While the Office for iPad announcement caught most of the buzz, Microsoft made another announcement that arguably has as much significance for businesses: Enterprise Mobility Suite.
EMS is a bundle of services that addresses how to protect devices, applications and data with the long-term goal of providing integrated management across Windows, Android and iOS devices.
The offering has three components: Identity and access management via a new service called Azure Active Directory Premium; mobile device and mobile application management from Windows InTune; data protection via Azure Rights Management Services.
Microsoft CEO Satya Nadella called EMS “the most strategically important” product for Microsoft in that it attracts businesses to Microsoft services within its Azure cloud.
“It’s largely a bundling,” says Michael Silver, an analyst with Gartner. Customers could already buy the individual components and will still be able to, he says. But EMS comes prepackaged and at a better price, he says.
“Customers could always do this via System Center if they wanted to,” says James Staten, an analyst with Forrester. “This is how customers wanted it, and Microsoft did it.”
The EMS bundle pricing is determined by the number of users, regardless of how many devices each has. “This means that you will not need to count the number of devices in use, or implement policies that would limit the types of devices that can be used,” Microsoft says in its “In the Cloud” blog.
Buying the three components of EMS separately costs $12 per user per month for each. EMS includes all three for $6.50 per user per month total. It requires a one-year commitment and assumes the business already has Microsoft System Center Configuration Manager and Endpoint Protection licenses.
EMS includes Azure Active Directory Premium that provides group management and self-service password reset for end users, a tool for reducing help-desk calls.
The premium service comes configured with single-sign-on for more than 1,000 SaaS applications so businesses can set up libraries of approved apps from which end users can choose using just one set of credentials to reach the portal for downloading the apps to their mobile device.
The service includes options to require multi-factor authentication for users when it detects anomalous logins. So if it detects suspicious login attempts it can kick in a requirement for multi-factor authentication to make sure the suspicious attempts weren’t actual break-in attempts due to a lost or stolen device.
Azure Active Directory Premium is available next month.
Mobile device management within EMS comes from Windows Intune, the cloud-based MDM and PC management service. It’s due for an update next month, adding support for the Samsung KNOX, a security feature on some Samsung phones that separates personal data from professional data on the devices. The update adds support for an upcoming update to Windows Phone as well.
Microsoft Azure Rights Management brings the information protection capabilities that can interoperate with existing on-premises installations. Information protection can be built into applications via an SDK.