How Microsoft Enterprise Mobility + Security (EMS) transforms business

Learn how Microsoft Enterprise Mobility + Security protects organisations in the mobile-first, cloud-first world.

What was called Enterprise Mobility Suite (EMS) is an incredibly popular offering, highly rated with nothing quite like it in the marketplace.  EMS has evolved with a name change and an expanded offering, keep reading for all the details. 


Enterprise Mobility - The Microsoft Way

Back in June, Microsoft announced that Gartner had recognised Microsoft with a visionary placement for Microsoft Intune and the Enterprise Mobility Suite in the Enterprise Mobility Management Magic Quadrant.

Microsoft are passionate about delivering a solution that both users and IT love:

We believe that getting this balance right (empowering users, while protecting company data and also protecting the users’ privacy) is fundamental to fully enabling Enterprise Mobility. 

Rather than traditional Mobile Device Management (MDM), where the IT department takes over the device being managed, Microsoft enables better ways of working:   

One of the unique capabilities of O365 and EMS is the ability to protect corporate apps and data without having to take over users’ personal devices. EMS enables organizations to focus their efforts on applying information protection policies to corporate data without having to manage the device (MDM enrollment not required).

Welcome Enterprise Mobility + Security

Microsoft wanted to better recognise the different aspects of EMS.  What was Enterprise Mobility Suite has now become Microsoft Enterprise Mobility + Security (EMS).  You can read the announcement here - Introducing Enterprise Mobility + Security.

As well as the name change, there are two plans Enterprise Mobility + Security E3 as well as a new E5 plan. I have shown the differences below:

Enterprise Mobility + Security E3

The original EMS plan

Microsoft Intune

Microsoft  Advanced Threat Analytics (ATA)

Azure Active Directory Premium P1

Azure Information Protection Premium P1

  • Includes everything from     the original Enterprise Mobility Suite offering
  • Azure AD Premium becomes Azure AD Premium P1
  • Azure Rights Management Premium becomes Azure Information Protection Premium P1

Enterprise Mobility + Security E5

New enhanced plan available in Q4 2016

Microsoft Intune

Microsoft  Advanced Threat Analytics (ATA)

Azure Active Directory Premium P2

Azure Information Protection Premium P2

Microsoft Cloud App Security

  • Adds Identity Protection and Privileged Identity Management capabilities
  • Adds automatic classification, on top of the manual classification, labeling

Here is Microsoft's official comparison of EMS E3 vs E5.  It's important to point out the E5 plan includes everything from the E3 as well as the new features.

The new Enterprise Mobility + Security linup

What do you get with the Enterprise Mobility + Security E5 plan?

Lets see what extra you get with the EMS E5 plan in more detail, along with some demos.

Microsoft Azure Information Protection is a new service building upon Azure Rights Management, that's currently in preview.  This is based on Secure Islands technology, who Microsoft purchased recently.  Here is the announcement with further details - Announcing Azure Information Protection.

The EMS E5 plan includes automatic classification, on top of the manual classification, labelling and everything else included in EMS E3

Microsoft Cloud App Security is included in the EMS E5 plan. See the announcement for more details on what this provides. Here are some highlights: 

  • App Discovery: Cloud App Security identifies all cloud applications in your network—from all devices—and provides risk scoring and ongoing risk assessment and analytics
  • Data Control: With special focus on sanctioned apps, you can set granular controls and policies for data sharing and loss prevention (DLP) leveraging API-based integration. You can use either out-of-the box policies or build and customize your own
  • Threat Protection: Cloud App Security provides threat protection for your cloud applications leveraging user behavioral analytics and anomaly detection

The EMS E5 licence will include all the benefits of the new Azure AD Identity Protection service. Here are further details on what this provides. Some highlights include:

  • Detection of identity-based security issues using our signals intelligence, experience, and algorithms
  • Support investigation of risk events and users flagged for risk.
  • Support for in-line remediation and management of risk events
  • Harnesses the power of Azure AD Conditional Access policies and real-time risk evaluation to auto-remediate leaked-credentials before they can cause harm

Enterprise Mobility + Security Closing Thoughts

Hopefully, you better understand how Microsoft's Enterprise Mobility platform is evolving. Microsoft's Enterprise Mobility + Security is persuasive and game-changing offering that enables organisations to fully embrace the mobile-first, cloud-first world.

I'll continue to update this post, as further details are available.  Thanks for reading and please check me out on Twitter @CIanAllner.