Enterprise Mobility + Security

Enterprise Mobility + Security

Drive the digital transformation of your company

As companies strive to stay up-to-date in a world where cloud and mobility are prioritized , security and compliance take a vitally important position.

To address security challenges, Microsoft offers Enterprise Mobility + Security (hereinafter EMS), an identity-based security platform designed to help companies manage and protect their devices, applications and corporate data.

EMS is composed of 4 protection areas that will help you continue with the digital transformation of your organization, in a secure way:

Identity and access management

To protect the identity of our corporate users, EMS includes Azure Active Directory Premium (AAD Premium), which helps guarantee access to applications and data only to people who really are who they claim to be. Some of its most outstanding features are:

  • Authentication in two steps.
  • Conditional access: Real-time control, based on risks
  • Validation without password (using mobile).
  • Identity protection (alerts of anomalous behaviors, compromised credentials and vulnerabilities).
  • Single sign-on for all applications (including aps not Microsoft).
  • Management of privileged identities (Enable temporary administrator permission on demand for specific tasks).

In addition to these features, AAD Premium offers the ability to apply more intelligent restrictions that you can consult in this article Azure Active Directory Premium

Protection of information

EMS includes Azure Information Protection (AIP), a cloud service from Microsoft that allows companies to protect their confidential data by encryption (whether on-site or in the cloud), ensuring that even if the document leaves the organization to an environment Not sure, only authorized users can access it. Some of its most outstanding features are:

  • Protection of data through encryption, authentication and rights of use.
  • Intelligent classification and automated data labeling.
  • Visualize where documents are being opened and by whom (wherever the document is).
  • Help to comply with the GDPR by facilitating the detection and protection of personal data.
  • Revoke access to all copies of a document (even if they are physically outside the organization).

You can see all the details of the solution in this article from Azure Information Protection

Intelligent security

EMS offers visibility into everything that happens with our data in the cloud (wherever they are), threat detection and attack prevention through the solutions: Microsoft Cloud App Security (MCAS), Advanced Threat Analytics (ATA) and Azure Advanced Threat Protection (Azure ATP).

Microsoft Cloud App Security
Provides IT departments with visibility and control over the cloud applications used by users in your organization (those allowed and those not allowed). In this way, on the one hand, you can restrict access to those you do not authorize and on the other you can observe the activity that users perform with the data of the allowed applications, identifying suspicious activities and possible threats before they become reality. MCAS includes:

  • Detection of applications in the cloud for ShadowIT control
  • Protection of information through data loss prevention policies (DLP)
  • Visibility of user activity in cloud applications.
  • Evaluation of application risks.

You can see all the details of the solution in this Microsoft Cloud App Security article

Advanced Threat Analytics and Azure Advanced Threat Protection
ATA and the Azure Advanced Threat Protection (Azure ATP) version allow companies to quickly detect an attempt to penetrate an on-premise infrastructure analyzing advanced attacks, mainly on our domain controllers.   The difference between both products is that ATA needs to be installed in local infrastructure requiring server and storage relevant to many data, while Azure ATP, stores data and operates entirely from the cloud, without the need for local infrastructure. Some of its most outstanding features are:

  • Detection of suspicious activity of users and devices, based on company history, automatic learning and threat intelligence.
  • Monitoring of multiple entry points of the company through the integration with Microsoft Defender ATP (only Azure ATP).
  • Detection of sideways routes to accounts with administrator permissions.
  • Future integration with AAD (only Azure ATP)
  • Alerts with clear and real-time information about attacks on the company to respond quickly.

You can see all the details of the solution in this article of Azure Advanced Threat Protection

Protection in mobility

One of the points of access to corporate resources is through devices of both the company and employees (mobile, tablets or laptops), the management of such devices to ensure compliance with certain parameters (such as having pin, are encrypted or have no viruses or malware), maintaining control in case of loss or theft along with the ability to decide which applications can be used from them (and how and from where), is an essential part of the security strategy of the company to prevent information leaks. All this is what EMS offers us within Microsoft Intune. The solution includes among other features:

  • Administration of what applications and how they can be used on mobile devices.
  • Isolation of corporate data and personal data within the same application (Both in the same application and in other applications that are not company)
  • Selective deletion of corporate data on lost or stolen mobile devices.
  • Management of mobile devices (iOS, Android, MacOS and W10).

See here more details of Microsoft Intune

Do you want to know more about EMS? Contact us!

Yes, I want to know more