How Microsoft infused its Enterprise Mobility and Security solution with intelligence

It may not be a sexy topic, but a solid enterprise mobility strategy has never been more important as workforces are becoming increasingly mobile and the risk of data breaches is growing by the day.

Microsoft is taking a three-pronged approach to enterprise mobility management (EMM), blending robust identity management and security with its popular Office 365 productivity apps, across all devices.

Speaking to Computerworld UK at the IP Expo in London this week, Brad Anderson, the corporate VP for enterprise mobility, said that the company's Enterprise Mobility and Security (EMS) toolset is "the fastest growing product in the history of Microsoft" because of this "holistic" approach.

Historically, enterprise mobility was an IT-focused solution. Anderson admits: "We built them for IT, and they would take over a device and we really didn't put a lot of thought into what the user experience was. In today's world you have to think about how you deliver a solution that is both loved by users and trusted by IT."

Anderson and his team within the EMS division's job is to find that balance between "delighting users and delighting IT" as Anderson puts it, leaning on one of CEO Satya Nadella's favourite words for effect.

"So we are able to build management security into the native way that people work, so that it doesn't feel like a bolt on, or clunky," he said. "It's natural. So as users come up against the guardrails that IT wants to put in place, we gently nudge them into the right direction to help protect the data."

Read next: Microsoft CEO Satya Nadella points to machine learning as key battleground for cloud computing

The EMS product was announced in June 2016 to incorporate a range of security and identity tools, including Microsoft Intune, Azure Active Directory, Azure Information Protection, Microsoft Cloud App Security and Advanced Threat Analytics.

Anderson, a fifteen-year veteran at Microsoft, used to work under Nadella before he was appointed CEO, and the culture he has driven within the EMS division has the CEO's fingerprints all over it.

This can be seen in the way that EMS is built to be cross-platform by default.

"There was no debate over that, Satya has always had this view," Anderson said. "If you take a look at what is being managed through the products I build, 55 percent of the mobile devices being managed are iOS, 35 percent are Android and 10 percent Windows... that's reality."

Now, thanks to a new partnership with the Apple-specialist identity management vendor Jamf, EMS extends to that device too.

"The Mac partnership with Jamf is a big announcement, because now that in-depth management brings Macs into the same class of security management we do with iOS, Android and Windows," Anderson said.


According to Anderson, his job is essentially "all about security" and that by transitioning enterprise mobility to the cloud, Microsoft is now able to make it more secure than before. This is because perimeter security isn't sufficient when you have a massively mobile workforce, so intelligence has to be the first line of defence.

"Now that we have all of that data coming in, through Intelligent Security Graph, we have the opportunity to see these attacks happening and take action on behalf of customers," he explained.

This is essentially an embedded use of Windows Defender Advanced Threat Protection (ATP), allowing IT to automate a lot of its threat detection capability.

Read next: Windows 10 for business: Pros and cons for enterprise users - why your business should move to Windows 10

Anderson's primary challenge is to "empower the end user in a way that feels natural, but also provide security that is in the background that also feels natural".

For example, most enterprise IT departments will recognise that multi-factor authentication (MFA) is the best way to keep employees' mobile devices safe, but users hate it. What Microsoft has done is leverage its massive data pool to identify when MFA is required most, such as when a user is logging in from an unusual location.

So by linking EMS to Azure Active Directory, Microsoft allows IT to set their own risk thresholds for when a user is prompted to sign in using MFA.


Anderson believes that Microsoft's holistic approach to enterprise mobility (security, identity and Office all-in-one) is what makes it stand out from its competitors, who may have one or two of those things, but never all three.

Anderson picks out the likes of AirWatch, MobileIron and Okta, who do the identity and security part, but don't have the productivity apps to match.

Then there is Google's G Suite, which has the productivity apps but hasn't traditionally had identity management.

That could be about to change though. Google acquired identity-as-a-service specialists Bitium last month, with the aim of delivering "capabilities to help us deliver on our Cloud Identity vision," according to director of product management for G Suite and Cloud Identity Karthik Lakshminarayanan.

Read next: G Suite vs Office 365 - What's the best office suite for business?

Anderson doesn't seem too phased however: "I think long term a solution that brings together the stack of identity first, the productivity apps and the management security across all of the platforms, that's how all of this plays out over time."

Copyright © 2017 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019