Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Microsoft Enterprise Mobility + Security (EMS) Review

Microsoft Enterprise Mobility + Security (EMS) Review

Microsoft’s flagship mobility management product, Enterprise Mobility + Security (EMS) suite, offers strong security, but has some limitations.

Microsoft's flagship mobility management product, now branded Enterprise Mobility + Security (EMS) suite, contains several components. Microsoft includes identity and access management via Azure Active Directory Premium. Information protection comes from Azure Information Protection, and identity-driven security uses Microsoft Advanced Threat Analytics coupled to Microsoft Cloud App Security. Managed mobile productivity is handled by Microsoft Intune, which is the cornerstone of the suite.

The core enterprise mobility management (EMM) functionality is provided by Microsoft Intune, responsible for mobile device management (MDM), mobile application management (MAM) and a separate level of PC management (driven from the cloud).

EMS benefits from recent Microsoft acquisitions, notably Adollom, Aorato and Secure Islands. These three components help differentiate the company's endpoint security, threat intelligence and cloud access for sanctioned apps and prevention of shadow services. But Microsoft’s position is most strongly bolstered by its integration with Office.

The two pillar applications, Intune and Azure Active Directory, addresses mobility management needs with a cloud-first architecture that scales well beyond the needs of any single customer.

Intune delivers a non-invasive experience for end users and advanced tools for IT pros, with flexible use cases based on the security posture and needs of each customer. This can vary from a locked down mobility management (MDM) on one end of the spectrum to a temporary application management (MAM) on the other end.

Interestingly enough, Microsoft does not actually have a mobile content management solution, although this can be addressed by SharePoint (on premises or SharePoint Online) or OneDrive for Business.

Review Highlights


  • Strong security models with all of the (acquired) modules
  • Leading enterprise sales & support model (customer relationships)
  • It’s Microsoft


  • Application management and containerization weak compared to others
  • No geo-fencing or advanced location based services (LBS)
  • Not especially partner/reseller friendly


The market opportunity is ripe, with BlackBerry + Good creating an opening for strong/friendly Microsoft accounts to migrate to a modern, well-funded and supported platform.

Microsoft is approaching this solution with a strong focus on security, going beyond "arming endpoints" to actually cutting out the middle man. With a focus on behaviors, anomalies and intelligence, Microsoft is separating itself from the de facto device management pack.

While AirWatch, Cisco and SOTI are focused more on strong device management and analytics, Microsoft is on a parallel path – if not collision course – with the likes of its close partner Citrix. Consistent user experience and common applications are the big selling point here, along with deep integration with Microsoft Office.

However, a cautionary history lesson: Microsoft traditionally struggles prior to "version 3" of any solution. This has been true since the beginning of time with Microsoft products. This is still very much a "vision" play, with customers needing to take a leap of faith on what is to come, rather than what is here today.

Microsoft doesn't yet have the long-term consistent and connected solution like the leader