3/25/2019 published by: Softeng

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS

As companies strive to stay up-to-date in a world where cloud and mobility are prioritized , security and compliance take a vitally important position.

Therefore, at the same time that mobile work becomes an integral part of the business, employees' devices and applications become the first line of defense against a large number of increasingly advanced threats. In fact, these malicious attacks are an unaffordable risk for companies both for security and legal issues , since, in addition to the serious problems associated with the leakage of confidential data, after the arrival of the GDPR, companies are faced with numerous economic sanctions and to the inherent penalty on the part of its customers and the market .

To address these security challenges, Microsoft offers Enterprise Mobility + Security (hereinafter EMS), an identity-based security platform, designed to help companies manage and protect their devices, applications and corporate data.

Specifically EMS offers companies security capabilities through different lines of defense (the so-called principle of " defense in depth "), so that all lines complement each other (and if for any reason one is overcome by a threat , the following line can be the one that avoids us the disaster).

EMS is composed of 4 protection areas that will help you continue with the digital transformation of your organization, in a secure way:

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS

Identity and access management

With the increasing popularity of applications in the cloud, social networks and web portals, that we use in our day to day accessing with different credentials (user) but often, reusing the same password (avoiding having to remember so many). This way of acting of users in their Personal life carries a huge risk. Why? From the outset, the number of (known) leaks of data from users of large social networks and consumer services in the last 12 months are very high ("Google Plus", "Facebook", "Movistar", "IESE", "Adidas" , "Job Talent", "Ticketmaster", "myHeritage", among many others), so thesecurity threatfor companies it is enormous since cybercriminals, once they have a personal username and password, easily find out where that person works and then try with the same password to access the sensitive information of the companies where they work, being right in many cases. In parallel, the cybercriminals also use the massive campaigns of sending false emails asking our users (to their corporate or personal email), to enter any site to be able to steal a password. And every time they do it better.

To avoid the risk that this entails, it is necessary to protect the identity of our corporate users and for this EMS includes Azure Active Directory Premium (AAD Premium) , which helps guarantee access to applications and data only to people who really are who they say they are .

In addition, it offers us the ability to apply more intelligent restrictions through three key features:

" Conditional access ": Before, companies could only ask for things like: "That users can only access from within the company!", But now ... they can ask us: "What users can access from outside the company? company, but establishing conditions as needed "(only from authorized corporate or personal devices, only from known locations, forcing to use multi-factor and / or preventing extraction of information, among other requirements). By making a simile, you can think of the conditional access of Azure AD as the security doorman of a building , as it welcomes the good neighbors while challenging others to confirm their identity and deny entry to the completely unknown, or .. Maybe I'll let them pass, telling us to go up and accompanying him.

" Identity protection ": Criminals try almost 100 million fraudulent login sessions per day and we should know if any impact us. To do this, the "Identity Protection" reports offer us intelligence to detect and inform IT of suspicious session initiations, such as those that would imply making a trip to a strange place to date or impossible for the time between a login and another (detecting the intrusion by the probability that they may actually be different people) or locating user passwords for sale over the internet. In addition, next to the " Conditional access ", it offers us the power to allow users to connect as long as there is no risk in their session (for example, if they did it from a computer with a virus or malware) or only by letting them connect your password is changed when the system knows that it has been stolen. Making a simile, this benefit would be like a lookout that observes and provides relevant information about what is happening in the environment, so that it can act accordingly.

" Management of privileged identities ": That an account is compromised is always a possibility and the best way to reduce the risk is to assume that there has been a gap or that there will be. But, if a compromised account of a user is a problem, if it has administrative privileges the situation becomes catastrophic , so it is critical to minimize the possibility that a compromised account ends up having administrative permissions without control. This tool precisely offers us to ensure that we have the minimum number of administrative users, being able to offer administrative permits on time, when required, only temporarily and even automatically (under certain circumstances). Making a simile, it would be like when a smart card is delivered to enter the hotel Spa, but once our stay is over, the card stops working.

