Skip to content

Enterprise Mobility + Security


The modern workplace has introduced an explosion of cloud services and devices that have dramatically changed the scenarios IT has to manage and support.  And, of course, IT has to manage these countless new challenges with same budget and resources.

Our focus on customer experience and customer usage has made us very aware of these challenges, so we’ve been working exceptionally hard cross-company to support the work you do in this new world.

This is why I’m so excited about Microsoft 365.

Microsoft 365 is a complete, integrated solution that you can use to intelligently empower your workforce.  I love it because of how it delivers creativity and teamwork for your organization – but it combines this with security, simplicity, and an empowering work experience across multiple device platforms and the cloud.

A Microsoft 365 powered device delivers the best way to experience these massive benefits.

What is a Microsoft 365 powered device?  It’s a device running Windows 10, with Office 365 ProPlus deployed, and managed by Enterprise Mobility + Security (EMS).

Check out this Mechanics video covering how these scenarios come together:

Easy to deploy and manage

Historically, new devices have been shipped to IT, then they are imaged and prepared, and finally they are shipped it to users.  All of this delays users getting their new devices, and it comes with a variety of unnecessary complexity and costs.  A Microsoft 365 powered device fundamentally changes the way new devices are deployed within an enterprise.

With Microsoft 365, a new Windows 10 device can be shipped directly to the end user, and that end user has the incredible experience of taking the new desktop/laptop out of the box (there is something incredibly exciting about this to me) and get to work immediately. They simply turn on the PC and answer few simple questions, and then Windows Autopilot (integrated with Azure AD Premium and Intune) automatically configures the new PC as a new Microsoft 365 powered device based on unique corporate IT and user needs.  Immediately the end user’s e-mail, files, apps, and preferences are automatically deployed – and IT’s security policy is enforced.

What used to take days to prepare and deploy, now takes minutes.

Proactive Insights

Technology is moving faster than ever, and I don’t think I’m going to startle anyone by saying that things will never slow back down.  This means that the expectations being heap upon IT are always going to be increasing.  As someone who started his technology career doing tech support, my desire to help you solve this problem comes from a very personal place.  I want you to know that Microsoft has committed itself to ensuring IT continues being a hero.  I want you to use Microsoft 365 to get the proactive insights you need to continuously improve the end-user experience and enables help your workforce achieve more.  Everything we are learning in the cloud is being put back to use for our Microsoft 365 customers so that they can prioritize their efforts and be more productive – with confidence!

These proactive insights are what IT can use to focus their efforts towards the areas where they can have the biggest impact.  For example, Windows Analytics can point out the applications and drivers that IT should focus on to unblock 10% and then 80% of an organization’s devices to be upgraded to Windows 10.  As this prioritized list of apps and drivers is addressed and Windows Analytics is confident that the devices can be upgraded to Windows 10, those devices can be automatically targeted with System Center Configuration Manager (ConfigMgr) for upgrades.

Other proactive insights provided by Microsoft 365 powered devices include the most commonly used Office add-ins, a view into the drivers in use and the drivers that are causing Windows devices to crash, etc.

This depth of data and level of insight is unique to Microsoft 365 customers.  This is how IT can be more productive, offer its users higher satisfaction, and make their organization more secure.

Always Up-to-Date

A Microsoft 365 powered device is (by definition!) always up-to-date.  A reality about today’s workforce is that your users come to work with an expectation of the same rich, connected, and empowering experiences they have in their personal lives.  One of the major benefits of cloud services is that we are able to continuously deliver new value to users and IT as we to continuously update the services.  This means the user experience is rich and polished – and keeps getting better over time.

Another huge benefit of a continually updated cloud service is the long list of security benefits.  Put simply:  It is an absolute business imperative that you keep your devices up-to-date; your users will have the best experience and your organization will be more secure.

To see this principle in action, just consider our experience updating more than 1B PCs each month with Windows Update, as well as the 100M+ devices that are updated through ConfigMgr, and then combine that in the cloud with Microsoft 365 to continually deliver you the new capabilities and updates through Microsoft Intune and Windows Update for Business.   Wow.

Right now, world-class organizations already deploy new feature updates to their devices within 3-4 days of release – and now this kind of technical rigor and scheduling is possible for everyone.

Intelligent, Built-in Security

The level of sophistication behind modern cyber attacks, as well as the meticulous way they are engineered, is scary and getting scarier.  The sophistication has reached a point where humans simply cannot keep up alone.  Keeping our organizations secure now requires the power of the cloud + the power of unique data + AI in the cloud to assist you in protecting your organization.

This is a place where a Microsoft 365 powered device truly is unique.

Windows 10 is the most secure operating system Microsoft has ever built.  Built-in Windows 10 capabilities such as Windows Hello, Credential Guard, BitLocker, Exploit Guard, and Windows Defender enable Windows 10 to protect itself and help organizations move away from passwords. The Microsoft 365 services are all constantly sending back telemetry that works to help protect your organization.  Windows Defender ATP sends data that helps us see attacks on a Windows 10 device.  Office 365 ATP sends back data on attacks that are being seen across the Office 365 productivity services.  Every use of an Office 365 service (or any app managed by Azure AD) sends back data on the identity and how it is being used.  Intune is constantly sending back data on the configuration and use of devices and corporate apps.  All of this data is brought together in the Microsoft Intelligent Security Graph that can also identify attacks and then work across Microsoft to take action to block and remediate breaches.  This continuously helps to protect your organization.

This is the power of the cloud working every second of every day to help protect you; this provides a level of security that is not possible without the cloud.

Transitioning to Microsoft 365 and Modern Management

Microsoft 365 powered devices help organizations provide an improved experience for end-users, take advantage of built-in modern security, simplify management, and lower costs. However, the majority of customers today are in an on-premises model, i.e. using Active Directory, Group Policy, and ConfigMgr as their management tools. We heard from our customers that they would like to have an easier and more manageable way to transition to modern management. Today, we are excited to announce co-management, a new set of capabilities in ConfigMgr and Intune that will help accelerate the move to modern management from the cloud.  Co-management delivers a bridge that simplifies and reduces the risks as organizations transition the management of Windows 10 devices to cloud-based Intune.

With the Fall Creators Update, a Windows 10 device can now be joined to on-premises Active Directory (AD) and Azure AD at the same time. Co-management takes advantage of this improvement and enables the device to be managed by both ConfigMgr agent and Intune MDM.  This allows organizations to move parts or workloads of their management to the cloud – thus making the move to the cloud in manageable chunks. For example, customers can transition device compliance check, resource access profile deployment, or update management from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads such as software distribution and deep device security configuration.

One of the unique capabilities of Microsoft 365 in this co-managed scenario is that ConfigMgr and Intune are in constant communication.  As workloads are moved, Microsoft 365 understands who the authoritative source (Intune or ConfigMgr) is for every attribute on users and devices – avoiding conflicting policies from being applied.

A Microsoft 365 Powered Device – the Best Way to Experience Microsoft 365

Microsoft 365 is an integrated solution that delivers a complete, intelligent way to empower employees – and a Microsoft 365 powered device is the best way to experience Microsoft 365.  This is truly a revolutionary approach to delivering the modern workspace, and it builds on the foundation of what Microsoft has delivered for years (Windows, Office, Active Directory, and ConfigMgr) in a way that helps organizations move to modern versions delivered from the Cloud.  Windows 10, Office 365, and Enterprise Mobility + Security have been deeply integrated to deliver the best experience for users and IT.