Green House Data services include the design and implementation of mobility solutions to make your organization more resourceful, connected, and reactive.
Enterprise Mobility Management (EMM) solutions help employees be productive, engaged with customers, and collaborative with coworkers. EMM is no longer a matter of simply connecting mobile devices to an email server or granting access to company resources via remote connection.
Modern employees often need robust and comprehensive support, and employees expect application-feature and data-access parity between their mobile devices and the devices they access at the office.
EMM Solutions must also consider cloud computing services, user identity, applications, data security, and threat mitigation into the platform.
An ever-increasing number of organizations are embracing Bring Your Own Device (BYOD) models and Mobile Application Management (MAM) as part of a larger IT strategy to support and empower employees.
Yet, EMM is less about devices and more about people. The paradigm shift from a device-centric management structure to one that is people-centric is significant. All of the components that enable mobile productivity in an EMM solution must have a people-centric architecture that aligns with enabling this vision. Finding the proper balance where employee empowerment and productivity meet the business needs of your organization is the most crucial requirement for an EMM solution.
Provides comprehensive user identity and app access management capabilities, integrated single sign-on (SSO) support for thousands of popular SaaS apps. Users can use a single user name and password for a consistent experience across every app, such as Salesforce, Concur, or Workday.
Provides Mobile Device Management (MDM), Mobile Application Management (MAM), and Windows PC Management capabilities. Allows for simplified device enrollment, device management through compliance policies, device locks, selective data wipes, and more.
Helps protect sensitive information and controls how it is used or shared. Encryption, identity, and authorization policies secure files and email messages; these policies then follow anything they are attached to, even if it goes outside of the organization. This enables users to access data regardless of where they are or what device they use.
Advanced Threat Analytics (ATA) helps organizations be proactive in efforts to protect corporate data, identities, personal information, and online reputation. It identifies suspicious activities, malicious attacks, and provides alerts for security risks.
|
Users / Employees / People
| The first and most important element of the enterprise mobility management solution is the user or employee. The enterprise mobility solution must support effective ways to manage user accounts and make it easy for employees to access resources; if it becomes too tedious to manage identities or access company resources, the EMM solution becomes an obstacle instead of an effective management tool. In turn, workplace technology obstacles invite shortcuts, workarounds, and questionable data-protection practices. |
| Devices | Technological advancements have rapidly changed the modern workplace environment; it has gone from stationary workstations and company-issue to a mosaic of mobile and Internet-connected devices. As a result, the BYOD model has risen to prominence and organizations must be able to adapt to the new challenges that come with this change. With employees using personal devices and mixing their lives with work responsibilities, IT departments must be able to manage an ever-increasing collection of mobile hardware, operating systems, and unique architecture requirements. Once organizations understand how to support different devices, they can define and implement appropriate EMM features that satisfy organizational needs. |
Apps
| Apps are the centerpiece of most business requirements and although managing different device types creates new challenges, managing a mixture of commercial and customized apps can be just as difficult. Properly installing and managing these apps depends on a number of factors: different apps have different installation requirements, they can require adjustments to function properly on different devices, and they have varying levels of risk when it comes to the security of information. Failing to accommodate for these factors can leave you vulnerable to exploits and can lead to the exposure of sensitive data and information. IT departments need to understand how to support apps and employ management protocols that will ensure data is protected. |
Data
| Operating hand-in-hand with identity management, apps, and the architecture of mobile devices, data must be consumed securely and easily for users to be productive. Understanding how data is stored on devices and how data is protected in transit is critical when planning and configuring EMM features and policies. Depending on your business, you may need multiple layers of data protection, information classification based on sensitivity, methods for data encryption, and integrated ways to manage access control. |
Protection
| Protecting mobile devices and company data from threats is just as important as securing data access. No matter how carefully planned security is, all levels of mobile device security are potentially vulnerable to a wide variety of malicious activity. These vulnerabilities include threats to company data, personal information, and even user identity. Understanding how EMM solutions address gaps in protection is important to effectively protect mobile devices within your enterprise. |
Microsoft Intune is a cloud service that provides mobile device management, mobile application management, and PC management capabilities. Intune's mobile productivity management capabilities help organizations provide their employees access to corporate data, applications, and resources while helping to protect their corporate information.
Intune supports Windows, Windows Mobile, iOS, Android, and Mac OS X devices and provides several options for protecting corporate data on these devices. Intune has two deployment modes: standalone as a fully cloud-based service which requires no on-premises infrastructure; and hybrid which works with on-premises System Center Configuration Manager (SCCM).
The primary Intune subscription includes usage rights to SCCM, which allows organizations to manage PCs and mobile devices through the same management console.
Mobile Device Management (MDM)
Intune can manage both company-owned devices as well as end users’ personal devices, popularly known as Bring Your Own Device (BYOD). MDM allows corporate IT to control the following aspects of a device through the Intune web-based administration console: management, inventory, app deployment, provisioning, and retirement.
With MDM scenarios, end users can enroll and remove their devices, install company apps, get quick access to company resources via email, WiFi, and VPN profiles, and contact their IT department or help-desk by using an app called Intune Company Portal.
Mobile Application Management (MAM)
Intune has the ability to set app restriction policies at the app level for use with or without MDM device enrollment. Intune enables protection of corporate data with policies that restrict data leakage, provide encryption at rest, enforce application access and compliance, and remove corporate data at the application level.
Conditional Access
Intune allows IT to manage access to corporate data via conditional access capabilities, ensure that only managed and compliant devices are able to access corporate email and files – all without requiring on-premises infrastructure. If the device is not managed by Intune or compliant with IT policies (such as password strength, encryption, OS version), the access is blocked.
Additional checks such as group membership, location, and risk profile can be done at the user level with Azure AD Identity Protection that can further ensure that only authorized users can access work email, files, and SaaS apps.
Office 365 and Office Mobile App Management
Intune has unique capabilities to manage Office mobile apps on iOS and Android devices, including app-level authentication, copy/paste control, save-as control, and the capability to enforce conditional access policies to Exchange Online, Exchange On-Premise, SharePoint Online, and Skype for Business. Intune also enables multi-identity scenarios which allows users to use both personal and company accounts within the same Office mobile app.
PC Management
In addition to managing mobile devices, Intune also manages computers running supported operating systems using the Intune agent or via MDM. Hardware and software requirements to run the computer client are minimal—any system capable of running Windows Vista or later is supported.
Client software can also be easily installed on either domain-joined computers (in any domain) or non-domain-joined computers. In addition, Intune works with System Center Configuration Manager to support more advanced PC and server management scenarios.
