Enterprise Mobility for Every Business and Every Device

Enterprise Mobility for Every Business and Every Device

  • Comments 112
  • Likes

Earlier today in San Francisco, Satya spoke about the wide-ranging work Microsoft is doing to deliver a cloud for everyone and every device. Satya’s remarks certainly covered a lot of ground – including big announcements about the availability of Office on the iPad, as well as the release of what we call the Microsoft Enterprise Mobility Suite.

Regarding the Enterprise Mobility Suite (EMS), I want to share some additional details about the upcoming general availability of Azure Active Directory Premium, as well as our latest updates to Windows Intune.

If you haven’t had a chance to read this morning’s post from Satya, I really recommend checking in out here. In the post, Satya talks about the focus of our company being “Mobile First – Cloud First.” I love this focus! The mobile devices that we all use every day (and, honestly, could not live without) were built to consume the cloud, and the cloud is what enables these devices to become such a critical and thoroughly integrated part of our lives.

For years I have emphasized that, as we architect the solutions that help organizations embrace the devices their users want to bring into work (i.e. BYOD), the cloud should be at the core of how we enable this. As I have worked across the industry with numerous customers it is clear that embracing a cloud-based infrastructure for Enterprise Mobility has become the go-to choice for forward-looking organizationsaround the world who want to maximize their Enterprise Mobility capabilities.

Enterprise Mobility is a big topic – so big, in fact, that it extends beyond mobile device management (MDM) and the need to address BYOD. Now Enterprise Mobility stretches all the way to how to best handle new applications and services (SaaS) coming into the organization. Enterprise Mobility also has to address data protection at the device level, at the app level, and at the data level (via technologies like Rights Management).

With these challenges in mind, we have assembled the EMS to help our customers supercharge their Enterprise Mobility capabilities with the latest cloud servicesacross MDM, MAM, identity/access management, and information protection.

On one point I do want to be very specific: The EMS is the most comprehensive and complete platform for organizations to embrace these mobility and cloud trends. Looking across the industry, other offerings feature only disconnected pieces of what is needed. When you examine what Microsoft has built and what we are delivering, EMS is simply the onlysolution that has combined all of the capabilities needed to fully enable users in this new, mobile, cloud-enabled world.

Additionally, with Office now available on iPad, and cloud-based MDM from Intune, over time we will deliver integrated management capabilities for Office apps across the mobile platforms. 

To see Office in action on an iPad, check out this video:


You can check out Office for iPad product guide here.

The capabilities packaged in the EMS are a giant step beyond simple MDM. The EMS is a people-first approach to identity, devices, apps, and data – and it allows you to actively build upon what you already have in place while proactively empowering your workforce well into the future.

The EMS has three key elements:

  • Identity and access management delivered by Azure Active Directory Premium
  • MDM and MAM delivered by Windows Intune
  • Data protection delivered by Azure AD Rights Management Services

Cloud-based Identity & Access Management

Azure Active Directory(AAD) is a comprehensive, cloud-based identity/access management solution which includes core directory services that already support some of the largest cloud services (including Office 365) with billions of authentications every week. AAD acts as your identity hub in the cloud for single sign-on to Office 365 and hundreds of other cloud services.

Azure AD Premiumbuilds on AAD’s functionality and gives IT a powerful set of capabilities to manage identities and access to the SaaS applications that end-users need.

Azure AD Premium is packed with features that save IT teams time and money, for example:

  • It delivers group management and self-service password reset – dramatically cutting the time/cost of helpdesk calls.
  • It provides pre-configured single sign on to more than 1,000 popular SaaS applications so IT can easily manage access for users with one set of credentials.
  • To improve visibility for IT and security, it includes security reporting to identify and block threats (e.g. anomalous logins) and require multi-factor authentication for users when these abnormalities are detected.

The Azure AD Premium service will be generally available in April. For more info, check out this new postfrom the Azure team.

Cloud-delivered MDM

Windows Intuneis our cloud-based MDM and PC management solution that helps IT enable their employees to be productive on the devices they love.

Since its launch we have regularly delivered updates to this service at a cloud cadence. In October 2013 and January 2014 we added new capabilities like e-mail profile management for iOS, selective wipe, iOS 7 data protection configuration, and remote lock and password reset.

Following up on these new features, in April we will also be adding more Android device management with support for the Samsung KNOX platform, as well as support for the upcoming update to Windows Phone.

Data Protection from the Cloud

Microsoft Azure Rights Managementis a powerful and easy-to-use way for organizations to protect their critical information when it is at rest or in transit.

This service is already available today as part of Office 365, and we recently added extended capability for existing on-prem deployments. Azure RMS now supports the connection to on-prem Exchange, SharePoint, and Windows Servers.

In addition to these updates, Azure RMS also offers customers the option to bring their own key to the service, as well as access to logging information by enabling access policy to be embedded into the actual documents being shared. When a document is being shared in this manner, the user’s access rights to the document are validated each time the document is opened. If an employee leaves an organization or if a document is accidentally sent to the wrong individual, the company’s data is protected because there is no way for the recipient to open the file.

Cost Effective Licensing

Now with these three cloud services brought together in the EMS, Microsoft has made it easy and cost effective to acquire the full set of capabilities necessary to manage today’s (and the future’s) enterprise mobility challenges.

