A cloud for everyone on every device and Office for iPad (and later on Android) means people will be opening important company documents on a lot more devices. That means IT admins will want tools for managing those. There are plenty of Mobile Device Management solutions, but Microsoft is hoping that the combination of being able to manage both PCs and devices in Intune and the premium Azure Active Directory services behinds its new Enterprise Mobility Suite will give it the edge of competitors like BlackBerry and MobileIron.

The specific Intune features for managing Office for iPad and other mobile devices aren't there yet, Microsoft cloud and enterprise product marketing manager Andrew Conway told TechRadar Pro. But after the major new version last October and more updates in January 2014 Conway says, "we'll be bringing new capabilities to Intune in April. That will include being able to remote into my PC from iPad and Android devices." Samsung Knox gets extra support; you can manage it with Intune and enable workplace joining for Knox devices so users can get access to files and applications that you otherwise restrict to the office network.

Julia White
Julia White demonstrating that cloud is about managing mobile devices as well

The Enterprise Mobility Suite bundles up Intune with the existing Azure Rights Management service and the just-out-of-preview Azure Active Directory Premium service. "This is a premium set of IT tools on top of Azure Active Directory," Conway explained. "You get features like single sign on group management for SaaS access, security reports, self-service password reset ... With the security reporting, you get an insight into anomalous logins, like someone who is logging in from two places at the same time; if you see weird patterns you can start to require a second factor for authentication. We're bringing it all together in the Enterprise Mobility Suite, with the addition of Azure Rights Management. Azure is the common identity, the common rail that everything runs on and these are the different capabilities we have on top."

Keeping things simple

Single sign on lets you control the cloud services users connect to, like Salesforce and Twitter; there are a thousand services already supported in Azure Active Directory. You choose which users have access and they don't have another password to remember (or get phished). "And when someone leaves, all those accounts get deprovisioned," points out Conway. It's much less work to delete one account in Azure than to make sure individually that they don't have access to all their cloud tools any more.

Windows Azure
Using Windows Azure

Office 365 already includes rights management for documents, so you can choose whether confidential documents can be forwarded or printed, or have a price list expire after a certain time. Azure Rights Management brings that to other document formats, including apps that support it like the Polaris Android tools and Samsung Know. Users can use rights management for free but if you want to manage how they do that, you need the Azure Rights Management service.

"We've brought to the cloud something we've been doing on premise for a long time," Conway explains. "But we've done a lot to make it easier for customers because you don't have to set it up yourself on premise."