enterprise Mobility + SECURITY (EMS)

Enterprise Mobility + Security (EMS) is a cloud-based offering from Microsoft which combines valuable standalone solutions in a highly discounted suite, licensed on a per user base. EMS integrates Identity and Access Management, Mobile Application (MAM) and Mobile Device Management (MDM) solutions with security solutions for information protection and threat management.

"One pane of glass to manage PCs and Mobile devices integrated across all the things that you are doing."
Cloud Technology Consultant - Salvation Army

What is Microsoft EMS?

Microsoft Enterprise Mobility + Security (EMS) is a set of tools that are deeply integrated to provide you with all you need to administer, provision and secure the devices that are used in your enterprise. With EMS, you can manage smartphones, tablets, and laptops in a single system where you can also manage user credentials, applications and security from a single place.  In a modern workspace where mobility and Bring-your-own-device (BYOD) scenarios gain increasing significance, Enterprise Mobility + Security can help IT administrators meet the challenges that exist between the best possible user experience and productivity and a high level of security, data protection and risk management.

EMS is a great tool for enterprises that want to keep better control of their assets and intellectual property (IP), while minimising the impact of human resources needed. Enterprise Mobility + Security can easily manage more workstations, laptops, tablets, smartphones, and apps with less resources because of its deep integration. Because the tools are cloud-based, there’s no need to worry about versioning, updating or upgrading the EMS platform, eliminating that cost from the equation.

Licensing Overview


Through the use of Azure Active Directory, you can not only run a Windows domain for your local network, but also integrate thousands of apps into a single set of credentials. Think about how easy it is to use Outlook without having to log in with your domain credentials every time you start the application. This same level of integration is provided with thousands of third-party apps where the same credentials can be integrated. Enterprise Mobility Suite provides you with a Single Sign-On strategy right out of the box. Applications like Salesforce, Concur and Workday that are so common in today’s enterprises will just open up whenever you launch them without needing to remember yet another password.

When access needs to be prevented in multiple apps, admins need to spend a considerable amount of time on each system being managed. With Enterprise Mobility Suite, it only takes a few clicks to deny access to all managed systems. Employees can also use self-service management tools that lets them do minor maintenance that would have otherwise taken time from administrators.

To discuss your Enterprise Mobility requirements with an expert call us on 020 3603 9960 or use our Live Chat to get fast expert help and advice online now.

Device management

EMS helps administrators manage all devices from a single console. Desktops, laptops, tablets and smartphones can be managed from this platform. What is more important, this is one of the very few platforms that supports management of devices from other platforms. Windows, iOS and Android integrate very well into EMS’ management platform. Windows 10 devices in particular benefit from an even deeper integration. Enterprise Mobility Suite is an ideal solution both for enterprises, where BYOD and corporate provided devices are used. Features as rich as deploying apps on registration help with making the user experience more consistent, even on different mobile device platforms.

In BYOD enterprises, device management is simplified when users are required to sign up and accept security policies that allow the removal of Enterprise intellectual property. In the other end of the spectrum, there are corporate provided devices that have been pre-joined and accepted such policies as well. Accepting those security policies is instrumental to protecting corporate information. Additionally, remote device wipe guarantees that intellectual property is protected at all costs by allowing an administrator to completely erase a device in case of loss or theft.

To discuss your Enterprise Mobility requirements with an expert call us on 020 3603 9960 or use our Live Chat to get fast expert help and advice online now.


Enterprise Mobility Suite integrates through Identity services with thousands of apps across a similarly wide number of vendors as mentioned above, but there are mobile apps that integrate with this service, such as Office Mobile for all mobile platforms, where the integration happens aiming at protecting IP. Application integration on mobile devices also allows for automatic deployment of certain apps that pass a minimum set of requirements from the enterprise.

One of the integrated apps is the desktop, which is now available in virtualised mode. Enterprise Mobility Suite allows for access and management of desktop virtualisation in such a way that users may take advantage of a virtual desktop or even virtualised applications to be able to run them in cases where there may be some compatibility or availability issue.

To discuss your Enterprise Mobility requirements with an expert call us on 020 3603 9960 or use our Live Chat to get fast expert help and advice online now.


security management

Security is an integral part of all these components, but it is worth mentioning how it works within Enterprise Mobility Suite. Through the implementation of Cloud Identity or Azure Active Directory, you are now effectively running your security in the cloud. This implementation makes your Enterprise’s AD impervious to server and hardware failure as it is guaranteed for high uptime via SLAs (Microsoft reimburses customers if uptime goal is not met).

Securing corporate intellectual property is now quick and easy with Enterprise Mobility Suite as it will allow or prevent, depending on your needs, sharing, emailing, attaching and copying files marked as containing IP owned by the enterprise. If IP assets are shared, that access can be revoked, recalled and removed whenever needed. If a file was in someone’s email, and it now becomes unauthorized to the user in question, the contents will no longer be visible. All these features come included along with the ability to natively encrypt and only decrypt if the right users are attempting to access the information.

Finally, Advanced Threat Detection is one of the smartest modules in the suite. According to Microsoft and industry statistics, it takes at least 200 days for a targeted attack to be detected. This means that an attacker could be lurking throughout enterprise systems for that long until their access is detected and removed. The sheer amount of proprietary information that could be gathered is just too much in such an amount of time. With the aid of usage metrics and behavioral analysis, EMS is able to know the usage patterns that your users have. One minor caveat; the system needs to be online analyzing patterns for at least 30 days to be useful. This will lead to the ability to detect any breaks from patterns and thus detect any intrusion in a much shorter period of time. Advanced Threat Analytics helps enterprises identify threats using a clear, actionable report with a simple attack timeline.

To discuss your Enterprise Mobility requirements with an expert call us on 020 3603 9960 or use our Live Chat to get fast expert help and advice online now.


Azure Active Directory Premium P1 and P2

Identity and Access Management Solution which comes in two options P1 and P2. P1 allows for secure single sign on to cloud and on-premise apps MFA, conditional access, and advanced security reporting. P2 adds all capabilities of P1 license but includes advanced protection for users and privileged identities.


Azure Information Protection Premium P1 and P2

Azure Information Protection Premium P1 includes Encryption for files and emails across cloud and on-premise storage locations and Cloud based file tracking. Azure Information Protection Premium P2 includes all the capabilities of P1 but includes Intelligent classification and encryption for files and emails shared inside and outside your organisation.


Cloud App Security

Bring the security of your on-premises systems to your cloud applications—both approved and unapproved—for deeper visibility, comprehensive controls, and enhanced protection. Includes Discovery, Data Control, and Threat Protection.

Microsoft Intune

Microsoft Intune is your modern, cloud-based application and device management solution that highly increases your employees’ productivity while giving you the security that you need. Intune is available stand-alone as a user subscription license (USL) or as part of the Enterprise Mobility + Security suite.


Microsoft Advanced Threat Analytics

Advanced Threat Analytics offers: Behavioral analytics for advanced threat detection Detection for known malicious attacks and security issues Simple, actionable feed for the suspicious activity alerts and the recommendations Integration with your existing Security Information and Event Management (SIEM) systems

Azure Advanced Threat Protection

Azure Advanced Threat Protection (ATP) is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation. Azure ATP enables security analysts and security professionals struggling to detect advanced attacks in hybrid environments.


Get an Enterprise Mobility solution that fits your business, backed up by leading, UK based technical support and expertise. Speak to one of our EMS experts today.