As we have built the Enterprise Mobility Suite we also have thought deeply about the need to really simplify how EMS is licensed and acquired. With this in mind, EMS is licensed on a per-user basis.  This means that you spend less time worrying about the number of devices in use, or implementing policies that will limit the types of devices that can be used.

The Enterprise Mobility Suite offers more capabilities for enabling BYO and SaaS than anyone in the market – and at a fraction of the cost charged elsewhere in the industry.

* * *

This is a major opportunity for IT organizations to take huge leaps forward in their mobility strategy and execution, and Microsoft is committed to supporting every element of this cloud-based, device-based, mobility-centric transformation.

EMS is available to customers via Microsoft’s Enterprise Volume Licensing channels beginning May 1st.

There is so much we want to tell you about the Enterprise Mobility Suite and the innovations we are delivering here. This will be a big topic for us at TechEd North America and it will be a big part of the keynote on May 12. See you there!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • TechEd is awesome can't wait.

  • Have you fixed the giant screw-up and confusion regarding not being able to correctly separate Microsoft-Accounts from Org-Accounts? Or is it still impossible to use windows 8 together with O365, partner portals, crm-online and just about every other online service provided by microsoft!

    My customers are leaving microsoft for you competitors because of this!!

    check out these forum posts if you still don't get it





  • coming late to the party, market the hell out of it. which MS is doing already in some ways. products like sharepoint are being adopted pretty well. so, im encouraged, MS will probably do a good job of pulling together products for corp apps. mobility and cloud should be synonymous btw, its redundant to separate them, unless you still dont get where this is all going.

  • Ok.I can check up email persent connetion new email for me .

    ( reading microsoft intronew it vary good )

  • " Have you fixed the giant screw-up and confusion regarding not being able to correctly separate Microsoft-Accounts from Org-Accounts? Or is it still impossible to use windows 8 together with O365, partner portals, crm-online and just about every other online service provided by microsoft! "

    Total agree, they admitted it was not ideal at TechEd and it would be challenging to address it, This needs to be sorted asap !

    Org Account MUST also be a MS Account where 365 Admins can trailer what features can be used with. Please sort this out, its rather scary this issue is still ongoing !

  • Can you get them on a Kindle Fire HD?

  • Why is the EMS restricted to enterprise agreements?

    The rights management + AD Premier security and auditing features are key for small medical offices and groups.

    This would also help with Intune adoption.

    Requiring an Open License - or a 12 month Azure commit should all that is needed to get these services (at these prices or close to it)

  • I have gone through your blog and I find this extremely interesting to note about cloud services and how Microsoft has made it easy and cost effective to acquire the full set of capabilities necessary to manage future’s enterprise mobility challenges.

  • This is it I already have cloud app on my windows 7 notebook but havnt used ityet its apple tech which supportsmymobile devise too the sync Osgood as well between mobile and pc

  • This is it I already have cloud app on my windows 7 notebook but havnt used ityet its apple tech which supportsmymobile devise too the sync Osgood as well between mobile and pc

  • This is it I already have cloud app on my windows 7 notebook but havnt used ityet its apple tech which supportsmymobile devise too the sync Osgood as well between mobile and pc

  • Hi Brad,
    nice and very informational post.
    I have some questions regarding the implementation of EMS:
    In the official website it gives Azure AD Premium, Intune and ADRMS as separate Trial versions.
    For the implementation, are all three products independent from each other?
    Could I use for the beginning only Intune and later the other two?
    Could you provide some information of the prerequisites and a plan how to implement all three?

  • Pricing is not favourable compared to other MDM vendors, if you just want MDM.
    MDM should be a cloud only solution, not reliant on SCCM (a monster many of us can live without)
    Most UK mobile carriers prices Airwatch or MaaS360 at 1.90 to 2.50 per user per month. Intune is 3.90
    The website for Intune is poor. Its marketing fluff. Potential purchasers need to know how Intune stacks up against the competition, where is its competitive advantage.
    Getting POCs run in the UK seems slow/hard, for such a simple cloud based solution (much longer and harder than getting alternative like Airwatch or Good setup)
    And why is Intune stand alone, why is this not part of the overall Office 365 interface/system? It feels disjointed currently. Right now Intune is going out of its way to make hard to fathom, expensive to buy, forcing us to EMS, forcing the use of SCCM and basically forcing customers to look elsewhere. Its a shame, as Azure and 365 are excellent. MS need to get the pricing right on the cloud only solution. And integrate this better into 365 and provide better documentation on the products capabilities. And certainly where it has advantages.
    If its more expensive and has less features, why would anyone buy it!!

  • hola por que la aplicacion de office para iphone solo la puedes utilizar con office 360 yo tengo office 2013 profecional y no se me hace justo que yo tambien compre la licencia no pueda usar office para iphone por queeeee

  • I am finding it difficult to purchase the Enterprise Mobility Suite. My volume license vendor (DELL) is telling me that they can not sell me this subscription unless I open a new EA license.

    And I am running into the same issue that "paying customer and partner" is having with our Office365 user ID which is our Domain credentials but separate from the microsoft ID that is used for Skype and the Volume License portal, etc. Very confusing. I need a SSO service just to handle my Microsoft credentials.