A new suite by Microsoft! Sweet!

On March 27th, 2014 Satya Nadella announced a couple of great things. First, there was Office for the iPad, and second there was the Enterprise Mobility Suite (or "EMS" for short).

EMS encompasses Microsoft's vision on mobility going forward, and goes a giant step beyond simple MDM. It is a people-first approach to identity, devices, apps, and data – and it allows you to actively build upon what you already have in place while proactively empowering your workforce well into the future. Brad Anderson (CVP Enterprise Mobility) goes into more detail in his post (find it about halfway through).

In short, the EMS has three key elements:

  • Hybrid identity and access management delivered by Azure Active Directory Premium
  • MDM and MAM delivered by Windows Intune
  • Access & Information protection delivered by Azure AD Rights Management Services


The rest of this post will provide a high level overview of each of the components, and in later posts we'll go into more detail in each of them. You can find the official EMS landing page here: http://www.microsoft.com/en-us/server-cloud/products/enterprise-mobility-suite/explore.aspx

The following movie outlines the general idea behind EMS:

Hybrid Identity

The first component helps you with "hybrid identity". As more and more businesses and applications are moving to the cloud (think Office 365 or Google Apps for productivity, CRM Online or Salesforce for managing customer relationships, Citrix GoToMeeting for conferencing etc...), it is important to retain the same identity in the cloud as on premise. In humanspeak, this means that you can use these cloud applications with the same username/password than you log onto your laptop.

If you are curious what cloud applications are supported, have a look at this post.

If you think that your employees are not using *ANY* of these applications, you are most likely wrong. 80%+ employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs, and this number will increase as more and more vendors are moving to the cloud.
To discover what applications your employees are using, you can use the new Cloud App Discovery tool, currently in public preview.

To see what this looks like, click play:

Mobile Device Management

The second component focusses on managing the mobile devices from which you might be accessing the aforementioned cloud applications. Known colloquially as "MDM", EMS extends into other acronyms, too: MAM, MIM, IAM and MCM.

Access & Information Protection

The last (but certainly not least) component is centered around Access & Information Protection. The product behind this is called Azure Rights Management Services.

The general idea is to control access to documents by wrapping them in a secure container. You can only open the container if you provide your credentials from which point on you may only have read-only, do-not-print, do-not-share, ... permissions.

To see what this looks like, see the following demo (as of 1:21). EMS extends this functionality to non-Windows platforms as well.