An employee is expected to be able to work from anywhere, from any device, and to consult your valuable data in the cloud and/or on-premise… This brings major challenges and risks both in management as well as security.
EMS is a collection of management and security tools. It includes intelligent security Solutions , allowing employees and external contacts to sign in, collaborate, share and secure documents more easily.
One common identity per user gives access to the on-premise Active Directory and Cloud-based Azure Active Directory.
Single Sign On
This results in the convenience of ‘ single Sign-on ‘ for almost all applications within your organization. Not only for Microsoft Office 365 apps, but also for thousands of other popular SaaS apps.
Also, specific users outside your organization (partners, external team members…) can be subject to policies and get access to collaborate better and share data.
Everywhere, all devices
Safely work from any location from any device: Your favorite smartphone, tablet, Mac or PC. Whether the device is owned by the company, the employee (BYOD) or is managed remotely.
Innovative Total Security
Take advantage of the huge amount of Microsofts security research data, collected through machine-learning and A.I. , that detects activity changes and prevents threats immediately, both on-premise and in the cloud .
Reduce the attack area by limiting the number of confidential accounts and periodically evaluating access rights.
Share & Protect files
Make it possible to safely share files internally/externally , classify files, track their usage, and protectthem anywhere. For example, do not allow sharing, copying, printing, and other actions.
Protect your organization with single sign-on, Multi-Factor Authentication and conditional access based on user, location, device, security settings and/or applications. This does not bother the authorized users.
Simplified, in-depth management
Less, simpler management
Employees get a self-service Portal where they can manage their own passwords or pins and access to certain apps and groups. They can also invite external partners to collaborate in their own applications. All this without invoking the help of IT .
You can manage and consult everything through one central location . This allows you to manage all user identities, monitor updates on Identity infrastructure status, review user activity reports and audit logs
centrally configure all devices, policies , and certificatesto give users easy access to e-mail, Wi-Fi, apps, and other business resources. Their favorite devices are ready to use without having to go through a long set-up.
Enjoy a comprehensive app security policy, such as the ability to restrict copy/paste and ‘save as’. You do not need device enrollment and can even enforce an app policy on personal devices.
Additional info on the integrated solutions:
Azure Active Directory (Azure AD) helps you manage user identities and create an information-based access policy to help protect your organization.
With Azure AD, the management of identities and access is centralised to ensure high security, productivity and management for all devices, data, apps and infrastructure.
Azure AD is designed to use apps in the cloud, on mobile devices or on-premises, and you can add layers of security features, such as conditional access, to protect your users and organizations.
Make secure mobile productivity possible within a BYOD environment with high-performance mobile Device & Application Management (MDM & MAM).
Configure and manage PC installations remotely and let employees work more securely with their favorite devices and apps. Set up a detailed app policy to control data access and usage while maintaining the familiar Office user experience without having to give users their devices or privacy.
In addition, Intune also offers ‘ conditional access ‘ which allows or prevents access depending on location, behavior, rights, device…
Sensitive data can quickly go round. Azure Information Protection tries to prevent this by using Azure Rights Management. From now on, your identity, encryption and authorisation policies will determine whether or not you can forward, edit, copy, print, or send a document or mail…
Employees can easily protect documents and emails (whether or not automated) by assigning ‘labels’ to them. Such a label contains a set of rules that bring the security settings to a certain level.
Admins can enforce or recommend these rules or conditions to end users based on the content of the document (e.g. when a credit card number has been detected).
Most hacks are discovered only after 146 (!) days. Plenty of time to steal IP and sensitive data. Limit your risk and get all the information you need in a realtime ‘ attack timeline ‘ with Advanced Threat Analytics.
All of Microsoft’s knowledge and insights are built in to understand, analyze and identify normal and suspicious behavior of users or devices. Self-learning and advanced AI teaches your organization and employees to reduce the number of false-positives to an absolute minimum.
You do not need to create or refine rules or monitor a deluge of security reports. Rely on always-current algorithms that adapt to the changes in your users and your business.
Microsoft Cloud App Security is only found in the Microsoft EMS E5 formula. It is a cloud Access Security Broker (CASB) that gives you insight into the use of cloud-based apps and services, which quickly brings a lot of ‘ shadow it ‘ to light. (Unapproved soft and hardware that falls outside the IT department).
It provides advanced analytics to prevent cyber threats and allows you to control how your data is accessed and sent. Manage and limit access based on session context such as identity, device and location and detect abnormal behavior immediately.
With this cloud-based service, you can protect the most advanced, complex hybrid environments from layered cyber attacks and monitor the status with a simple dashboard.
Advanced network analysis scans for known and new vulnerabilities accross the network, such as in protocols or unusual approaches or manipulation of sensitive accounts and privileges. In addition, multiple security data sources are brought together such as SIEM Integration, Windows event Forwarding, Windows Event Collector, RADIUS Accounting of VPNs…
This way even the most advanced threats such as ‘ Reconnaissance ‘, ‘ Lateral movement cycles ‘ and ‘ Domain Dominance ‘ are immediately stifled.