Windows Intune features.
Now let’s look at Windows Intune and to do that comparison I have included a sheet that compares it with its on-premises step brother and what you get if you mix them both.
| Scenario |
System Center 2012 R2 Configuration Manager |
Windows Intune |
System Center 2012 R2 Configuration Manager and Windows Intune |
| Platform Support | |||
| Microsoft Windows | Yes | Yes | Yes |
| Microsoft Windows Server | Yes | No | Yes |
| Windows Phone | No | Yes | Yes |
| Windows RT | No | Yes | Yes |
| iOS | No | Yes | Yes |
| Android | No | Yes | Yes |
| Mac OS X | Yes | No | Yes |
| Unix/Linux Servers | Yes | No | Yes |
| Compliance Settings | |||
| Extensible Windows PC Device Configuration Settings (e.g., WMI, Registry) | Yes | No | Yes |
| Extensible Mac OS X Configuration Settings | Yes | No | Yes |
| Mobile Device Configuration Settings | No | Yes | Yes |
| Deployment | |||
| Application Deployment | Yes | Yes | Yes |
| Windows Operating System Deployment | Yes | No | Yes |
| Security and Privacy | |||
| Software Updates | Yes | Yes | Yes |
| Endpoint Protection | Yes | Yes | Yes |
| Administration and Reporting | |||
| Software Metering | Yes | No | Yes |
| Hardware and Software Inventory | Yes | Yes | Yes |
| Custom hardware and software inventory | Yes | No | Yes |
| Role-based Administration and Reporting | Yes | No | Yes |
| Unified Reporting for Cloud- and Corporate-connected Devices | No | No | Yes |
| Cloud-based Reporting | No | Yes | No |
| Data Protection for mobile devices | |||
| Security Settings | Yes | Yes | Yes |
| Remote Wipe | Yes | Yes | Yes |
| Remote Lock | No | Yes | No |
| Passcode Reset | No | Yes | No |
For a list of settings that you can configure on mobile devices, see:
- Mobile Device Management Capabilities in Windows Intune
- Compliance Settings for Mobile Devices in Configuration Manager
For information about new features in Windows Intune, see Windows Intune Service Updates.
Security
Security is an integral part of all these components, but it is worth mentioning how it works within Enterprise Mobility Suite. Through the implementation of Cloud Identity or Azure Active Directory, you are now effectively running your security in the cloud. This implementation makes your Enterprise’s AD impervious to server and hardware failure as it is guaranteed for high uptime via SLAs (Microsoft reimburses customers if uptime goal is not met).
Finally, Advanced Threat Detection is one of the smartest modules in the suite. According to Microsoft and industry statistics, it takes at least 200 days for a targeted attack to be detected. This means that an attacker could be lurking throughout enterprise systems for that long until their access is detected and removed. The sheer amount of proprietary information that could be gathered is just too much in such an amount of time. With the aid of usage metrics and behavioral analysis, EMS is able to know the usage patterns that your users have. One minor caveat; the system needs to be online analyzing patterns for at least 30 days to be useful. This will lead to the ability to detect any breaks from patterns and thus detect any intrusion in a much shorter period of time. Advanced Threat Analytics helps enterprises identify threats using a clear, actionable report with a simple attack timeline.
Applications
Enterprise Mobility Suite integrates through Identity services with thousands of apps across a similarly wide number of vendors as mentioned above, but there are mobile apps that integrate with this service, such as Office Mobile for all mobile platforms, where the integration happens aiming at protecting IP. This will be explained in detail when we take a look at security. Application integration on mobile devices also allows for automatic deployment of certain apps that pass a minimum set of requirements from the enterprise.
One of the integrated apps is the desktop, which is now available in virtualized mode. Enterprise Mobility Suite allows for access and management of desktop virtualization in such a way that users may take advantage of a virtual desktop or even virtualized applications to be able to run them in cases where there may be some compatibility or availability issue.
Pricing
There’s no question that if an enterprise were to get these components as standalone services, it would achieve the same goals than they would with the suite. However, the fact remains that by purchasing access to EMS, the cost would be reduced to $8.75 (USD) per month per user at the time of writing this article. That is a 50 percent discount from purchasing the stand-alone services at $17.50 per month per user.
