One of Microsoft’s latest marketing bundles—its Enterprise Management Suite (EMS)—confuses many, including our own team here at Prowess. This is why we think it’s time to spend a few posts dissecting this latest beast from Redmond. In this post, I’ll look at what EMS is (and, crucially, what it means for customers) before diving into greater detail on some of its constituent parts in future posts.
What is EMS, then? Basically it brings together three different Microsoft tools; each tool handles different IT management needs in a “mobile-first, cloud-first” enterprise environment (as Microsoft would put it):
- Microsoft Azure Active Directory Premium—Azure AD provides single sign-on (SSO) for Microsoft and third-party software-as-a-service (SaaS) solutions and supplies multi-factor authentication (MFA) functionality.
- Microsoft Intune—Intune extends Microsoft System Center Configuration Manager management capabilities to mobile and non-domain-joined devices.
- Microsoft Azure Rights Management (RMS)—Azure RMS moves information rights management (IRM) to the cloud to help ensure that sensitive corporate data is protected by an employee’s credentials even when he or she is not connected to the corporate network.
On the surface, this looks like another attempt by Microsoft to lure enterprises into Redmond’s subscription-based services, and it certainly is that: EMS is only available through Microsoft Volume Licensing programs, which effectively shuts out most small and medium-sized businesses (SMBs). But dig a little deeper and EMS hints at another, broader strategy to keep enterprise customers interested in the Microsoft stack and to woo enterprises onto Intune.
Microsoft EMS: Aimed more at Azure Active Directory investigators than at Intune fans
Microsoft sells the EMS bundle for USD 7.50 per user per month. This is not much more than Azure AD, which retails for USD 6.00 per user per month, so IT organizations looking to use Azure Active Directory might easily be convinced to go with EMS. And once an organization has deployed EMS, it might find that Microsoft Intune or Azure RMS meet its needs in lieu of third-party offerings. (Redmond can at least hope.)
However, at nearly twice the monthly user fee of USD 4.00 for the Microsoft Intune add-on for System Center Configuration Manager, EMS is probably less compelling for organizations only looking into Intune. (But, again, any organization already interested in Microsoft Intune is not the target for EMS.)
Should I be Interested in Microsoft EMS?
When might EMS make sense for you? As laid out above, an obvious case would be if you are an enterprise IT organization thinking about Azure Active Directory. Whether you’re looking to make your users’ lives easier with SSO or you’re trying to get ahead of the two-factor authentication capabilities that will be baked into Windows 10, EMS effectively extends the reach of your System Center and IRM infrastructure for not a lot more than the investment you were considering making in Azure Active Directory anyway.
A more surprising beneficiary of Microsoft pricing for EMS could be large SMBs or small enterprises that don’t have a System Center infrastructure but are thinking of getting one. The Microsoft Intune license comes with user license for System Center 2012 R2 Configuration Manager and System Center 2012 R2 Endpoint Protection. So, for basically the cost of buying the Intune license a la carte—USD 6.00 per user per month—plus your licenses for any managed servers, you could stand up a System Center management infrastructure that would also cover your mobile devices (and deliver SSO, MFA, and cloud-based IRM).
Any of these arrangements are, of course, only a good deal if you actually need the technologies bundled up in EMS. For an in-depth look at one of those technologies—single sign-on—look at our previous blog post on EMS, “Will Single Sign-on Really Increase Security and Productivity?”