Much of the focus on Microsoft’s cloud platform is on its Azure and Office 365 platforms, but it’s got plenty of other tools – with a strong focus on IT management and operations.
Like Azure, which builds on Windows Server, and Office 365, which builds on Exchange and SharePoint, these are direct descendants of its on-premises management tooling, giving you familiar tools to manage new devices and to work with new scenarios.
These are tools that it’s important to get to know now, while they’re still relatively new, as they’re a key component of Microsoft’s cloud-focused DevOps strategy. It’s a strategy that’s been in the making for a long time, building on work going back to the early 2000s and Microsoft’s dynamic data centre philosophy. Now, however, it’s a strategy that also takes into account endpoint devices like PCs and phones, as well as cloud SaaS services.
Taking management to the cloud makes a lot of sense, especially with today’s BYOD world where users want access to enterprise applications, tools, and services on their own devices. Work is no longer confined to inside the corporate firewall, and management needs to reach out to the wider world. That’s where the cloud comes in, as it gives you an always-on place where devices can connect, and where identity can be managed.
You’re probably familiar with one of the main components of EMS, Intune. It’s a cloud-equivalent of System Center’s Configuration Manager, and can be connected to an on-premises instance to give you end-to-end control of both your directly managed fleet of devices and the user devices that connect to your network. Intune gives you tools to deploy VPNs, internal applications, and email accounts to Windows (both PCs and phones), iOS, and Android.
A cloud-hosted company app store in Intune allows you to deploy your own apps and corporate licenses to user PCs, removing them when users disconnect from the management platform. Microsoft also recently announced a tie-up with Android security vendor LookOut, increasing the amount of control available when managing Android phones and tablets.
Azure Active Directory
One of the more important aspects of the service is Azure Active Directory. Taking the identity management aspects of on-premises AD, AAD gives you cloud-based single sign-on and security. Instead of giving users their own sign-ons to cloud services like Salesforce, with significant amounts of business data, AAD lets you map those services on to your own directory, giving you control over who has access to those services. More importantly, it lets you manage the onboarding and off-boarding process, so when someone leaves the company, their access doesn’t follow them to a competitor.
AAD also takes advantage of Microsoft’s machine learning tools to help identify log-ins that might be the result of compromised passwords. If an account is logging in from the other side of the world, just minutes after logging off in your office, then it’s likely to be an attack. Other security elements include support for Azure Rights Management, a cloud-hosted document protection scheme that allows you to lock down corporate documents – along with secured readers and browsers for Android devices that ensure information from inside your organisation can’t be leaked.
Bringing it all together
Bringing all these pieces together into one suite makes a lot of sense. However, it’s only part of the solution, looking squarely at client devices. For a full picture, you also need to bring in OMS, Operations Management Suite, which brings a similar set of approaches to servers, whether on-premises or in the public cloud, with the added option of automating many management and deployment functions. Mixing machine learning with big data from server logs gives you the opportunity of applying predictive maintenance techniques – helping ensure applications and services stay online.
Microsoft’s shift to the cloud is well underway, and it’s clear there’s no going back. Cloud scale means that with machine learning for log analysis, we can start to automate security rules and server maintenance. We’re also able to manage more than just our Windows devices, taking business rules to everything from Android phones to iPads and beyond. It’s a brave new world, and we’ve finally got the tools we need to start building it.