Overall Enterprise Mobility Suite is a great option for small and large enterprises, especially if they value the pragmatism mobility brings to the table. The high variety of devices poses no difficulty to administrators using EMS as long as those devices conform with the minimum requirements for running and executing the policies to be enforced. Azure Active Directory also helps users and administrators alike by reducing the work involved in managing credentials and part of the process of onboarding.
The security level that can be achieved by implementing the Advanced Threat Detection is a significant addition, especially for small companies or startups where human resources can be scarce and everyone usually wears multiple hats. Finally the pricing is extremely reasonable and a convenient addition to services, such as Office 365, which can be integrated.
Introduction
In today’s business world, it’s all about mobility. From clerical staffers to executive officers, company employees increasingly need to be able to work from anywhere and everywhere. Organizations are saving money by lowering the cost of office space and consequent energy bills by allowing more and more of their personnel to telecommute from home. Even managers are coordinating their teams remotely. High speed Internet connectivity and sophisticated conferencing tools enable attendance at meetings when the participants are scattered across the globe.
Microsoft’s CEO, Satya Nadella has declared the company’s new mission to be “mobile-first, cloud-first,” a new twist on the “devices and services” model touted by former CEO Steve Ballmer. It shouldn’t be surprising, then, that many of Microsoft’s new products and services are focused on the mobile workforce that has driven the consumerization of IT and the Bring Your Own Device movement.
From Microsoft’s end (and that of many other software companies), the new paradigm embraces everything-as-a-service. While the name “Enterprise Mobility Suite” might sound like a group of software programs (akin to “Office suite”), EMS – Microsoft’s new mobile device management solution – is sold as a subscription service. If your organization is moving to a more mobile, cloud-centric way of doing business, you just might want to check it out.
Comparing Azure Active Directory and Azure Active Directory Premium
Azure AD Premium has more advanced capabilities to help streamline Enterprise-level administrative tasks and make an admins life easier.
The following table describes common admin benefits and how signing up for Azure AD Premium helps to simplify them.
And remember the Azure AD Free is what you already got if you signed up for Office 365.
| Admin Benefits | Features | Azure AD Free | Azure AD Premium |
| Manage your cloud directory and how your accounts are synchronized | Directory as a service | Up to 500K objects 1 |
No object limit |
| Directory synchronization tool – For syncing between on-premises Active Directory and Azure AD | |||
| Forefront Identity Manager (FIM) server licenses – For syncing between on-premises databases and/or directories and Azure AD | |||
| High availability SLA uptime (99.9%) | |||
| Centrally administer accounts and control access to your applications | User and group management using UI or Windows PowerShell cmdlets | ||
| User-based application access management and provisioning | |||
| Access Panel portal for SSO-based user access to SaaS and custom applications | Up to 10 apps per user 2 |
No app limit |
|
| Group-based application access management and provisioning | |||
| Customization of company logo and colors to the Sign In and Access Panel pages | |||
| Empower your users & reduce support costs | Self-service change password for cloud users | ||
| Self-service group management for cloud users | |||
| Self-service reset password for cloud users | |||
| Monitor security and enforce additional verification methods to mitigate risks | Standard security reports | ||
| Advanced anomaly security reports (machine learning-based) | |||
| Advanced application usage reporting | |||
| Multi-Factor Authentication service for cloud users | |||
| Multi-Factor Authentication server for on-premises users |
- 1. The 500k object limit does not apply for Office 365, Windows Intune or any other Microsoft online service that relies on Azure AD for directory services.
- 2. With Azure AD Free, end users who have been assigned access to each SaaS app, can see up to 10 apps in their Access Panel and get SSO access to them (assuming they have first been configured with SSO by the admin).
Admins can configure SSO and assign user access to as many SaaS apps as they want with Free, however end users will only see 10 apps in their Access Panel at a time.
Summary
Microsoft Enterprise Mobility Suite builds a unified mobile management environment on three of the company’s existing technologies and integrates cloud-based services with on-premises products such as System Center Configuration Manager to extend your management capabilities to all of the devices and applications used by your workers to access company resources. In this, Part 1 of a series, we broke EMS down into its three components and provided an overview of what each one is and does and how it fits into the solution.
In Part 2, we’ll start to discuss some of the particulars of how to deploy EMS in your organization, so stay tuned.
