Our Blog

where we write about the things we love



Protecting your people with Microsoft EMS

This is part two in a series of five blog posts discussing the Microsoft Enterprise Mobility + Security (EMS) solution. In this blog I will be focussing on the first of the four key pillars - how you can protect your people (their identities) in the mobile world. 

Protecting your people with Microsoft EMS

Anybody worth their salt, when talking about the Cloud, knows that identity underpins everything. It allows you to access devices, applications, data and everything in between. Think of it as your cloud passport.

Now think how carefully you take care of your own passport. Most of us keep it in a drawer at home – we know its location in case of emergency, but we trust in the security of our own home to keep it protected.  As we travel however, we take more care – locking it in a safe in a hotel room, keeping it close at all times and having a heightened sense of awareness in case someone tries to pilfer it.

Also, consider the function of a passport: it not only allows you to enter a foreign country, but it is also a valuable form of identity to validate who you are. It is issued by a trusted party called the New Zealand Government and other countries who are linked to ours know to accept it as a verified token.

Now consider what happens when we reach the border of the United States; we not only are required to present our token, but we need additional levels of authentication to prove who we are. We are required to submit ESTA approvals to show we are authorised to enter the country. We also submit fingerprints and photos so that they can log more detail about who traverses the country boundary.

This analogy matches how we utilise our company identity. When we are in the office, we are protected by our firewalls and network security so we can relax some of the rules of access. However when we leave that boundary, we need to be more vigilant and introduce more factors of authentication to protect our identity.

One simple way for users to validate their identity is by implementing Multi-Factor Authentication (MFA). The principles behind MFA are generally something you know (i.e. a password) and something you have (i.e. a mobile phone or access token). This is then used to validate who they are, and furthermore allow them access to what they need*. As a business, you are protecting their identity and ensuring you are confident about who is accessing your applications and data. Once you have this protection in place, you can then allow your users more freedom.

As in the passport analogy, we generally have one form of identification to traverse multiple boundaries. In a perfect IT world this identity is known and trusted by all applications so there is no requirement to revalidate that identity. Unfortunately, we are often required to revalidate our identity. In the real world we are frequently asked for our credentials – at the border, at the bank, at the hotel. The same happens when accessing applications – and nothing frustrates a user more than having to sign in all the time. This issue can be bypassed by implementing Single Sign-On (SSO). Using SSO allows users the freedom of authenticating once and traversing your environment as they need by ensuring that all systems can access a shared service that validates who you are*.

Also at some point users will need to reset their password. This is either driven by domain security policy requirements, or when users forget their password - most commonly right after the Christmas break. Why not allow users to reset their password themselves? This will reduce administrative time for the helpdesk, and empowers the users with more control. Self Service Password Reset (SSPR) is exactly that. When implemented, users take time to configure a set of challenge questions, which will be used to verify they are who they claim to be at a later point in time. They will then be able to reset their password from anywhere, at any time, without the need to contact the helpdesk.

When a user authenticates, and verifies who they are (MFA), using the features within EMS, the user can then reap the benefits of SSO and utilise SSPR technology. This offers freedom to the users and security to the business.

These are just three examples of how EMS can protect your People. In the next blog I will be discussing how to secure the devices your users are using.

* additional security can be provided to limit access to specific applications and/or data. More about that in the fifth blog of this series

If you would like to know more about EMS, and how it can help you, please get in touch with us here at Intergen.

Posted by: Jeff Tebbs, Senior Infrastructure Consultant | 03 April 2017

Tags: mobility, Security, Digital Transformation, EMS, Enterprise Mobility Suite, Microsoft Enterprise Mobility + Security

Blog archive

Stay up to date with all insights from the Intergen blog