News

Microsoft Centralizes Mobile and Identity Management with EMS Upgrade

• By Jeffrey Schwartz
• February 10, 2017

Microsoft is readying a new console for its Enterprise Mobility + Security (EMS) service that aims to simplify tasks related to identity management and mobile device management (MDM).

Launched nearly three years ago, EMS bundles Mircrosoft's Intune service for device configuration and management with Azure Active Directory (AD) and Azure Information Protection (which contains the Azure Rights Management technology).

EMS currently has over 41,000 paid subscribers, with 4,000 being signed just in the last quarter, according to a Tweet by Brad Anderson, corporate vice president of Enterprise Client and Mobility at Microsoft. Paid seats last quarter grew 135 percent, he added.

In a recent blog post, Anderson said that the new EMS console is set to roll out in the coming months, providing one common system for MDM and user policies. "This means that you no longer have to go to one console to set identity policies, and then another console to set device/app policies. It's all together," he noted.

Customers will be advised when their existing EMS tenants will change, which Anderson said should happen over the next several months.

Besides offering a common administrative console, EMS is now online, replacing the current Silverlight-based system. Any new subscribers and those signing up for trials will automatically be sent to new EMS console, and existing customers can sign up for free trials if they want access to it right away.

"What we are delivering with this new EMS console is an integrated administrative experience that makes the end-to-end scenarios we've enabled far simpler, much more powerful, and even more flexible," Anderson noted.

In an example of what the integrated administrative experience offers, Anderson described how admins can create conditional access.

"Conditional Access enables IT to define the rules under which they will allow access to corporate data -- which EMS then enforces in real time," Anderson explained. "With an integrated EMS console, we can now bring together all the different areas where IT wants to define risk polices that govern access -- this allows you to define a complete and comprehensive set of rules."

The EMS console lets IT managers define their own risk policies and set rules for access, such as whether certain uses of an identity should be deemed suspicious or if a device meets an organization's MDM policies. "We will now evaluate in real time the risk in each of those areas and only grant access to a service/application if the risk is within the constraints you define," Anderson noted.

In addition to devices, Anderson said customers can apply those policies to more than 3,000 SaaS third-party offerings and applications running on-premises.