Protect your business with identity and access management in the cloud
Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.
Benefits of Active Directory
Single sign-on to any cloud and on-premises web app
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.
See more supported SaaS apps
Easily extend Active Directory to the cloud
Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
Connect on-premises directories with Azure
Works with iOS, Mac OS X, Android and Windows devices
Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.
Protect sensitive data and applications
Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Protect on-premises web applications with secure remote access
Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.
Reduce costs and enhance security with self-service capabilities
Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Enterprise scale and SLA
Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.
Azure Active Directory applications: New apps
Clockworks
FileCloud
Cezanne HR
Flat for Education
Insider Track
BGS Online
Nexonia
Proofpoint on Demand
Lifesize Cloud
Reward Gateway
Pacific Timesheet
Cisco Spark
Recognize
Yonyx Interactive Guides
Identity Panel
Hall Monitor
MediaValet
Origami Risk
Complion
Predictix
Mojo Helpdesk
SharpCloud Standard
Boost mobile productivity with secured access to applications
Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.
Read the case study
Save time with simplified identity management
Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.
Read the case study
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Azure Active Directory – Enterprise Mobility and Security Blog</title>
<atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" />
<link>https://blogs.technet.microsoft.com/enterprisemobility</link>
<description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description>
<lastBuildDate>Wed, 04 Jan 2017 18:56:46 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>Conditional Access now in the new Azure portal</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/#comments</comments>
<pubDate>Thu, 15 Dec 2016 18:00:09 +0000</pubDate>
<dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45175</guid>
<description><![CDATA[The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to provide you with a more holistic and innovative approach to security one that can protect, detect, and respond to threats on-premises as well as in the cloud.</p> <p>Risk-based conditional access is a critical part of our identity-driven security story. It ensures that only the right users, on the right devices, under the right circumstances have access to your sensitive corporate data. Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels, and it also takes risk information into consideration (powered by the vast data in Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a>). As conditions change, natural user prompts ensure only the right users on compliant devices can access sensitive data, providing you the control and protection you need to keep your corporate data secure while allowing your people to do their best work from any device.</p> <p>This is an area where we are constantly innovating to bring you the most secure and easy-to-use solution, and today were announcing several improvements to Conditional Access in EMS:</p> <ol> <li><strong>Risk-based access policies per application</strong>. <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">Leverage machine learning on a massive scale</a> to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.</li> <li><strong>Greater flexibility to protect applications</strong>. Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.</li> <li>All these capabilities are now available in a <strong>unified administrative experience on the Azure portal</strong>. This makes it even easier to create and manage holistic conditional access policies to all your applications.</li> </ol> <p>These new <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access</a> capabilities provide more flexible and powerful policies to enable productivity while ensuring security. Additionally, the new admin experience unifies conditional access workloads across Intune and Azure AD.</p> <p>If you are an Intune customer using the existing browser-based console or the Configuration Manager console, or an Azure AD customer using the classic Azure portal, you can now preview the new Conditional Access policy interface in the Azure portal.</p> <p><a href="https://aka.ms/cacontrols">Get started with these Conditional Access capabilities</a> or read on to learn a bit more about Conditional Access with EMS.</p> <h2>Overview</h2> <p>A Conditional Access policy is simply a statement about<br /> <strong>When the policy should apply</strong> (called <strong>Conditions</strong>), and<br /> <strong>What the action or requirement should be</strong> (called <strong>Controls</strong>).</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy.png"><img width="169" height="480" title="Conditional access policy" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditional access policy" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy_thumb.png" border="0" /></a></p> <h3>Conditions (When the policy should apply)</h3> <p>Conditions are the things about a login that dont change during the login, and are used to decide which policies should apply. Azure AD supports the following Conditions:</p> <ol> <li><strong>Users/Groups</strong> are the users/groups in the directory that the policy applies to.</li> <li><strong>Cloud apps</strong> are the services the user accesses that you want to secure.</li> <li><strong>Client app</strong> is the software the user is employing to access cloud app.</li> <li><strong>Device platform</strong> is the platform the user is signing in from.</li> <li><strong>Location</strong> is the IP-address based location the user is signing in from.</li> <li><strong>Sign-in risk</strong> is the likelihood that the sign-in is coming from someone other than the user.