Director Infrastructure Services at Innolytix Pakistan Pvt Ltd
Real User
Top 10
2024-01-09T09:00:00Z
Jan 9, 2024
I use the solution in my company for endpoint management and securing cloud workspace and identities since it allows us to implement conditional access and secure it on an on-premises infrastructure with an ATS server.
Microsoft Consultant | Modern Workplace at a computer software company with 11-50 employees
Consultant
Top 10
2023-05-29T11:05:00Z
May 29, 2023
Microsoft Mobility and EMS include Intune for Mobility, which provides mobile device management and mobile application management. With mobile device management, you can control the entire device in an organization. For example, if you have a thousand devices, you can manage them using various available methods. These devices will appear on your portal, and you can effectively manage them. If not, Intune also supports mobile application management, which means we only protect data that is on third-party devices. For instance, if a user has a company-controlled device, we have full control over it. However, if a user in the organization has a personal laptop and smartphone, we can control how data is regulated on those devices. They won't be able to save data on mobile storage, copy-paste to applications like WhatsApp or Notepad, or copy it to personal email accounts. The user can only copy data between corporate email addresses or copy it to OneDrive for Business. This level of control is provided by Intune. In terms of security, EMS has Azure Ready Premium One, EMC Three, and EMC Five as its individual components. EMC five offers most of the features and it includes Azure Ready Premium 2. You can also have conditional access policies, which are part of Plan 1. It also has Azure Information Protection for labeling. You can create labels and labeling policies, including auto-labeling policies. There are Plan 1 and Plan 2 options. With Plan 2, you can automatically scan on-premises repositories for labeling. If you have Plan 2, it will label them. In the EMS, we have CASB, which stands for Cloud App Security. It's a Cloud App Security Broker. We refer to it as Defender for Cloud App. It deals with all the shadow IT subdomains. For example, if you have one thousand users in your organization and you don't know what they are using on their laptops, even if Defender for Endpoint is already installed on their devices or if you are importing logs from the firewall, it will show you all the devices, websites, and applications that the user is accessing. You can restrict their access, so they won't be able to work on any other devices. You can also identify any uncategorized websites or services being accessed. You can view this information from CASB and set session policies. If you have web applications on-premises, you can integrate with them. You can also integrate with anything that supports SAML authentication. Furthermore, you can prevent users from copying text from browsers or your application. You can create file policies, activity policies, and session policies based on your requirements. Additionally, you have Azure Identity Protection, which is also part of Azure Ready Premium 2. It includes features like bank passwords and more. A bank password is something that is not available on-premises. There is also a small agent that you can use to enforce it on-premises. Moreover, there is Azure ATP, which depends on identity. It's crucial to have it on the domain controller. It investigates every authentication, even if you're authenticating through LDAP or web services. It tracks and verifies against a number of attacks and techniques listed by my tier, which is a nonprofit organization that investigates these attack techniques. They have a catalog or database of these techniques. Azure ATP will verify if any of these attempts are shown and reflect them. So that is Azure ATP for identity. The identity management team is also included, and Privileged Identity Management is part of it. Along with that, you have access to reviews and event title management. So this is what the EMS offering includes.
We use the product for centralized communications. We use chat, SCCM, Azure, Visio Pro, and quite a few other Microsoft applications. As a business manager, I use it for all the basic stuff. I use Microsoft for, of course, the Office Suite, however, in regard to the Enterprise packaging, I use it for our communications tool. I use it as Teams. I really use Teams for communicating with the department. Other than that, the core licensing and things of that nature, the server items that we have, SCCM, that's more from our server-side. They use it more for server licensing whereas I just use it for the basics of communicating, chatting, and things of that nature. That's the regular Microsoft Office Suite.
There is one application that was in-house, which was developed by one of the internal in-house application itself. That application, we have integrated and we get support from the vendor, from Microsoft. We have set up the application in our environment. This is what I have done for three or four months for one or two applications.
Java Developer at a government with 1,001-5,000 employees
Real User
2020-03-05T08:39:37Z
Mar 5, 2020
It's a solution that's basically helping administrators to manage the end-user environment. Whatever they're doing in the system, we make sure there's no data leakage happening, and we are fully protected, and always getting security patches.
