<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Microsoft Intune – Enterprise Mobility and Security Blog</title>
<atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune" rel="self" type="application/rss+xml" />
<link>https://blogs.technet.microsoft.com/enterprisemobility</link>
<description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description>
<lastBuildDate>Mon, 21 Nov 2016 17:51:36 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>Breaking down EMS Conditional Access: Part 1</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/</link>
<pubDate>Mon, 31 Oct 2016 16:04:04 +0000</pubDate>
<dc:creator><![CDATA[Enterprise Mobility Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=42325</guid>
<description><![CDATA[This post is the first in a 3-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. The way your employees interact with their devices, apps, and corporate data has changed with the adoption of mobility and cloud services. While users have become more productive, the new norm of mobile productivity requires innovative tools <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post is the first in a 3-part series detailing <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">Conditional Access</a> from Microsoft Enterprise Mobility + Security.</em></p> <p>The way your employees interact with their devices, apps, and corporate data has changed with the adoption of mobility and cloud services. While users have become more productive, the new norm of mobile productivity requires innovative tools that flex and flow to protect corporate data while giving your end users the best possible experience across their devices, wherever they are.</p> <p>In a <a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/">recent post</a>, we kicked off a discussion about how conditional access from Microsoft Enterprise Mobility + Security helps you safeguard your sensitive corporate data in this mobile-first environment. Today, well take that conversation one step deeper and explore the conditional parameters that can be used at the application, user, and location layers. Well cover device and risk-based conditional access in an upcoming post. Before getting started, its important to note that these layers are deeply connected and work together to deliver on our <a target="_blank" href="https://www.youtube.com/watch?v=CKRVndKZyfI">larger identity-driven security vision</a> for this discussion, though, we will assess them separately.</p> <p><img width="800" height="271" class="size-full wp-image-42326 aligncenter" alt="EMS_ConditionalAccess_1" src="https://msdnshared.blob.core.windows.net/media/2016/10/EMS_ConditionalAccess_11.png" /></p> <h2>Application</h2> <p>Cloud apps are gateways to lots of different types of information. While you may want to allow easy access to some apps, there are likely others which contain highly sensitive information where you want to control access to them with more rigor. When you consider the various scenarios that exist when accessing applications, its clear you need more than a one-size-fits-all approach to app-level control. Thats why weve designed our application-based conditional access in a way that allows you to choose which policies to apply to which apps.</p> <p>You can set a policy that defines the conditions of an apps access based on the sensitivity you define for it. For example, you can block access to an application from unknown locations, or require Multi-Factor Authentication, which can be required every time an app is accessed or required based on the location its being accessed from. These policies can be applied to any cloud (SaaS) or on-premises app protected by Azure Active Directory, including their rich, mobile or browser-based clients.</p> <h2>User</h2> <p>Azure Active Directory Premiums advanced capabilities in identity and access management are at the heart of EMSs identity-driven security story, and are the foundation that all our conditional access capabilities are built on. When setting conditional access policies, youll typically want to define which group of users you want various policies to apply to.</p> <p>EMS conditional access approach leverages the power of Azure AD Premium to make it easy for you to assign multiple conditions (at the location, application, device, and risk levels) to all users or multiple security groups. You can also specifically exclude groups from being affected by conditional access policies.</p> <h2>Location</h2> <p>Location-based conditions allow you to define a set of trusted IP addresses, and allow access only from them. If a user attempts to access corporate assets from an unknown network, you can define what happens next by setting specific controls that either challenge the user with Multi-Factor Authentication (MFA) or block access entirely. And of course, you can define which user groups these polices will affect.</p> <h2>Bringing it all together</h2> <p>Now lets check out a scenario that shows conditional access policy working at the user, location, and application layers.</p> <p><figure id="attachment_42535" style="width: 1024px" class="wp-caption aligncenter"><img width="1024" height="601" class="wp-image-42535 size-large" alt="ems_conditional-access-_user" src="https://msdnshared.blob.core.windows.net/media/2016/10/EMS_Conditional-Access-_user-1024x601.png" /><figcaption class="wp-caption-text">Because this app provides access to highly sensitive data, IT has applied a location-based conditional access policy that blocks users when they are working from an untrusted location. Marketing is one of the many security groups this policy is applied to.</figcaption></figure></p> <p>For more scenarios that show conditional access in action, visit our new <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access web experience</a>.</p> <h2>Next up</h2> <p>Over the next month well take a closer look at two other vital layers of our conditional access story: device- and risk-based conditions. Be sure to visit our blog regularly, or <a target="_blank" href="https://twitter.com/MSFTMobility">follow us on Twitter</a> to make sure you dont miss these upcoming installments of this series on conditional access. In the meantime, here are three important resources that will tell you more about what were delivering with conditional access:</p> <ul> <li><a target="_blank" href="https://myignite.microsoft.com/videos/2837">Ignite session recording: Conditional access for mobile devices</a></li> <li><a target="_blank" href="https://myignite.microsoft.com/videos/2842">Ignite session recording: Identity protection in action</a></li> <li><a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune">Intune conditional access documentation technical docs</a></li> </ul> ]]></content:encoded>
</item>
<item>
<title>Protect your data at the front door with Conditional Access from Enterprise Mobility + Security</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/</link>
<pubDate>Tue, 27 Sep 2016 10:00:39 +0000</pubDate>
<dc:creator><![CDATA[Enterprise Mobility Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=40865</guid>
<description><![CDATA[With smartphones, tablets, laptops, and PCs, people have an increasing number of options for getting and staying connected at any time. Users expect the freedom to access their corporate email and documents from anywhere on any deviceand they expect the experience to be seamless and modern. This means IT needs to make sure that corporate <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>With smartphones, tablets, laptops, and PCs, people have an increasing number of options for getting and staying connected at any time. Users expect the freedom to access their corporate email and documents from anywhere on any deviceand they expect the experience to be seamless and modern. This means IT needs to make sure that corporate data is secure while enabling users to stay productive in todays mobile-first world, where the threat landscape is increasingly complex and sophisticated.</p> <p><iframe width="560" height="315" allowfullscreen="allowfullscreen" frameborder="0" src="https://www.youtube.com/embed/fvCT7Y3nlAY"></iframe></p> <h2>Safeguard your resources with advanced risk-based conditional access</h2> <p>In more than 60 percent of data breaches, attackers gain corporate network access through weak, default, or stolen user credentials. <a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/07/07/introducing-enterprise-mobility-security/">Microsofts identity-driven security approach</a> protects your organization at the front door by managing and protecting your identitieswith special attention to sensitive privileged accounts.</p> <p>Conditional access from Enterprise Mobility + Security (EMS) harnesses the power of Azure Active Directory Premium and Microsoft Intune to provide the control you need to keep your corporate data secure, while giving your people an experience that allows them to do their best work from any device.</p> <p>With conditional access, you can define adaptive policies that limit access to your corporate data based on location, device and user state, and application sensitivity. Plus, our machine learning-based Azure AD Identity Protection, which leverages billions of signals daily, can detect suspicious behavior and apply risk-based conditional access that protects your applications and critical company data in real time. As conditions change, controls are triggered that allow, block access, or challenge users with Multi-Factor Authentication, device enrollment or password change–ensuring that only trusted users on compliant devices can access sensitive corporate data.</p> <h2>Get a closer look at conditional access</h2> <p>In the coming weeks, well be sharing more about the innovative vision behind EMS approach to conditional access.Check back here for a deeper look at each of the conditional layers that you can set policy around; including:</p> <ul> <li>User/Location</li> <li>Device</li> <li>Application</li> <li>Risk</li> </ul> <p>In the meantime, here are three must read articles which will tell you more about what were delivering with conditional access:</p> <ul> <li><a target="_blank" href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access/">Azure Active Directory Premium and Conditional Access</a></li> <li><a target="_blank" href="https://docs.com/officeitpro/9302/microsoft-mobility-and-security-for-enterprise">Office 365 + EMS datasheet for Enterprise Architects</a></li> <li><a