Microsoft Enterprise Mobility Suite Cozies Up to Office

Office 365 should gain built-in MDM capabilities early next year as Microsoft expands the reach of its Enterprise Mobility Suite.

Microsoft Enterprise Mobility Suite

Microsoft's cloud-based mobile device management (MDM) offering, dubbed Enterprise Mobility Suite (EMS), is extending its mobile data security and identity management capabilities to Office.

The company announced on Oct. 28 that EMS, which is comprised of Microsoft' Azure Active Directory Premium, Intune and Azure Rights Management offering, is undergoing sweeping changes that are aimed at simplifying and securing bring-your-own-device (BYOD) environments for customers. Part of that mission is bringing Office 365 users into the fold.

In the first quarter of 2015, Office 365 will include MDM capabilities powered by Microsoft Intune, according to Brad Anderson, corporate vice president of Microsoft Cloud and Enterprise. "Now, Office 365 pretty much has MDM built right into it," he told eWEEK.

The integration will allow administrators to manage Office 365 data on iOS, Android and Windows smartphones and tablets, as well as set device policies and wipe Office data without affecting personal apps and files, from the Office 365 admin portal.

Another benefit: seamless email security. Built-in MDM for Office allows "organizations to enable secure email," said Anderson.

Over the next two months, Intune will be updated to include data-leakage controls for Office mobile apps. Organizations can disable or restrict actions (copy, paste, save as, open in, etc.) that may lead to the unauthorized sharing of sensitive information.

"All the Office [mobile] applications will natively participate in that," said Anderson. He described Intune as the "only enterprise mobile management [solution] that will have that level of deep control over mobile Office applications." Intune also gains app-wrapping capabilities that enable organizations to secure and manage existing line-of-business apps without code changes.

On the Azure Active Directory front, Microsoft is rolling out a cloud app discovery tool that helps track down rogue cloud apps. Cloud app discovery is "able to collect data across an organization and report to IT all the SaaS [software-as-a-service] apps that are being used in an organization" and by whom, said Anderson.

Azure Active Directory (AD) now provides "a single sign-on experience to 2,400 SaaS [applications]," added Anderson. This allows users to log into supported cloud services such as Box, Salesforce and even Google Apps from a single user account without re-entering their credentials.

Later this year, a preview of Azure AD Connect will simplify the process of linking your on-premises assets to the cloud and syncing on-premises directories to Azure AD. Also new is Azure AD Application Proxy, which publishes on-premises applications to external users, courtesy of the cloud, and Workday integration.

Azure Rights Management Service gets a new file format called protected PDF (PPDF), which enables secure file sharing and viewing across iOS, Android and Windows Phone devices. New email notification capabilities alert users when their files have been accessed or shared with unauthorized people.

And it's just the start, said Anderson. Customers should expect Microsoft to keep this pace of EMS updates; the suite has been commercially available since May 1. The company, he said, is busy "iterating and innovating."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...