Understanding Microsoft enterprise mobility solutions

  • 2/17/2016

Enterprise mobility management scenario

To help you understand of how each enterprise mobility management product will be used as part of the overall solution, the following scenario will be used throughout this book. Each implementation chapter will reference the scenario and implement one or more of the listed requirements. At the end of this book, you’ll have the solution fully implemented, and it will meet all the requirements of the fictitious company shown in Figure 1-4.


FIGURE 1-4 Fictitious company’s logo that will be used in this book

Blue Yonder Airlines recently completed some acquisitions and is expanding its business to different regions of the country. As result of these acquisitions, the company added several new branch offices around the country. Many of these branch offices are small (fewer than 50 employees) and don’t have dedicated IT personnel on site, with some mobile devices currently being managed by an MDM solution the company will migrate away from and move to Microsoft Intune. The Blue Yonder Airlines IT department needs an easy solution to manage devices and applications to enable employees to be productive while physically located at the branch office and while out visiting customers. These acquisitions have also brought new challenges for application management because the scope of what needs to be managed has expanded to include new line-of-business and publicly available applications. To make things more difficult, some of the remote offices and remote users are bound by noncompete agreements for the next year and there are legal questions about how to incorporate these offices into the existing IT infrastructure.

Access to on-premises resources will likely increase, and Blue Yonder Airlines also wants to enhance its on-premises and cloud-based data-protection capabilities. After a meeting between the CEO and the CSO, it was agreed that part of this investment must also include ways to detect abnormal user behavior and malicious attacks, and to automatically identity known security issues and risks. Blue Yonder Airlines currently uses the Microsoft Enterprise Mobility Suite for its existing offices and has the following infrastructure components deployed:

  • Windows Server Active Directory running on-premises and Azure Active Directory Premium in the cloud, with hundreds of users authenticating daily.
  • Microsoft Intune subscription with security policies configured to manage existing BYOD scenario. All employees have devices enrolled, and there isn’t an on-premises device management system deployed.
  • Azure Rights Management Services (RMS) is configured for data access and protection.
  • Exchange Server 2013 with users accessing their mailbox via Outlook client, native email clients included on mobile devices (using Exchange ActiveSync), and Outlook Web App (OWA).

Blue Yonder Airlines’ goals for this project are to enhance its current Enterprise Mobility Suite deployment to ensure that data is more protected, applications can be more closely managed, and the new branch offices are included in the overall enterprise mobility management infrastructure. Blue Yonder Airlines established the following requirements in order to consider this project successful:

  • Require remote office employees to have managed access to company resources and services from their personal mobile and corporate work devices, including remote offices bound by restrictive noncompete agreements
  • Enable IT to enforce security, encryption, email, and device policy settings for remote offices using MDM for Office 365
  • Monitor on-premises resources, and identify abnormal behavior in the network
  • Prevent attacks to exploit known vulnerabilities for the resources located on-premises
  • Detect security issues and risks, and alert administrators to them.
  • Reduce false-positive alerts to avoid unnecessary red flags and distraction from real issues.
  • Make full use of the Microsoft Intune mobile application management and data-protection capabilities mentioned earlier, and use it beyond basic app deployment.
  • Define and implement a mobile-application strategy to support mobile device application deployment to all employee devices, regardless of whether they are managed by Microsoft Intune or not.
  • Monitor app usage, and ensure the company complies with licensing agreements as the company grows through acquisitions.