Conquering Android and iOS with Enterprise Mobility Suite

    Just a few years ago, the ability to work with corporate data from their personal devices was practically not allowed. And it’s not even about the use of laptops, not that about mobile phones and tablets. But technology does not stand still. Today, tablets and mobile devices have entered our lives so tightly that organizations should provide for users to work with them. Nevertheless, the eternal question arises of how to ensure the security of corporate data when users work with personal devices. Moreover, if the problem with Windows devices was somehow solved, Android and iOS users remained aloof. That was until recently. Now you can work with personal devices on Android or iOS, because




    A bit about EMS


    Enterprise Mobility Suite is an integrated solution for managing devices, including mobile, identification and access based on policies, while protecting corporate data and applications. Using EMS, the organization gets the opportunity to fully implement the BYOD concept (“Bring Your Own Device”) and provide its employees and partners with maximum freedom for convenient and productive work in a secure IT environment.
    EMS includes three cloud services:
    • Microsoft Azure Active Directory Premium (allows you to manage identity and access for on-premises, hybrid, and cloud environments)
    • Microsoft Intune (allows you to control PCs and mobile devices, and also provides data protection)
    • Microsoft Azure Rights Management (provides information security in the cloud or in a hybrid environment, which includes a local infrastructure)

    What tasks can be solved using EMS?
    Firstly, thanks to EMS, employees will be able to work with corporate data and applications on the devices that they like. Secondly, the use of a common identity for local resources and cloud applications, as well as the use of mobile device management capabilities, allows you to create a single IT environment. Thirdly, despite the fact that the device is selected by the user, these organizations are protected thanks to various access control and data protection tools.

    Microsoft intune


    As noted above, the use of Microsoft Intune helps the organization provide employees with access to enterprise applications and data, while exercising control over these devices. Thanks to Windows Intune, it’s precisely how mobile devices are managed on various platforms - Windows, Windows Phone, iOS and Android. More specifically, Windows Intune supports the following operating systems:
    • Apple iOS 6 and later.
    • Google Android 2.3.4 and later (including Samsung KNOX).
    • Windows Phone 8.0 and later.
    • Windows RT and later.
    • Windows 8.1 computers.

    Of course, Microsoft Intune in particular and EMS in general require installation and configuration before you can get started - i.e. mobile device management. How to configure Windows Intune is described in detail and shown in the course of the same name on the Microsoft Virtual Academy portal .
    I note that before you manage the device, you must register it. To register your device with Microsoft Intune, use the Company Portal application. We’ll talk about him in more detail.

    Company portal


    The Company Portal application helps you locate, view, and install applications that your organization has shared with Microsoft Intune. Users can register personal computers and devices in this service, as well as gain access to the corporate applications they need to work.
    Company Portal can be downloaded from application stores for each platform:

    For successful operation from a mobile device, the Company Portal application must be downloaded and installed. After the Company Portal is installed, we go into it. You will need to enter your credentials used to access the organization’s resources. If the data is entered correctly, then we will be able to access the Company Portal of our organization.

    Company Portal may contain various information and look different: it all depends on what settings the IT service of your company has set. For example, the screenshot above shows both the company's applications and the devices from which attempts were made to connect to corporate data.
    An exclamation mark next to one of the devices indicates that the device is not properly registered. Because of this, the user cannot access mail or other corporate applications. The situation is easy to fix. Just register your device. To do this, we select the device, in the information click on the item “Device is not enrolled” and in the next window click on “Enroll”.

    We will get to the registration portal, we will receive a message that a profile has been found that will need to be installed.

    In conclusion, we get a message that our device has been successfully registered with Microsoft Intune.

    Some time after registering the device, some applications that are provided by your organization can be installed on it forcibly.
    In turn, the administrator. By going to the Microsoft Intune management portal, you can see which devices are now added to the managed ones, see their type and the operating system installed on them.

    Company Portal provides various options for the user to control their device. So the device can be renamed, in addition, you can perform a remote reset or delete all corporate information from the device. Those. not only the administrator can delete the data, but the user himself. To do this, just use the Company Portal application.


    As we could see, Microsoft Intune - one of the elements of EMS - allows you to control various mobile devices of users, regardless of whether they have an operating system - Android, iOS or Windows Phone. If you want to get more information about how to manage corporate mobile devices, JumpStart will be held on March 26 on this topic - register and watch .

    I also recommend watching video courses that talk about Enterprise Mobility Suite:

    Also popular now: