Value. EMS is a swiss army knife that solves many things outright, but makes many existing apps better without having to re-architect what I have. Rather than a silo'ed solution that don't talk to each other, it's more of a comprehensive platform play that fills a lot of gaps without having to buy many single purpose solutions. Sure, it operates in well defined spaces like MDM, Single Sign On or item level Encryption but it also extends functionality in existing apps like adding Multi-Factor auth, intrusion detection and even secure internet access to an on-prem SharePoint intranet. The same goes for extending Exchange or even a traditional File Server.
Windows Phone support via Intune - the fact that for a couple users in an environment, I have to maintain a MS developer account ($100 / yr) + Symantec Code Signing Certs (~$200 / yr) is just ridiculous. With Android, it's immediately compatible, for iOS all I need is a quick certificate exchange. For Windows Workstations I only need DNS entries. Why in the world would I need to go through days of extra hoops to support Microsoft's own devices?
Understand the breadth of what it does first. No matter what someone tries to sell you, it's not Apples to Apples. No other identity provider is offering exchange encryption integration, and no MDM vendor is offering intrusion detection tools. Since the product spans so many areas, it's kind of tough to evaluate, you need the security guys, mobile device support staff, and networking team - as well as whoever deals with your Microsoft licenses in the same room. If you can get the right audience like a CIO to listen for a few minutes, unless there are very unusual business needs it's usually a no brainer. Overall it's been really well received where I've deployed it.
I'm using EMS to solve a laundry list of problems with my clients.
While barely talked about from Microsoft, one of the most impactful pieces has been the Web Application Proxy. With a 4 mb download and nothing more than outbound internet access on a single server, I can securely share my internal web apps (SharePoint, OWA, SSRS, ConfigMgr reporting, and Service Manager along with various other 3rd party apps) to an iPad in a few minutes with Single Sign On. No VPN or swiss cheese firewalls required. Given that it replaces the need for expensive (6 figures) reverse proxy appliances in that situation, that's huge.
Being early on the Advanced Threat Analytics train, I also can finally answer the old question of "How would you know you've been hacked?" with some confidence. In some early proof of concept deployments, we immediately detected some schedules tasks that were sending sensitive accounts in the clear - we'd have had no idea otherwise that this was happening. Given the expense of other SEIM tools, this more or less came along for the ride. It does seem to answer different questions than some of the other tools out there though, so I consider it more of an enhanced surface area than a direct replacement for other event monitoring tools.
We've also set up automatic RMS encryption of emails based on subject line or who sent it as well as automatic protection of SharePoint libraries, so that as soon as a user uploads the files, it's automatically audited and encrypted just incase it is ever saved outside of where we want it.
In other places, EMS has been a direct replacement for existing MDM/SSO products.