</li> </ol> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview.png"><img width="378" height="480" title="Conditions preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditions preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview_thumb.png" border="0" /></a></p> <p><a href="https://aka.ms/caconditions">Our documentation provides further details on how to set the conditions</a>.</p> <h3>Controls (What the action or requirement should be)</h3> <p>Controls are the additional enforcements that are put in place by the policy (such as do a Multi-factor authentication challenge) that will be inserted into the login flow. Azure AD supports the following controls:</p> <ol> <li><strong>Block access </strong></li> <li><strong>Multi-factor authentication</strong></li> <li><strong>Compliant device</strong></li> <li><strong>Domain Join</strong></li> </ol> <p>You can select individual controls or all of them.</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview.png"><img width="400" height="508" title="Controls preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Controls preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview_thumb.png" border="0" /></a></p> <p>To learn more about how to get started with controls, you can read a <a href="https://aka.ms/cacontrols">detailed documentation article</a>.</p> <p>Were really excited about the wide range of scenarios that this new experiences lights up and hope you find it useful. As always, were looking forward to your feedback.</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/feed/</wfw:commentRss>
<slash:comments>5</slash:comments>
</item>
<item>
<title>#AzureAD Certificate Based Authentication is Generally Available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/14/azuread-certificate-based-authentication-is-generally-available/</link>
<pubDate>Wed, 14 Dec 2016 17:00:35 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Android]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Certificates]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Office 365]]></category>
<category><![CDATA[PKI]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45095</guid>
<description><![CDATA[Howdy folks! Many big organizations that have certificates have been using the certificate-based authentication feature while it was in preview and giving us feedback. Thank you for your input! Today, Im excited to announce the GA of certificate based authentication. This announcement enables two key scenarios: 1. Federated Azure AD customers can sign in using <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/14/azuread-certificate-based-authentication-is-generally-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks!</span></p> <p><span style="font-family: Calibri;font-size: medium">Many big organizations that have certificates have been using the </span><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-certificate-based-authentication-android"><span style="font-family: Calibri;font-size: medium">certificate-based authentication feature</span></a><span style="font-family: Calibri;font-size: medium"> while it was in preview and giving us feedback. Thank you for your input! Today, Im excited to announce the GA of certificate based authentication.</span></p> <p><span style="font-family: Calibri;font-size: medium">This announcement enables two key scenarios:</span></p> <p><span style="font-family: Calibri;font-size: medium">1. Federated Azure AD customers can sign in using certificate-based authentication (performed against the federation server) with Office applications on iOS and Android. The chart below outlines the support for certificate-based authentication across Office applications:</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0027.jpg"><span style="font-family: Calibri;font-size: medium"></span></a><span style="font-family: Calibri;font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0028.jpg"><img width="725" height="237" title="clip_image002" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image002_thumb6.jpg" border="0" /></a></span></p> <p><span style="font-family: Calibri;font-size: medium">2. Azure AD customers can sign in using certificate-based authentication with Exchange ActiveSync mobile apps in iOS and Android when signing in to Exchange Online.</span></p> <p><span style="font-family: Calibri;font-size: medium">Take a look at our </span><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-certificate-based-authentication-ios#getting-started"><span style="font-family: Calibri;font-size: medium">certificate-based authentication</span></a><span style="font-family: Calibri;font-size: medium"> documentation to get started with these scenarios</span></p> <p><span style="font-family: Calibri;font-size: medium">Of course, we always love to hear your feedback and suggestions, and look forward to hearing from you!</span></p> <p><span style="font-family: Calibri;font-size: medium">Best regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/">@Alex_A_Simons</a>)</span></p> <p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p> <p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p> ]]></content:encoded>
</item>
<item>
<title>More enhancements to the #AzureAD Admin experience in the new Azure Portal!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/#comments</comments>
<pubDate>Fri, 09 Dec 2016 18:24:32 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44905</guid>