target="_blank" href="http://download.microsoft.com/download/E/C/7/EC78FF06-02BB-4DFD-9EBB-CADB66BB594F/Microsoft_Identity Driven Security_Datasheet_EN_US.pdf">Microsoft Identity-Driven Security</a></li> </ul> <h2>Check out conditional access at Ignite</h2> <p>If youre in Atlanta, GA attending <a target="_blank" href="https://ignite.microsoft.com/#fbid=TzL7XougiRd">Microsoft Ignite</a>, be sure to check out todays <a target="_blank" href="https://myignite.microsoft.com/sessions/2837">Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune</a>, where well show you how to configure conditional access policies to ensure that only authorized users, devices, and apps can access corporate resources both on-premises and in the cloud. And you dont want to miss Thursdays <a target="_blank" href="https://myignite.microsoft.com/sessions/2842">Azure AD Identity Protection session</a>where well show you how to use the power of conditional access and advanced risk analytics, and just-in-time administration and security reviews to stop cyber criminals from gaining entry to your systems. If you couldnt make it to Atlanta for Ignite, session recordings will be available after the event.</p> <h2>Additional resources:</h2> <p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p> <p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p> <p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p> <p><a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p> <p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p> ]]></content:encoded>
</item>
<item>
<title>Microsoft Intune support for Android for Work</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/#comments</comments>
<pubDate>Mon, 12 Sep 2016 21:00:36 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Android]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=38206</guid>
<description><![CDATA[Today, we are announcing that Intune is now part of the Android for Work program and in the early stages of rolling out Android for Work features. Heres a sample of what you can expect to see in our initial release of Android for Work support: A broader set of management policies for Android devices; <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Today, we are announcing that Intune is now <a target="_blank" href="https://www.google.com/work/android/partners/">part of the Android for Work program</a> and in the early stages of rolling out Android for Work features. Heres a sample of what you can expect to see in our initial release of Android for Work support:</p> <ul> <li>A broader set of management policies for Android devices; including the ability to manage a work profile on the device, set policies to enforce complex lockscreen PINs and define permission policies for Android apps you manage.</li> <li>Application install improvements; today, the user experience for deploying apps is different depending on whether the app is an internally developed LOB app, or if its in the Play store. Android for Work unifies this experience, making it consistent regardless of what kind of app you are deploying.</li> <li>Security improvements; including mandatory encryption and the ability to disable app installation from unknown sources.</li> <li>Email client app configuration; using managed configuration, any email app that supports enterprise configuration can be provisioned with Intune. Intune also provides IT Pro UI for configuring the Gmail and Nine Work applications.</li> <li>App configuration capabilities; developers will be able to expose managed configuration capabilities in their applications, opening up a pipeline for Intune to be able to configure these settings.</li> </ul> <h2><img width="225" height="400" class="alignright wp-image-40565" alt="AndroidForWork" src="https://msdnshared.blob.core.windows.net/media/2016/09/AndroidForWork-169x300.png" /></h2> <h2>Join our Android for Work Preview</h2> <p>Our rollout begins with a private preview in early September. If youre interested in participating in our preview and providing us with input on what were building, we want to hear from you. Email us at intuneafwpreview@microsoft.com for consideration.</p> <h2>Check out Microsoft Intune and Android for Work at Ignite</h2> <p>If youre planning on attending <a target="_blank" href="https://ignite.microsoft.com/#fbid=TzL7XougiRd">Microsoft Ignite</a>, be sure to check out our <a target="_blank" href="https://myignite.microsoft.com/sessions/3220">Android content</a>. A full session dedicated to everything you need to know about using Intune to manage Android devices presented by the Intune engineering team designing the features and experiences. If you cant make it to Atlanta for Ignite, session recordings will be available after the event.</p> <h2>Additional resources:</h2> <p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p> <p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p> <p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p> <p><a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p> <p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
<item>
<title>Microsoft Intune provides support for iOS 10</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/#comments</comments>
<pubDate>Wed, 07 Sep 2016 19:43:31 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[iOS]]></category>
