Microsoft Enterprise Mobility Suite (EMS) is an awesome set of tools (Microsoft Intune, Azure AD, Azure RMS) to help you manage enterprise mobility. But where do you start, what do the components do and why do you even need them? If you have EMS are you using all its tools to the best advantage? Also, EMS is a “no-brainer” if you have Office 365! This post is going to give you the trials, the virtual labs and the free Microsoft EMS training courses you need!
One point to note: quite a few people end up here looking for information on “Azure EMS” which doesn’t exist, but I understand why you’re here. You are in the right place.
Trying new technology is hard, particularly in Enterprise Mobility where almost all the vendors in the space need you to give your details and wait for a hard, cold, sales call. Microsoft is the exception. With Enterprise Mobility Suite (EMS) you are up and running and trying mobility management in just a few minutes WITHOUT a brutal sales call!
With Enterprise Mobility Suite (EMS) you are up and running and trying mobility management in just a few minutes
Enterprise Mobility Suite is a kind of “Avengers Assemble” group of mobility tools. As the name suggests Microsoft’s new and improved offering is a suite of best-of-breed, often leading components, that come together. Of course, if you’ve read this blog for a while (you should subscribe) you’ll realize that I firmly believe that Productivity is the on-ramp to enterprise mobility…heck you probably already know that. Lets talk about the Microsoft EMS components and enterprise mobility suite features, but first a quick start:
“Where do I start with all these tools?”
You’ll be set up in about 5 steps or so.
- Get the trials (see below)
- Synchronize an on-premises AD to Azure AD (you can do this from a free virtual lab)
- Configure mobile device authorities
- Enroll a device
- Drink a coffee, high-five your boss*
*please note I am not responsible for you getting fired if your boss finds this inappropriate.
Enterprise Mobility Suite is a kind of “Avengers Assemble” group of mobility tools
Microsoft has one place for user accounts: Active Directory.
One of the big benefits of EMS is that it doesn’t make you do over your identity strategy. You don’t need some funky new LDAP/Directory/User Profile storage doohickey. You need Active Directory and with Enterprise Mobility Suite Microsoft safely EXTEND your on-prem AD DS to Azure AD’s modern architecture without massive architecture (don’t worry if you don’t already have an on-prem AD as the solution is cloud stand-alone too).
The short primer on Azure AD.
Think of Azure AD as a schema extension that you don’t need to manage if you’re an old school AD admin. The idea, of extending your on-prem AD to the internet, might sound daunting, but it really is a good idea.
The architecture of the modern, mobile world doesn’t really jive with synchronous connections to AD DS.
Modern mobile apps and devices need restful, API based connections to thrive…and you also need controls designed for those types of scenarios (multi-factor authentication, the ability to BLOCK compromised devices or users and to give CONDITIONAL ACCESS to company resources). Not only that but you are in ABSOLUTE CONTROL of what attributes get sent to Azure AD and geographically where they get sent.
Office 365, Microsoft Intune and ANY apps you want can share your Azure AD. 2500 are built-in, out of the box!
Manage Devices and Apps with Microsoft Intune
If identity is the cornerstone of enterprise mobility management house then device management is the first floor and application management is the second floor. Mobility management technology has evolved to deal with the newer challenges that mobility in today’s world faces.
You probably know of MDM – Mobile Device Management. MDM manages things like remote wipe, applying company policy and such – I suppose an old school admin might consider MDM as the Group Policy of the modern device world.
Just as we need more than that in the old school world we need more in mobility which is why we have Mobile Application Management. This is the need to control what applications get to a device but beyond that it’s the ability to control what other apps those apps can talk to and how they’re removed. It’s an essential layer in today’s world. For MDM and MAM, you want Microsoft Intune, no matter what device platform (Windows, iOS, Android).
an old school admin might consider MDM as the Group Policy of the modern device world.
Protecting Data with Azure Rights Management
Azure RMS is your device management roof. It keeps the water off!
Azure RMS will protect your data and only allow the people intended to have access to it access under the right conditions. With Azure RMS, protection has become much more straightforward to deliver. You install a couple of Azure RMS Connector servers on-prem and your Exchange, SharePoint, and File Servers can be protected by Azure RMS. Not only that but you can bring your own key and Azure will store your keys in our very, very secure HSMs. Every time I show anyone Azure RMS they think it’s magic, but you can try the magic of Asure RMS in this TechNet vlab.
The Power of Many
This is where things with a suite of awesome like Microsoft EMS assemble and really avenge your problems (sorry that was a bad pun). With the above you can do some amazing things. You can protect all your data on your OneDrive with RMS and allow only those enrolled devices with MDM (Intune) to have access to the information.
In this situation a number of things become true:
- The user loses their device: You know that RMS protects the data at rest, even if you can’t remote wipe it.
- The user leaves the company: You can remove the apps and the data that the user was accessing and know they have no access to further data.
- The user sells their device without wiping it: You can block the devices access while leaving their access intact.
Quick Start Option 1: Get some free, no money ever changing hands, trials
The free trials come thick and fast with EMS: You will want Microsoft Intune, Microsoft Azure AD and Microsoft RMS but thankfully all the trials are on one handy page on the Microsoft Enterprise Mobility Website – along with some helpful resources or just use the 5 steps below to get started. Office 365 and EMS were made to work together, like peanut butter and jelly! The first step though is to determine if you already have Office 365 and to get a trial if not.
- Do you have an Office 365 trial? If not get one (select E3). If you do, make sure it’s still valid and then return to click Sign in.
- Go get an Azure trial, or if you already have one you can just use that.
- Now go get a Microsoft EMS Trial, be sure to click the Sign in button and be signed in with your Office 365 trial.
- You’ll be taken to a portal to add your EMS trial (actually Azure AD) to your Azure subscription.
Quick Start Option 2: Use a TechNet vLab as your virtual lab
I build labs, and I’ve made Seven Deep Enterprise Mobility labs just for you, free. These deep technical labs will guide you through trying and using Enterprise Mobility Suite, including signing up for the trials. The labs include domain controllers, Configuration Manager servers, VMs and everything you need already setup for you. Note you still need the trials, which now follow the process above until I update the labs.
If you need some more help
I would highly recommend trying some courses on the free Microsoft Virtual Academy such as these stellar, all-star titles:
- Expanding Office 365 with Enterprise Mobility Suite
- Taming Android and iOS with Enterprise Mobility Suite
- Remote Desktop Services on Microsoft Azure Deep Dive
- Corporate Apps Anywhere, Anytime with Microsoft Azure RemoteApp
- Microsoft Desktop Virtualization
Thanks for taking the time to read… what do you think?