Microsoft Rolls Windows, Office, MDM Into Secure Productive Enterprise

Microsoft offers businesses a new licensing option that covers client operating systems, productivity apps and mobile device management.

Microsoft bundle

One of the many digital transformation-enabling announcements made during last week's Microsoft Ignite conference was the October release of the new Secure Productive Enterprise (SPE) licensing option.

Designed to enhance employee productivity while keeping a business's data and digital content out of the hands of cyber-attackers, SPE plans (E3 and E5) bundle Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security (formerly Enterprise Mobility Suite), along with an assortment of collaboration and analytics products. Key to the "secure" part of SPE are two technologies, according to Yusuf Mehdi, corporate vice president at Microsoft's Windows and Devices Group.

"Today our security offering gets even stronger, delivering even more value for SPE customers, with the introduction of Windows Defender Application Guard—which makes Microsoft Edge the most secure browser in the enterprise—and the expansion of our Advanced Threat Protection technology across Windows 10 Enterprise and Office 365 for complete protection across endpoints and in the cloud," wrote Mehdi in a blog post.

Microsoft's new Windows Defender Application Guard feature for Windows 10 Enterprise uses the company's Hyper-V virtualization technology to sandbox web applications, allowing users to visit and use untrusted sites without risking a malware infection. It also helps put a stop to one of the scourges of enterprise security targeted spear-phishing attacks.

By Microsoft's estimate, 90 percent of attacks are caused by malicious links in emails. Unlike the obvious, error-riddled phishing attempts of the past, today's scammers often craft convincing, official-looking emails to trick a target company's employees into clicking on dangerous links.

Application Guard creates a new Windows instance in hardware, with a separate kernel and with the bare minimum of Windows Platform Services required to run Edge. Resources that are typically exploited by attackers—memory, local storage and the like—are blocked, as is access to credentials. If a malicious web site deposits malware, there's nothing of consequence for the code to glean or hook onto. Once the browser session ends, it is discarded along with the temporary instance.

Microsoft first teased the new SPE bundles this past summer. "While we are making a number of changes, the outcome is a simpler approach to ensuring customers have the technology they need to run a secure and productive enterprise and enable their digital transformation," said Julia White, general manager of Microsoft's Cloud Platform division, in a July 7 statement.

The SPE E3 plan, which replaces Enterprise Cloud Suite, includes Windows 10 Enterprise, Office applications, Skype for Business, Intune, Azure Active Directory Premium and Delve. The E3 plan adds PSTN (public switched telephone network) Conferencing and Cloud PBX (private branch exchange) capabilities to Skype for Business, along with Power BI Pro, MyAnalytics, Windows Defender Advanced Threat Protection and enhanced security for Office 365 and Enterprise Mobility + Security.

Secure Productive Enterprise is available now. A feature-by-feature matrix is available on the offering's homepage.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...