Industry Insights,Technical Insights
What is Microsofts Enterprise Mobility and Security Suite?
Take control of authorised devices, access and restrictions to Microsoft Office 365 email and services
Protecting company data is the responsibility of the company, even if that data is accessed on an employee’s personal laptop or phone. This presents a growing challenge for organisations, as people increasingly access cloud services, such as Microsoft Office 365, from a range of company-owned and personally-owned devices.
IT departments often struggle to gain visibility and control over the sprawl of devices accessing company data. While it can be difficult to know where to even start, failing to address this issue can expose organisations to data loss, theft and compliance breaches. Additionally, business stakeholders will often remain unaware of any data compromise.
Common incidents in flexible, modern organisations that embrace mobile working
Compromising incidents can happen easily. Take for instance an employee who uses a company laptop, personal laptop and their personal mobile phone to access Office 365 email. They may find this very convenient as they can use their personal laptop to catch up on emails. One day, they accidently leave their personal laptop at a coffee shop and unfortunately, it is nowhere to be seen when they return later.
The personal laptop left behind was old, so the employee purchases a new laptop, sets up their email themselves and is back up and running in no time. They don’t report the lost laptop to their employer as it was their own personal laptop. The employee feels that it wasn’t their employer’s issue in the first place and besides, they had dealt with the scenario themselves.
What the employee didn’t realise, is that their old laptop is still being used by someone to access their Office 365 email account. In fact, every email that the employee sends and receives, including emails containing sensitive information, are being read without their knowledge.
This scenario can have a severe impact on the employer if sensitive information ends up in the wrong hands, all the while the employer has no idea that their employees email was effectively compromised.
Despite company policy to report any lost or stolen devices, for numerous reasons, employees don’t always report incidents or follow security guidance. This behaviour leaves organisations exposed to data leaks and breaches of compliance as a result.
Lost or stolen devices is just one example of risk facing organisations. Every time an employee copies company information to their personal phones, laptops or tablets, the organisation is exposed to increased risk. This lack of visibility and control over company data could leave the organisation open to a GDPR breach and subsequent fine.
Many different scenarios need to be considered in the company’s data security policy, but how do you go about enforcing and managing the policy in the modern flexible workplace?
Corporate policies must be supported and enforced by appropriate technology
Organisations require a technical solution that can help them manage and enforce their preferred security policy, as it relates to company data in Office 365.
This solution should ideally consist of ‘predefined rules’ that are automatically enforced as users attempt to access Office 365 services from both company and personally owned devices. When someone tries to access an Office 365 email account, the system should be capable of checking if the device is compliant or authorised before access is granted.
In the case of accessing email from a personal device, the solution should also enable measures to keep company data separate and secure from personal data on that device. For example, if the user does not have a PIN number on their phone, the system should prompt for a PIN before granting access to installed business applications. If the employee leaves the business, or if the device is lost or stolen, it should be possible to remotely destroy company data held on the device without impacting personal data.
It is clear that there are a number of different scenarios that need to be considered from a corporate policy perspective. Once an organisation has determined a security policy, this should be implemented as close as possible using a technical solution. Microsoft’s Enterprise & Mobility Security Suite enables businesses to closely reflect and enforce their corporate policy.
How to secure your business with Microsoft’s Enterprise Mobility & Security Suite
Microsoft Enterprise Mobility & Security Suite is a cloud based service that enables organisations to implement and enforce their desired Office 365 security policy. Once setup and configured, the system automatically checks that devices such as laptops and phones are compliant or authorised before access to Office 365 applications is granted.
Conditional access rules can be configured, granting access if certain conditions are met. For example, organisations can ensure that laptops with encryption enabled are joined to the company domain. Devices that do not meet the specific conditions are restricted.
Microsoft Enterprise Mobility & Security enables IT departments to take back control and visibility over what devices can access corporate Office 365 data. They also have options to revoke permission or remove corporate data while leaving personal data intact on employees’ devices.
Company data can be encrypted and PIN protected on personally owned phones, even if the user does not PIN protect their personal data. Certain restrictions can also be enforced to prevent users from copying and forwarding company data.
Novi’s recommended set-up and implementation of Microsoft Enterprise Mobility & Security
Microsoft is a leader in Gartner’s Magic Quadrant for Unified Endpoint Management Tools and its mobility and security solution is capable of providing an excellent safeguard for modern workplaces. Novi’s expert team can help you to leverage the solution and understand and implement appropriate security measures to support your corporate security policy.
We recommend the following phased approach to planning, implementing and managing Microsoft’s Enterprise Mobility and Security suite:
Phase 1 – Workshop to evaluate each scenario as it relates to corporate and personally-owned devices. Develop a technical policy document that reflects the company’s data protection policy.
Phase 2 – Provision and configure the Microsoft Enterprise Mobility & Security environment with the appropriate technical policies, conditions and checks.
Phase 3 – Communicate and roll out to a small number of users and devices. Check that the policies are working as expected and tweak accordingly.
Phase 4 – Communicate and roll out to groups or all users depending on the size and geographical spread of the user base.
Phase 5 - Provide ongoing support and management
Why not contact Novi today to learn more about how to secure your business while enabling a flexible and mobile workforce.