Stay secure and productive on your favorite apps and devices
In a modern workspace where work mobility and bring-your-own-device (BYOD) get significant popularity, while cyber attacks continue to increase and become more sophisticated, how can companies keep data safe while remaining work efficiency? Enterprise Mobility + Security (EMS), a cloud-based bundle solution, is designed to help IT leaders to manage and protect users, devices, apps, and data in a mobile-first and cloud-first environment, assisting your business to meet the challenges that exist between the best possible user experience and productivity without compromising to security, data protection and risk management.
Why EMS matters?
Imagine your typical workday, you start with checking emails on Outlook and open your company's intranet such as SharePoint site and ERP system, download a confidential excel file from the cloud and edit it on your desktop. In the afternoon, you may go out on a client's meeting and on your way, you use your mobile device to go through the presentation and some of the client's documents again. These common daily tasks involved using cross-device, apps, and Saas (software as a service) platform, and the process may already expose your company data to security threats that you are not aware of. In view of that, EMS provides protection at four aspects - identity management, information protection, device management, streamlined deployment and management using the below core components:
- Azure Active Directory Premium
- Microsoft Intune
- Active Directory Rights Mangement Services
- Microsoft Advanced Threat Analytics
Azure Active Directory Premium
Azure Active Directory Premium is a "single sign-on for your company". Each employee has a profile in Azure Active Directory which is connected to all of the other service logins. It allows your employees to sign in to file servers, email, application servers, database servers with any devices (iOS / Android, Windows / Mac) at any locations. You can also set conditional access to block users based on various factors, as well as multi-factor authentication (MFA) to enhance the security of the identity verification process, such as sending a code to their mobile phones, to confirm sign-on. If you need to remote access your on-premise applications, Azure Active Directory Premium enables remote access without using Virtual Private Network (VPN) features MFA. Cross-organisational collaboration is easy because you can grant vendors, contractors, or partners with risk-free access to internal resources. Reporting is also available on logins and meta-data associated with access requests.
Intune, built on Azure Active Directory, is designed for establishing management relationship with mobile devices. It can link an unlimited number of your employees' mobile devices (iOS, Android, Windows) to company data in a secure way. For example, your employee can download the Microsoft Word app on their personal device and securely access company documents from that device. Meanwhile, it can also block access to certain users, data, or apps, giving your company greater control over company data while employees do not have to give the administrator full control over their devices. Another great benefit of having Intune is that it is a unified endpoint management solution that helps your IT team to manage device management software updates much easier. Think about the challenge of device management software for Windows 10, iOS and Android which release updates quite frequently. With Intune, this headache would go away, and you can always stay up to date without bothering installing patches for devices.
Active Directory Rights Mangement Services
Active Directory Rights Mangement Services (RMS) offers document-level security for internal and external sharing. Users' right of viewing, editing or forwarding a document could be set with this technology. For example, you can disable forwarding in your email containing confidential documents so no recipient can share it externally. With RMS, a quarantine of user right is integrated into Office 365, further securing documents with simple one-click options. From the user's point of view, you can classify and label the documents at the time of creation or modification. Classification policies can be set based on the source, context, and content of the documents. The administrator can always use logging and reporting to monitor the sharing of information.
Microsoft Advanced Threat Analytics
Avanced Threat Analytics (ATA) gives you real-time security monitoring. It serves as a security guard of EMS, every login, document, location, device, user, email are all logged to identify suspicious behaviours, such as malware, phishing, malicious attacks, and bad links, and alert administrator and users for known risks before they caused damage. It also provides recommendations for investigation and remediation for each suspicious activity. Machine learning technology is applied in this technology, so ATA continuously learns the behavior of your organizational entities (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly. Reporting is available for giving administrator's persepctive on the who, what, when, and how.