Microsoft is excited to announce that we are named a Leader for Enterprise Mobility + Security (EMS) in the inaugural Forrester Wave: Unified Endpoint Management, Q4 2018. Forrester notes in the report that, Microsoft’s release of co-management in late 2017 has bolstered the company’s ability to serve advanced Windows 10 management use cases and provides a flexible path for customers to test out modern management. Forrester also recognizes Microsoft for having the some of the strongest security capabilities in the evaluation of 12 vendors.
We are honored and humbled by the recognition from both customers and the industry, demonstrated by the leadership position in other major analyst reports this year. It is not hard to see why customers have embraced Microsoft EMS as the most complete, intelligent solution for the security and management of their Office 365, Windows 10, and mobile endpoints.
Connect what you have to the cloud and shift to modern management: We hear from our customers that they love the ability to add Microsoft Intune to their existing PC management infrastructure and benefit immediately from the scale, reliability, and security of cloud. IT professionals can build on the strong foundation they already have with System Center Configuration Manager (ConfigMgr), add the intelligence from the Microsoft Cloud, and get instant new value and capabilities. We have engineered Intune and ConfigMgr to work together, and the licenses for ConfigMgr are included in your Intune subscription at no extra cost! Using co-management for select workloads enables customers to move to cloud-based, modern management practices at their own pace. It does not require you to make any other changes to your setup – you can continue domain joining and managing PC’s using ConfigMgr for other workloads for as long as you need. You get the best management experience for PC and mobile, leveraging MDM APIs, automation, and conditional access where possible, and executing other workloads such as patching and software distribution with traditional tools.
Using the intelligent cloud to help guide decision-making: With increasingly sophisticated attacks and multiple new attack surfaces, it is not feasible to manage and protect company data using human intelligence alone. Windows administrators can soon leverage the machine learning of the Microsoft cloud in order to set security policies. We are pleased to publish a set of Microsoft recommended security baselines in the Intune service that leverage the greatly expanded manageability of Windows 10 using Mobile Device Management (MDM). These security baselines will be managed and updated directly from the cloud – providing customers the most recent and most advanced security settings and capabilities available from Microsoft 365. If you're brand new to Microsoft, and not sure where to start, then security baselines give you an advantage. You can quickly create and deploy a secure profile to help protect your organization's resources and data. If you're currently using Group Policy, migrating to Intune for management is much easier with these baselines natively built into Intune's modern management platform. For application upgrade readiness, the upcoming Desktop Analytics service will combine data from your own organization with data aggregated from millions of devices connected to our cloud services, and take the guess work out of testing application compatibility. ConfigMgr administrators can leverage data from Desktop Analytics in several ways, including enablement of an intelligent pilot selection which ensures coverage of apps, add-ins and hardware, as well as deep integration with Phased Deployments for a data driven production rollout of task sequences, updates and applications.
Machine risk-based conditional access with threat protection: Integration between Windows Defender ATP and Azure Active Directory conditional access through Microsoft Intune ensures that attackers are immediately prevented from gaining access to sensitive corporate data, even if attackers manage to establish a foothold on networks. When Windows Defender ATP triggers a device risk alert during an attack, the affected devices are marked as being at high risk. Conditional access immediately uses this risk score to restrict access from these devices to corporate services and data managed by Azure Active Directory. When the threat is remediated, Windows Defender ATP drops the device risk score, and the device regains access to resources. Similar integration capabilities are offered for mobile devices through security partners such as Lookout, Zimperium, Checkpoint, Symantec, Pradeo, Better Mobile, and Google Play Protect. As noted by Forrester, Microsoft “EMS has some of the strongest security capabilities in this evaluation, including native vulnerability management on Windows 10, file-level encryption, data-loss prevention (DLP), and malicious app behavior detection”.
You can read the in-depth analysis from Forrester here
This series has other examples of organizations using Microsoft to secure their extended IT ecosystem for end-to-end protection across users, devices, apps, and data. We encourage you to visit the Microsoft Secure site and learn more about the full scope of Microsoft 365 Security capabilities. Also, check out more customer stories to learn how organizations leverage Microsoft 365 Security.