Microsoft Announces the Enterprise Mobility Suite
At a press event in San Francisco earlier this week, Microsoft CEO Satya Nadella announced the new Enterprise Mobility Suite (EMS) for large enteprises that are struggling with identity, device, and application management for mobile devices. A series of blog posts followed on official Microsoft blogs, including the Server & Cloud blog, Windows Server & System Center blog, the Active Directory blog, and the In The Cloud blog normally used by Brad Anderson, Microsoft’s corporate vice president, Windows Server and System Center. Microsoft also launched a new Enterprise Mobility Suite web page to support the new product.
There are several elements to the EMS, bringing together individual solutions into a single licensing bundle that will be available for large enterprises to purchase through enterprise agreements from May 1st. Some of the elements are available now (with upgrades in the future) and others will be made available in April. Let’s cover each of the items in EMS, starting with Azure Active Directory Premium.
The contents of the Enterprise Mobility Suite (Source: Microsoft)
Azure Active Directory (AD) Premium
Azure AD Premium is a new service in Microsoft Azure (note the recent renaming from Windows Azure) that is focusing on empowering end users to do more for themselves under the control of IT. This is a concept called user-centric computing, something that Microsoft has been marketing since the release of System Center 2012.
Azure AD is a directory service that is used to store and manage identity for software-as-a-service (SaaS) applications. It is not a cloud-based AD for joining computers, and so on. However, you can synchronize with and federate to Azure AD from your on-premise Active Directory forest where all that traditional identity management is done. A useful example is single-sign on for SaaS applications such as Office 365, making life easier for the average user (and IT on Monday mornings).
Azure AD Premium is bringing new features (all configurable by IT) such as:
- Self-service password reset: On Monday morning, a user that forgets their password can reset it without calling the helpdesk. This will replicate back to your on-premise AD.
- Self-service group management: This one sounds scary! Users can be delegated as owners of a group (this manager owns that file share) and can manage the membership of those groups, and even (gulp!) create groups.
- Multi-factory authentication: Some users or applications are sensitive. This feature allows
- you to force users to confirm their identity via a second mechanism such as SMS, or an app on their phone.
- Customized branding: You can white-label Azure AD Premium to match your corporate branding.
- Reporting, alerting, and analytics: With so much self-service and remote access, knowing what’s going on and identifying threats will be critical. I’d love to see a System Center Operations Manager management pack for threat detection here.
Azure AD Premium will be generally available in April.
Microsoft’s cloud-based device management solution is not new, but it has evolved over the years, in terms of features and intended purpose. In the last 18 month, Intune has become Microsoft’s solution for bring-your-own-device (BYOD), mobile device management (MDM), mobile application management (MAM), and the product to be used (possibly integrated with System Center Configuration Manager) to manage remote or widely distributed PCs.
Microsoft confirmed that the following new features are coming in April:
- Support for the new version of Windows Phone (Windows Phone “Blue” or 8.1)
- Support for the Samsung KNOX platform
Microsoft Azure Rights Management
Protecting data is very difficult; just ask the NSA (experts in IT security) and Edward Snowden about how useless file share permissions are once a document leaves the network. Microsoft Rights Management is not new and it is not commonly encountered – which I find very surprising. This service (originally based on premise with AD) allows authors to secure documents using PKI. This means that the document is secure even when it leaves the network. You can encrypt a document, make it read only, or prevent someone from printing or forwarding an email.
Active Directory Rights Management Services (RMS) is now in the cloud as Azure RMS and can be used with Office 365.
Acquiring These Products
Each of the elements of EMS can be acquired separately for $12, assuming that you pay just $4 for Windows Intune. That assumes that you already own System Center Configurating Manager and Endpoint Protection licenses. Otherwise, Intune costs $6/user/month. Note that Windows Intune is per user and each user can have 5 devices (PC or mobile).
The cost of purchasing Enterprise Mobility Suite (Source: Microsoft)
If you have or sign an Enterprise Agreement volume license (minimum of 250 seats) then you can purchase the EMS for $7.50 per user per month, saving more than 30% on the minimum that you would pay for each of the items included.