Pub. Date:
Microsoft Press
Enterprise Mobility Suite Managing BYOD and Company-Owned Devices / Edition 1

Enterprise Mobility Suite Managing BYOD and Company-Owned Devices / Edition 1

by Yuri Diogenes, Jeff Gilbert


View All Available Formats & Editions
Current price is , Original price is $24.99. You
Select a Purchase Option (New Edition)
  • purchase options
    $20.36 $24.99 Save 19% Current price is $20.36, Original price is $24.99. You Save 19%.
  • purchase options

Product Details

ISBN-13: 9780735698406
Publisher: Microsoft Press
Publication date: 04/15/2015
Series: IT Best Practices - Microsoft Press Series
Edition description: New Edition
Pages: 240
Product dimensions: 7.30(w) x 8.90(h) x 0.70(d)

About the Author

Yuri Diogenes is a Senior Content Developer on Microsoft’s CSI Enterprise Mobility Team and has more than 20 years of experience in the IT field. He holds a Master of Science degree in Cybersecurity Intelligence and Forensics Investigation (Utica College) and has been working for Microsoft for the past nine years, including five years as a Senior Support Escalation Engineer on the CSS Forefront Edge Team. Yuri also holds an MBA and several industry certifications, including MCSE, MCTS, CISSP, ECEH, ECSA, Security+, Cloud Essentials Certified, Mobility+, Network+, Cloud+, and CASP. You can follow Yuri on Twitter @yuridiogenes or read his articles on his personal blog at

Jeff Gilbert is a Senior Solutions Content Developer for the Cloud & Enterprise Division at Microsoft. From his office outside Boston, he authors cross-product solutions to IT business problems involving enterprise client management technologies, including Microsoft System Center Configuration Manager, Microsoft Intune, and Microsoft Desktop Optimization Pack (MDOP) products. In addition to local user groups, Jeff has been a speaker on enterprise client management and MDOP technologies at several conferences over the years, including the Microsoft Management Summit (MMS) and TechEd. Previous to this role, Jeff was the content publishing manager for MDOP and a senior technical writing lead for the Configuration Manager 2007 documentation team. Before joining Microsoft, Jeff was an SMS 2.0/SMS 2003 administrator with the US Army. You can follow Jeff on Twitter @jeffgilb.

Table of Contents

Introduction xiii
Chapter 1: Enabling a mobile workforce 1

The shift towards mobility 1
The challenges of enabling enterprise mobility 2
What about BYOD? 4
Understanding the challenges of BYOD 5
Understanding the Microsoft Device Strategy Framework 7
Designing a strategy to enable a mobile workforce 9
Users 9
Devices 10
Apps 12
Data 13
Threat mitigation 14
Chapter 2: Introducing the Enterprise Mobility Suite 17
Understanding the EMS solution 17
Establishing a hybrid identity 18
Managing mobile devices 20
Protecting data 21
EMS activation process 23
Embracing a mobile workforce scenario 24
Chapter 3: Hybrid identity 27
Cloud identity with Azure AD Premium 27
Azure AD Premium advanced security reports and alerts 28
Azure Multi-Factor Authentication 30
User self-service from the Azure Access Panel 32
Understanding directory integration 35
Source of authority 36
Directory synchronization 36
Active Directory Federation Services 38
Directory integration scenarios 39
Directory sync 40
Directory sync with password sync 40
Directory sync with SSO 40
Multiforest directory sync with SSO 41
Directory synchronization tools 41
Azure Active Directory Synchronization Tool 41
Azure Active Directory Synchronization Services 43
Azure AD Connect 45
Chapter 4: Implementing hybrid identity 49
Scenario description 49
Implementation goals 49
Solution diagram 50
Planning and designing the solution 51
Microsoft Azure planning and design considerations 51
On-premises planning and design considerations 53
Single Sign-On components and considerations 54
Implementing the hybrid identity solution 60
Prepare the Azure AD service for directory integration 60
Prepare the on-premises environment for directory integration 61
Enable Single Sign-On 64
Customize branding 70
Chapter 5: Device management 75
Preparing for device enrollment 76
Mobile Device Management authority 76
Device management prerequisites 78
Device enrollment profiles 80
The Company Portal 80
Customizing the Company Portal 81
Custom company terms and conditions 83
Deploying policies 83
Configuration policies 84
Compliance policies 88
Conditional access policies 88
Exchange ActiveSync policies 90
Policy conflicts 90
Managing inventory 91
Computer inventory 91
Mobile device inventory 91
Performing full and selective wipes 92
Selective device wipes 93
Full device wipes 93
Chapter 6: Implementing device management 95
Scenario description 95
Implementation goals 96
Solution diagram 96
Planning and designing the solution 97
Microsoft Intune service configuration considerations 97
Policies 100
Mobile Device Management enrollment considerations 102
Implementing device management 105
Prepare the Microsoft Intune service for device enrollment 105
Satisfy external device enrollment dependencies 112
Enrolling devices 114
Enrolling iOS devices 114
Enrolling Android devices 117
Enrolling Windows devices 120
Chapter 7: Data access and protection 127
Leveraging on-premises resources 127
Windows Server Dynamic Access Control 128
Web Application Proxy 130
Protecting data at rest at the user device location using work folders 131
Azure RMS 135
How Azure RMS works 137
Choosing the right deployment topology 141
Azure RMS connector 143
Monitoring access to resources 145
Chapter 8: Implementing data protection 149
Scenario description 149
Implementation goals 149
Solution diagram 149
Planning and designing the solution 151
Leveraging Azure RMS 151
Preparing the environment 151
Implementing the solution 153
Configuring Azure RMS templates 153
Azure RMS connector 159
Chapter 9: Monitoring BYOD and company-owned devices 169
Continuous monitoring and incident response 169
Creating an incident response plan 170
Leveraging EMS to monitor resources 171
Azure AD monitoring capabilities 172
Microsoft Intune monitoring capabilities 175
Microsoft Azure RMS monitoring capabilities 179
Leveraging EMS to respond to a security incident 180
Scenario 181
Chapter 10: Troubleshooting Enterprise Mobility Suite 187
Troubleshooting methodology 187
Knowing where to find information 190
Using troubleshooting tools 190
Troubleshooting EMS cloud services 191
Troubleshooting Azure AD Premium 191
Troubleshooting Microsoft Intune 194
Troubleshooting Azure Rights Management Services 199
Index 205

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews