adv

Microsoft consolidates its mobile management tools under Azure

Microsoft has consolidated its Enterprise Mobility + Security (EMS) suite of products under its Azure portal, combining its Intune mobile application management tools and its Azure Active Directory (AD) and Information Protection under a single console.

The move offers a unified admin experience aimed at bolstering enterprise mobility management efforts.

Microsoft introduced the EMS suite in March 2014, targeting businesses with strong mobile and cloud-first strategies.

"The move to the cloud is driving unprecedented investments in security and management. As part of this, enterprises are consolidating services to improve efficiency while increasing user productivity," a Microsoft spokesperson said via email.

The Microsoft move should allow companies to better deploy and manage PCs, according to David Johnson, Forrester Research’s principal analyst for infrastructure and operations.

“They can begin moving more of their operations away from conventional on-premise PC and identity management tools, and handle more of it from the cloud,” Johnson said.

“In theory, this should also make it easier for them to identify instantly which machines have not received a critical patch, because Intune is outside the corporate network so it can more easily collect data from corporate PCs that are also being used outside the corporate network.”

Consolidating controls under the Azure web service also indicates Microsoft remains serious about simplifying the device lifecycle. The company already took a major step forward by making MDM APIs part of Windows 10, which makes it easier for companies to manage most of the lifecycle with Intune or other EMM tools.

By also moving the other services to the cloud, “they're taking another big step,” Johnson said. “This move is a reason for [IT and operations] pros to rejoice.”

Even so, many companies are not yet comfortable with cloud-based PC management, Johnson added, so “it will take time before they're able to fully vet the implications for their security and compliance requirements.”

According to the company, benefits of the integration to the Azure portal include:

  • Unified console for EMS components
  • The HTML-based console is built on web standards and support for most modern browsers
  • For Intune, Microsoft Graph API support to automate many actions
  • Azure AD groups provide compatibility across all your Azure applications

When initially launched, EMS contained three core products: Azure Active Directory Premium, Windows Intune and Azure Rights Management Services. Since then, Microsoft has continued to build out EMS to make it a more robust way for IT to manage identities, devices and apps.

Microsoft added new products to EMS in 2015 and 2016, including Cloud App Security, Advanced Threat Analytics and Azure Information Protection. Then, last July, the company renamed the suite as Enterprise Mobility + Security.

Azure AD Premium and Intune were previously accessed via their own consoles. For example, Azure AD was part of the "classic portal" experience at, starting in 2013.

"Identity is at the core of mobility strategies and we often find our customers first workload to deploy is Azure AD," the spokesperson said. "This new environment makes it easy for you to scale your Azure AD groups and policies to protect at deeper levels using Microsoft Intune and Azure Information Protection."

Intune also had a classic portal that required the Silverlight plug-in for regular access.

In the future, Microsoft plans to release all new features and enhancements for Azure AD, Intune and Azure Information Protection on the new Azure console.

Computerworld (US)