<description><![CDATA[Howdy folks, Since our most August 2016 preview release of our new admin experience in the new Azure portalwe’ve seen a ton of use and received a ton of feedback. Thank you to all of you who are giving the new experience a whirl! We really appreciate it. Since Ive invited Senior Program Manager Adam <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p> <p><span style="font-family: Calibri;font-size: medium">Since our most August 2016 preview release of our new admin experience in the </span><a href="https://portal.azure.com"><span style="font-family: Calibri;font-size: medium">new Azure portal</span></a><span style="font-family: Calibri;font-size: medium">we’ve seen a ton of use and received a ton of feedback. Thank you to all of you who are giving the new experience a whirl! We really appreciate it. Since </span></p> <p><span style="font-family: Calibri;font-size: medium">Ive invited Senior Program Manager Adam Steenwyk to write a blog post introducing the first of many updates, which youll find below.</span></p> <p><span style="font-family: Calibri;font-size: medium">Please read, dig in, and make sure to tell us what you think!</span></p> <p><span style="font-family: Calibri;font-size: medium">Best Regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</span></p> <p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p> <p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p> <p><span style="font-family: Calibri;font-size: medium">————–</span></p> <p><span style="font-family: Calibri;font-size: medium">Hi there,</span></p> <p><span style="font-family: Calibri;font-size: medium">Today is an exciting day for us as we reveal the first of many updates weve made to our Azure AD administrative experiences. In fact, theres so much new stuff to cover that over the next few weeks well be releasing several blog posts going into depth about each of the improvements weve made. </span></p> <p><span style="font-family: Calibri;font-size: medium">Todays post is focused on the updates weve made to Enterprise Application management in the new portal. Be sure you stay tuned for more posts to come!</span></p> <h2>Do more with Enterprise Applications in the new portal</h2> <p><span style="font-family: Calibri;font-size: medium">In this latest update, weve given you many of the Enterprise Application management tools youre used to using in the Azure classic portal, and added a few new ones, too, including:</span></p> <p><span style="font-family: Calibri;font-size: medium">1.) A brand-new application gallery that supports all your favorite apps, including:</span></p> <ul> <li><span style="font-family: Calibri;font-size: medium">Thousands of pre-integrated apps</span></li> <li><span style="font-family: Calibri;font-size: medium">All your own existing apps</span></li> <li><span style="font-family: Calibri;font-size: medium">Newly created, custom-developed, apps</span></li> </ul> <p><span style="font-family: Calibri;font-size: medium">2.)A new quick start experience to get you going with a pilot of your newly added apps</span></p> <p><span style="font-family: Calibri;font-size: medium">3.) Support for bring your own password-based sign-on apps, including improved auto-detection of sign-in fields and the ability to customize user sign-in field labels</span></p> <p><span style="font-family: Calibri;font-size: medium">4.) Windows Integrated Authentication single sign-on mode to support full configuration of on-premises apps through the Application Proxy</span></p> <p><span style="font-family: Calibri;font-size: medium">5.) The ability to configure self-service application access for any application</span></p> <p><span style="font-family: Calibri;font-size: medium">6.) Updated SAML-based sign-on configuration to support the SAML relay state parameter, full customization of SAML token attributes, automatic SAML signing certificate creation, as well as customization of the options and algorithms used to sign the certificate</span></p> <p><span style="font-family: Calibri;font-size: medium">7.)Updated Application proxy experience to support custom app URLs using your own HTTPS certificates</span></p> <h2>Going deeper</h2> <p><span style="font-family: Calibri;font-size: medium">If youd like to read more about the specific improvements weve made and how to try them out, check the </span><a></a><a href="https://aka.ms/aad-apps-whats-new-dec2016"><span style="font-family: Calibri;font-size: medium">Enterprise Applications public preview 2 release</span></a><span style="font-family: Calibri;font-size: medium"> article, or watch the video below!</span></p> <p><iframe width="960" height="540" allowfullscreen="allowfullscreen" frameborder="0" src="https://aka.ms/aad-apps-whats-new-dec2016-video"></iframe></p> <h2>Feedback</h2> <p><span style="font-family: Calibri;font-size: medium">We hope you enjoy using our updated preview experience. Please keep the feedback coming! Post the things that are working and not working for you, or ideas for improvement in the Admin Portal section of our </span><a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal"><span style="font-family: Calibri;font-size: medium">feedback forum</span></a><span style="font-family: Calibri;font-size: medium">.</span></p> <p><span style="font-family: Calibri;font-size: medium">Cheers,</span></p> <p><span style="font-family: Calibri;font-size: medium">Adam Steenwyk</span></p> <p><span style="font-family: Calibri;font-size: medium">Senior Program Manager</span></p> <p><span style="font-family: Calibri;font-size: medium">Identity Division</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>New capabilities coming to Microsoft Enterprise Mobility + Security (EMS)</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/#comments</comments>
<pubDate>Wed, 07 Dec 2016 17:00:59 +0000</pubDate>
<dc:creator><![CDATA[Andrew Conway]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44305</guid>
<description><![CDATA[As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS. With EMS we continue to build <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS.</p> <p>With EMS we continue to build on identity at the core of the solution to maximize your employees productivity while at the same time providing the necessary capabilities across security, management of devices and apps, and information protection to ensure that your critical company data is protected. Today we are expanding these capabilities even further with:</p> <ul> <li><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a>, available today in preview, enables secure single sign-on to cloud resources without requiring syncing of passwords to the cloud, or modification to existing on-premises network infrastructure.</li> <li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Microsoft Intunes new Admin Console in Azure</a>, rolling out in preview, makes setting up integrated security and management scenarios across EMS services even easier.</li> <li><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a> that provide even greater flexibility and security for protecting data at the file level. These updates include support formore file types, integration with your on-premises encryption key network, and new options for creating classification and protection policies.