Learn about Enterprise Mobility + Security

Securing productivity, collaboration and enterprise data is critically important as organizations digitally transform and Microsoft is committed to delivering a new approach to secure this transition. Microsoft’s Secure Productive Enterprise (SPE) is the most trusted, secure, and productive way to work that brings together the best of Office 365, Enterprise Mobility + Security, and Windows 10 Enterprise to empower your employees and lead your organization through its digital transformation with special focus on the following areas:

  • Collaboration. Enable seamless, efficient collaboration across your organization.
  • Mobility. Enable a productive workforce anywhere on any device.
  • Intelligence. Provide employees greater business and personal data-driven insights.
  • Trust. Protect company information without disrupting productivity.

As part of SPE, Enterprise Mobility + Security (EMS) provides flexible, comprehensive mobility and security solutions that enable your transition to mobility and the cloud. Organizations in the mobile-first, cloud-first world need to empower their employees to access all their data and applications from every device and every location. Users need to collaborate with each other, their partners, and connect with customers. And the tools they use don’t operate only in a protected and controlled on-premises environment any more. They can be found in any public cloud.

With EMS you get identity-driven innovations that help your users stay secure and productive on their favorite apps and devices. EMS provides a complete security solution backed by Microsoft’s cloud scale intelligent security graph to protect your business in a world of evolving challenges and advanced threats that cannot be mitigated with traditional tools. With EMS, your employees also get productivity without compromise. Company data is seamlessly protected without slowing down users so they can do their best work on their favorite device.

Watch this short video to learn more about how Enterprise Mobility + Security (EMS) is uniquely positioned to save you money, get up and running quickly, and securely address enterprise scenarios for managing and protecting users, devices, apps, and data:

What’s included in EMS?

It’s easy to buy Microsoft Enterprise Mobility + Security offerings. To keep things simple, each product is priced per user, not per device, and there are also volume discounts.

You can purchase EMS licenses through either the EMS E3 or EMS E5 offering. With EMS E5, you get everything included in E3 along with additional cloud security capabilities as you can see in the following table:

Identity and access management Managed mobile productivity Information protection Identity driven security
EMS E3 Azure Active Directory Premium P1. Secure Single-Sign on to cloud and On-premises apps. MFA, Conditional Access and advanced security reporting. Microsoft Intune. Mobile device and app management to protect corporate apps and data on any device. Azure Information Protection Premium P1. Encryption for all files and storage locations. Cloud based file tracking. Microsoft Advanced Threat Analytics. Protection from advanced targeted attacks leveraging user and entity behavioral analytics.
EMS E5 (includes all capabilities in EMS E3) Azure Active Directory Premium P2. Identity and Access Management with advanced protection for users and privileged identities. (includes all capabilities in P1) Azure Information Protection Premium P2. Intelligent classification, & encryption for files shared inside & outside your organization (includes all capabilities in P1) Microsoft Cloud App Security. Enterprise-grade visibility, control, and protection for your cloud applications.

Tip: Secure Productive Enterprise (SPE) replaces the Enterprise Cloud Suite (ECS) as the most trusted, secure, and productive way to work that brings together Office 365, Enterprise Mobility + Security, and Windows 10 Enterprise. And, just like EMS you can purchase either the SPE E3 or E5 offering.

Office 365 and EMS. Better together.

EMS enables your employees to unlock the full potential of Office 365, the professional standard for cloud-based productivity software. EMS and Office 365 work together to create a secure and productive environment for the workforce. Some of the basic functionality of Office 365 is enhanced when paired with the capabilities of EMS to support new productivity models. Office 365 and EMS are built on the same backend and work better together. The cross service integration is built-in and not bolted on.

Identity and access management Managed mobile productivity Information protection Identity-driven security
Office 365 Basic identity management via Azure AD for O365 Single sign-on for O365 and basic multi-factor authentication (MFA) for O365. Basic mobile device management via MDM for O365 Device settings management, selective wipe, and built into the O365 management console. RMS protection via RMS for O365 Protection for content stored in Office (on-premises for O365), access to RMS SDK, and bring your own key. Advanced Security Management Insights into suspicious activity in Office 365.
Enterprise Mobility + Security (includes all capabilities in Office 365) Azure AD for O365 + Advanced security reports, single sign-on for all apps, advanced MFA, self-service group management and password reset & write-back to on-premises AD, dynamic groups, and group memberships based on license assignment. MDM for O365 + PC management, mobile app management (prevent cut/copy/paste/save as from corporate apps to personal apps), secure content viewers, certificate provisioning, and System Center integration. RMS for O365 + Automated intelligent classification and labeling of data, tracking and notifications for shared documents, and protection for on-premises Windows Server file shares. Cloud App Security Visibility and control for all cloud apps, Advanced Threat Analytics Identify advanced threats in on-premises identities, Azure AD Premium P2 Risk based conditional access.

Windows 10 Enterprise and EMS. Better together.

Used together with Windows 10 Enterprise, EMS can protect application access, provide flexible device and application management, and help secure data everywhere.

Identity and access management Managed mobile productivity Information protection Identity-driven security
Windows 10 Single sign-on for business cloud apps and device setup and registration for Windows devices. Windows Store for Business, traditional domain join manageability, and manageability via MDM and MAM. Encryption for data at rest and generated on device and encryption for data included in roaming settings. Windows Defender Advanced Threat Protection Identify advanced threats focused on Windows 10 behavioral sensors.
Enterprise Mobility + Security (includes all capabilities in Windows 10) Windows 10 + Conditional access policies for secure single sign-on, MDM auto-enrollment, self-Service Bitlocker recovery, password reset with write back to on-premises, cloud-based advanced security reports and monitoring, and Enterprise State-Roaming. Windows 10 + Mobile device management, mobile app management, secure content viewer, certificate, Wi-Fi, VPN, email profile provisioning, and management of Windows devices (domain-joined via ConfigMgr and internet-based via Intune). Windows 10 + Automated intelligent classification and labeling of data, tracking and notifications for shared documents, and protection for content stored in Office and Office 365 & Windows Server on premises. Cloud App Security Visibility and control for all cloud apps. Advanced Threat Analytics Behavioral analytics for advanced threat detection. Azure AD Premium Risk based conditional access.

You’ve got EMS licenses, now what?

Organizations going through digital transformation need to protect themselves from new threats and challenges while IT is continually being asked to drive efficiency and do more with less. In addition, in a cloud-first, mobile-first world users expect to be productive from anywhere and on any device. Now that you have EMS licenses, it's time to get started using EMS.

Learn more

Visit the Microsoft Enterprise Mobility + Security page

Start using Enterprise Mobility + Security