- Published 3/13/2015
- 1st Edition
Manage all the mobile devices your workforce relies on
Learn how to use Microsoft’s breakthrough Enterprise Mobility Suite to help securely manage all your BYOD and company-owned mobile devices: Windows, iOS, and Android. Two of the leading mobile device management experts at Microsoft show you how to systematically help protect employee privacy and corporate assets without compromising productivity. You’ll find best practices, step-by-step guidance, and real-world scenarios for every stage of planning, design, deployment, and administration.
Empower your mobile users while improving security and controlling costs
- Master proven best practices for centrally managing smartphones and tablets
- Plan mobile strategies that encompass users, devices, apps, and data
- Overcome BYOD’s unique challenges, constraints, and compliance issues
- Provide common “hybrid” user identities and a seamless experience across all resources: on-premises, datacenter, and cloud
- Simplify and improve device enrollment, monitoring, and troubleshooting
- Help safeguard both corporate and personal information
Table of Contents
Introduction xiii
Chapter 1: Enabling a mobile workforce 1
The shift towards mobility 1
The challenges of enabling enterprise mobility 2
What about BYOD? 4
Understanding the challenges of BYOD 5
Understanding the Microsoft Device Strategy Framework 7
Designing a strategy to enable a mobile workforce 9
Users 9
Devices 10
Apps 12
Data 13
Threat mitigation 14
Chapter 2: Introducing the Enterprise Mobility Suite 17
Understanding the EMS solution 17
Establishing a hybrid identity 18
Managing mobile devices 20
Protecting data 21
EMS activation process 23
Embracing a mobile workforce scenario 24
Chapter 3: Hybrid identity 27
Cloud identity with Azure AD Premium 27
Azure AD Premium advanced security reports and alerts 28
Azure Multi-Factor Authentication 30
User self-service from the Azure Access Panel 32
Understanding directory integration 35
Source of authority 36
Directory synchronization 36
Active Directory Federation Services 38
Directory integration scenarios 39
Directory sync 40
Directory sync with password sync 40
Directory sync with SSO 40
Multiforest directory sync with SSO 41
Directory synchronization tools 41
Azure Active Directory Synchronization Tool 41
Azure Active Directory Synchronization Services 43
Azure AD Connect 45
Chapter 4: Implementing hybrid identity 49
Scenario description 49
Implementation goals 49
Solution diagram 50
Planning and designing the solution 51
Microsoft Azure planning and design considerations 51
On-premises planning and design considerations 53
Single Sign-On components and considerations 54
Implementing the hybrid identity solution 60
Prepare the Azure AD service for directory integration 60
Prepare the on-premises environment for directory integration 61
Enable Single Sign-On 64
Customize branding 70
Chapter 5: Device management 75
Preparing for device enrollment 76
Mobile Device Management authority 76
Device management prerequisites 78
Device enrollment profiles 80
The Company Portal 80
Customizing the Company Portal 81
Custom company terms and conditions 83
Deploying policies 83
Configuration policies 84
Compliance policies 88
Conditional access policies 88
Exchange ActiveSync policies 90
Policy conflicts 90
Managing inventory 91
Computer inventory 91
Mobile device inventory 91
Performing full and selective wipes 92
Selective device wipes 93
Full device wipes 93
Chapter 6: Implementing device management 95
Scenario description 95
Implementation goals 96
Solution diagram 96
Planning and designing the solution 97
Microsoft Intune service configuration considerations 97
Policies 100
Mobile Device Management enrollment considerations 102
Implementing device management 105
Prepare the Microsoft Intune service for device enrollment 105
Satisfy external device enrollment dependencies 112
Enrolling devices 114
Enrolling iOS devices 114
Enrolling Android devices 117
Enrolling Windows devices 120
Chapter 7: Data access and protection 127
Leveraging on-premises resources 127
Windows Server Dynamic Access Control 128
Web Application Proxy 130
Protecting data at rest at the user device location using work folders 131
Azure RMS 135
How Azure RMS works 137
Choosing the right deployment topology 141
Azure RMS connector 143
Monitoring access to resources 145
Chapter 8: Implementing data protection 149
Scenario description 149
Implementation goals 149
Solution diagram 149
Planning and designing the solution 151
Leveraging Azure RMS 151
Preparing the environment 151
Implementing the solution 153
Configuring Azure RMS templates 153
Azure RMS connector 159
Chapter 9: Monitoring BYOD and company-owned devices 169
Continuous monitoring and incident response 169
Creating an incident response plan 170
Leveraging EMS to monitor resources 171
Azure AD monitoring capabilities 172
Microsoft Intune monitoring capabilities 175
Microsoft Azure RMS monitoring capabilities 179
Leveraging EMS to respond to a security incident 180
Scenario 181
Chapter 10: Troubleshooting Enterprise Mobility Suite 187
Troubleshooting methodology 187
Knowing where to find information 190
Using troubleshooting tools 190
Troubleshooting EMS cloud services 191
Troubleshooting Azure AD Premium 191
Troubleshooting Microsoft Intune 194
Troubleshooting Azure Rights Management Services 199
Index 205