</li> </ul> <p>Heres more on these new capabilities and how our customers will benefit from these innovations:</p> <p><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a></p> <p>Pass-through authentication now in preview, lets users securely login to cloud resources by validating their password against their on-premises Active Directory more easily than ever. This feature allows customers that cannot or do not want to store passwords in the cloud (even encrypted ones) to onboard Azure Active Directory and Office 365 without having to modify their corporate network infrastructure and install products such as Active Directory Federation Services (AD FS) or similar third party federation solutions. Pass-through authentication is set up via the Azure AD Connect admin experience as the second option for authentication along with Password Sync and AD FS.</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in.png"><img width="640" height="451" title="Azure Active Directory Connect User Sign in" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Azure Active Directory Connect User Sign in" src="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in_thumb.png" border="0" /></a></p> <p>Additionally, with this new update, both Pass-through authentication and Password Synchronization authentication options will now provide seamless single sign-on to Azure AD connected applications from Windows devices.</p> <p><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Preview of Microsoft Intune Admin Console in Azure</a></p> <p>The new Intune admin experience on Azure begins rolling out in public previewfor new and test tenants. The new console, built in Azure, provides powerful and integrated management of core EMS security solutions, such as conditional access to corporate resources based on device, users or risk, allowing for set up and management of policies between Intune and Azure Active Directory. This new admin experience makes it easier than ever to protect tens of thousands of mobile devices.</p> <p><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a></p> <p>Protecting data at the file level throughout its lifecycle, from creation to sharing to tracking and revocation, regardless of where it is stored or accessed, is a key priority for our customers and a unique part of the EMS solution. Since the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/04/azure-information-protection-is-now-generally-available/">release of Azure Information Protection in October</a> we have been listening to customer feedback and are releasing several new capabilities. Below are a few of the highlights:</p> <ul> <li>Give end users more focused classification and protection options with policies based on group membership.</li> <li>Support for more non-Office file types and bulk labelling of data at rest.</li> <li>Integrate protection with on-premises keys with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/10/azure-information-protection-with-hyok-hold-your-own-key/">Hold Your Own Key (HYOK).</a></li> </ul> <h4>Enterprise Mobility + Security Customer Stories</h4> <p>As more and more customers are choosing EMS, we wanted to share with you some examples of recent customers who have been deploying and using it successfully:</p> <ul> <li><a href="https://customers.microsoft.com/en-US/story/whole-foods-takes-natural-next-step-to-protect-applications-in-the-cloud">Whole Foods</a> is embracing identity-driven security with EMS to protect applications</li> <li><a href="https://customers.microsoft.com/en-US/story/avanade-balances-data-security-and-employee-privacy-with-microsoft-intune">Avanade</a> balances data security and employee privacy with EMS</li> </ul> <p>Get started with your own <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">Enterprise Mobility + Security deployment</a>.</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>Introducing #AzureAD Pass-Through Authentication and Seamless Single Sign-on</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/#comments</comments>
<pubDate>Wed, 07 Dec 2016 17:00:20 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[ADFS]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Deployment]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Public Cloud]]></category>
<category><![CDATA[Public Preview]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44625</guid>
<description><![CDATA[Howdy folks, Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview! When we talk to organizations about how they want to integrate their identity infrastructure to the cloud, we often hear the same set of requirements: Ive got to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p> <p><span style="font-family: Calibri;font-size: medium">Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview!</span></p> <p><span style="font-family: Calibri;font-size: medium">When we talk to organizations about how they want to integrate their identity infrastructure to the cloud, we often hear the same set of requirements: <i>Ive got to have single sign-on for my users, passwords need to stay on-premises, and I cant have any un-authenticated end points on the Internet. And make sure it is super easy</i>.</span></p> <p><span style="font-family: Calibri;font-size: medium">We heard your feedback, and now the wait is over. Im excited to announce we have added a set of new capabilities in Azure AD to meet all those requirements: <b>Pass-Through Authentication</b> and <b>Seamless Single Sign-on</b> to Azure AD Connect! These new capabilities allow customers to securely and simply integrate their on-premises identity infrastructure with Azure AD.</span></p> <div align="center"><iframe width="960" height="540" allowfullscreen="allowfullscreen" frameborder="0" src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-AD-Connect-Updates-Pass-through-authentication/player"></iframe></div> <h2>Azure AD pass-through authentication</h2> <p><span style="font-family: Calibri;font-size: medium">Azure AD pass-through authentication provides a simple, secure, and scalable model for validation of passwords against your on-premises Active Directory via a simple connector deployed in the on-premises environment. This connector uses only secure outbound communications, so no DMZ is required, nor are there any unauthenticated end points on the Internet.