IT security is one of the most important areas in the IT landscape. Microsoft is also keeping a watchful eye on corporate security requirements, and is all set to launch its new Secure Productive Enterprise Suite (SPE) in October 2016 to replace the standard Enterprise Cloud Suite (ECS). The new Enterprise Suite will be available in two versions, E3 and E5. COMPAREX Senior Technical Presales Executive Thino Ullmann has summarized the new features of the SPE, as well as the most important differences between the various versions of the Enterprise Mobility + Security Suite (EMS) E3/ E5 and Windows 10 Enterprise E3/ E5.
An article by the Thino Ullmann, Senior Technical Presales Executive
Windows 10 Enterprise offers the new Secure Productive Enterprise Suite in an E3 and E5 plan. Besides standard enterprise features such as Edge, Cortana OneNote, both plans also contain, among other things, software assurance benefits such as MPAM, AGPM and Dart. E-learning vouchers and an extended 24/7 Hotfix Support are also integral parts of both plans. But the E5 plan has one key advantage over the E3 version with regard to Windows 10 Enterprise, namely its Windows Defender Advanced Threat Protection (ATP). Not only does this new service help companies detect targeted and advanced cyber attacks on their networks, it also enables them to identify and initiate suitable responses.
Enterprise Mobility + Security: What are the differences?
Source: Microsoft. Overview of the individual areas, also where the EMS Suite security solutions are used.
Microsoft offers two versions of the Enterprise Mobility Suite (EMS) as part of the Secure Productive Enterprise Suite . In the EMS, the differences between the E3 and E5 plans become apparent in four core areas: Identity & Access Management, Managed Mobile Productivity, Information Protection and Identity-driven Security.
Both plans use Azure Active Directory for identity & access management. The premium P1 version is offered in the E3 plan, which contains all of the features included in the current Azure Active Directory Premium. The Azure Active Directory Identity Protection und Privileged Identity Management products are added to the premium P2 version of the E5 plan. Azure Active Directory Identity Protection is a security service that offers a comprehensive overview of all risk events and potential security risks concerning the identities in your organization. For instance, the product can prevent impossible geographical switches to non-typical locations, as well as the registration of anonymous IP addresses. Azure Active Directory Privileged Identity Management is used to manage, control and monitor privileged identities and their access to resources in Azure AD and other Microsoft Online Services such as Office 365 or Microsoft Intune.
Managed mobile productivity – achieved using Microsoft Intune – is another important element in the Secure Productive Enterprise Suite. Intune allows management of PCs, laptops and mobile devices, while protecting company data stored on all of this equipment. For instance, it can manage a large number of device types that use a variety of operating systems (Windows, Windows RT, Windows Phone 8, Apple iOS or Google Android), and can furthermore guarantee the configuration and distribution of security policies, software and hardware across all these devices.
Both Secure Productive Enterprise Suites use Azure Information Protection to protect sensitive data. A product created through the merger with Rights Management Service (RMS) and the acquisition of the company Secure Islands, it brings together a variety of different methodologies applied for the protection of data. In the E3 plan, this includes persistent protection firmly integrated in the file, deployment and management flexibility and other features. Secure shares of data with customers and partners outside the company are added in the E5 plan.
Other differences between the two Secure Productive Enterprise Suites are apparent in regard to identity-driven security that Microsoft has adopted within the new Secure Productive Enterprise Suite. The E3 plan uses Microsoft Advanced Threat Analytics (ATA). The ATA technology comes from the Israeli start-up Aorato, which Microsoft acquired at the end of 2014. ATA acts as a kind of intrusion detection system. Its purpose is to ensure the faster detection of intruders and attacks in company networks, as well as to reduce the vulnerable target size. To do this, ATA uses Machine Learning to evaluate the Windows events in the Active Directory, among others. Microsoft Cloud App Security is added to the E5 plan. The purpose of Cloud App Security is to safeguard and monitor cloud applications.