Interlink Cloud Blog

facebooktwitterlinkedin

Sarah Bunt

On-Demand Webinar | How to Stay Secure & Productive with Microsoft’s Enterprise Mobility + Security Suite

On-Demand Webinar | How to Stay Secure & Productive with Microsoft’s Enterprise Mobility + Security Suite

On-Demand Webinar & Slides

view ems e5 webinar


Are you looking to add a tighter level of security to your environment? Do you want to stay secure and productive on your favorite apps and devices?

In this on-demand event, Microsoft and Interlink Cloud Advisors show you the powerful new capabilities of Microsoft Enterprise Mobility + Security and how it ensures your critical company data is protected.

During this online event, see what’s new through a live demo of EMS’s E5 functionality and how it allows you to:

  • Lockdown your valuable data: Automatically classify information to better protect intellectual property with Azure Information Protection. Lock it down so, your competitors can see it and your existing sales people can’t take it with them!
  • Secure the cloud: Drive security policies and reporting across Microsoft and non-Microsoft cloud services with Cloud App Security. Your data is being dispersed all over the global by using various SAAS services. Take back control and visibility – we’ll show you how!
  • Control Administrator Account Access: Ensure that powerful rights are utilized appropriately. Privileged Identity Management gives the ability to grant access to admins only when required and limited to the resources needed.
  • Use Identity Protection: Ensure that users are accessing your environment following the policies that are required for your business. Automatically identify risky scenarios, take appropriate actions, and provide reporting.

In addition, we provide an in-depth licensing overview and comparison of EMS E5 vs. EMS E3 features and functionality. You’ll also see how you can leverage Microsoft paid assessments and proof of concepts to see if EMS E5 is the right solution for your business!

video ems e5 webinar

Click to instantly watch this information-packed webinar and download the slide deck.


PRESENTERS

Eric Inch

Eric Inch

Eric Inch is a Technical Solutions Specialist - Mobility & Security for the Microsoft Corporation. He is responsible for helping clients deploy the EMS offering across their corporate account base.

Eric Brophy

Eric Brophy

Eric Brophy is a Senior Consultant for Interlink who has helped more than a hundred clients migrate their workloads to the cloud.  He is badged by Microsoft and certified in their cloud technologies.

 

 

Matt Scherocman

Comparing the Office 365 Enterprise Kiosk (K1) Plan vs. Enterprise (E1) Plan

Comparing the Office 365 Enterprise Kiosk (K1) Plan vs. Enterprise (E1) Plan

Many clients have been asking us about the differences between Microsoft’s Office 365 Enterprise Kiosk (K1) plan and Enterprise (E1) plans and have been confused about which plan is right for the users who do not need the higher end suites. This comparison is for clients who are considering either of these two plans and want figure out which one is a better fit for their business. 

What is an Enterprise Kiosk (K1) plan? 

Essentially, the Kiosk plan is for those that are looking for inexpensive licenses for deskless workers - users who are often working away from a desk or using a shared PC and don’t need desktop versions of Office. 

What are the differences between the K1 and E1 plan?

differences between the K1 and E1 plan

Looking at the chart above, you can see that the main two differences between the Enterprise E1 and K1 plan is that E1 provides OneDrive for Business and Skype for Business Online while the K1 plan does not.

More specifically Kiosk customers can use the OneDrive for Business folder sync client application to sync team site document libraries with shared computers and access documents on the PC locally and offline, but they do not include a OneDrive for Business personal site with the 1TB of online storage. Nor do they include the Office Application Suite that would be able to access the documents on the PC, the Kiosk plan only includes the web versions of the Microsoft applications which require the content to be web accessible.

Another difference is the lack of desktop Outlook Access between E plans and K plans. The E plans can connect to Outlook the desktop application, but the K plans cannot and are required to use Outlook Web Access or mobile access even if Office is licensed on that particular machine under another manner. One note, the E1 plan does not include a license for the desktop version of Outlook even though it is “allowed” to connect if owned. 