</span></p> <p><span style="font-family: Calibri;font-size: medium">Thats right. User passwords are validated against your on-premises Active Directory, without needing to deploy ADFS servers!</span></p> <p><span style="font-family: Calibri;font-size: medium">We also automatically balance the load between the set of available connectors for both high availability and redundancy without requiring additional infrastructure. We made the connector super light-weight so it can be easily incorporated into your existing infrastructure and even deployed on your Active Directory controllers.</span></p> <p><span style="font-family: Calibri;font-size: medium">The system works by passing the password entered on the Azure AD login page down to the on-premises connector. That connector then validates it against the on-premises domain controllers and returns the results. Weve also made sure to integrate with self-service password reset (SSPR) so that, should the user need to change their password, it can be routed back to on-premises for a complete solution. There is absolutely no caching of the password in the cloud. Find more details about this process in our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication">documentation</a></span><span style="font-family: Calibri;font-size: medium"></span><span style="font-family: Calibri;font-size: medium">.</span></p> <h2>Seamless single sign-on for all</h2> <p><span style="font-family: Calibri;font-size: medium">Single sign-on is one of the most important aspects of the end-user experience our customers think through as they move to cloud services. You need more than just single sign-on for interactions between cloud services you also need to ensure users wont have to enter their passwords over and over again.</span></p> <p><span style="font-family: Calibri;font-size: medium">With the new single sign-on additions in Azure AD Connect you can enable seamless single sign-on for your corporate users (users on domain joined machines on the corporate network). In doing so, users are securely authenticated with Kerberos, just like they would be to other domain-joined resources, without needing to type passwords.</span></p> <p><span style="font-family: Calibri;font-size: medium">The beauty of this solution is that it doesnt require any additional infrastructure on-premises since it simply uses your existing Active Directory services. This is also an opportunistic feature in that if, for some reason, a user cant obtain a Kerberos ticket for single sign-on, they will simply be prompted for their password, just as they are today. It is available for both password hash sync and Azure AD pass-through authentication customers. Read more on seamless single sign-on <a href="https://Aka.ms/hybrid/sso">in this documentation article</a></span></p> <h2>Enabling these new capabilities</h2> <p><span style="font-family: Calibri;font-size: medium"><a href="https://www.microsoft.com/en-us/download/details.aspx?id=47594">Download</a></span><a><span style="font-family: Calibri;font-size: medium"> </span></a><span style="font-family: Calibri;font-size: medium">the latest version of Azure AD Connect now to get these new capabilities! Youll find the new options in a custom install for new deployments, or, for existing deployments, when you change your sign-in method.</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0022.jpg"><img width="940" height="664" title="clip_image002" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image002_thumb2.jpg" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">I encourage you to <a href="https://www.microsoft.com/en-us/download/details.aspx?id=47594">download</a> the new version of Azure AD Connect today and start testing out these new functions.</span></p> <h2>The fine print</h2> <p><span style="font-family: Calibri;font-size: medium">As with all previews there are some limits to what we currently support. We are working hard to ensure we provide full support across all systems. You can find the full list of supported client and operating systems in the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication">documentation</a>, which well be updating consistently as things change.</span></p> <p><span style="font-family: Calibri;font-size: medium">Also, keep in mind that this is an authentication feature, so its best to try it out in a test environment to ensure you understand the end-user experience and how switching from one sign-on method to another will change that experience. </span></p> <p><span style="font-family: Calibri;font-size: medium">And last but by no means least, its your feedback that pushes us to make improvements like this to our products, so keep it coming. I look forward to hearing what you think!</span></p> <p><span style="font-family: Calibri;font-size: medium">Best regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</span></p> <p>P.S.: Many of you have asked how the usernames and passwords are protected by the service. Usernames and passwords are passed to the on-premises connector and the results are passed back to Azure AD over an encrypted HTTPS connection. During the public preview we are also going to add an additional layer of public key/private key encryption to the service <a></a>[updated 12/7/16 at 1:15pm pdt.]</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/feed/</wfw:commentRss>
<slash:comments>67</slash:comments>
</item>
<item>
<title>#AzureAD PowerShell V2.0 is now GA</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/#comments</comments>
<pubDate>Mon, 05 Dec 2016 17:00:56 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Azure PowerShell]]></category>
<category><![CDATA[Powershell]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44265</guid>
