CLOUD STRATEGIES FOR SMARTER IT | A ZDNet Multiplexer Blog What's this?

One console to rule them all

Managing a fleet of diverse devices can be challenging. Here's a look at Mobile Device Management solutions and the tools they add to your arsenal, including remote wipe, over-the-air provisioning, and more.

When the majority of users were accessing network resources from their desktop and laptop computers, mobile devices were almost an afterthought. Mobile Device Management (MDM) was introduced to make sure the mobile devices kept working properly and could be managed remotely in the event of loss or theft.

Much has changed over the past several years, and today, every person in an enterprise remains connected full time via their mobile device or devices. Tablets and smartphones are the rule, but managing just these devices has become far from sufficient. IT managers are challenged with supporting, maintaining, managing, and securing the data that travels to and from devices, and making sure the users are who they say they are.

It's been a long time since IT implementers (ITI) have been able to consider mobile devices to be second-class citizens. As the volume of devices and users continues to grow, ITIs have sought a single solution that could monitor, manage, and secure all of the various devices, operating systems, form factors, data entities, and user identities they need to control.

What needs to be protected?

When discussing Microsoft Enterprise Mobility + Security (EMS) with stakeholders, it helps to point out that there are three basic components that it protects. When the entire network and users were on-premises, this was fairly straightforward. Inclusion of cloud services connecting on-premises and mobile users hasn't changed this, but it has changed the approach that must be taken.

  • Identity

Given that mobile devices are vulnerable to theft or loss, even the most trustworthy users may inadvertently allow unauthorized access to corporate resources. The first line of defense against this is to authenticate the identity of the user. With strong multi-factor authentication, mobile devices found or stolen by outsiders are rendered useless for corporate network access.

Password protection has been a challenge for mobile users. They want their devices to be easy and convenient to use, and entering passwords is the exact opposite of that. Single sign-on reduces the number of passwords a user has to remember, and the number of times they need to enter them. Multifactor authentication strengthens the verification of the user's identity.

Azure Active Directory, combined with Active Directory on premises, provides a seamless environment in which users can access applications and resources without need for multiple IDs and passwords.

  • Device

Especially in the age of "Bring Your Own Device" (BYOD) IT managers are faced with the need to manage multiple operating system platforms, preferably from one management platform.

Microsoft EMS manages and secures all popular operating systems, including Windows, of course, but also Apple iOS, Android, and others -- effectively creating one console to rule all devices.

Protecting the device must also include protecting the network it connects to. Beyond user authentication, network access control examines the actual device to make sure it qualifies to connect.

The management console must deliver and implement these changes remotely over-the-air.

Ultimately, when an employee leaves the company or when their device is lost, stolen, or otherwise accessed by unauthorized users, IT must be able to selectively wipe any corporate data off the device while preserving the user's personal content.

  • Data

In the end, it's all about the data. During transmission from device to server, or at rest in cloud storage, data must constantly be protected from corruption or theft. Many ITIs segment the user's device, creating separate containers for corporate data and the user's personal content. This keeps users from accessing corporate data and sending it back out using personal email, chat, or other software, which would instantly defeat all corporate security measures.

Manage the entire ecosystem

Looking at the environment as comprising the user, their devices, and the data, will help you frame the conversation around EMS and the value it can bring to mobile deployments. The holistic approach also helps cut down on finger-pointing, which often results when disparate components of the network are managed by separate tools.

Discover how Microsoft EMS helps G&J Pepsi-Cola Bottlers manage 1,100 mobile users here.