Skip to content

Enterprise Mobility + Security


In the previous blog post in this series, I discussed Intune’s Service Oriented Architecture. In that post, I detailed the collection of loosely coupled micro services that compose Intune, and I went into the details of delivering a solution as a true multi-tenant cloud service and how that brings huge benefits to our customers.

Those benefits, it turns out, are huge – things like:

  • Ease of deployment
  • Reliability
  • Availability
  • Scale
  • Up-to-dateness
  • Resiliency
  • Disaster recover
  • And much more

This is, obviously, a lot different than delivering a hosted solution of an on-premise workload (which most of our competition does). But it’s not just different – it’s a lot better.

Today, I’m going to expand on this concept a little.

One important element to consider is that Intune is not the only commercial service Microsoft has built to address Enterprise Mobility. There are, in fact, several others – for example: Exchange Online, SharePoint Online, One Drive For Business, Skype For Business, Yammer, Azure Rights Management and Azure Active Directory, just to name a few. Like Intune, each of these cloud services is also composed of a set of loosely coupled micro-services that work together to enable end-to-end scenarios.

But here’s the magic part: Each of these services is also loosely coupled with each other. One Drive for Business “talks” to Azure AD which “talks” to Exchange Online which “talks” with Intune. Microsoft’s solution for Enterprise Mobility is really a family of cloud services that work together as one Enterprise Mobility service. This is what it means to be cloud first.

And we’re the only company in the EMM space doing it.

What this Means for You

The first reason this should matter to you is simple: The interconnected nature of these services gives you the best path to integrated end-to-end scenarios. When you use Office 365 with the Enterprise Mobility Suite (EMS) you get an awesome productivity experience for your end users – and that experience natively supports access control and data protection capabilities defined by IT.

Figure 1 below visualizes what this looks like.

clip_image002

Figure 1: A family of cloud services for enterprise mobility

Taking Control of Policy Controls

With EMS, you can define a broad set of policy controls over O365. For example, you can define rules that restrict O365 hosted services (e.g. e-mail) to only be accessible by devices or apps that are managed by your corporation. You can also set rules that prevent corporate data from being shared with consumer apps and services, or you can push the Office apps to groups of users.

We’ve already built dozens of these integrated experiences, and, if you want to know our strategy moving forward, it’s to build hundreds more. Our goal is to automate IW productivity and IT-driven data protection.

Despite the tens of thousands of hours spent building them, all of these integrated experiences show up as transparently as possible to the end user: The user simply downloads Office from the public app store for her device and then, when the user tries to use a corporate credential to access corporate data, Microsoft’s services (e.g. Exchange Online, Azure AD, and Intune) simply talk to each other to enforce the policies that IT sets. If the user’s device isn’t managed yet, she’ll be guided through a simple workflow to enroll it before access is granted. Later, when she attempts to save the file, the option to “Save to Dropbox” will not be available for that corporate document (although that option remains for personal content).

Throughout this process, the user didn’t have to use a separate set of apps for work. She just used Office and the right things happened. The IT team didn’t have to deploy a complicated set of gateways and proxies, there was no jumping back and forth between apps, and there was no complex login process. The Microsoft cloud just took care of it.

When it comes to the cloud, Microsoft is all in. This gives you an idea why.

What we’ve built provides an integrated and ever-expanding set of experiences that address your scenarios holistically. No other vendor gives you cloud-based productivity, identity, access control, data leakage prevention, and management – all integrated together.

Something Even More Powerful

With all of this in mind, there is still a more powerful reason that Microsoft’s family of cloud services should matter to you: It’s not just that the scenarios are holistic and the experiences are integrated, it’s also the fact that this architecture gives you a vast range of less obvious but highly valuable operational benefits.

Here are just a few of the incredibly powerful operational benefits:

  • Always up to date.
    A true multi-tenant service, like the ones we build at Microsoft, will always keep the services you’re using up to date. We are shipping features and fixes daily – you will never need to upgrade to the latest version or service pack. We make our new features instantly available to all customers and, when we fix a bug for one customer, that fix instantly applies to everyone else.
  • Always available and reachable.
    Our datacenters are deployed globally – so, no matter where your customers or users live, they have “local” access to their productivity, identity and management services anywhere there’s an internet connection.
  • Easy to try, adopt and deploy.
    You can sign up for trials of our services and be running a lab in minutes. You don’t have to download and install infrastructure in order to get a quick proof of concept going.
  • Disaster recovery and geo-diversity.
    We build our services to be resilient to failure. Our micro-services are automatically deployed into scale units that actively fail-over when a node goes down and, on top of this, we support failover of an entire data center to another (in the same region subject to your preferences for data locality). Ask yourself: How many solutions from our competitors promise to keep you operational in the face of a natural disaster that takes out your datacenter?
  • Assign your data to a region.
    We recognize that different areas in the world have different standards or regulations for data storage and export, so we allow you to specify the region where you want to store your data.
  • Trust center.
    We take your security, privacy and compliance requirements seriously. We document how we’ll handle data on your behalf and publish it publicly.
  • Built from the ground up.
    Microsoft’s services run on Microsoft fabric in Microsoft datacenters. If something goes wrong in any layer, you only need to make one call. Our incident managers are empowered to resolve issues from the bare metal up, and we’re investing in the cloud more aggressively than any of our competitors.
  • World class engineering and security.
    All of our code is developed based on Microsoft Security Lifecycle standards using best-of-breed engineering processes by some of the most talented engineers in the world.
  • Compliant and Certified.
    Our services are compliant with the most demanding industry certifications. We are audited for compliance multiple times a year and these certifications cover everything from our hiring practices, to our issue tracking, to the coding itself. To get really deep on this topic, check out the Azure Trust Center and the Intune Trust Center.
  • Financially backed SLAs.
    We know that moving to the cloud can take a leap of faith. When you take this leap, you’re trusting that we will resolve issues with the same urgency that you’d have if you were running the service. To do this, we’ve set up a lot of things to ensure we are as vigilant and responsive as possible. For example, we keep outside-in agents continually running against our services to simulate customer transactions. If those agents fail, it causes an alert and we wake our engineers up in the middle of the night to address any service issues immediately. Most of the time, this process catches issues before our customers ever notice them. We also partner with other Microsoft services to run drills across incident management teams to ensure your end-to-end services stay up. If we don’t keep you operational at three 9s, then you don’t pay us that month. No other vendor goes to these extremes, and no other vendor puts their money where their mouth is and backs their SLAs financially like we do.

clip_image004

Figure 2: Operational benefits

* * *

I hope this post has given you an idea of the breadth of investment we’re making in cloud-based Enterprise Mobility. The architecture really does matter. Our family of cloud services gives you the best end-to-end capabilities to address your mobility needs and they offer an amazing set of operational benefits that free you to focus on the things that really impact your business.

 

In_The_Cloud_Logos