<description><![CDATA[Howdy folks, About a month ago, we announced an updated public preview for PowerShell Azure AD v2.0. Today Im happy to announce that these PowerShell Azure AD v2.0 cmdlets are now generally available (GA)! To give you a rundown on the improvements weve made since we released the preview, Ive asked Rob de Jong to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p> <p><span style="font-family: Calibri;font-size: medium">About a month ago, we announced an </span><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/13/in-case-you-missed-it-azuread-powershell-v2-0-is-now-in-public-preview/"><span style="font-family: Calibri;font-size: medium">updated public preview for PowerShell Azure AD v2.0</span></a><span style="font-family: Calibri;font-size: medium">. </span></p> <p><span style="font-family: Calibri;font-size: medium">Today Im happy to announce that these PowerShell Azure AD v2.0 cmdlets are now generally available (GA)!</span></p> <p><span style="font-family: Calibri;font-size: medium">To give you a rundown on the improvements weve made since we released the preview, Ive asked Rob de Jong to blog about them. Youll find his blog below.</span></p> <p><span style="font-family: Calibri;font-size: medium">I hope you will find these cmdlets useful. And as always, we would love to receive any feedback or suggestions you have!</span></p> <p><span style="font-family: Calibri;font-size: medium">Best Regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: </span><a href="http://www.twitter.com/alex_a_simons"><span style="font-family: Calibri;font-size: medium">@Alex_A_Simons</span></a><span style="font-family: Calibri;font-size: medium">)</span></p> <p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p> <p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p> <p><span style="font-family: Calibri;font-size: medium">—-</span></p> <p><span style="font-family: Calibri;font-size: medium">Hi everyone,</span></p> <p><span style="font-family: Calibri;font-size: medium">Its Rob de Jong here and today Im excited to let you know that Azure AD PowerShell v2.0 is now GA and to give you a quick tour of the changes weve made since the previous public preview.</span><span style="font-family: Calibri;font-size: medium"> This release marks an important milestone in the Azure AD PowerShell because now you can leverage the new cmdlets in this module in your production environments.</span></p> <p><span style="font-family: Calibri;font-size: medium">One request customers have consistently made is that we make sure we maintain equivalent capabilities between our Graph API and our PowerShell cmdlets. To make sure that happens, all these new cmdlets are built on top of the Graph API. </span></p> <p><span style="font-family: Calibri;font-size: medium">Two important notes:</span></p> <ul> <li><span style="font-family: Calibri;font-size: medium">The new Azure AD PowerShell v2.0 module dont provide full functional parity with the older MSOL module yet. Were working hard to make that happen in the coming months and will keep you updated on our progress.</span></li> <li><span style="font-family: Calibri;font-size: medium">We are not planning to publish new functionality in the MSOL PowerShell module. Over time we will implement all the functionality of the old MSOL cmdlets in the new module, and this new module contains quite a few new cmdlets that havent been available before. </span></li> </ul> <h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Changes since the preview</span></span></h4> <p><span style="font-family: Calibri;font-size: medium">Weve made a few changes to some of the cmdlets since the previous preview release of Azure AD PowerShell v2.0:</span></p> <ul> <li><span style="font-family: Calibri;font-size: medium">Naming conventions: The Revoke-AzureADSignedInUserAllRefreshTokens and Revoke-AzureADUserAllRefreshTokens were renamed to Revoke-AzureADSignedInUserAllRefreshToken Revoke-AzureADUserAllRefreshToken respectively to follow the Verb-SingularNoun naming convention.</span></li> <li><span style="font-family: Calibri;font-size: medium">Excluded cmdlets: This GA only includes cmdlets that call into a production endpoint of the Graph API. If you want to use cmdlets that call a Beta endpoint, these are available in the public preview release of the Azure AD v2.0 PowerShell cmdlets. </span><span style="font-family: Calibri;font-size: medium">The cmdlets excluded from this release include those used to manage Administrative Units, Domain settings, Policy settings, and Directory settings.</span></li> </ul> <p><span style="font-family: Calibri;font-size: medium">To find a list of all cmdlets included in this release, please refer to the </span><a href="https://www.powershellgallery.com/packages/AzureAD"><span style="font-family: Calibri;font-size: medium">Azure AD v2.0 general availability release notes</span></a><span style="font-family: Calibri;font-size: medium">.</span></p> <h4><span style="font-family: Calibri;font-size: large"><span style="font-weight: bold">How to deploy</span></span></h4> <p><span style="font-family: Calibri;font-size: medium">To install the new module, follow </span><a href="https://www.powershellgallery.com/packages/AzureAD"><span style="font-family: Calibri;font-size: medium">this link to the PowerShell Gallery</span></a><span style="font-family: Calibri;font-size: medium">. Installing a PowerShell module from the PowerShell gallery requires some additional components to be installed on your system. If you are running a computer with the Windows 10 OS, these components are already present and you can simply open a PowerShell window as an administrator and type Install-Module AzureAD, The module will be installed on your computer and imported in your session. </span></p> <p><span style="font-family: Calibri;font-size: medium">For other Windows operating systems, please refer to </span><a href="https://msdn.microsoft.com/powershell/gallery/readme"><span style="font-family: Calibri;font-size: medium">the documentation about the PowerShell Gallery</span></a><span style="font-family: Calibri;font-size: medium">. </span></p> <h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Getting help with this module</span></span></h4> <p><span style="font-family: Calibri;font-size: medium">If you need more information about how these cmdlets work, the easiest way to get it is to use the inline help functionality. Here is an example of how to do that, using the Get-Help cmdlet:</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/image112.png"><img width="1500" height="506" title="image" style="margin-right: auto;margin-left: auto;float: none" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/12/image_thumb79.