Microsoft recently announced that it will be releasing a new console for its Enterprise Mobility + Security Service (EMS). EMS will now incorporate Intune admin with Azure AD and Azure Information protection, and the new console, built on the Azure console, will simplify tasks related to identity management and mobile device management.
Instead of having to go to one console to manage identity policies, then a different one to set device app policies, all this functionality is now together in one common system. This new console will also be moved online, rather than the current on premise Silverlight-based one.
Converging identity management and security
Existing users of EMS will be automatically migrated to this new system over the coming months. So, there is no need for you to do anything, you will be automatically notified when it is available. Microsoft is carrying out these changes because of the need for the convergence of identity management/protection, device and app management, security, data protection and productivity.
Delivering this has required Microsoft to build comprehensive end-to-end scenarios across a number of services – Intune, Azure Active Directory, Azure Information Protection, Cloud App Security, and Office 365. The apps and backend services of these solutions are now in constant communication with each other as users access and use corporate data and apps. What this new EMS console delivers is an integrated administrative experience that makes the end-to-end scenarios that have been enabled far simpler, much more powerful, and even more flexible.
In their announcement, Microsoft outlined one scenario that this new Intune admin’ console enables – Conditional Access. This will enable the IT dept to define the rules under which they will allow access to corporate data – which EMS will then enforce – in real-time.
With the new integrated EMS console, it brings together all the different areas where IT wants to define risk polices that govern access – this allows you to define a complete and comprehensive set of rules. This is the new console experience for defining conditional access policies offers, enabling you to define access policies based on:
- Identity risk – is there anything suspicious about how an identity is being used
- Device risk – does the device meet your MDM policies
- Application risk – you could have different polices for a known/approved app vs. accessing through a browser
- Location – apply different policies when on a corporate/known network vs. a public networks
Now, the risk in each of those areas will be evaluated in real-time and access only granted to a service/application if the risk is within the constraints you define. These policies can be applied to 3,000+ SaaS apps as well as the applications you are hosting in your datacenter.
To find out more about how EMS can help your organization better manage and secure your mobile devices, please contact us.