If you would like to read the other parts of this article series please go to:
- Getting to Know the Enterprise Mobility Suite (Part 2)
- Getting to Know the Enterprise Mobility Suite (Part 3)
- Getting to Know the Enterprise Mobility Suite (Part 4)
- Getting to Know the Enterprise Mobility Suite (Part 5)
Доступ к корпоративным данным
Универсальная библиотека доступа к корпоративным базам данных FireDAC обеспечивает высокую производительность и гибкость. FireDAC поддерживает доступ к Oracle, MS SQL Server, Sybase, MySQL, Informix и десяткам других баз данных. Службы EMS не только упрощают доступ к существующим данным и корпоративной базе данных SQL, но и включают лицензию на сервер InterBase для защиты данных в реляционном хранилище. Таким образом, EMS позволяет воспользоваться встроенными возможностями InterBase или выбрать любую другую поддерживаемую корпоративную базу данных SQL.
InterBase ToGo представляет собой встроенную реляционную базу данных с надежной защитой и шифрованием информации для устройств под управлением iOS и Android, а также настольных ОС. InterBase ToGo с поддержкой шифрования на уровне таблиц и отдельных столбцов входит в состав лицензии EMS.
Новые возможности EMS в RAD Studio XE8
Решение EMS обновлено и предоставляет новые возможности. Поддержка сервера push-уведомлений для iOS и Android позволяет разработчикам передавать уведомления о событиях на устройство конечного пользователя через EMS.
- Улучшенная интеграция FireDAC/EMS, главным образом касающаяся управления установкой обновлений
- Поддержка внешних учетных данных в EMS
- Расширенный административный API EMS теперь поддерживает установку EMS и push-ресурсы EMS
- Пул подключений к базе данных и другие средства оптимизации EMS
- Компонент EMSClientAPI, упрощающий разработку клиентской части EMS
- Улучшенные средства анализа и составления отчетов по пользователям, группам, сеансам и вызовам API через консоль EMS с веб-интерфейсом
- Экспорт данных с консоли EMS в CSV-файлы
- Расширенная аналитика для пользователей и групп
- Клиентское приложение EMS для управления учетными записями пользователей.
Devices
EMS helps administrators manage all devices from a single console. Desktops, laptops, tablets and smartphones can be managed from this platform. What is more important, this is one of the very few platforms that supports management of devices from other platforms. Windows, iOS and Android integrate very well into EMS’ management platform. Windows 10 devices in particular benefit from an even deeper integration. Enterprise Mobility Suite is an ideal solution both for enterprises, where BYOD and corporate provided devices are used. Features as rich as deploying apps on registration help with making the user experience more consistent, even on different mobile device platforms.
In BYOD enterprises, device management is simplified when users are required to sign up and accept security policies that allow the removal of Enterprise intellectual property. In the other end of the spectrum, there are corporate provided devices that have been pre-joined and accepted such policies as well. Accepting those security policies is instrumental to protecting corporate information. Additionally, remote device wipe guarantees that intellectual property is protected at all costs by allowing an administrator to completely erase a device in case of loss or theft.
Единое промежуточное решение
В отличие от комплексных серверов, создаваемых с нуля, службы Enterprise Mobility Services представляют собой решение с готовой инфраструктурой, что позволяет существенно сократить время на развертывание и настройку. Сервер EMS поддерживает управление пользовательским и групповым доступом. Резидентный сервер EMS может быть размещен как локально, так и в частном облаке с использованием корпоративного межсетевого экрана. Локальное размещение позволяет получать непосредственный доступ к корпоративным базам данных под защитой вашего межсетевого экрана, а комплексное размещение в частном облаке обеспечивает масштабируемость и эффективное использование пропускной способности.
Identity
Through the use of Azure Active Directory, you can not only run a Windows domain for your local network, but also integrate thousands of apps into a single set of credentials. Think about how easy it is to use Outlook without having to log in with your domain credentials every time you start the application. This same level of integration is provided with thousands of third-party apps where the same credentials can be integrated. Enterprise Mobility Suite provides you with a Single Sign-On strategy right out of the box. Applications like Salesforce, Concur and Workday that are so common in today’s enterprises will just open up whenever you launch them without needing to remember yet another password.
When access needs to be prevented in multiple apps, admins need to spend a considerable amount of time on each system being managed. With Enterprise Mobility Suite, it only takes a few clicks to deny access to all managed systems. Employees can also use self-service management tools that lets them do minor maintenance that would have otherwise taken time from administrators.
