Understanding Microsoft enterprise mobility solutions

  • 2/17/2016
This chapter explains how Microsoft enterprise mobility solutions address these areas and covers the basics of enterprise mobility management. It also covers considerations for selecting and deploying these solutions, as well as introducing a sample enterprise mobility management scenario that will be used throughout this book.
  • Enterprise mobility management concepts
  • Microsoft enterprise mobility solutions
  • Selecting the best solution for your organization
  • Enterprise mobility management scenario

Enterprise mobility management solutions aren’t as simple anymore as connecting a few mobile devices to an email server or allowing some users to access company resources via a remote connection. Today’s IT departments must support a much more robust and comprehensive user experience for modern employees. Users expect, and often even demand, application-feature and data-access parity between their mobile devices and the devices they use at the office. Add in the new challenges that IT departments face with managing cloud-computing services, user identity, applications, data security, and threat mitigation, and the enterprise mobility management landscape becomes much more complex and difficult to deploy and manage.

This chapter explains how Microsoft enterprise mobility solutions address these areas and covers the basics of enterprise mobility management. It also covers considerations for selecting and deploying these solutions, as well as introducing a sample enterprise mobility management scenario that will be used throughout this book.

Enterprise mobility management concepts

In enterprise IT management, companies are fully embracing the modern “work anywhere, from any device” vision. Trends like bring your own device (BYOD) and mobile application management (MAM) aren’t just buzzwords or passing fads likely to fade out after a year or two. These concepts are part of the larger modern IT strategy supporting the consumerization of IT and the empowerment of users. Central to this strategy are cloud services, such as Microsoft Azure Active Directory and Microsoft Office 365. Leveraging the computing scale and ubiquity of access that these and other Software as a Service (SaaS) platforms provide to mobile devices and users requires planning and considering things from a different perspective than in the past.

Enterprise mobility management isn’t just about connecting mobile devices to cloud services or resources. In fact, it’s less about devices and more about people. Forward-looking organizations aim to empower employees and increase their productivity; the devices (mobile or not) they use are merely tools to help accomplish their work. This paradigm shift from a device-centric management structure to a people-centric management structure is significant. All the components that enable mobile productivity in an enterprise mobility management solution must have a people-centric architecture that aligns with enabling this vision. Finding the proper balance where employee empowerment and productivity meet the business needs of your organization is the crucial requirement for any enterprise mobility management solution.

With this vision in mind, be aware that a well-designed enterprise mobility management solution must address several key areas of the modern workplace, as shown in Figure 1-1.


FIGURE 1-1 Elements of enterprise mobility management

  • Users
  • Devices
  • Apps
  • Data
  • Protection


The first and most important element of the enterprise mobility management solution is the user or employee. Without the employee, the IT infrastructure and management costs to enable enterprise mobility are expensive monuments to best intentions. The enterprise mobility solution must support effective ways to manage user accounts and make it easy for employees to access resources. If user identity is hard to manage by IT administrators, or if employees are required to take convoluted steps to gain access to devices or company resources, the enterprise mobility management solution becomes an obstacle instead of an effective productivity management tool. As most experienced IT administrators have learned, workplace technology obstacles invite shortcuts, workarounds, and questionable data-protection practices.

Effectively managing user identity is critical to enabling cloud-based applications and data resources spanning multiple services or locations. Efficiently verifying that users are who they claim to be is essential to protecting resources and making the mobile experience feel like the traditional workplace experience. Keep in mind that employees with different types of roles and responsibilities, and even different geographic locations, often have unique requirements across all the areas of enterprise mobility management.


The rapid pace of technological advancement has changed the modern workplace from one of stationary workstations and company-issued devices to one containing a mix of all types of mobile computers and Internet-connected devices. This change is driving the BYOD trend across all markets, and industries and organizations must adapt to this new challenge. Using their personal mobile devices—such as smart phones, tablets, and laptops—employees are increasingly mixing their personal lives with their work responsibilities. As a result, IT departments are tasked with managing an ever-expanding collection of different mobile hardware, operating systems, and vendor-specific architectural requirements.

It’s critical that organizations fully understand the capabilities and limitations of each type of device and how they will support each one. Only then can organizations define and configure the necessary enterprise mobility management features that support both the employee’s needs and the organizations business requirements.


Apps are the centerpiece of most business requirements and the portal for information access for modern organizations. Though managing different device types creates new administration challenges, managing a mixture of commercial and customized line-of-business (LOB) apps can be equally challenging. Employees need access to all their productivity tools from all their devices, including email, data storage services, and role-specific tools. These services can be either locally hosted in on-premises networks or hosted in the cloud.

How to properly install and manage these apps depends on several factors. Different apps have different installation requirements, can require individual adjustments to function properly on different devices, and often have varying levels of risk associated with keeping information secure. Misjudging or improperly managing any of these areas can lead to exposing sensitive company data or employee personal information. IT departments must take care to fully understand which apps will be supported and how they will be managed to help protect company data. Mobile application management will be covered in more depth in Chapter 2, “Introducing mobile application management with Microsoft Intune,” and Chapter 3, “Implementing MAM.”


Working from a mobile device from any location really means accessing data from anywhere. Operating hand in hand with identity management, apps, and the architecture of mobile devices, data must be consumed securely and easily for users to be productive and to keep them from finding alternative access routes to information. Understanding how data is stored on devices and how data is protected in transit is critical when planning and configuring enterprise mobility management features and policies.

Depending on your business needs and user requirements, your organization might require multiple layers of data protection, ways to classify information according to sensitivity, methods for data encryption, and integrated ways to manage access control. Different enterprise mobility management solutions offer varying levels of control for each of these areas and offer different levels of reporting and monitoring in the case of breaches.


Protecting mobile devices and company data from threats is just as important as securing data access. No matter how carefully planned security is, all levels of mobile device security are potentially vulnerable to a wide variety of malicious activity. These vulnerabilities include threats to company data, personal information, and even user identity.

Depending on the enterprise mobility management solution, preventing risk and protecting mobile devices from these threats can be included as tightly integrated features or standalone services. Understanding how these solutions address potential gaps in threat mitigation is extremely important to effectively protecting mobile devices that are coming from the cloud or located on-premises. Threat protection and mitigation will be covered in more depth in Chapter 4, “Introducing Microsoft Advanced Threat Analytics,” and Chapter 5, “Implementing Microsoft Advanced Threat Analytics.”