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS Summary of features:

  • Authentication in two steps.
  • Conditional access: Real-time control, based on risks
  • Validation without password (using mobile).
  • Identity protection (alerts of anomalous behaviors, compromised credentials and vulnerabilities).
  • Single sign-on for all applications (including aps not Microsoft).
  • Management of privileged identities (Enable temporary administrator permission on demand for specific tasks).

If you wish, see all the details of Azure Active Directory Premium

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS

Protection of information

Although we are able to ensure that the person accessing our data is who they say they are and also that they do it from a secure device, the risk continues because the user can share a document with someone outside who may not be as well protected (or potentially may make an inappropriate use of the information provided).

To do this, EMS includes Azure Information Protection , a Microsoft cloud service that allows companies to protect their confidential data by encryption (whether they are local or in the cloud), ensuring that even if the document leaves the organization to an environment that does not Sure, only authorized users can access it. In addition, we can define the actions that can be carried out by authorized persons and continue to have the document (and its copies), always under our control, wherever it is, even though we do not physically have access to it.

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS Summary of features:

  • Protection of data through encryption, authentication and rights of use.
  • Intelligent classification and automated data labeling.
  • Visualize where documents are being opened and by whom (wherever the document is).
  • Help to comply with the GDPR by facilitating the detection and protection of personal data.
  • Revoke access to all copies of a document (even if they are physically outside the organization).
Following the analogies, you can think of Azure Information Protection as the system that ensures that our briefcase, which contains highly sensitive documentation, will turn into dust in case it falls into the wrong hands.

See all the details of Azure Information Protection


Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS

Intelligent security

EMS offers visibility into everything that happens with our data in the cloud (wherever they are), threat detection and attack prevention through the solutions: Microsoft Cloud App Security , Advanced Threat Analytics (ATA) and Azure Advanced Threat Protection ( Azure ATP).

Microsoft Cloud App Security (MCAS)

What happens if an employee, correctly identified and authenticated, does something wrong with your data? It's more ... What would happen if that employee is no longer loyal or acts under duress? or .. What happens if your computer is not properly protected and a malware is reading data in your name? This is where Cloud App Security would intervene.

Specifically, Cloud App Security provides IT departments with visibility and control over the cloud applications used by users in your organization (those allowed and those not allowed). In this way, on the one hand, you will be able to restrict access to those that you do not authorize and on the other hand you will be able to observe the activity that users perform with the data of the allowed applications, identifying suspicious activities and possible threats before they become reality.For example, Microsoft Cloud App Security may indicate that there is a certain user who is downloading a large amount of information outside the company (even if the situation is too anomalous, you can close the session), or you can limit that it is not possible to access according to which applications from outside your organization or from unknown computers.

MCAS, aside from Office 365 and Azure, provides activity visibility for popular cloud applications such as Dropbox, G Suite, AWS, Salesforce and many more.

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS Microsoft Cloud App Security includes:

  • Detection of applications in the cloud for ShadowIT control
  • Protection of information through data loss prevention policies (DLP)
  • Visibility of user activity in cloud applications.
  • Evaluation of application risks.


Microsoft Cloud App Security is, following the similes, as the bodyguard that always accompanies a person so that it does not do or suffer any harm.

Check here all the details of Microsoft Cloud App Security

Advanced Threat Analytics and Azure Advanced Threat Protection

All the lines of defense described in this article provide very effective protection for your organization. However, users' behavior (for example, falling into a phishing attack or reusing passwords on unsafe websites), potential vulnerabilities in VPNs and server infrastructure (especially domain controllers - with their local active directory) and others Creative attacks by cybercriminals provide alternative ways for them to enter the "kitchen".

The attackers, in those cases, move quickly ... and once they obtain the credentials of any user , (often through VPN's vulnerable or without authentication protected by means of multi-factor), they manage to assign themselves administrator privileges (with the help of log files, memory resident data, unencrypted files and other mechanisms), and ... we already have them inside, without being able to do anything (and for a time exceeding 140 days, on average, until they are discovered). Moreover, because many companies still have local infrastructure, unfortunately, when it comes to attacks on-premise, "network barriers / firewalls" that companies have to keep theoretically safe, actually prevent and for technical reasons, that smart cloud products (such as AAD Identity Protection, Conditional Access for Azure AD and Cloud App Security) can be used to help keep data physically hosted in your organization safe.

