working in a library

Microsoft EMS: The innovative solution for IT administrators

In Devices, Security by Sophie, Professional Services1 Comment

There is no question, technology has become a massive part of our daily working lives but what does need defining is the boundaries of the corporate network.

This subject has become an ever pressing matter which is too big to neglect, and too important to misjudge. Leading to the creation of various siloed technologies, none of which collectively solve the issue at hand.

Introducing Microsoft’s Enterprise Mobility Suite [EMS] – the innovative solution providing IT administrators with the ability to centrally manage devices accessing corporate resources. The impacts of EMS are vast, but we have highlighted 3 core features that will bring delight to CTOs and IT admin.

1. Managed Apps

When it comes to managed apps you are looking for a central place to upload and deploy apps to members of their organisation, in a seamless way. This is where one of Microsoft EMS’s features comes to play – Microsoft Intune.

Having used Intune for different clients, what I love most is the managed app capability.

Managed apps are applications with an extra layer of added security. Administrators can choose exactly what they would like users to be able to do within these managed apps. Some configurable settings are:

• Restrict iTunes, iCloud and backups of data within managed apps.
• Allow or Restrict transferring of data within managed app to unmanaged apps or all apps.
• Allow or restrict managed apps to receive data from other apps.
• Restrict cut, copy and paste to other un-managed apps.

managed apps graphic

You can also choose how much security you require in order for the user to gain access to the managed app. Here’s a taster of what is possible to configure:

• Require a simple pin for access.
• Number of attempts before pin is reset.
• Require corporate credentials.
• Require that the device is not rooted or Jailbroken.

Currently Microsoft offers the ability to manage the full Microsoft suite and some third party applications like, Citrix ShareFile, Box, Xamarin and SAP Fiori.

managed apps security graphic

2. Remote Wipe and Selective Wipe

Microsoft EMS brings about a new way to ensure corporate and BOYD (Bring Your Own) devices are secured.

Once a device is enrolled with Intune, administrators can retire a device by performing remote and selective wipes. A remote wipe will wipe the whole device and all the content this is essentially a factory reset. However, selective wipe works hand in hand with managed apps as discussed earlier, to ensure that only data associated with corporate-managed apps are wiped from the device.

Users can also perform a selective wipe, as once corporate accounts and applications are removed from the device, so is the data contained in those apps.

This can put IT administration at ease knowing that they don’t have to go searching for a device.

3. Securing documents with Azure Rights Management Service [RMS]

Azure RMS allows you to secure documents with the use of encryption and permissions. Users can control who has access to the document and what they can do within the document this might mean restricting it to read only, stopping others from saving the document, taking away the ability to print, cut, copy and paste content.

These policies can also be applied to emails alongside the ability to restrict the forwarding of email ensuring only the authorised user can view the email no matter where the document is accessed from. Any documents attached in an RMS protected email will have the same security settings applied.

It’s day to day features like this which make Microsoft EMS so great!

cloud quote
Other great features of Microsoft EMS

With Azure RMS it is possible to track who opened the document and if they have permission to edit you can see exactly what they have changed.

Another great function is the use of expiration dates. If the user sets an expiration date of 8 days once this time has elapsed the document will be revoked and the user granted permission will no longer be able to access it.

Administrators have the ability to create Azure RMS templates however by default there are two. Once the user has downloaded the templates they can secure their documents while offline.

Documents protected by Azure RMS do not have to reside in the Cloud they can be offline! This is because documents secured with RMS are never sent or stored in Azure (unless specifically stored in a cloud service that uses Azure).


In summary Microsoft EMS is an evolutionary product that is going to propel your business into a new era of security and device management. Long gone are the re-occurring nightmares of a corporate network exposed to potential data leakage and increased surface attack. EMS provides users with the means of accessing corporate data from personally owned devices whilst ensuring data is secured and easily managed.

So what are you waiting for? EMS can be trialled for free for 30 days! Join the revolution of companies managing their IT smartly.

tech CTA

Written by Sophie Williams | Workspace Consultant, RedPixie | See her LinkedIn Profile


  1. EMS Solutions

    This is a good news. The Microsoft’s Enterprise Mobility Suite [EMS] which is the innovative solution providing IT administrators with the ability to centrally manage devices accessing corporate resources. It will really help the big establishment and companies to monitor there company,

Leave a Comment