Home » Research » Suite Bundles Identity and Device Management

Suite Bundles Identity and Device Management

Posted: 
April 21, 2014

The Enterprise Mobility Suite bundles Azure and Intune cloud services to provide a cheaper alternative to separate subscriptions for managing identities, information, and devices. The Suite includes user subscription licenses for the new Azure Active Directory Premium Microsoft-hosted directory service, Azure Rights Management Services hosted document encryption, and the Windows Intune device management and security service. The Suite will be available beginning May 1, 2014, and a time-limited discount is offered to Enterprise Agreement customers.

Azure Active Directory Premium at the Heart

The Enterprise Mobility Suite consists of licenses for three services bundled into a single online subscription, and it is aimed at enterprises that would like to manage user identity and access information, corporate or personal data on mobile devices, and the devices themselves, all from online services. The services can be used with devices running Windows and Windows RT, Windows Phone 8, Apple iOS, and Google Android.

Azure Active Directory Premium is a new extension to the existing Azure Active Directory (AD) service that provides a scalable, multitenant, Microsoft-hosted directory and identity provider service. Azure AD stores information about users, such as the user's name, organization, and privileges, as directory objects and associated attributes and can issue security tokens on behalf of each authenticated user. Azure AD Premium adds group management, self-service password reset, usage reporting, and multifactor authentication. It also adds the right to use Forefront Identity Manager (FIM) 2010 R2, Microsoft's on-premises product for managing user identity data and access credentials, such as smart cards. The inclusion of FIM 2010 R2 server rights and associated Client Access Licenses (CALs) may make Azure AD Premium attractive to organizations that couldn't afford FIM.

Azure Rights Management Services (RMS) protection allows organizations to secure sensitive data, including documents moved to unsecured devices or shared by e-mail, and comply with privacy and disclosure regulations. Azure RMS relies on directory information provided by Azure AD. This integration enables the use of RMS with Office 365 services and the Office 365 ProPlus desktop suite.

Windows Intune is a set of Microsoft-hosted online services that provides antimalware, hardware and software inventories, health monitoring, software updating, and policy management. It was initially designed to allow small to midsize organizations to manage PCs using Microsoft online services rather than deploying an on-premises solution. Since its original release in 2011, Intune has been updated several times with increasing emphasis on managing mobile devices. The most recent update to Intune allows administrators to set stronger security policies, particularly those associated with e-mail and mobile applications, strengthening the control that companies have in "bring your own device" (BYOD) scenarios when employee-owned devices have access to corporate resources.

The Enterprise Mobility Suite will be attractive to customers who want to set up, manage, and monitor users, information, and devices (corporate- or employee-owned) all from an online service. Similar to other Azure services, Microsoft commits to a 99.9% uptime for the services included in the Suite.

Cheaper When You Bundle

The Enterprise Mobility Suite is licensed on a per-user basis through an add-on user subscription license to a CAL suite. It covers up to five devices for the designated user. The Suite is only available to organizations with an active Enterprise Agreement and active Software Assurance on the corresponding qualifying license (Core CAL or Enterprise CAL suites, or similar Bridge CAL suites that include Office 365).

The Enterprise Mobility Suite bundle costs less than subscribing to the individual services. The individual services typically total US$12 per user per month (estimated retail), whereas the Suite costs US$7.50 per user per month. For a limited time, Enterprise Agreement customers can get an additional discount, bringing the cost down to US$4 per user per month.

Some Office 365 subscription plans have capabilities comparable to Azure AD Premium and Azure RMS, and some CAL suite Bridge licenses include Office 365 and Intune. Hence, customers considering the Office 365 plans might be better off investing in those options instead of subscribing to the Enterprise Mobility Suite.

Resources

The Enterprise Mobility Suite is described at blogs.technet.com/b/in_the_cloud/archive/2014/03/27/enterprise-mobility-for-every-business-and-every-device.aspx.

Details of Azure Active Directory Premium are at blogs.technet.com/b/ad/archive/2014/03/25/identity-and-access-management-for-every-user-in-every-organization-using-any-service-on-any-device.aspx.

Azure Active Directory is described in "Windows Azure Identity Integration" on page 3 of the Feb. 2014 Update.

Azure RMS details are in "Document Protection Easier and Mobile-Enabled" on page 11 of the Jan. 2014 Update.

Intune is described in "Mobile Device Management Strengthened in Windows Intune" on page 12 of the Apr. 2014 Update.