Friday 11 December 2015

EMS - Overview including capabilities

Hello Everyone,

As required by some viewers, I am posting about EMS overview which will include below points:

  • EMS Overview - Capabilities and components of EMS.
  • Azure AD Premium - Capabilities
  • Intune - Capabilities
  • Azure RMS - Capabilities
  • Portal Links
I will try to include all features about EMS in very simple way so that it is easy to understand EMS functionalities and benefits still if I missed any then do let me know in comments. Your inputs will be appreciated and implemented in my post.

So, let's start with EMS overview :)

EMS Overview:

EMS (Enterprise Mobility Suite) is a Microsoft technology which helps you in managing unique identity and mobiles devices of Users through enhanced security and encryptions. It provides You a concept of BYOD (Bring Your Own Device) and BYOC (Bring Your Own Cloud) where Users can get access to organisation resources in a well managed and secure way and user can save their data to their cloud storage itself.

It offers a cross platform for iOS, Android and Windows Devices and includes on-premises, hybrid and cloud architecture.

  • Identity and Access management - Enabled via Azure Active Directory Premium.
  • MDM (Mobile Device Management) and MADM (Mobile Application and Data Management) - Enabled via Microsoft Intune.
  • Information Protection - Enabled via Azure RMS (Right Management Service).

Azure Active Directory Premium:

Azure AD Premium provide hybrid identity management where users have opportunities to manage groups, self-service account management and multi-factor authentication with help of Azure AD. It also helps in configuring single-sign on functionalities for 2530+ SAAS applications over cloud.

  • Self-service password reset option for end users which helps in reducing help-desk calls.
  • Multifactor authentication for end user. This helps in securing end user data/informations more secure as it asks for OTP (One Time Password) code  which is sent on end users mobile number or call (depends on configuration done for security- Text or Call).
  • Single-sign on for 2530+ SAAS application over cloud.
  • Best feature: Directory synchronization between on-premises and cloud directories. Tool used for synchronisation is Azure AD Connect.

About Azure AD Connect:

This tool helps in integration between on-premises AD and Azure AD which helps in accessing both on-premises and cloud resources with single identity.

For Integration process, I will update in my upcoming posts... :)

Microsoft Intune:

Intune provides cloud based service: MDM (Mobile Device Management) and MADM (Mobile Application and Data Management) which helps in protecting and managing company's information on different platforms (iOS, Android and Windows devices).

  • A standalone solution for managing all platform devices (iOS, Android and Windows).
  • Mobile Application Management.
  • Selective or Full wipe-out.
  • Conditional access to exchange/sharepoint online and exchange on-premises.
  • Deployment for LOB (Line of Business) apps.
  • Provide simple and easy to use portal (Company portal) for end user.
  • Provide multi-tenant feature thereby segregating official and personal data with no mixing or loss of any data (personal or official).
  • Intune can now also manage other MDM devices using Intune MAM policies (This is under preview option as of now... Will be coming soon). Using this feature, Intune can directly deploy policies to other MDM managed devices. This is available for iOS and Android device only as of now. I will update You on this once tested.
Other then capabilities, Intune also available with:
  • SCCM 2012 as cloud extension.
  • Part of Office 365.
  • Part of Microsoft EMS.

Azure RMS:

Azure RMS (Rights Management Service) helps in protecting confidential informations from unauthorized access or misuse. 

  • Information protection for on-premises resources. 
  • Integration with on-premises application.
  • Provides templates thereby restricting permissions in granular manner like right to copy, paste, print etc.
  • Protecting boths mails and documents on both on-premises and cloud architecture.

Portal Links:

This is the brief overview about EMS. I will keep posting more about implementation, configuration and test results for all parts with all steps (with screenshots).

If I missed or provide any wrong information then please do let me know, I will update the same.

Thanks in Advance!!!

Happy reading :)

If You like my posts then follow my updates:

Join my Facebook group for updates on trending technologies/technical references/issues etc:


  1. Ultimate Mayank.gr8 and very easy to understand..

  2. This is a really informative knowledge, Thanks for posting this informative Information. Curso de Azure AKS: Kubernetes