First published on CloudBlogs on Mar 30, 2015
For those of you keeping score at home,
earlier today
the Office 365 blog announced that the mobile device management (MDM) capabilities within Office 365 are now generally available.
That’s the good news.
The
really
good news is that these features are
available at no additional cost
.
We first
announced
that a subset of MDM Intune capabilities would be embedded directly into Office 365 last October. I talked about this being one of the EMM game changing announcements of the year – and, as we have seen the adoption of O365 accelerate, that statement looks truer than ever. If you have not had the opportunity to read about the details of what MDM capabilities are now included in Office 365 – check out the
Office 365 Blog
or this
TechNet site
.
As I noted in
an earlier post
, much of the infrastructure work we do is ultimately targeted at protecting the apps and the data that is getting created, accessed, and used. With this in mind, it’s no big secret what app everyone wants to protect first:
E-mail
!
With today’s GA, the
first app every organization will look to secure and protect
now comes with
MDM capabilities natively built into it
. This means IT admins can set up security policies on devices to ensure that O365 corporate e-mail and data can be accessed only on phones and tablets that are managed and compliant.
What this Means for Your IT Goals
For years, Office has been the gold standard of productivity software and has grown to meet the needs for secure, mobile productivity. This emphasis on security and productivity goes far beyond today’s MDM news – in fact, the
EMS and O365 have been architected to work
together
. Customers all over the world are already using these solutions for
multi-layer mobile security
with
i
dentity and access management
(via Azure Active Directory Premium),
mobile application management
(via Intune),
data protection
(via Intune and Azure Rights Management Services), along with an upcoming set of robust enterprise-grade features in
Windows 10
.
The pivot of managing Office via Intune is a big (and really proactive) step for the industry. In fact, Intune now sits as
the
only
comprehensive MDM solution on the market
that can manage the recently released Office mobile applications on iOS and Android. This enables the workforce to utilize the apps they love, while preventing data leakage – and it empowers IT teams to constantly improve and streamline the services they deliver while maintaining strict security.
The cloud-based nature of Intune means that it is frequently updated (we are currently on a monthly update cadence) and fine-tuned based on the growing needs and scenarios of our users. Consider the two most recent waves of updates (
here
and
here
) and the new features that have come with them.
What MDM Means for Your Identity
There is one area in particular that sets Microsoft’s enterprise mobility management (EMM) approach apart from
every single competitor
:
Identity management
.
I’ve written about identity management a lot on this site (
here
and
here
, for example), and this topic simply can’t be overemphasized when it comes to maximizing both productivity and security. In the mobile world, identity is at the
center
of everything we do, and should be at the center of your Enterprise Mobile strategy. For corporate access to be secure, it MUST be based on the ability to identify the
individual
and the
device
accessing your services and data.
And with more and more apps and services being cloud-based (
e.g.
Office 365, Salesforce.com, Box, etc.), we have worked tirelessly to extend the centralized identity management and access solution, Active Directory, to the cloud with Azure Active Directory (AAD).
Azure Active Directory is an internet-scale cloud directory that delivers single sign-on to these popular SaaS applications, including O365, and also to on-premises applications via the
Azure AD Application Proxy
.
To answer the obvious question about the security of cloud-based identity management, consider this: Microsoft does not require you to store any user passwords in the cloud from the synchronized on-premises identities. Additionally, all access attempts are monitored and logged and can be displayed via a simple set of reports that can track inconsistent access patterns (unknown source logins, multiple failed logins, or logins from multiple geographies). This is all delivered through
Azure Active Directory Premium
– which is one of the components of the
Enterprise Mobility Suite
.
Whenever I look at the scale and usage of Azure Active Directory, I am really impressed. AAD services, on average, manage
2 billion authentication requests every day
and there are 4+ million organizations using AAD to manage access to their Microsoft Enterprise services (
e.g.
Azure, Office 365, EMS, etc.).
This
is an incredibly high quality foundation you can use to build your Enterprise Mobility strategy.
* * *
These new MDM features in O365, alongside the incredible functionality offered by the EMS, empower enterprises to solve short-term IT challenges, while proactively planning and building for the future. With the functionality and familiarity of Office 365, end-users will become increasingly more productive, and with the IT tools of the EMS, any organization’s infrastructure will become more reliable, more secure, and better equipped to deal with the increasingly challenging demands of the modern workforce.
To dive deep on these new MDM features for Office 365, check out the official
TechNet page.