Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods of authentication and access control for provisioning of Windows-based mobile devices as well as Apple iOS and Google Android devices.
The most recent example is Microsoft Enterprise Mobility Suite, which includes the type of software-based "containers" for securing applications that can be found in competing mobile application management software from MobileIron, AirWatch (acquired by VMWare) and others, says Brad Anderson, corporate vice president of Microsoft's identity management solutions. But Microsoft wants to differentiate with Enterprise Mobility Suite by combining cloud-based authentication and provisioning as well. So the suite also includes Microsoft Azure Active Directory Premium, based on a cloud-based version of Active Directory, as well as its Windows Intune device management.
On top of that, there's Microsoft Azure Rights Management, which is basically a way that IT managers can provide encryption and place policy-based restrictions related to Microsoft Office applications such as Word, PowerPoint, and Excel in Office 365, Microsoft's cloud service which include a hosted version of Exchange e-mail. The Azure Rights Management component in the Enterprise Mobility Suite will be available this fall, says Anderson.
Microsoft launched Enterprise Mobility Suite in May and is now licensing it at what is acknowledged as a low price point of $4 per user per month. Microsoft wants customers to consider this a way to transition to cloud-based Active Directory for identity management of mobile devices in particular.
Active Directory as an on-premises server has remained the identity repository and linchpin in corporate use for decades for decisions around provisioning all manner of applications and services. The newer cloud service Azure Active Directory Premium is intended to be a way to provide identity management associated with third-party software-as-a-service (SaaS) applications. Using Enterprise Mobility Suite, Azure Active Directory Premium provides identity access capabilities in the cloud for about 2,000 SaaS applications without having to be configured, Anderson says.
He adds many times businesses aren't even aware of how many SaaS applications are in use across the enterprise, so Microsoft also created what's called Cloud App Discovery as a utility to let them find out what SaaS applications employees are using. "We find most organizations are using about 300 apps," says Anderson.
The cloud-oriented Enterprise Mobility Suite is just the start of Microsoft's changing perspective on identity management, Anderson says. When the identity and access management process moves into the cloud, it can facilitate new types of security controls, he says. For instance, security monitoring can use machine-learning in the cloud to watch for signs of suspicious events, such as whether someone authenticates in the U.S., but then in a narrow timeframe then tries to authenticate through Russia. This would be "a red flag to the administrator" and could be blocked, he adds.
Through the secure "container" in Enterprise Mobility Suite, which can separate out personal or business apps the employee use has, the IT administrator can remotely wipe content related to business without interfering with the employee's personal apps. This is specifically helpful in the "Bring Your Own Device" (BYOD) scenario that is being increasingly adopted by businesses willing to let employees us their personal mobile devices for work.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org
This story, "Microsoft's strategy on identity management aimed squarely at cloud-based services" was originally published by Network World.