The Benefits of an Enterprise K1 vs. E1 Plan

With the Kiosk licenses clients are able to reduce cost and provide their staff with access to company email, information, and resources for their employees that are often using shared PCs and are constantly moving around. This environment is where the Kiosk plans thrive and add a lot of ROI to a company. For example, the K1 plan at $4 per user per month is half the price of the E1 plan at $8 per user per month.

When users need their own storage space, access to instant messaging platforms, want to run desktop Outlook, and need a larger mailbox – then the E1 plan is a great fit. 

Learn More

If you would like to learn more about your options as you consider your cloud purchase, we would be happy to help and show you how to get the most out of your Microsoft licensing! Give us a call at 800-900-1150 or contact us here.

 

Eric Inch

"Stay Out Unless I Say So!" - The Sweetness of Azure AD Conditional Access

"Stay Out Unless I Say So!" - The Sweetness of Azure AD Conditional Access

I talk to a lot of customers using Office 365 that would like to have granular control on who can access the hosted services and only allow access to these services from corporate owned and managed devices. Enter Azure AD Conditional Access. “Keep out.. Unless of course you meet certain conditions!”

For example, with Azure AD device access rules you can restrict access to Exchange Online to only domain joined machines.

“Wait?! What?! That sounds just like what I’m looking to do.

What does that look like?”

 

When a user attempts to access Outlook Web App from a personal computer, they go to the OWA URL and enter their username and password.


The conditional access policy will look to verify that the device being used to access OWA is domain joined and registered in Azure AD. Since the computer is a personal computer, the user is denied access.


After closer examination using the “More details” link, you can see the access rules set require the device to be domain joined for access. In the scenario of personal computers, this will show as Unregistered.

Your access to corporate resources was swatted away like Dikembe Mutumbo. “Not in my house!”

“Good Eric, that’s all great but how about the full Outlook client? I would really like to see what options we have to prevent our users from connecting their personal Outlook client to our corporate email.”


When a user attempts to connect the Outlook client on a non-domain machine, the Outlook client will open and prompt the user for authentication.


The user will enter their username and password and the authentication process will look for a registered device.


Once again the user will be gently reminded that they need to be on a corporate owned device.

“Wow Eric, I’m really impressed by Conditional Access and the device access restrictions available in the Microsoft security suite. Anything else we should know? What about users that want to access OWA from other browsers?”

 

First and foremost, under no circumstance should you ever use anything other than Microsoft technology. Ever!

But, in the event some of your users want to go against my recommendation, to access corporate resources protected with device access rules they would need to use a supported browser. Conditional access support for applications: https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-supported-apps/


The behavior when attempting Outlook Web App using the Google Chrome browser would be as follows:

The user enters their username and password from a non-domain machine.

Since the user is trying to use a browser that doesn’t support conditional access, it gives the user a warning that the browser is not supported and to use Microsoft Edge or Internet Explorer.

The device based access rules are configured within Azure AD Premium and have the following options.

  • Enable Access Rules – On or Off. (self-explanatory)
  • Apply To – Specific groups that you want to scope the access rules to. You also have the ability to except specific users from the scope.
  • Device Rules – The access rules you want to enforce for access to the corporate resources.
  • Application Enforcement – “For browser and native applications” OR “For only native applications” Exchange ActiveSync – Require a compliant device to access email

For more information on Azure AD Conditional access, please read the official Microsoft blog article AzureAD Conditional Access Policies for iOS, Android and Windows are in Preview!

