over the world are navigating a new generation of challenges rippling through their workforce, and this is taxing their infrastructure related to identity management, device management, and information protection. For many, if the issue is not evident yet, it will be very soon.

In short, the challenge is this: In the past, identity management, device management, and information protection have all been based on software your organization hosts internally. At a time when a desktop PC would never leave the building this setup worked really well. Now, IT is managing devices and identities that spend only a fraction of their lives at the office and, while outside those friendly confines, they are accessing data from both on-prem and SaaS apps (like SalesForce.com, ServiceNow, Office 365, and other apps running on platforms like Microsoft Azure or AWS). The modern current cloud-centric workforce expects all of this data to be readily available, they want it on their current device, and they want all of it no matter where they are.

The “traditional” way of managing PC’s is not even remotely capable of successfully managing devices that operate like this. The technology expected by today’s workforce has substantively changed, and every IT leader and IT organization needs to change with it.

I see a way forward.

The solution involves a basic pivot: The control plane for organization’s services and apps needs to move across that line in the sand that separates your datacenter from the cloud. This doesn’t mean closing up shop in the IT department – it means taking your existing investments and IT staff and dramatically multiplying their impact. Pivoting this hub to the cloud allows you to deliver the services and functionality your current workforce expects (this is the scale and flexibility of the cloud), while keeping your data secure and under your control (this is the world-class security you require).

Placing your control plane in the cloud also puts your organization into a position to scale without the common growing pains of company expansion – assuming you’ve built an infrastructure with services that work together. Without this internal cohesion, you can’t solve some of the basic productivity and security scenarios, e.g. granting a user access to an application only if she’s using a correctly configured device in a known location. This is one of challenges of pivoting to the cloud – but it is one I believe is solvable.

We have done a lot of work to address the fact that trying to integrate disparate cloud solutions yourself is so tremendously difficult, expensive, and time consuming. Instead, let us do that for you. We’ve developed a solution that’s designed to work together and integrate with your existing on-prem setup. That solution is the Enterprise Mobility Suite (EMS).

EMS has four core pieces (Azure Active Directory Premium, Microsoft Intune, Azure Rights Management Service, and Microsoft Advanced Threat Analytics) that were built from the ground up to work in concert as a cloud-based control plane for your operations. There is simply nothing else like it on the market today. Amidst the ongoing technical changes and challenges in the IT industry, EMS is the solution to navigate the rapidly changing needs of your workforce and the long-term needs of your organization.

How a Cloud-based Control Plane Works

One of the hallmarks of organizations that fail during a time of rapid change is the inability to recognize, embrace, and leverage the major technology shifts happening around them. The common trait amongst organization’s that are successful in the long term is not only an ability to see these trends, but take action to capitalize on them and benefit from them.

One of the largest factors facing IT teams today is how to address the demands of a workforce that wants to use any app on any device in any scenario in a world where the perimeter that previously formed the security boundary has evaporated. This means multiple form factors, a variety of platforms, from any number of hosted locations. To make this happen, you must first change how you manage and protect identity, devices, and data.

In the pre-cloud world I mentioned above, the technology required to manage every item in your infrastructure was (at all times) under one roof – see figure 1 below.


Figure 1: Identity management, device management, and information protection were once done entirely within an organization’s on-premises environment.

Ahhhh, the world was so much simpler then. In the early days of our internet age, the primary external threat to your network was someone spilling Mt. Dew on a server. In that era, the majority of what you needed to control was already contained within your network perimeter.

The current threats facing an IT team couldn’t be more different – phishing attacks, compromised credentials, breached databases, etc.  Looking ahead, IT will have to contend with even more sophisticated attacks, ongoing state-sponsored intrusions, cylons, and the need for improved credentialing.

This is why right now every IT Pro – at every level – must prepare to manage and protect what users want to access devices their using to find that access. That means mobile devices, cloud platforms, and SaaS applications in addition to the traditional clients and servers. Thus, something that looks a lot like Figure 2.


Figure 2: Today, enterprise computing includes mobile devices, cloud platforms, SaaS applications, and perhaps more.

The challenge here is the fact that a “modern” infrastructure stretches far beyond your organization’s walls and perimeter. IT is now expect to shoulder responsibility for devices that can go everywhere and access data from anywhere. These devices come from a variety of platforms and they are constantly changing. The data you’re protecting is also constantly changing and moving – it moves in and out of the firewall, as well as to and from the cloud.

The traditional on-prem technology cannot manage all of this alone. This is where the need for a pivot to the cloud really becomes critical. This kind of solution is illustrated in Figure 3:


Figure 3: In the modern world, the core technologies for identity management, device management, and information protection should run in the cloud.

So what’s next?

I definitely do not think the next step is throwing out everything you’ve invested in and spent time building. The existing on-prem technology you’re currently using to manage identity/devices/data is still important, and it will still serve a lot of your needs. The danger is in sticking with that on-prem setup indefinitely and ignoring (or failing to address) the needs of your already cloud-centric workforce.

We have done an incredible amount of work to help you navigate this shift and make the most of it for your organization. Specifically, we created the Enterprise Mobility Suite (EMS). The components of EMS were built from the ground up to be a cloud-based control plane for identity management, device management, information protection, and infrastructure security. These solutions work together to do things that are impossible with any other vendor or collection of vendors – like conditional access.

To learn more about what makes Conditional Access so important and unique, check out these posts:

Whether or not (or when) you move your identity and management to cloud is a decision your team will make internally, but what’s very important is to realize why this shift in technology is happening, how it affects you, and how you can take advantage of it. The next two posts in this series will dive much deeper into these exact questions.

Ultimately, with EMS, Microsoft is the only enterprise mobility vendor offering an integrated and complete cloud control plane that can seamlessly and successfully interoperate with your on-prem investments. It’s a solution for both the short term and the long term.

Next Steps: