Azure Partner Community: Identity management in Microsoft Enterprise Mobility Suite

This is third in a series of blog posts about the enterprise mobility opportunity for partners. Select Enterprise mobility to see the series. Subscribe to this blog by email or RSS.

 by Nick Johnson, PMP

US Partner Technology Strategist

This month in the Azure Partner Community, we’ve been taking a fresh look at the partner opportunity with enterprise mobility, and providing you with the resources to build your practice with Microsoft Enterprise Mobility Suite. On the blog, and on our March 17 community call, we’ve covered the big picture for enterprise mobility, and the resources for equipping your sales and marketing teams.

Two topics we covered on the call that I’ll share here as well are the EMS Adoption Offer that’s in market through June 30 (terms and conditions), and the Enterprise Mobility Management content on the Cloud and Enterprise Partner Resources website (for access, sign in your MPN ID).  


Identity management

Identity is the new firewall

imageUser identities, and identity-driven security, are critical components in the mobile-first, cloud-first world. Just a few years ago, security discussions tended to focus on things like firewalls, virus detection, VPNs, and other on-premises functions. Digital assets were protected by building a strong set of protection mechanisms around the company’s resources. The users and machines all worked inside the kingdom. If they needed to work from outside, they had OWA and secure VPN as primary access points. This was a good model, and it worked, but it’s the old paradigm.

imageWe still need firewalls and virus protection and such, but the paradigm has shifted. In the new paradigm, users are more distributed. They have the ability to log in from different devices—which may or may not be owned by their employer—and locations all day long. Their applications aren’t all in a local data center. No longer are the assets all contained in a little kingdom. Thanks to the cloud, they are distributed everywhere.  

This distribution enables tremendous flexibility for users in how and where they work. It also changes how we need to think about security. Protecting devices is important, but protecting the identities with which users access those devices and corporate resources is paramount.

Looking at some of the high-profile network security breaches and data loss cases over the last year, compromised identities were frequently the primary point of entry for cyber criminals.

How do they get these identities? The methods vary, but things like brute force guessing and phishing attacks are common. To compound matters, users are asked to maintain identities for dozens of applications, so passwords often get reused. That means that when one application’s credentials are compromised, others could be at risk.

The current identity reality

The illustration below demonstrates just a small portion of what mobile workers are dealing with today. Out of curiosity, I counted the number of username/password combinations I use on a regular basis. It is 48. How many are your customers’ workforces using?  




Identity-based security

The above illustration points to a need for a solution centered on identity-based security. Using Azure Active Directory, it looks something like the illustration below.


Azure Active Directory Premium

Azure AD Premium is one of the very strong pieces that comprise Microsoft Enterprise Mobility Suite. It is a great place to start an enterprise mobility discussion with customers.

Azure AD Premium includes all the features of the Free and Basic versions of Azure Active Directory, along with additional capabilities. Some of the most impactful premium-specific features are:

  • Self-service group and app management/Self-Service application additions/ Dynamic Groups
  • Self-service password reset/change/unlock with on-premises write back
  • Multi-Factor Authentication (cloud and on-premises [MFA Server])

These features help customers give their users flexibility, reduce operating costs, and layer security into their organizations.

Azure Active Directory overview

Azure Active Directory features chart

Download a customer-ready presentation about Azure Active Directory (sign in with your MPN ID)

Download the hybrid identity worksheet

Learn about Azure AD and EMS

When asked by partners how to learn about Azure AD as part of Enterprise Mobility Suite, I share these three suggestions:

Level 100

Level 200

Level 300


Cloud Platform University live virtual technical training and hands-on labs

Register today for Cloud Platform University technical training courses that focus on design, implementation, and deployment. Some help you prepare for Microsoft exams. Specific to EMS, I recommend EEM – Azure Active Directory + Microsoft Intune + RMS (Azure Rights Management). Space is limited in these multi-day training offerings.

Online training and technical services for Enterprise Mobility Suite

Microsoft Partner Network core benefits include access to online training and consultants with deployment and consumption expertise.

Azure AD blog and videos

Office 365 and Azure AD

Identity-based security is something to discuss with your customers that are using Office 365. Their tenants already use Azure Active Directory, so Azure AD Premium with Enterprise Mobility Suite is a natural extension.

Coming up in this blog series

The next several posts in this series will focus on considerations for building your technical team, starting with mobile device management via Microsoft Intune. We’ll take a look at Azure Active Directory, Microsoft Azure Rights Management, Azure RemoteApp, and Microsoft Advanced Threat Analytics. You’ll be able to see all of the blog posts in the series by selecting Enterprise mobility at the top of this blog.

Azure Partner Community resources


Comments about this blog post, or questions about the topic? Let us know in the Azure Partners Yammer group.


image     image     image

Skip to main content