An Office 365 add-on license that is so useful, should be included with Business Premium licenses by default!
Rating: 9 out of 10
IncentivizedUse Cases and Deployment Scope
We implement Microsoft EMS + Security at all of our clients who use Office 365, as well as internally. It provides advanced threat protection from malware, phishing and impersonation attacks, as well as includes an Azure AD Premium subscription for each user, so they are licensed for Azure AD services like Single Sign-On, which we use with just about any cloud service we can that supports Azure AD SSO via SAML. Lastly, we use the InTune subscription included for basic asset management and configuration policies for Windows 10 devices.
Pros
- Azure AD Single Sign-On -- this is my favorite feature of EMS + Security. It is easy to setup and MS has simple instructions for most popular cloud services.
- InTune -- the changeover from the old InTune Client/Silverlight Portal has been painful, but once you get Win10 devices setup with InTune, management is a breeze.
Cons
- InTune deployment via Hybrid Azure AD. The instructions seem very simple but there are lots of little areas you can get tripped up and there is little logging to see where you've gone wrong.
- Advanced Threat Protection anti-impersonation. It is WAY too sensitive. Users emailing themselves from personal accounts get their mail sent to quarantine just because the name/label of the personal account matches their Office 365 mailbox name/label? HUH???
- Licensing. Typical of Microsoft, what you're actually getting and details of licensing are confusing.
Likelihood to Recommend
Any organization that is running Office 365 for email should have EMS licenses. The benefits are manifold compared to the reasonable cost. Truthfully, I think a lot of the features should be part of an O365 Business Premium license, but since the EMS license is a drop in the bucket, it's hard to complain.
