by Nick Johnson, PMP
US Partner Technology Strategist
This month in the Azure Partner Community, we’ve been taking a fresh look at the partner opportunity with enterprise mobility, and providing you with the resources to build your practice with Microsoft Enterprise Mobility Suite. On the blog, and on our March 17 community call, we’ve covered the big picture for enterprise mobility, and the resources for equipping your sales and marketing teams.
- Introduction to empowering enterprise mobility
- Opportunity economics and steps to build your enterprise mobility practice
- March 2016 Azure Partner Community call about enterprise mobility
Two topics we covered on the call that I’ll share here as well are the EMS Adoption Offer that’s in market through June 30 (terms and conditions), and the Enterprise Mobility Management content on the Cloud and Enterprise Partner Resources website (for access, sign in your MPN ID).
Identity is the new firewall
User identities, and identity-driven security, are critical components in the mobile-first, cloud-first world. Just a few years ago, security discussions tended to focus on things like firewalls, virus detection, VPNs, and other on-premises functions. Digital assets were protected by building a strong set of protection mechanisms around the company’s resources. The users and machines all worked inside the kingdom. If they needed to work from outside, they had OWA and secure VPN as primary access points. This was a good model, and it worked, but it’s the old paradigm.
We still need firewalls and virus protection and such, but the paradigm has shifted. In the new paradigm, users are more distributed. They have the ability to log in from different devices—which may or may not be owned by their employer—and locations all day long. Their applications aren’t all in a local data center. No longer are the assets all contained in a little kingdom. Thanks to the cloud, they are distributed everywhere.
This distribution enables tremendous flexibility for users in how and where they work. It also changes how we need to think about security. Protecting devices is important, but protecting the identities with which users access those devices and corporate resources is paramount.
Looking at some of the high-profile network security breaches and data loss cases over the last year, compromised identities were frequently the primary point of entry for cyber criminals.
How do they get these identities? The methods vary, but things like brute force guessing and phishing attacks are common. To compound matters, users are asked to maintain identities for dozens of applications, so passwords often get reused. That means that when one application’s credentials are compromised, others could be at risk.
The current identity reality
The illustration below demonstrates just a small portion of what mobile workers are dealing with today. Out of curiosity, I counted the number of username/password combinations I use on a regular basis. It is 48. How many are your customers’ workforces using?
The above illustration points to a need for a solution centered on identity-based security. Using Azure Active Directory, it looks something like the illustration below.
Azure Active Directory Premium
Azure AD Premium is one of the very strong pieces that comprise Microsoft Enterprise Mobility Suite. It is a great place to start an enterprise mobility discussion with customers.
Azure AD Premium includes all the features of the Free and Basic versions of Azure Active Directory, along with additional capabilities. Some of the most impactful premium-specific features are:
- Self-service group and app management/Self-Service application additions/ Dynamic Groups
- Self-service password reset/change/unlock with on-premises write back
- Multi-Factor Authentication (cloud and on-premises [MFA Server])
These features help customers give their users flexibility, reduce operating costs, and layer security into their organizations.
Download a customer-ready presentation about Azure Active Directory (sign in with your MPN ID)
Learn about Azure AD and EMS
When asked by partners how to learn about Azure AD as part of Enterprise Mobility Suite, I share these three suggestions:
- Use it yourself. Your company may have access to Internal Use Rights through the Microsoft Partner Network, and there’s a one-month trial for Azure Active Directory Premium available.
- Demo it for customers. Use the Microsoft Demo tool to provision Office 365 and Enterprise Mobility Suite demos and sample data. You can also download these click-through demos from the Cloud and Enterprise Partner Resources website (for access, sign in your MPN ID): User SSO experience with Azure AD Premium and Using MFA for device-based authentication on unknown iPad.
- Technical training and documentation. From articles to videos to training courses and labs, there are lots of great technical resources available to you. Here are my recommendations if you’re just getting started.
Cloud Platform University live virtual technical training and hands-on labs
Register today for Cloud Platform University technical training courses that focus on design, implementation, and deployment. Some help you prepare for Microsoft exams. Specific to EMS, I recommend EEM – Azure Active Directory + Microsoft Intune + RMS (Azure Rights Management). Space is limited in these multi-day training offerings.
Online training and technical services for Enterprise Mobility Suite
Microsoft Partner Network core benefits include access to online training and consultants with deployment and consumption expertise.
- Partner Technical Services offerings for enterprise mobility
- Enterprise Mobility partner training schedule
- Hot Sheet partner training schedule
Azure AD blog and videos
Office 365 and Azure AD
Identity-based security is something to discuss with your customers that are using Office 365. Their tenants already use Azure Active Directory, so Azure AD Premium with Enterprise Mobility Suite is a natural extension.
Coming up in this blog series
The next several posts in this series will focus on considerations for building your technical team, starting with mobile device management via Microsoft Intune. We’ll take a look at Azure Active Directory, Microsoft Azure Rights Management, Azure RemoteApp, and Microsoft Advanced Threat Analytics. You’ll be able to see all of the blog posts in the series by selecting Enterprise mobility at the top of this blog.
Azure Partner Community resources
- Register for the April 21 community call
- Watch previous calls on demand
- Read more community posts about enterprise mobility
- Subscribe to this blog to receive community posts in your inbox
- Subscribe to the Azure Partner Community newsletter
- Join the Azure Partners Yammer group
Comments about this blog post, or questions about the topic? Let us know in the Azure Partners Yammer group.