Overlay | VanRoey.be

Microsoft Enterprise Mobility & Security Suite

TAKE YOUR SECURITY TO THE NEXT LEVEL WITHOUT SACRIFICING MOBILITY.

Transparency
Play Video

An employee must be able to work securely from anywhere and on any device, which poses major challenges and risks in terms of both management and security. Microsoft EMS:

is a collection of advanced management tools.
includes intelligent cloud security solutions
Gives employees one central identity
makes it easier for people to share and secure documents

Microsoft Gold Partner | VanRoey.be

A centralised identity for everyone

single identity

One common identity per user gives access to the on-premises Active Directory and cloud-based Azure Active Directory.

Single Sign On

Experience the convenience of 'single sign-on' for almost all applications within your organization, not only for Microsoft Office 365 apps, but also for thousands of other popular SaaS apps.

External employees

Specific users outside your organisation (partners, external team members...) can also be subject to policies and be given access to work better together and share data.

Always on all devices

Work securely from any device - your favorite smartphone, tablet, Mac, or PC - from anywhere, whether the device is owned by the company, the employee (BYOD), or remotely managed.

Innovative total security

Intelligent security

With a huge amount of Microsoft security research data, take advantage of machine learning and A.I. that detects abnormalities in activity and instantly prevents threats, both on-premise and in the cloud.

Everything under control

Reduce the area of attack by limiting the number of confidential accounts and regularly reviewing access rights.

Share & protect files

Enable secure file sharing internally/externally, allowing you to classify files, track their usage, and protect them anywhere. Don't allow sharing, copying, printing, and other actions, for example.

Easy access control

Protect your organization with single sign-on, Multi-Factor Authentication and conditional access based on user, location, device, security settings and / or applications, without affecting the authorized users.

Simplified, in-depth management

Easier to manage

Employees get a self-service portal where they can manage passwords or PINs and access to apps and groups. They can also invite external partners to collaborate in business apps, all without the help of IT.

1 portal

In one central location you can manage and consult everything, allowing you to manage all user identities, monitor updates on the status of the identity infrastructure, consult reports on user activities and audit logs.

Pre-configure users

Centrally configure all devices, policies and necessary certificates so users can easily access email, Wi-Fi, apps and their data. Their favorite devices are ready to use without having to set up much themselves.

App security

Enjoy comprehensive app security policies, such as the ability to restrict copy/paste and save as. You don't need a device rollout and can even enforce app policies on personal devices.

EMS Workshop

A half-day introduction to the endless possibilities that EMS has to offer.

Get a better picture of how EMS makes your life as a system administrator easier and how it improves the security of the entire organization and all employees.

Free e-book

How does Microsoft EMS support your organization in its digital transformation? (PDF, 16 pages)

Overview
EMS E3 vs EMS E5

For your information: EMS can be purchased separately, but is also integrated in the inexpensive Microsoft 365 Enterprise bundlesalong with Office 365 Enterprise and Windows 10 Enterprise. 

It is not mandatory to put all users on the same formula.

Enterprise Mobility + Security

E3

€ 7,40
per user per month

Azure Active Directory Premium P1
Intune
Azure Information Protection P1
Advanced Threat Analytics

Enterprise Mobility + Security

E5

€ 14,60
per user per month

Azure Active Directory Premium P2
Intune
Azure Information Protection P2
Advanced Threat Analytics
Cloud App Security
Azure Advanced Threat Protection

Identity and access control

E3

E5

Simplified security and access control

Centralized management of single sign-on for your devices, your data center and the cloud.

....

Multi-Factor Authentication

Enhance login authentication with authentication options, including notifications for phone calls, text messages, or mobile apps, and use security checks to detect inconsistencies.

....

Conditional access

Set up contextual policies for user, location, device, and app level monitoring to grant, block, or investigate user access.

....

Risk-based conditional access

Secure apps and important data in real time with machine learning and the Microsoft Intelligent Security Graph that lets you block access in case of risk.

 ..

Advanced security reporting

Monitor suspicious activity with reporting, auditing and alerts and resolve potential security issues with targeted recommendations.

....

Privileged identity management

Provide timely, on-demand administrator access to online services with access-related reports and alerts.

 ..

Windows Server Client Access License (CAL)

Give each user access to server functions from multiple devices at a fixed price.

....

Managed mobile productivity

E3

E5

Mobile Device Management

Register corporate and personal devices so you can push settings and compliance to secure your company data.

....

Mobile application management

Publish, configure and update mobile apps on registered and unregistered devices and secure or delete app-related corporate data.

....