<category><![CDATA[Mobile]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=37875</guid>
<description><![CDATA[Earlier today, Apple announced the availability of iOS 10 (with public release scheduled for 9/13/2016). Since the initial beta bits were first released, we have been busy working to ensure that all existing MDM and MAM scenarios are compatible with the latest version of iOS and we are pleased to announce that Microsoft Intune will <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Earlier today, Apple announced the availability of iOS 10 (with public release scheduled for 9/13/2016). Since the initial beta bits were first released, we have been busy working to ensure that all existing MDM and MAM scenarios are compatible with the latest version of iOS and we are pleased to announce that Microsoft Intune will support iOS 10. We expect all existing Intune features currently available for managing iOS devices will continue to work seamlessly as your users upgrade their devices and appsare released to supportiOS 10. In addition, iOS 10 will also work with customers managing in hybrid with both Intune and Configuration Manager.</p> <p>For more details on our iOS 10 support, please visit the <a href="https://blogs.technet.microsoft.com/intunesupport/">Intune product support blog</a>.</p> <h2>Additional resources:</h2> <p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p> <p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p> <p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p> <p><a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></p> <p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p> <p> </p> <p><em>This blog post was updated on 9.13.2016.</em></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>New in Intune: Enhanced app management control for iOS 9.3 and Samsung KNOX devices</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/01/new-in-intune-enhanced-app-management-control-for-ios-9-3-and-samsung-knox-devices/</link>
<pubDate>Thu, 01 Sep 2016 16:00:00 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[MAM]]></category>
<category><![CDATA[MDM]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=36585</guid>
<description><![CDATA[Unwanted applications such as those preinstalled on some devices can be a cause of concern for customers managing corporate-owned devices. Also, some organizations need to have specific control over which applications can be installed on their devices from public app stores. The August update of Intune brings some important enhancements to app management on iOS <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/01/new-in-intune-enhanced-app-management-control-for-ios-9-3-and-samsung-knox-devices/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Unwanted applications such as those preinstalled on some devices can be a cause of concern for customers managing corporate-owned devices. Also, some organizations need to have specific control over which applications can be installed on their devices from public app stores. The August update of Intune brings some important enhancements to app management on iOS 9.3 and Samsung KNOX devices that give you even more control of the apps users can access on their devices.</p> <h2>Hidden and shown apps for iOS 9.3 (or later)</h2> <p>There are two new ways to manage and control which apps your users have access to on their supervised iOS 9.3 or later devices. Now you can use the hidden and shown apps list in the iOS general configuration policy to specify which apps users can view and launch, and which are hidden on their devices. <em>The apps you can specify include both apps you have deployed, and the built-in iOS apps like Messages and Notes.</em></p> <ul> <li>Apps that are specified as hidden cant be viewed or launched by users.</li> <li>When you specify a list of apps to be shown, no other apps can be viewed or launched.</li> </ul> <p>For more details, see <a target="_blank" href="https://docs.microsoft.com/intune/deploy-use/ios-policy-settings-in-microsoft-intune">iOS policy settings in Microsoft Intune</a>.</p> <h2>Allowed and blocked apps custom policy for Samsung KNOX devices</h2> <p>The Samsung KNOX improvements also allow you to configure custom policies that let you block or allow specific apps on these devices.</p> <ul> <li>Once an app is blocked, it cannot be activated or run on the device, even if it is already installed.</li> <li>Specifying which apps are allowed designates which apps can be installed from the Google Play store. When a list of allowed apps is defined, no other apps can be installed from the store.</li> </ul> <p><img width="270" height="480" title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune1608Update_1.jpg" border="0" /></p> <p>For more details, see <a target="_blank" href="https://docs.microsoft.com/intune/deploy-use/custom-policy-to-allow-and-block-samsung-knox-apps">Use custom policies to allow and block apps for Samsung KNOX devices</a>.</p> <p>Visit the <a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p> <h2>Additional resources:</h2> <ul> <li><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li> <li><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></li> <li><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></li> <li><a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li> <li>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></li> </ul> ]]></content:encoded>
</item>
<item>
<title>Ensuring mobile devices are up to date using Microsoft Intune</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/26/ensuring-mobile-devices-are-up-to-date-using-microsoft-intune/</link>
<pubDate>Fri, 26 Aug 2016 17:00:43 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=36675</guid>
<description><![CDATA[This post was authored by Chris Green, Senior Program Manager, Microsoft Intune. On August 25th, 2016 Lookout released research, conducted in partnership with The Citizen Lab (Munk School of Global Affairs, University of Toronto), about a sophisticated, targeted, and persistent mobile attack on iOS that uses three zero-day vulnerabilities called Trident. When exploited, these vulnerabilities <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/26/ensuring-mobile-devices-are-up-to-date-using-microsoft-intune/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post was authored by Chris Green, Senior Program Manager, Microsoft Intune.</em></p> <p>On August 25th, 2016 Lookout released <a target="_blank" href="https://blog.lookout.com/blog/2016/08/25/trident-pegasus/">research</a>, conducted in partnership with The Citizen Lab (Munk School of Global Affairs, University of Toronto), about a sophisticated, targeted, and persistent mobile attack on iOS that uses three zero-day vulnerabilities called Trident. When exploited, these vulnerabilities can form an attack chain that subverts even Apples strong security.</p> <p>According to Lookouts research, Trident is used in a mobile spyware product called Pegasus, attributed to an organization called <a target="_blank" href="http://blogs.wsj.com/digits/2014/08/01/can-this-israeli-startup-hack-your-phone/">NSO Group</a>, to attack high-value targets. The Pegasus attack starts with SMS phishing using spoofed sender numbers and anonymized domains to deliver malware to the targets iPhone. The targets phone is remotely jailbroken and immediately starts compromising the targets digital life. Further, Pegasus has a built-in self-destruct capability. Lookouts research reveals that the system is always monitoring to see if its been discovered. If it detects tampering, it has the ability to wipe itself out. Lookout is reporting that their products detect and alert customers to this threat.</p> <p>Lookout has published extensive information on this threat in this <a target="_blank" href="https://blog.lookout.com/blog/2016/08/25/lookout-trident-pegasus-enterprise-discovery/">blog post</a> and this associated <a target="_blank" href="https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf">white paper</a>.</p> <p>Microsoft and Lookout have been working together on a <a target="_blank" href="https://blog.lookout.com/blog/2016/06/07/microsoft-partnership/?utm_source=hp&utm_medium=ws&utm_article=msft&utm_region=us-uk&utm_segment=ent&utm_campaign=us-bl-msft">partnership</a> for mobile security that can help you insure that your corporate assets are always protected.</p> <p>In addition to the use of mobile security technology, Microsoft Intune, part of the Enterprise Mobility + Security (EMS) suite, provides capabilities to help reduce the risk of data loss due to compromised devices by helping ensure that devices are up to date and fully patched.</p> <p>Given that OS updates take time to roll out across all devices in your organization, you can run the Intune Mobile Device Inventory report to view which devices are still vulnerable. This report shows all devices that are enrolled in Intune MDM, plus devices connected to Exchange through Exchange ActiveSync (the latter requires the Exchange connector to be deployed).</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_1.png"><img title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_1_thumb.png" width="640" height="143" /></a></p> <p>The report will enable you to identify who you should follow up with to ensure they plan to install the latest updates.</p> <p>You can start enforcing an update by setting the minimum OS version setting in an Intune compliance policy and using Conditional Access to restrict access to services like Exchange Online and SharePoint Online.</p> <p><img title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_2.png" width="640" height="79" /></p> <p>You can also specify a patch version for Android devices.</p> <p><img title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_3.png" width="640" height="70" /></p> <p>Users who attempt to connect to these services from an unpatched device will be blocked until they are at the required version. It is recommended that organizations provide early notification to users before this policy goes into effect.</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_4.png"><img title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_4_thumb.png" width="360" height="480" /></a></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_5.png"><img title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune_5_thumb.png" width="360" height="480" /></a></p> <p>You can use these methods to help ensure that iOS, Android, Windows, and Windows Phone devices are patched and up to date.</p> ]]></content:encoded>
</item>
<item>
