Deciphering the Many Features of Enterprise Mobility + Security

By Aaron Saposnik| May 01, 2017

As users and organizations continue to direct their focus more to cloud and mobile, it is more important than ever to enable users in these environments while also ensuring that the company’s security policies are enforced.  There are numerous products available in the market to support these goals, but Microsoft has taken the unique step to combine many of these different solutions into one comprehensive, highly discounted suite called Enterprise Mobility + Security (EMS).  With EMS, organizations can enable their users to be productive anywhere and anytime while protecting their data across a wide range of devices and apps.

In our EMS blog series, we highlighted some of the key features and capabilities of the 5 primary EMS products.  To sum up the series, I’ve compiled the top features under each solution category to help you determine which products are best suited for your specific needs.

Azure Active Directory Premium

Feature Challenge How It Works
Self-Service Password Reset Forgotten or expired passwords is one of the more frustrating side effects of network security. Password reset can take up a lot of time and lead to a large expense for the organization. Allows users to update their passwords via a secure web interface without knowing or requiring their old password.
Multi-Factor Authentication Security threats are growing and the methods are getting more sophisticated – usernames and passwords alone are no longer enough to secure your sensitive information. This utility requires a second level of authentication on top of a password – usually a phone call or text – to verify the user’s identify before granting access to resources.
Single Sign-On for Cloud Apps The number of applications used by teams on a daily basis is growing. It has become extremely difficult to remember and manage all of the various passwords required for these applications. Allows you to log into one site with your AD credentials and then all of your other logins are managed via that site. Users no longer need to remember all of their passwords.
Risk-Based Conditional Access Multi-Factor Authentication may still not be enough protection for your cloud services if systems either don’t require it or there are accounts that bypass that security. A new third layer of security which uses machine learning to track and monitor logins and identify accounts that may be compromised even if the credentials were entered correctly.
Privileged Identity Management A security breach into a privileged account could be especially detrimental. Additional security precautions need to be placed on these accounts. Users can be granted permissions to request admin access for a pre-set period of time. That way, if in the future their account is compromised, the risk of it being an admin account is reduced.

Microsoft Cloud App Security

Feature Challenge How It works
Cloud App Security Advancements in technology have made it possible for users to choose and enable their own cloud solutions without IT intervention, making it difficult to enforce company-wide security policies. Collects information from any edge device as well as services such as Office 365 to determine what cloud-based services are in use, making it easier to identify and manage cloud resources.
Cloud App Discovery What about remote workers? How do you control security policies for users who aren’t behind your firewall? Reviews and reports on any cloud applications in use on any workstation, even those not behind your firewall.

Microsoft Intune

Feature Challenge How It works
Mobile Device Management Today’s workforce expects to be able to access their company content on their personal mobile devices, making it difficult to enforce security policies without infringing on individual user’s privacy. Enable users on all of their devices while also providing the level of management that management needs to enforce company’s security policies.
Laptop and Desktop Management Often times, multiple services are used to manage mobile and workstations separately. Intune can be used to manage and monitor mobile, laptops and desktops all under a single cloud service.

Azure Information Protection

Feature Challenge How It works
Manual and Automatic File Classification Documents are often sent or stored outside the organization. The process to protect documents and emails can be complicated and difficult to achieve. Security classifications can be assigned with a simple drop down menu available as a plugin for all Microsoft Office products.  Automatic classifications can also be performed based on content such as credit card or social security numbers.
File Tracking and Security Once data is protected, it’s still difficult to ensure that only the right people are accessing it. Enables the end user and IT to track usage and revoke access to shared documents when deemed appropriate.
Message Encryption End users do not always realize the danger of sending emails that contain sensitive information and, even with the best of intentions, some important information might slip into an email. Scans every message that is sent from your email system and looks for specific keywords or content to ensure all sensitive messages are protected.

Advanced Threat Analytics (ATA)

Feature Challenge How It works
Advanced Threat Analytics Most on-premises monitoring tools focus on visible threats. However, very few systems monitor for infections that stay hidden and focus on leaking data and passwords.  These types of infections can often stay undiscovered for weeks or months. Monitors and tracks all user authentication requests and user activity on the domain controllers and correlates it to known threats and questionable activity.  Alerts IT to these risks.

Interested in learning more about how your security posture stacks up to today’s most advanced solutions? BDO Digital can help you identify your strengths and uncover hidden security gaps, as well as provide you with the resources you need to plan next steps and how to address your specific needs. Contact us today to learn more.

Teams security and compliance demo