Microsoft's strategy on identity management aimed squarely at cloud-based services

Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods.

Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods of authentication and access control for provisioning of Windows-based mobile devices as well as Apple iOS and Google Android devices.

The most recent example is Microsoft Enterprise Mobility Suite, which includes the type of software-based "containers" for securing applications that can be found in competing mobile application management software from MobileIron, AirWatch (acquired by VMWare) and others, says  Brad Anderson, corporate vice president of Microsoft's identity management solutions. But Microsoft wants to differentiate with Enterprise Mobility Suite by combining cloud-based authentication and provisioning as well. So the suite also includes Microsoft Azure Active Directory Premium, based on a cloud-based version of Active Directory, as well as its Windows Intune device management.

On top of that, there's Microsoft Azure Rights Management, which is basically a way that IT managers can provide encryption and place policy-based restrictions related to Microsoft Office applications such as Word, PowerPoint,  and Excel in Office 365, Microsoft's cloud service which include a hosted version of Exchange e-mail. The Azure Rights Management component in the Enterprise Mobility Suite will be available this fall, says Anderson.

Microsoft launched Enterprise Mobility Suite in May and is now licensing it at what is acknowledged as a low price point of $4 per user per month. Microsoft wants customers to consider this a way to transition to cloud-based Active Directory for identity management of mobile devices in particular.

Active Directory as an on-premises server has remained the identity repository and linchpin in corporate use for decades for decisions around provisioning all manner of applications and services. The newer cloud service Azure Active Directory Premium is intended to be a way to provide identity management associated with third-party software-as-a-service (SaaS) applications. Using Enterprise Mobility Suite, Azure Active Directory Premium provides identity access capabilities in the cloud for about 2,000 SaaS applications without having to be configured, Anderson says.

He adds many times businesses aren't even aware of how many SaaS applications are in use across the enterprise, so Microsoft also created what's called Cloud App Discovery as a utility to let them find out what SaaS applications employees are using. "We find most organizations are using about 300 apps," says Anderson.

The cloud-oriented Enterprise Mobility Suite is just the start of Microsoft's changing perspective on identity management, Anderson says. When the identity and access management process moves into the cloud, it can facilitate new types of security controls, he says. For instance, security monitoring can use machine-learning in the cloud to watch for signs of suspicious events, such as whether someone authenticates in the U.S., but then in a narrow timeframe then tries to authenticate through Russia. This would be "a red flag to the administrator" and could be blocked, he adds.

Through the secure "container" in Enterprise Mobility Suite, which can separate out personal or business apps the employee use has, the IT administrator can remotely wipe content related to business without interfering with the employee's personal apps. This is specifically helpful in the "Bring Your Own Device" (BYOD) scenario that is being increasingly adopted by businesses willing to let employees us their personal mobile devices for work.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Join the CSO newsletter!

Error: Please check your email address.

Tags identity managementAirWatchMobileIronNetworkingaccess controlmanagementAppleActive Directorymicrosoft azureGoogleMicrosoftsecurityAccess control and authentication

More about ExcelIDGMobileIron

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts