Communication is the single most important thing in your organization, it is what makes your business run, if your people can’t communicate nothing happens. With communication as the single most important thing in your company it’s the single most important workload in IT (email, voice) and it’s normally the single most important thing people do on their devices. How many of us check our email first when we wake up in the morning? It is therefore intrinsically linked to devices but it’s also intrinsically linked to something else. An individual’s identity.
You are you on a device.
That’s why I’ve started to think about how your productivity solution can be leveraged by you mobility management solution. Ideally when a person grabs a brand new device it should be simple to setup everything they need by just telling the device who they are…then their email, apps, certificates, trusted networks and the like are just setup for them. Users shouldn’t need to know more than who they are to become productive.
So how do you, the IT person, make that happen. One alternative would be to export all the people in your AD to a CSV file and then import that on a weekly basis into your EMM solution. But that would suck. A better solution would be to extend your AD, keep things synchronized, allow the EMM directory and the AD directory to become as one…why is that better?
It’s a better solution because it’s one thing to manage, if something changes in the EMM directory it changes in AD (like a user changing a password, or a group membership through self service) or when IT blocks a user account in AD it automatically blocks their access from everywhere – including at the file level, wherever those files happen to be. It’s also a better solution when you’re already using that EMM directory for as your identity directory for productivity.
If you’re using Office 365 for productivity (and many are) then you already have your keystone in place – your directory will be stored in Azure Active Directory (AAD), although you might not know it. If you have an on-prem directory and Office 365 then they will already be synchronized using DirSync. If you don’t have an on-prem AD then you just have AAD. Either way you have the keystone….I’m not the only one thinking this way either, once you have identity you can think about layered protection: