Some of the IT challenges faced by business today are listed hereunder:
- Businesses need to unify their infrastructure technology environment with a common identity across on–premises Active Directory Domain Services (AD DS) and the cloud, with deeply integrated capabilities for PC and mobile device management.
- Users expect to be productive across a variety of device types, with access to the applications they need.
- Businesses must protect their data, so they require a comprehensive set of access control and data–protection capabilities.
Microsoft cloud has a single solution to meet these challenges head-on with its Enterprise Mobility Suite. The three components of this solution are:
- Azure Active Directory (Azure AD) Premium for Hybrid Identity management
- Windows Intune for mobile device and PC management
- Azure Rights Management for information protection
Hybrid Identity and Access Management
Azure AD Premium delivers robust identity and access management from the cloud, in sync with existing on-premises deployments:
- Cloud–based self–service password reset for employees
- Group Management, including user self–service management of groups
- Group–based provisioning and access management for hundreds of Software as a Service applications
- Machine learning–driven security reports to show log–in anomalies and other threats
- Rich and robust synchronization of user identities from on–premises directories, including write back of changes
- Reduce risk and support compliance requirements with comprehensive Multi–Factor Authentication (MFA) options
Mobile Device Management
Windows Intune enables you to manage PCs and mobile devices from the cloud. People can use the devices they love for work while protecting corporate data and adhering to security policies:
- Deliver and manage apps across a broad range of devices.
- Manage variety of device types, from Windows, Windows RT, and Windows Phone 8 to Apple iOS and Google Android.
- Configure and deploy policies, and inventory hardware and software.
Azure AD Premium and Azure Rights Management can help protect corporate assets:
- Deliver information protection in the cloud or in a hybrid model with your existing on–premises infrastructure.
- Integrate information protection into your native applications with an easy–to–use software development kit (SDK).
Today, more laptops are sold than are desktops. And tablet PCs have exceeded sales than all PCs put together. The reason – Mobility. People are expected to provide data wherever they are – whether in Office or outside. And how can they do that if they don't have access to data? Data is expected to travel with the user and has resulted in a crawl of devices.
"A desktop on every desk" was the vision of Microsoft's Bill Gates which today seems a puny aspiration. Most of the users handle more than two devices at any given time. So the data that is being carried in the laptops and tablets are prone to mishandling or pilferage. Moreover, since these devices are portable, it is carried everywhere and the risk of losing them by misplacing them or being stolen is very high and real. This is when we need to seriously look at protecting the data in these devices.
Microsoft has included a very powerful feature in its new client OS called the BitLocker to prevent loss of data due to the loss of the device. (This was available even in the Windows Vista OS but has picked up popularity lately with the Windows 7 and Windows 8/8.1 OSs flooding the scene within a short span of three years). BitLocker protects the data in a hard disk from unauthorized access by encrypting it and enabling decryption of data using a password. Here are some additional details:
- Prevents unauthorized access to data on lost or stolen PCs
- Supports full volume encryption of OS and Data volumes
- Offers variety of pre-boot authentication options:
- TPM*-only, PIN/Password, Network Unlock, USB storage
- Supports PCs, Servers, and "Slate" form factors
TPM - Trusted Platform Module - an additional security hardware chip built inside the PC system.
Since external storage devices like pen drives and other USB devices are extensively being used, the need for protecting the data in these devices was also felt. Windows 8/8.1 has this additional security feature in place in the name of BitLocker to Go. Here are some additional details on this feature:
- Used to protect data on removable drives
- Able to deny or grant write access to volumes by organization
- Enables read-only access on Windows Vista & Windows XP