Enterprise Mobility Suite (EMS) is a suite of hosted products by Microsoft packaged for a better price. Individually, these services total almost 3x the bundled cost, making it more attractive to go with the entire package. The suite consists of the following products:
- Azure Active Directory Premium (AAD Premium)
AAD Premium enables self-service password reset functionality for the end users as well as providing single sign-on (SSO) to a couple thousand cloud (SaaS) apps and access to web apps you run on-premises. AAD Premium also features multi-factor authentication (MFA); access control based on device health, user location, and identity.
- Azure Rights Management (Azure RMS)
Azure RMS helps secure sensitive data and files wherever they go. With this functionality, you attach a certificate to each file you email or have in SharePoint Online to limit the access to the file(s) to the person(s) in the email and even prevent printing of the file. You can see where on a map the file has been accessed and instantly revoke access, if necessary. This feature works with the major device platforms including iOS, Android, and Windows.
- Microsoft Advanced Threat Analytics
Microsoft Advanced Threat Analytics helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.
- Microsoft Intune
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
- Azure RemoteApp (ARA)
ARA offers a scalable platform to deliver your Windows applications easily and cost effectively from the cloud. Your company’s applications run on Windows Server in the Azure cloud where they are easier to scale and update. Employees simply install Remote Desktop clients on their internet-connected PC, Mac, tablet, or phone and then access Windows apps as if they were running locally.
- Microsoft Identity Manager (MIM)
MIM offers on-premises identity and access management. It allows you to synchronize identities between different directories, databases and applications. MIM provides the ability to give privileged access in the form of Just-In-Time access, allowing users to acquire the privileges needed for their tasks while limiting the day to day account’s access.
- Microsoft Cloud App Security
This component provides deeper visibility of the security of your cloud applications with comprehensive controls and enhanced protection.
As you can see, the suite is very comprehensive and adds a large amount of functionality around security and identity management. Most clients only go for a couple of these products at a time, but once you own the whole suite, deploying the different functionality only adds value to the end user experience while keeping security at the forefront.