Now with OneDrive for Business, files in SharePoint sync whenever the device is connected to the Internet. Unlike the earlier method, this assures that all workers will be using the latest versions of documents when they collaborate, without having to query each other via email, he says.
+ ALSO ON NETWORK WORLD Managing BYOD expenses: How to get it right +
Employees are told that they can enroll in the BYOD program as part of a pilot to access more applications, and that offer is enticing. “They are jumping all over it,” Wirtz says.
EMS in combination with OneDrive for Business enables Cloud App Discovery, which can hunt for specific types of applications to see what is actually being used by employees. “For instance if everybody is using DropBox, and we don’t support that as a corporate standard, Cloud App Discovery shows that to us, and then we can direct our users to OneDrive for Business, which is our corporate standard,” he says.
From a security aspect, EMS supports multifactor authentication, which boosts security for whatever resources users access, he says. When logging in, users either receive a unique code via text message or an app on their phone generates a code that is presented for authentication, so the phone becomes a second authentication factor.
Users can reset their own passwords now, too, which can improve security by more quickly changing passwords that may have been compromised, but it also frees up help-desk staff from the chore and leaves them extra time – two to three hours per week - to do more strategic work, he says.
Part of the EMS package is Forefront Identity Manager, which Walsh uses as a traffic cop for anything that has to do with a user’s identity, Wirtz says - phone numbers, titles, job sites workers are part of, roles within the company. “It consumes all that HR data and turns it into security settings based on IT’s and HR’s coordination,” he says.
Before, setting security settings was manual. “The user would call in and IT would assign. Now this is more about who you are within the company and the HR roles you’re assigned within the company,” he says.
Use of InTune, which also comes with EMS, allows pushing home-grown apps as well as Office apps directly to mobile devices. Before the apps had to be side loaded to devices one at a time via a cable.
Walsh is about to go live with use of Rights Management Server, also part of EMS. RMS enables granting individuals the right to see certain documents and to restrict what they can do with them. For example, how fast Walsh can pour concrete at a site is proprietary information, but information that is necessary for estimators bidding on a project to have. “And that’s what [RMS] is going to be able to do, tying the rights to be able to see that to the user’s account,” Wirtz says.
To do the same thing without RMS would have been a massive manual effort. If I give a person an Excel spreadsheet, in order to prevent them from emailing it or forwarding it to somebody else I would have had to individually password-protect each file,” he says. “This is just three mouse clicks, and all of a sudden it’s protected. And it’s not about a password being used, it’s about a user’s rights.”
Walsh is still evaluating Cloud Application Proxy, the cloud version of Web Application Proxy available in Windows Server 2012 R2. Rather than users accessing apps directly, the proxy would act as a go-between.
“Instead of having all the DNS records point to Walsh to come to our ERP financials we would instead point the DNS to Azure, and then Azure would broker that connection between the internal ERP servers and the clients connecting to them,” he says.
This added layer can replace a corporate demilitarized zone performing the same function, reducing potential capital costs and ongoing maintenance, he says.
Wirtz says EMS comes with the promise of more features that will be part of the bundle that Walsh pays for. Based on what he’s seen under non-disclosure of Microsoft’s roadmap for the service, he will be given more options to consider. “Whatever we’re paying now we will keep paying but get more on top of it for the same price,” he says.