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">For online help, you can also refer to the </span><a href="https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory"><span style="font-family: Calibri;font-size: medium">Azure AD v2.0 PowerShell module</span></a><span style="font-family: Calibri;font-size: medium"> online documentation.</span></p> <h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Were here to help</span></span></h4> <p><span style="font-family: Calibri;font-size: medium">If you need any help with a specific solution youre trying to create, have feedback you want to share, or have questions for which the answer cannot be found in the documentation, please send an email to </span><a><span style="font-family: Calibri;font-size: medium">AADPS@Microsoft.com</span></a><span style="font-family: Calibri;font-size: medium">. Well get back to you as soon as we can and look forward to hearing from you!</span></p> <p><span style="font-family: Calibri;font-size: medium">Regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Rob</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>New #AzureAD Access Panel is now Generally Available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/#comments</comments>
<pubDate>Mon, 28 Nov 2016 18:04:56 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44025</guid>
<description><![CDATA[Howdy folks, Many hundreds of thousands of you have used the our new Access Panel (MyApps) while it was in public previewto launch your Azure AD connected applications, change memberships in groups, and quickly access your security settings. Today, Im excited to announce the new Access Panel isnow Generally Available (GA)! Since we launched Public <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<h3><span style="font-size: medium">Howdy folks,</span></h3> <p><span style="font-size: medium">Many hundreds of thousands of you have used the our new Access Panel (MyApps) while it was in public previewto launch your Azure AD connected applications, change memberships in groups, and quickly access your security settings. </span></p> <p><span style="font-size: medium">Today, Im excited to announce the new Access Panel isnow Generally Available (GA)! </span></p> <p><span style="font-size: medium">Since we launched Public Preview weve received a ton of interest and great feedback. Weve listened to your feedback to offer a refreshing experience on both desktop and mobile. The Access Panel is better than ever!</span></p> <p><span style="font-size: medium">The new design’s biggest highlights are its modern layout and optimized controls. If youre convinced already, go ahead and </span><a href="http://myapps.microsoft.com/"><span style="font-size: medium">check it out</span></a><span style="font-size: medium"> for yourself. </span></p> <p><span style="font-size: medium">If you need a little more convincing, here are the top three new features youll notice in the new design:</span></p> <p><span style="font-size: medium"><strong>Mobile-friendly with a completely new look</strong></span></p> <p><span style="font-size: medium">Our responsive layout adjusts to the perfect size no matter what device youre on. The new layout makes it easy to scan through your apps and add new ones.</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00213.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00214.png"><img width="756" height="475" title="clip_image002" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image002_thumb9.png" border="0" /></a></span></p> <p align="center"><i><span style="font-size: small">Figure 1: Apps page in Desktop Browser</span></i></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00413.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00414.png"><img width="304" height="477" title="clip_image004" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image004" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image004_thumb7.png" border="0" /></a></span></p> <p align="center"><i><span style="font-size: small">Figure 2: Apps page on Mobile</span></i></p> <p><span style="font-size: medium"><strong>At a glance notifications and a new user control</strong></span></p> <p><span style="font-size: medium">Notifications now alert you instantly when an access request comes your way and lets you review them at once. The user control lets you quickly switch between organizations anywhere on the site.</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0069.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00610.png"><img width="507" height="450" title="clip_image006" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image006" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image006_thumb3.png" border="0" /></a></span></p> <p align="center"><i><span style="font-size: small">Figure 3: Notifications</span></i></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0087.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0088.png"><img width="478" height="461" title="clip_image008" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image008" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image008_thumb2.png" border="0" /></a></span></p> <p align="center"><i><span style="font-size: small">Figure 4: User Control</span></i></p> <p><span style="font-size: medium"><strong>Improved group management experience</strong></span></p> <p><span style="font-size: medium">Group management is now a breeze with everything you need on the main page. You can easily see what groups youre in or own, and join or create new ones.</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0108.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0109.png"><img width="850" height="526" title="clip_image010" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image010" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image010_thumb2.png" border="0" /></a></span></p> <p align="center"><i><span style="font-size: small">Figure 5: Groups Page</span></i></p> <p><span style="font-size: medium">If you use our mobile app you’ll also notice a new icon along with the upgraded design.