<title>Microsoft Intune provides day 0 support for Android Nougat</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/22/microsoft-intune-provides-day-0-support-for-android-nougat/</link>
<pubDate>Tue, 23 Aug 2016 02:20:27 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Android]]></category>
<category><![CDATA[MDM]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=34705</guid>
<description><![CDATA[Today Google announced the general availability of the Android Nougat update (also known as Android N or Android 7.0). Since the day the developer preview bits first became available back in March 2016, the Intune team has been testing our MDM and MAM scenarios with the available Android N preview builds. We always make day <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/22/microsoft-intune-provides-day-0-support-for-android-nougat/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Today Google announced the general availability of the Android Nougat update (also known as Android N or Android 7.0). Since the day the developer preview bits first became available back in March 2016, the Intune team has been testing our MDM and MAM scenarios with the available Android N preview builds. We always make day 0 support for new versions of operating systems a priority, and <strong>we are happy to announce that Intune has day 0 support for Android N</strong>.</p> <p>When your users upgrade their devices from prior versions or buy new devices with Android N pre-loaded, you can be confident that Intunes device and app management features will continue to work seamlessly. The only thing you need to do is update to the latest version of the Company Portal.<img width="600" height="339" class="aligncenter size-full wp-image-36215" alt="newrealisticmobile-android_smallest" src="https://msdnshared.blob.core.windows.net/media/2016/08/newrealisticmobile-android_smallest.jpg" /></p> <p>One thing to be aware of is that with the Android N update, Google removed the passcode reset capability. This means that Intune, as well as other MDMs, no longer have this functionality. Issuing a remote passcode reset from the Intune console will result in an error, so well soon be updating the console to hide that option for Android N devices. For more information on this change, read the Google API documentation <a target="_blank" href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#resetPassword(java.lang.String,%20int)">here</a>.</p> <p>The team here at Intune is dedicated to making continued improvements and enhancements to Android management features. Check back here regularly for future updates.</p> <p>Visit the <a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p> <h4>Additional resources:</h4> <p> <a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a><br /> <a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a><br /> <a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a><br /> <a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p> <p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p> ]]></content:encoded>
</item>
<item>
<title>Yammer App with Intune MAM – now available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/11/yammer-app-with-intune-mam-now-available/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/11/yammer-app-with-intune-mam-now-available/#comments</comments>
<pubDate>Thu, 11 Aug 2016 16:00:22 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[MAM]]></category>
<category><![CDATA[Office 365]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=23805</guid>
<description><![CDATA[Yammer takes the work out of team collaboration, allowing for seamless connections between teams and information that results in more efficient conversations that move work forward. With Yammer, you can connect to the right people in your organization, share and search for information across teams, and organize around projects and ideas so you can accomplish <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/11/yammer-app-with-intune-mam-now-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Yammer takes the work out of team collaboration, allowing for seamless connections between teams and information that results in more efficient conversations that move work forward. With Yammer, you can connect to the right people in your organization, share and search for information across teams, and organize around projects and ideas so you can accomplish more together. With the Yammer apps for iOS and Android, work gets done anywhere. You can contribute and collaborate with your team, even on the go.</p> <p>Today were excited to announce an update to Yammer apps that allows you to protect team conversations and corporate data using Intune MAM controls. This update supports the Intune MAM app-level data protection with or without MDM device enrollment. The updated Yammer app will be available in the <a target="_blank" href="https://play.google.com/store/apps/details?id=com.yammer.v1">Google Play</a> and <a target="_blank" href="https://itunes.apple.com/app/yammer/id289559439">iOS App</a> stores today. For a complete list of supported policies, please review the <a target="_blank" href="https://support.office.com/article/76f5c4c9-6a4e-43d1-87dc-2848a90686be">Manage Yammer with Microsoft Intune</a> support article. To hear directly from the Yammer team, check out <a target="_blank" href="https://blogs.office.com/2016/08/11/yammer-adds-mobile-application-management-capabilities-through-intune/">their post</a> about this update to their apps.