Keeping Work and Personal Data Separate Using Microsoft EM+S - CWPS

Posted by Gary Utley on November 6, 2018

Employees use their personal devices for nearly everything -- including their work. Whether it's reviewing documents or checking their email, it's likely that an employee will be connecting to the corporate servers from personal smartphones and tablets. Unfortunately, while this improves productivity, it can hurt security. This is what makes a Bring-Your-Own-Device policy important -- but sometimes it isn't enough. That’s where the Microsoft EM+S suite comes into the picture.

Why Microsoft EM+S Instead of a BYOD Policy?

BYOD policies give employees strict instructions and protocols regarding keeping personal and company information separate. However, it relies upon employees following the rules -- which they aren't always going to do. Most of the cybersecurity issues introduced to an organization are introduced through employee negligence. A technological solution, such as the Microsoft Enterprise Mobility Suite, is more reliable.


There are two approaches to mobile device security: MDM and MAM. Mobile Device Management is a solution that secures devices themselves, controlling their access and encrypting data. An IT company will be able to refer to a consolidated dashboard to view mobile devices that are connected to a network. However, there is a downside: the user will need to cede control over their device to their company's IT department.

An MDM solution is not ideal; it still lumps personal and company information together on the device. MAM, or Mobile Application Management, protects data on an application level instead. This is both more secure and more user-friendly, taking a much more granular approach. Even if a device itself is compromised, MAM will be able to protect the organization's data.

Separating Work and Life

Office 365 EM+S provides MAM, which is far more granular than an MDM. Through the single sign-on authentication services, users are able to connect to corporate data without potentially compromising it. User permissions can be controlled through the authentication service, so users are not at risk of exposing data that they don't need to access. 

While Office 365 EM+S improves security on personal devices, it doesn't do so at the expense of convenience. Rather than having an invasive MDM solution on each device, employees use Microsoft's Single Sign-On service to access their work data. Users are thus able to complete their work without having to memorize multiple passwords and without having to give up control over their personal device.

MAM further provides centralized application management, so users are able to easily connect with the entirety of their work infrastructure at once.  

While a Bring-Your-Own-Device policy (and some MDM features) are still an important part of security, Mobile Application Management is far more reliable, effective, and productive. Through MAM, organizations are able to better protect corporate data without sacrificing their employee's efficiency. The Microsoft Enterprise Mobility Suite is able to provide a number of security and productivity features designed for the modern office.

Do you want to secure Office 365 with Microsoft EMS? Contact CWPS to learn more. 

2019 Cybersecurity Threat Ebook

Topics: Office 365 EMS