 

Matt Scherocman

Microsoft EMS Case Study: Interlink Sets G&J Pepsi Free to Innovate, Collaborate and Grow

Microsoft EMS Case Study: Interlink Sets G&J Pepsi Free to Innovate, Collaborate and Grow

G&J Pepsi Cola is the largest family-owned and operated Pepsi franchise bottler in the United States. Over 1,000 of their 1,600 employees are made up of deskless workers, including drivers, salespeople, and merchandisers. Not yet utilizing mobile devices, this sizable workforce did their job based on paper marching orders each morning. Over time, these paper instructions became hefty books that field people lugged around and rummaged for information.

hybrid Use Benefit quoteRealizing the need for change, G&J transitioned from paper to electronic documents and outfitted its deskless workforce with Android smartphones. The move created hundreds of new, unsecure and unoptimized mobile endpoints.

hybrid Use Benefit case study

Here’s just a couple of ways Interlink used the full value of Microsoft enterprise cloud products to meet G&J’s business challenge.

  • Secured the Digital Link with Microsoft EMS
    Using Microsoft Enterprise Mobility + Security (EMS), Interlink quickly secured 1,200 smartphones and tablets.

    With the mobile devices secure, G&J corporate offices, distribution centers, and field employees can now communicate and collaborate without having to worry about endpoint security. Management is free to share sensitive data in real time with other business units, decreasing data availability downtime while increasing efficiency of response to changes in operations.
  • Extended Microsoft EMS with Azure Active Directory Premium
    G&J uses several different applications across their IT infrastructure, all deployed with the challenge of needing to be secure and easily accessible. Using Azure Active Directory Premium, Interlink streamlined the management of these applications and improved the secure accessibility of multiple applications.

    By using a cloud-based single-sign-on (SSO), G&J consolidates application management and usage into one simple process. IT no longer needs to spend time and resources configuring multiple sets of credentials, and field employees never need to be concerned about not having access to their suite of third-party applications.

Read the full case study and see how Interlink met G&J Pepsi’s business mobility challenges with Interlink and Microsoft EMS.

hybrid Use Benefit case study

Contact us to show you how we can improve your collaboration, security, and mobility with Microsoft EMS too.  

Matt Scherocman

Free Windows Licensing for Azure: How to Get It with Windows Hybrid Use Benefit

Free Windows Licensing for Azure: How to Get It with Windows Hybrid Use Benefit

What is Windows Hybrid Use Benefit?

Microsoft has a relatively unknown benefit called Hybrid Use Benefit (HUB). If you already own Windows Servers with Software Assurance, you can use it to run workloads in Azure on Windows without paying for Windows in Azure. For those that license Windows Servers utilizing the Data Center version, you can continue to use that Windows Server to run on-premises workloads, as well as different workloads in Azure with the same license. This allows you to double the functionality of each Windows Server Data Center license! 

A few important facts:

  • Both versions of Windows Server - Standard and Datacenter -  license with Software Assurance are eligible for the Hybrid Use Benefit

    Hybrid Use Benefit entitlements

  • A Windows Server Standard Edition license cannot be used simultaneously in on-premises deployments while utilizing Hybrid Use Benefit in Azure
  • Windows Server Datacenter licenses can utilize the Hybrid Use Benefit and continue to be deployed in parallel on-premises
  • All uses of HUB must be done by importing a customer’s image file into Azure

For Azure deployments of HUB, each eligible license has an entitlement to run Windows Server VM’s at the lower non-Windows VM rates. Through leveraging HUB, some deployments in Azure can offer end-customers a savings up to 50%.  

Hybrid Use Benefit Sample - Full Time

Example scenario with customer running two D2v2 VMs using the Hybrid Use Benefit.

Hybrid Use Benefit savings sample

*EA Level D in USD, US East 2; full-time usage on demand
**Second Azure instance is included with Windows Server Standard Edition Software Assurance, EA level A

 If you want to learn more about how Azure has leveraged this benefit, please follow these links:

We look forward to explaining more about this benefit, and how it can save you money with your existing investments in Microsoft infrastructure.  Contact Interlink today!  

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
5 post(s)
Tips and Tricks
Tips and Tricks
1 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
13 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
18 post(s)
SharePoint
SharePoint
9 post(s)
Microsoft
Microsoft
6 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
53 post(s)

Blog Archive