</p> <p> </p> <p><img title="" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Yammer1.jpg" width="240" height="427" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" class="" /> <img title="" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Yammer2.png" width="240" height="425" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" class="" /></p> <p> </p> <p><a target="_blank" href="https://technet.microsoft.com/en-us/library/mt627825.aspx">Heres a great article</a> if youre looking for more details on Intune MAM policies. Visit the <a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p> <h4>Additional resources:</h4> <p> <a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a><br /> <a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a><br /> <a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a><br /> <a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p> <p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/11/yammer-app-with-intune-mam-now-available/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>New in Intune: Intune App SDK support for Xamarin and TeamViewer integration</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/08/03/new-in-intune-intune-app-sdk-support-for-xamarin-and-teamviewer-integration/</link>
<pubDate>Wed, 03 Aug 2016 16:00:47 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[MAM]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=23396</guid>
<description><![CDATA[The right technology partners are an important part of Intunes vision to extend the value of our service by plugging into and working with other popular point solutions. Intune partnerships are designed to enhance our core functionality by delivering interoperability that results in rich new experiences for our customers. Were excited for you to check <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/03/new-in-intune-intune-app-sdk-support-for-xamarin-and-teamviewer-integration/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>The right technology partners are an important part of Intunes vision to extend the value of our service by plugging into and working with other popular point solutions. Intune partnerships are designed to enhance our core functionality by delivering interoperability that results in rich new experiences for our customers.</p> <p>Were excited for you to check out two new Intune integrated experiences, brought to you in our latest service update: the release of the <a href="https://www.xamarin.com/">Xamarin</a> component for our Intune App SDK and <a href="https://www.teamviewer.com/">TeamViewer</a> integration for remote assistance.</p> <h2>Intune App SDK support for Xamarin</h2> <p>The Intune <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/04/27/announcing-intune-app-sdk-support-for-xamarin-cordova/">App SDK Xamarin component</a> allows you to easily enable Intune mobile app management features in your mobile iOS and Android apps built with Xamarin.</p> <p>With our new support for Xamarin, were making it easier for developers to use our Intune App SDK to prevent data loss in their mobile iOS and Android apps. The Xamarin component was designed specifically for use when building cross-platform mobile apps on the Xamarin platform, so developers can easily bake in mobile application management (MAM) controls as part of their standard app development process. If you are a developer building a cross-platform app, you can now quickly apply Intune MAM controls to your project with very little modification to your mobile app.</p> <p>To get started, download the Intune App SDK and its plugins, available on <a href="https://aka.ms/intunegithub">Github</a>and the <a href="https://components.xamarin.com/view/microsoft.intune.mam">Xamarin component store</a>. The Xamarin component supports Xamarin Cycle 7 and above.</p> <p>For more details, watch our recorded session from Xamarin Evolve 2016 <a href="https://evolve.xamarin.com/session/56ec8771790aae283cca279e">here</a>.</p> <div class="video-container"><iframe width="500" height="281" src="https://www.youtube.com/embed/xj0vJ32O_Yc?feature=oembed" frameborder="0" allowfullscreen></iframe></div> <h2>TeamViewer integration for agent-managed Windows PCs</h2> <p>Our new TeamViewer integration delivers a remote assistance solution for Intune agent-managed Windows PCs.</p> <p>Weve introduced a TeamViewer Connector within the Intune admin console that allows you to register your companys TeamViewer account with Intune. Once youve done this, your end users can use the Intune Center on their PCs to request remote assistance, and theyll receive help from your help desk through a TeamViewer connection. All of the TeamViewer features are available to use during your remote session including chat, remote restart, video, screen annotation, file transfer, and more.</p> <p>If youre not already using TeamViewer and want to see how this works, get started with a trial account from TeamViewer. Once youve tried it out, jump over to the TeamViewer site to purchase a license from TeamViewer. There are several license options, and all of them work with Intune. For more information about Intune and TeamViewer, please visit their <a href="https://integrate.teamviewer.com/">site</a>.