With the increase of companies adopting a Bring Your Own Device (BYOD) policy, a trend that doesn't show any sign of reversing course in the near future, managing all these devices is more important than ever for a company's IT department. Thankfully, the rise in BYOD has also created a rise in solutions that IT teams have to control company data and security on these devices.
Microsoft's Corporate Vice President of Windows Server & System Center, Brad Anderson, has stated, "Our vision is to help organizations enable their users to be productive on the devices they love, while protecting the company." According to Anderson, users are "more productive and more satisfied" when they work in a BYOD-friendly organization. "In pure dollars and cents, this satisfaction and efficiency generates significant positive impact for the company," he said.
During the debut of Microsoft Enterprise Mobility Suite, Julia White, the Corporate Vice President of Marketing for Microsoft Office, pointed out the strength of EMS is that it offers "one place to go to manage the bring-your-own-device [BYOD] strategy, help in a cloud-based way, do identity and access management as well as protect company data."
To manage these mobile devices Microsoft provides IT departments with two sets of tools. One is the native mobile device management of Office 365 which utilizes Exchange ActiveSync. The second option is the cloud form of Active Directory called Azure Active Directory (ADD).
With Exchange ActiveSync end users can synchronize their mobile phones with their Exchange mailboxes. Exchange ActiveSync is available for numerous mobile device platforms and can be configured to provide different levels of security for your organization's data. Administrators can utilize the Exchange Control Panel to specify which devices your employees can use to synchronize, and how you want your organization's data to be safeguarded on your user's devices.
The Exchange Control panel also allows you to view devices that have been quarantined. When a device is quarantined it will show up in this list, which gives the Administrator the ability to create a personal exception for that device for that user only, click Allow or Block. From this control panel administrators can also enforce policies in order to increase the security of data stored on the devices. These policies can include the device being locked with a PIN and the encryption of emails and Exchange data.
Anderson describes Active Directory as "the authoritative source of corporate identity around the world," and said the on-premises platform's capabilities have been extended to the cloud in the form of Azure Active Directory. With ADD organizations can allow users to register personal devices with the service, allowing IT administrators to express policy on both the end user and the device. Like Office 365, Microsoft's EMS platform is now licensed on a per-user basis, which means you don't need to be concerned about your cost increasing as your users bring in more devices.
Some additional benefits to using ADD include the ability for your users to have self-service password reset to reduce helpdesk calls, Multi-factor authentication options for greater security, group-based provisioning and single sign on for over 1000 SaaS apps, and machine learning driven security reports for visibility and threat management.
Windows Intune provides IT departments a way to easily manage mobile applications across devices, which can be used to selectively wipe apps and data for greater security. Even though it has Windows in the name, Intune has broad device support including Windows, Windows Phone, Apple iOS, and Android devices - further supporting Microsoft's stance of allowing users to utilize the device that makes them happy.