Advanced Microsoft Office 365 data protection

Expand management and security capabilities for users, devices, apps, and data while continuing to deliver a comprehensive, productive end-user experience.

....

Integrated PC Management

Centrally manage PCs, laptops and mobile devices from a single management console with detailed hardware and software configuration reports.

....

Integrated on-premises management

Extend your on-premises management to the cloud with one console through the integration of Microsoft System Center Configuration Manager and Microsoft System Center Endpoint Protection for enhanced management of PCs, Macs, Unix/Linux servers and mobile devices.

....

Information Protection

E3

E5

Permanent data protection

Encrypts confidential data and sets up user rights for permanent security no matter where the data is stored or shared.

....

Intelligent data classification and labelling

Configure policies to automatically classify and label data based on confidentiality and then apply permanent security.

 ..

Tracking and withdrawal of documents

Monitor shared data activities and revoke access rights in the event of unexpected events.

....

Encryption key management based on regulatory needs

Choose standard key management options or implement and manage your own keys to comply with regulations.

....

Security based on identity

E3

E5

Microsoft Advanced Threat Analytics

Detect abnormal behavior within on-premises systems and identify advanced targeted attacks and threats from within before they lead to damage.

....

Microsoft Cloud App Security

Gain visibility, control, and protection over your cloud-based apps as well as identify threats, abnormal behavior, and other cloud security issues.

 ..

Azure Advanced Threat Protection

Track and investigate advanced attacks and suspicious behavior on-premises and in the cloud.

 ..

Additional information about the integrated solutions:

Azure Active Directory (Azure AD) helps you manage your user identities and create an information-based access policy to secure your organization.

Azure AD centralizes identity and access management to enable high security, productivity and management across all devices, data, apps and infrastructure.

Azure AD is designed to use apps in the cloud, on mobile devices, or on-premises, and you can add layers of security features, such as conditional access, to protect your users and organization.

Enable secure mobile productivity within a BYOD environment with rock-solid Mobile Device & Application Management (MDM & MAM).

Remotely configure and manage PC deployments and let employees work extra securely with their favorite devices and apps. Set up a detailed app policy to control data access and use while maintaining the familiar Office user experience without users having to give up their devices or privacy.

In addition, Intune also offers conditional access, which can be denied or not, depending on location, behaviour, rights, device, etc.

Sensitive data can be circulated quickly. Azure Information Protection tries to put a stop to this by using Azure Rights Management. From now on, your identity, encryption and authorization policies determine whether or not you can send, edit, copy, print a document or mail...

Employees can easily protect (automated or otherwise) documents and emails by assigning 'labels' to them. Such a label contains a set of rules that bring the security settings to a certain level.

Admins can enforce or recommend these rules or conditions to end users based on the content of the document (e.g. when a credit card number has been detected).

Most hacks are only discovered after 146(!) days, enough time to steal all IP and sensitive data. Reduce the risk and get all the information you need in a real-time 'attack timeline' with Advanced Threat Analytics.

All of Microsoft's knowledge and insights are built in to learn, analyze and identify normal and suspicious user or device behavior. Self-learning and advanced AI allows you to get to know your organization and employees, reducing the number of false positives to an absolute minimum.

There's no need to create or refine rules, or monitor a flood of security reports. Trust up-to-the-minute algorithms that adapt to changes in users and your business.

Microsoft Cloud App Security is only included in the E5 formula of Microsoft EMS. It is a Cloud Access Security Broker (CASB) that gives you insight into the use of cloud apps and services, which quickly reveals a lot of 'shadow IT' (non-approved software and hardware that falls outside the IT department).

It offers advanced analytics to prevent cyber threats and gives you the ability to control how your data is accessed and transmitted. Control and limit access based on session context such as identity, device and location and detect abnormal behavior immediately.

With this cloud service, you can protect the most advanced, complex hybrid environments against layered cyber attacks and monitor their status with a simple dashboard.

Advanced network analysis scans for known and emerging vulnerabilities across the board, such as in protocols or unusual approaches or manipulation of sensitive accounts and privileges, while bringing together multiple security data sources such as SIEM Integration, Windows Event Forwarding, Windows Event Collector, RADIUS Accounting from VPNs...

Even the most advanced threats such as 'Reconnaissance', 'Lateral movement cycles' and 'Domain Dominance' are immediately nipped in the bud.

Getting started with Microsoft EMS?

Ask your question here or schedule an interview with our certified Microsoft Experts. 

Also Interesting

Did you know that Belgium is one of the most (digitally) attacked countries in the world? This report shows where the weaknesses lie and offers a blueprint in best practices to arm yourself against the ever evolving cyber threats.