If you're like most IT professionals - or even ordinary civilians - you own two or more mobile devices in addition to your laptop. The ordinary civilian, however, doesn't necessarily know how to lock down his or her device and keep its data secure.
As IT professionals, we can use common-sense measures to keep our devices from being compromised, but when we're dealing with a scale of hundreds or thousands of devices and a payload of corporate data and network access, mobile security becomes more challenging. Protecting the data moving through the mobile ecosystem requires the right plan and the right technology.
AD in the Cloud
Active Directory (AD) has been the tool of choice for businesses using Microsoft as part of their business solution. Active Directory allows a business to authenticate and authorize all users in a Windows domain network--assigning and enforcing security policies that 'travel' with the user regardless of their device.
Consider Active Directory as the gatekeeper that will maintain the integrity of your business data. Each time a user logs in, AD determines the level of access that person should have. It also has the ability to alert administrators when unauthorized actions are being attempted, even if by accident.
Microsoft Azure Active Directory is the cloud-based version of AD, and it comes in three tiers:
- Azure Active Directory Basic is designed for application access, self-service identity management, and includes an Application Proxy for on-premises web services.
- Azure Active Directory Premium P1 adds enterprise-level identity management capabilities, which makes it a better choice for teams managing hybrid cloud environments and users whose duties require frequent access to on-premises and cloud resources.
- Azure Active Directory Premium P2 is for highly risk-averse organizations. It includes all the capabilities in Azure AD Premium P1, plus Microsoft's new Identity Protection and Privileged Identity Management. The former provides risk-based, conditional access to applications and company data. The latter lets you discover, restrict, and monitor administrators and their access to resources. If you're in an industry where every super-admin needs to be monitored, this is the AD option for you.
As more companies embrace some form of BYOD, it behooves IT to set the tone in establishing and enforcing policies that are strong enough to protect sensitive data but flexible enough to adjust with the ever-changing landscape of mobile technology and global business.
Mobile Device Management
Building on the abilities of Azure Active Directory, Microsoft Enterprise Mobility + Security (EMS) is a comprehensive set of tools that empowers IT to secure and manage mobile users, devices, apps, and data. Azure AD is included in EMS, enabling you to create policies that travel with the user, regardless of his or her device.
Microsoft's Intune, another element of EMS, lets you support mobile users seamlessly via the cloud. Managing a heterogeneous fleet of mobile devices -- in the hands of workers around the world -- requires a robust set of tools. Intune provides:
- Device choice
- Easy provisioning
- Comprehensive Office app management
- Data protection
- Remote wipe for data and applications
- Enterprise integration
- Flexible licensing
- 24/7 support
Visit Microsoft's websites to find extensive documentation for setting up AD, EMS, and data security within your own environment. I'd recommend that you reach out to the user community so you can determine the best plan for your workforce.