Enterprise Mobility and Security (EMS)
Microsoft Enterprise Mobility and Security (EMS) is intelligent mobility management and security platform. It helps protect and secure your organisation and empowers your team to work in new and flexible ways.
Enterprise Mobility and Security (EMS) is Microsoft’s solution for Enterprise security. There are two EMS plans, EMS E3 and EMS E5 which are the combination of existing Microsoft licenses into one, easy to manage and discounted product designed to address specific management and security requirements. EMS is a core component of Microsoft 365.
What is Enterprise Mobility and Security E3?
Microsoft Intune allows organisations to securely manage windows and mobile devices. Devices can be classified as work or personal with specific policies and advances features enabled, such as remote device wiping to ensure devices used away from your organisation remain secure. Intune also enables Windows Autopilot, an inbuilt feature of Windows 10 that enables the next generation of windows device setups, upgrades, repairs of equipment. With pre-built configurations and ready to download applications, users desktops are able to be automatically downloaded and setup on a device shipped direct from the manufacturer with no need for the device to touched by the IT team and no extra workload or delays to the end user. With Autopilot, it is simple to repair, update or redeploy equipment, all without the need for the equipment to return to the IT team.
Azure Active Directory Premium P1 adds role and conditional based security features. These features include conditional access, which controls when additional security requests are made, such as the prompt for multi factor authentication (MFA) based on where the user is accessing their Microsoft resources and from what device. Azure Active Directory can also be configured to facilitate single sign-on (SSO) for access to applications across the Microsoft and third-party products. An example of this would be that when a user signs into their windows computer, Microsoft Edge already knows who the user is and requires no additional sign on to access Microsoft 365 online.
Further, Microsoft can manage the user management and authentication of third party products such as Salesforce or other global products enabling a unified sign on experience for users. This helps to reduce the number of passwords that users have to manage, simplifies user and license management and helps to ensure leavers and joiners are correctly handled.
Azure Rights Management (Azure RMS) is protection service that uses encryption, authorisation and identity polices to help secure data, such as files and email across multiple devices.
Microsoft Advanced Threat Analytics (Azure ATA) helps protect organisations from identity-based attacks on their on-premise infrastructure. Mainstream support is due to end soon for Azure ATA with the switch to products such as Azure Advanced Threat Protection (Azure ATP) nearly complete.
What is Enterprise Mobility and Security E5?
In addition to Microsoft InTune and Azure Rights Management that’s included in E3, EMS E5 replaces Azure Active Directory Premium P1 with P2 which adds Identity protection and Identity Governance, Microsoft Defender for Identity, Microsoft Advanced threat analytics and Microsoft Cloud App security.
Enterprise Mobility and Security feature guide
*Non-profit and Educational prices apply to organisations that achieve this status from Microsoft. Further information can be found here:
https://www.microsoft.com/en-us/nonprofits/eligibility
https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/verify-academic-eligibility?view=o365-worldwide