Many IT departments large and small increasingly must support a more diverse and geographically-dispersed workforce that works using any device. This presents a new challenge for both the small-to-medium sized businesses (SMBs) and the large enterprises with traditional IT departments. How can you keep your employees' devices secure on the corporate network and protect valuable customer data while not ruining everyone's productivity?
Amaxra consultants know that network and data security is critical to every business. One of the most effective solutions we recommend to our clients with Microsoft Office 365 deployments is the addition of Microsoft Enterprise Mobility + Security (EMS). But don't let the "Enterprise" in the product name put you off. This blog will show how your SMB will see real ROI with EMS.
What is Enterprise Mobility + Security?
Microsoft built EMS to provide identity-driven security for Office 365 users who are working from multiple devices and often use cloud-based resources. The core of EMS is a set of security technologies that are tied to every Office 365 account name in your organization. That's the "identity-driven" part of EMS because access to shared documents and other resources you use for your job is tied to your Office 365 account.
When your organization has EMS, you can easily set policies based on your employees' Office 365 accounts to ensure the contents of any documents, emails, and SharePoint sites , and instant messages shared on Teams can only be seen by the intended recipients. EMS policies allow for rights management of all the shared resources in your organization's cloud. You confer rights to share documents by labeling them as "public" or "confidential" (that's just two of the many labels, which also includea "top secret" label aimed at public-sector organizations) depending on the information contained in the document. Depending on how you label the document determines the access and availability—which can be tracked and revoked on a per-document/per-account basis.
Even if the documents you shared are forwarded or saved to another location, they won't be accessible by anyone else thanks to the encryption added by EMS. By default, EMS policy only allows access to shared documents, messages, etc. to employees in your organization while still empowering users to share these encrypted documents outside of your organization.
Real-world examples of EMS at work
For example, say you have a Microsoft Word document you and your team are working on for an upcoming board meeting. You've added the document to your internal SharePoint site and have used that link to collaborate on the wording. Sometimes you collaborate while in the office on your desktop and sometimes on your tablet when you're working remotely. On your way to the airport, you get an instant message in the Teams app on your iPhone that the document wording is done and it's time for an external vendor to add some graphic design elements to the document. Since the document contains sensitive corporate information, you label the document as "confidential" and share it with the graphic design vendor using their email address. Because your organization uses EMS, that confidential document is automatically encrypted and only the person with the graphic designer's email can open the shared document. This conditional access, where encryption is applied to a document and must verified every time the document is opened, is a key feature of EMS that provides security without sacrificing productivity.
Protecting all your devices (and the data on them)
A key advantage of having EMS at work is the "M" in the name: Mobility. We all get a lot of work done from our smartphones and tablets now—a trend that will eventually become the new normal. With Enterprise Mobility + Security, employees can work securely from whatever device they prefer; phone, tablet, Mac, or PC. What makes having EMS pivotal to maintaining this increased level of productivity and security is the fact that those devices can be corporate-owned or employee-owned using Intune. This cloud-based service, integral to EMS, is a feature that Amaxra has blogged about before in terms of having a successful bring your own device (BYOD) plan for your business.
In the real-world example we described earlier, let's imagine that you sent the document from your MacBook Air laptop at instead of an iPhone at the airport. But then your laptop was stolen. With Intune and EMS, you can use Wipe Request to remotely delete all the valuable corporate data on your laptop just in case a sophisticated thief tried to gain access to it. If your laptop is company-owned, then Remote Wipe can delete all data off the device whether it's running Microsoft Windows, Apple macOS/iOS, and Google Android. This comprehensive device management is a feature that is only available with EMS and Intune.
But if the device is your device as part of your company's BYOD strategy, then Remote Wipe can selectively delete only the
corporate apps, emails, and contacts on it. This is also an excellent security feature to use in those BYOD situations
when you have an employee abruptly leave your organization .
How to add Microsoft EMS to your Office 365
Enterprise Mobility + Security is billed as a subscription that you add on a per-user basis to any Office 365 Business and Office 365 Enterprise plan. There are two EMS subscription plans to choose from, E3 and E5, with pricing and features designed to meet price-performance benchmarks. The differences between EMS E3 and E5 are summarized by Microsoft in this table:
Both plans are scalable for SMBs up to large enterprises. In general, the slightly more expensive E5 plan adds more granular controls with advanced encryption and analytics to help larger IT departments with user/device management. Keeping track of what data is moving across your corporate network and device analytics is crucial to cybersecurity. Good analytics can show exactly where, when, and how hackers are trying to get into your devices. And with the EMS E5 plan, these detailed analytics are coupled with Microsoft investments in the cloud and artificial intelligence so that you can easily defeat criminal hackers.
Can't decide? Amaxra can help
Pricing for the EMS E3 and E5 plans vary and generally cost around $9 to $15 per user/per month respectively. It's important to remember that while there are Office 365 E3 and E5 plans, neither of these plans include Enterprise Mobility + Security E3 or E5 features. We know the "E" names are similar and it can be confusing, but EMS is always an add-on for Office 365.
Amaxra can help you determine which security add-on is optimized for your business. Not only do we offer EMS E3 and E5 plans, but we also provide Office Protect, a cybersecurity overlay to Office 365. It's not as feature-rich as the EMS plans, but Office Protect can be a cost-effective cybersecurity solution for very small organizations.
Contact me at firstname.lastname@example.org or call 425 749 7471 if you have any questions or comments on this blog.