Your on-premise infrastructure represents the greatest risk, so having a quick response to these intrusions is the best strategy. Fortunately, Advanced Threat Analytics (ATA) and the cloud version, Azure Advanced Threat Protection (Azure ATP), allow companies to quickly detect an attempt to penetrate an on-premise infrastructure analyzing advanced attacks, mainly on our controllers Of domain.   The difference between both products is that ATA (included in EMS E3) needs to be installed in local infrastructure requiring server and storage relevant to many data, while Azure ATP (included in EMS E5), stores data and operates entirely from the cloud, without need for local infrastructure.

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS ATA and Azure ATP offer among other features:

  • Detection of suspicious activity of users and devices, based on company history, automatic learning and threat intelligence.
  • Monitoring of multiple entry points of the company through the integration with Microsoft Defender ATP (only Azure ATP).
  • Detection of sideways routes to accounts with administrator permissions.
  • Future integration with AAD (only Azure ATP)
  • Alerts with clear and real-time information about attacks on the company to respond quickly.


In the end, ATA / Azure ATP is like the guard hidden in our house, able to alert us quickly if an attacker has broken any security barrier.

If you want to know more, you can check here the details of Azure Advanced Threat Protection

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS

Protection in mobility

Although we are sure that an identity has not been compromised and that the person who accesses our data is who they say they are, there is always the possibility that a user may download information on an insecure device (without encryption and / or without pin) or worse Still, already committed.

For example, if a user is synchronizing corporate mail on his personal phone and he does not have a PIN, anyone who picks up that phone will have full access to the company's mailbox. Or, if the user has downloaded a document with very sensitive content (contracts, payroll excel, ..) on their personal device and the laptop (or phone) is lost or stolen, those documents will fall into the wrong hands. Moreover, many devices are currently used as a security validation factor, so having them unprotected and with malware that is able to intercept the user's credentials each time they connect to a service is a great threat.

For all these reasons, as one of the points of access to corporate resources is through devices of both the company and employees (mobile phones, tablets or laptops), the management of such devices to ensure compliance with certain parameters ( as they have pin, are encrypted or have no viruses or malware), maintain control in case of loss or theft along with the ability to decide which applications can be used from them (and how and from where), is an essential part of the company's security strategy to prevent information leaks. All this is what EMS offers us within Microsoft Intune .

Prepara a tu empresa para hacer frente a los desafíos de seguridad con EMS Microsoft Intune includes among other features:

  • Administration of what applications and how they can be used on mobile devices.
  • Isolation of corporate data and personal data within the same application (Both in the same application and in other applications that are not company)
  • Selective deletion of corporate data on lost or stolen mobile devices.
  • Management of mobile devices (iOS, Android, MacOS and W10).


By another analogy, you can think that Intune guarantees the integrity of our briefcase and its lock , which helps to protect the security of what is inside.

See here more details of Microsoft Intune

How is EMS licensed?

This product has two versions:

  • EMS E3: Includes Azure Active Directory Premium P1, Intune, Azure Information Protection P1, Advanced Threat Analytics and rights for Windows Server CAL.
  • EMS E5: Includes Azure Active Directory Premium P2, Intune, Azure Information Protection P2, Microsoft Cloud App Security, Azure Advanced Threat Protection and rights for Windows Server CAL.

Also, EMS is included in the following suites:

  • MICROSOFT 365 E3: Includes EMS E3, Office 365 E3 and Windows 10 E3.
  • MICROSOFT 365 E5: Includes EMS E5, Office 365 E5 and Windows 10 E5.


The crude truth is that the speed and sophistication of attacks is increasing and together with the risks derived from human errors (in passwords or sharing information), it provides the enemy with multiple ways to access our data. Yes, the enemy is out there or ... maybe already inside, so, our recommendation is to follow a strategy that assumes that we have a gap and think that no defense will be enough.

Do you want to know more about Enterprise Mobility + Security? Contact us!

Yes, I want to know more!


<< back to blog

Do you want to receive the items in your mailbox?

Suscripciones al Blog Rss Blog