Learn what your peers think about Microsoft Enterprise Mobility + Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Microsoft Enterprise Mobility + Security (EMS) is the only comprehensive solution designed to help manage and protect users, devices, apps, and data in a mobile-first, cloud-first world.
I use the solution in my company for endpoint management and securing cloud workspace and identities since it allows us to implement conditional access and secure it on an on-premises infrastructure with an ATS server.
The solution is for MDM and takes care of the mobility and security of all devices.
Microsoft Mobility and EMS include Intune for Mobility, which provides mobile device management and mobile application management. With mobile device management, you can control the entire device in an organization. For example, if you have a thousand devices, you can manage them using various available methods. These devices will appear on your portal, and you can effectively manage them. If not, Intune also supports mobile application management, which means we only protect data that is on third-party devices. For instance, if a user has a company-controlled device, we have full control over it. However, if a user in the organization has a personal laptop and smartphone, we can control how data is regulated on those devices. They won't be able to save data on mobile storage, copy-paste to applications like WhatsApp or Notepad, or copy it to personal email accounts. The user can only copy data between corporate email addresses or copy it to OneDrive for Business. This level of control is provided by Intune. In terms of security, EMS has Azure Ready Premium One, EMC Three, and EMC Five as its individual components. EMC five offers most of the features and it includes Azure Ready Premium 2. You can also have conditional access policies, which are part of Plan 1. It also has Azure Information Protection for labeling. You can create labels and labeling policies, including auto-labeling policies. There are Plan 1 and Plan 2 options. With Plan 2, you can automatically scan on-premises repositories for labeling. If you have Plan 2, it will label them. In the EMS, we have CASB, which stands for Cloud App Security. It's a Cloud App Security Broker. We refer to it as Defender for Cloud App. It deals with all the shadow IT subdomains. For example, if you have one thousand users in your organization and you don't know what they are using on their laptops, even if Defender for Endpoint is already installed on their devices or if you are importing logs from the firewall, it will show you all the devices, websites, and applications that the user is accessing. You can restrict their access, so they won't be able to work on any other devices. You can also identify any uncategorized websites or services being accessed. You can view this information from CASB and set session policies. If you have web applications on-premises, you can integrate with them. You can also integrate with anything that supports SAML authentication. Furthermore, you can prevent users from copying text from browsers or your application. You can create file policies, activity policies, and session policies based on your requirements. Additionally, you have Azure Identity Protection, which is also part of Azure Ready Premium 2. It includes features like bank passwords and more. A bank password is something that is not available on-premises. There is also a small agent that you can use to enforce it on-premises. Moreover, there is Azure ATP, which depends on identity. It's crucial to have it on the domain controller. It investigates every authentication, even if you're authenticating through LDAP or web services. It tracks and verifies against a number of attacks and techniques listed by my tier, which is a nonprofit organization that investigates these attack techniques. They have a catalog or database of these techniques. Azure ATP will verify if any of these attempts are shown and reflect them. So that is Azure ATP for identity. The identity management team is also included, and Privileged Identity Management is part of it. Along with that, you have access to reviews and event title management. So this is what the EMS offering includes.
We use the product for centralized communications. We use chat, SCCM, Azure, Visio Pro, and quite a few other Microsoft applications. As a business manager, I use it for all the basic stuff. I use Microsoft for, of course, the Office Suite, however, in regard to the Enterprise packaging, I use it for our communications tool. I use it as Teams. I really use Teams for communicating with the department. Other than that, the core licensing and things of that nature, the server items that we have, SCCM, that's more from our server-side. They use it more for server licensing whereas I just use it for the basics of communicating, chatting, and things of that nature. That's the regular Microsoft Office Suite.
There is one application that was in-house, which was developed by one of the internal in-house application itself. That application, we have integrated and we get support from the vendor, from Microsoft. We have set up the application in our environment. This is what I have done for three or four months for one or two applications.
It's a solution that's basically helping administrators to manage the end-user environment. Whatever they're doing in the system, we make sure there's no data leakage happening, and we are fully protected, and always getting security patches.
We primarily use the solution for MDM and file protection.