The Pros & Cons of Microsoft EMS
iCorps IT Services
Microsoft's Enterprise Mobility + Security (formerly Enterprise Mobility Suite) provides the tools your business needs to be secure, compliant, mobile and productive in one affordable suite.
What is Microsoft Enterprise Mobility + Security (a.k.a. EMS)?
EMS is a Microsoft suite of services that helps businesses significantly boost their cybersecurity posture with Microsft Intune, Azure Rights Management, Identity & Access Management, as well as Advanced Threat Protection Analytics. These services are designed to protect a company, its data, and employees by streamlining device management, providing cyber threat intelligence, and securing corporate information.
[Jeffery Lauria] Intune is a product within the EMS suite that allows you to manage devices, be it a workstation, a mobile device, or an iPad. It allows you to push out applications to patch the device, to inventory a device, and to wipe the device. Those are some of the benefits under one single pane of glass. It's user-based, so a user may have a workstation, a mobile device, and an iPad—an agent's installed in each one of those devices, it is assigned to the user. The user is then assigned a profile, what they can and cannot do, and applications are pushed out and containerized.
So basically, what this means is that for a user who has their own laptop, there is a workspace on that laptop that is for corporate information, and we can limit that corporate information within that workspace itself. When that employee leaves the organization, that corporate workspace is pulled back, as is all the corporate data.
[Jeffery Lauria] In addition to Intune and device management, there are enhanced security features in EMS. Some of them include self-service password resets that enables a user to reset their own password at any point in time. Similar to what you do with your bank. In addition to that, there are identity services.
Identity services look at the user's behavior, where they're logging in from—are they logging in from a trusted IP address? Are they logging in from a geographically dispersed location? For example, did they log in 10 minutes ago in Boston, and then 20 minutes in LA? That is an impossibility. They throw flags. In addition to which, the product itself looks at user names and passwords across the web to see if they've been compromised. These features help you take a proactive approach to your security.
Lastly, multi-factor authentication is truly the standard today for authentication when logging on to services. Those services can be remote, or they can be internal. But by utilizing multi-factor authentication, you eliminate the risk of compromised usernames and passwords.
[Jeffery Lauria] Advanced threat protection utilizes state-of-the-art technology to profile users with adaptive learning. And what that basically means is over a period of time it understands the behavior of a user, when things change, and abnormalities. So for example, if a user does the same thing day in and day out, and then all of a sudden changes, it will alert an administrator there is some form of change.
In addition to which, it also protects the user's identity, meaning it will check to see if a username or password, has been compromised. If a username or password has been compromised, it will alert the administrator of that event, and not just alert the administrator, but will also provide them some forensic details. Basically, an auto log. So, how did the compromise happen? And once you have that information—one is you can remediate it, but then from that you can take more proactive measures that protect the rest of the organization.
[Jeffery Lauria] One of the drawbacks of EMS is it does not support location services. Location services gives the administrator the ability to determine where the device is at any point in time.
[Jeffery Lauria] One other additional con of EMS is because EMS has so many components, it does take some knowledge of which to deploy. It is not a point-and-click solution, but once configured, it works seamlessly.
So why should your business use EMS?
[Jeffery Lauria] Using EMS in products like Microsoft 365, SharePoint, and OneDrive, you will enable and empower your users to work any time, anywhere, on any device, and still maintain control as an organization.