In this video, Sharon provides a high-level overview of EM + Security, including a brief outline of the services included in the offering.
- [Instructor] The final pillar in the Microsoft 365 bundle is EMS Plus Security. EMS Plus Security is a very robust offering and we'll only be touching on it here. EMS Plus Security includes the following services. Microsoft Intune, Azure Active Directory, Azure Information Protection, Microsoft Cloud App Security, Microsoft Advanced Threat Analytics, and Microsoft Identity Manager. Let's start examining each of these services.
And we'll start off with Microsoft Intune, which can be used to manage devices, operating systems, and apps. Enrolled devices can be corporate or personal devices. Once enrolled, you can use Intune to configure or enforce compliance on that device. A common example would be requiring a PIN for that device. You can remove company data from the device, but leave the personal data intact. For example, if an employee leaves the company. You can also reset the device to reset the entire device to factory default.
Typically this is done if the device is stolen. And finally, you can use Intune to locate a lost device as well. You can configure the OS on the device to meet your company policies, such as upgrading the device from Windows 10 Pro to Windows 10 Enterprise. Office ProPlus can be configured and deployed to the device. You can also assign other apps to that device, as well as sideload Windows apps. This is just a quick overview of Intune. If you haven't looked at Intune recently, I would highly recommend you do so.
It's come a long way. Now onto one of my favorite aspects of Azure and Office 365, Azure Active Directory. Just as with Intune, we're only going to touch on a few features of Azure Active Directory. From the security point of view, you can enforce conditional access to resources based on policies, such as only allowing specific users to access a specific app. You can enforce multifactor authentication. That is, the user must provide two different authentication methods such as something they know, a password, and something they have, a text code.
Azure Active Directory Identity will discover weaknesses in the company's identities and prevent compromised accounts from being abused. And along the same lines, privileged identity management will enable specific admin capabilities to users only as required. Both identity protection and privileged identity management are only available in the P2 skew of Azure Active Directory. Now onto some of the management capabilities of Azure Active Directory. We can easily auto provision and deprovision accounts using Azure Active Directory.
Users can reset their own passwords as well as manage their own group management. Azure Active Directory Connect Health is also included in the offering. and this service will allow you to monitor your on premise environments and synchronization services. And in my opinion, one of the other cool features in Azure Active Directory is the ability to provide single sign-on to thousands of SaaS apps, or even your on premise applications. The service will also provide reporting of user activity on these apps.
And to wrap up our section of Azure Active Directory, let's review some of the access options. Users can easily access the SaaS applications that you have allowed access to via the MyApp portal. And finally, you could leverage Azure B2B, business to business, or B2C, business to consumer directories to allow external users or partners access to your own resources, but without compromising your own Azure Active Directory. Let's change gears a bit and examine the Azure Information Protection service.
With this service, you can classify and label data, which in turn will allow you to restrict access to that data. You can also encrypt your data, and you can track activities on shared files. And if necessary, revoke access to that shared data. Microsoft Cloud App Security is a service that will discover the SaaS cloud apps that are being accessed via your network. It can recognize 15,000 cloud apps, and once these apps are discovered, you can then protect against data loss by restricting sharing to cloud apps.
And finally, Microsoft Cloud App Security includes threat detection. This service can detect such things as simultaneous multiple logins from different locations, and then apply a predetermined action to mitigate the problem. Also included in EMS Plus Security is Microsoft Advanced Threat Analytics, which will identify suspicious users, devices, or resource activity based on abnormal behavior or malicious attacks.
The service can also detect known security issues and risks, and let us know, therefore we can go and mitigate the issue. And we'll finish this lesson on the Microsoft Identity Manager service, which replaces Forefront Identity Manager. Microsoft Identity Manager, or MIM, controls and manages privileged access management, self-service management, it provides cloud-based reporting, and finally, it will synchronize identities between applications, databases, and directories.
This lesson was a high-level overview of some of the key features of Enterprise Mobility Plus Security. Some of the features we discussed will only be available in certain plans, therefore, as always, please refer to the Microsoft documentation for specific details of each plan.