</p> <p><img title="" border="0" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune-TeamViewer22.jpg" width="640" height="258" /></p> <p>Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p> <h2>Additional resources:</h2> <ul> <li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li> <li><a href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></li> <li><a href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></li> <li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li> <li>Follow us on <a href="https://twitter.com/MSIntune">Twitter</a> and <a href="https://www.facebook.com/MSFTIntune">Facebook</a></li> </ul> ]]></content:encoded>
</item>
<item>
<title>New in Intune: Conditional access for browsers, Dynamics CRM Online and Cisco ISE</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/07/08/new-in-intune-conditional-access-for-browsers-dynamics-crm-online-and-cisco-ise/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/07/08/new-in-intune-conditional-access-for-browsers-dynamics-crm-online-and-cisco-ise/#comments</comments>
<pubDate>Fri, 08 Jul 2016 16:00:13 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Conditional Access]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=21055</guid>
<description><![CDATA[With our latest Intune service update, were further expanding on our conditional access capabilities. Conditional access allows you to manage access to corporate email, files and other resources based on customizable conditions that ensure security and compliance, including location, risk, user, device, and app compliance. As conditions shift, access policies which are defined by IT <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/07/08/new-in-intune-conditional-access-for-browsers-dynamics-crm-online-and-cisco-ise/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>With our latest Intune service update, were further expanding on our conditional access capabilities.</p> <p>Conditional access allows you to manage access to corporate email, files and other resources based on customizable conditions that ensure security and compliance, including location, risk, user, device, and app compliance. As conditions shift, access policies which are defined by IT are triggered to ensure that your corporate data is protected. And all this is done without on-premises gateways or appliances.</p> <p>Some of the enhancements in this release include:</p> <p><strong>Conditional access for browsers</strong></p> <p>Now, you can set a conditional access policy for <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-exchange-online-with-microsoft-intune">Exchange Online</a> and <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-sharepoint-online-with-microsoft-intune">SharePoint Online</a>, so that they can only be accessed from supported web browsers on managed and compliant iOS and Android devices. End users who try to sign in to Outlook Web Access (OWA) and SharePoint Online sites from unmanaged iOS and Android devices will be prompted to enroll their device with Intune as well as to fix any non-compliance issues before they can access their email and documents.</p> <p><img style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" title="" src="https://msdnshared.blob.core.windows.net/media/2016/07/Intune.png" alt="" width="622" height="480" border="0" /></p> <p><strong>Conditional access for Dynamics CRM Online</strong><br /> Now, you can set a conditional access policy for <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-dynamics-crm-online-with-microsoft-intune">Dynamics CRM Online</a>, so that it can only be accessed by managed and compliant iOS and Android devices. End users who try to sign in to the Dynamics CRM mobile app on iOS and Android will be prompted to enroll with Intune as well as to remediate any non-compliance issues before the sign-in is complete. This is similar to what is already available for Exchange Online, SharePoint Online and Skype for Business Online.</p> <p><strong>Cisco ISE network access control policy for Intune</strong><br /> Customers who use the Cisco Identity Service Engine (ISE) 2.1 and also use Microsoft Intune can set a network access control policy in ISE that will ensure that only devices that are managed and compliant with Intune are allowed to connect to the network using WiFi or VPN. End users with noncompliant devices will be prompted to enroll and remediate any compliance issues to gain access to the network.</p> <p>For more on these and other new features and improvements being rolled out in Intune, visit our <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune#june-2016">Whats new in Microsoft Intune</a> documentation page. For more information about new Hybrid (ConfigMgr connected with Intune) features, check out our <a href="https://technet.microsoft.com/en-US/library/mt718155(TechNet.10).aspx">Hybrid Whats New</a>page.</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/07/08/new-in-intune-conditional-access-for-browsers-dynamics-crm-online-and-cisco-ise/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
</channel>
</rss>