</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image011.png"><span style="font-size: medium"><img width="148" height="148" title="clip_image011" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image011" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image011_thumb.png" border="0" /></span></a></p> <p align="center"><span style="font-size: small"><em>Figure 6. MyApps Mobile Icon</em></span></p> <p><span style="font-size: medium">Since the holiday season is in full swing, well have a two-month transition period where individual users can opt in. Our target date to switch on the new design for everyone is the end of January.</span></p> <p><span style="font-size: medium">Of course, we always love to hear your feedback and suggestions, and look forward to hearing from you!</span></p> <p><span style="font-size: medium">Best regards,</span></p> <p><span style="font-size: medium">Alex Simons (Twitter: </span><a href="http://twitter.com/alex_a_simons"><span style="font-size: medium">@Alex_A_Simons</span></a><span style="font-size: medium">)</span></p> <p><span style="font-size: medium">Director of Program Management</span></p> <p><span style="font-size: medium">Microsoft Identity Division</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/feed/</wfw:commentRss>
<slash:comments>6</slash:comments>
</item>
<item>
<title>#AzureAD Mailbag: International Deployments Round 2</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/#comments</comments>
<pubDate>Fri, 18 Nov 2016 17:00:41 +0000</pubDate>
<dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Mailbag]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=43685</guid>
<description><![CDATA[Hey yall, Mark Morowczynski here with another Friday mailbag. I realize weve been sort of slacking on these for the last 2 months but we are looking to finish the calendar year strong. Key word being looking. Well continue last weeks topic of things to consider with international deployments. Lets dive in.   Question 1: <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Hey yall, Mark Morowczynski here with another Friday mailbag. I realize weve been sort of slacking on these for the last 2 months but we are looking to finish the calendar year strong. Key word being looking. Well continue last weeks topic of things to consider with international deployments. Lets dive in.</p> <p> </p> <p><strong>Question 1:</strong></p> <p>Your <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/">documentation</a> states that Azure AD Premium is not supported in China. I am a US customer but have 200 employees located in China. Will my users in China not be able to get the Azure AD Premium functionalities such as MFA, SSPR, and Azure App Proxy?</p> <p><strong>Answer 1:</strong></p> <p>We hear this question frequently for customers who operate in China but, I’m going to borrow some words from <a href="https://twitter.com/BBrekkan_MSFT">Brjann Brekkan</a>, (another member on our team) for this response:</p> <p>Azure AD Premium and its capabilities is not currently available in Tenants hosted in our Mainland China Azure AD instance such as when a company signs up for Office 365 or Azure operated by our partner 21Vianet. A company with Tenant in our Global Azure AD instance, hosted in our global datacenters, has access to Azure AD Premium services and all employees in that Tenant, including those in China, can leverage the services.</p> <p><strong></strong></p> <p><strong>Question 2:</strong></p> <p>I have multiple brands within my company. Some of the companies I’ve acquisitioned are in different countries and have their own IT staff that manages their identities. Is there a way I can limit admin access based on location? (e.g. Help Desk in France supports users only in France)</p> <p><strong>Answer 2:</strong></p> <p>Today this can be done with <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-administrative-units-management/">Administrative Units</a>. There are some caveats though:</p> <ul> <li>The only resources that Administrative Units can be applied to is users</li> <li>Configuring these can only be done through PowerShell (there is no GUI as of today)</li> <li>Administrative Units are not dynamic (meaning you must manually add new users as they become qualified to be a member of the scoped group or a member of the role that you have defined)</li> </ul> <p>Even with these caveats, this is still a very powerful tool for scoping and decreasing surface area from a risk perspective. Remember, this is a defense in depth type strategy. Privileged accounts are high value targets – shrink your surface area as much as possible!</p> <p><strong></strong></p> <p><strong>Question 3:</strong></p> <p>I’m concerned about charges that may occur for my users that operate outside of the US. Will Microsoft charge my users long distance fees for SMS/Phone calls? Where is the SMS/Phone calls coming from with Azure MFA and SSPR?</p> <p><strong>Answer 3:</strong></p> <p>Azure AD phone calls come from the United States – which is why the caller ID phone number must be a US number. However, text messages may come from US (+1), UK (+44) or other countries. It may vary for each authentication based on the destination and the provider we use to send each text message.</p> <p>We do not charge the end user or tenant for processing calls/SMS for countries outside of the United States. Some providers may charge for receiving long-distance SMS/Phone calls but this is purely based on the user’s carrier (This is no different than requiring a phone plan to receive SMS or voice calls). We do have other options available for both SSPR and MFA that do not require SMS/Phone calls (e.g. Azure Authenticator app for MFA and Q/A gate for SSPR) but does require internet connectivity.</p> <p>Fun Fact: For Azure MFA, you can change the Caller ID Phone Number but this is only from US phone numbers only.</p> <p> </p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0018.png"><img width="872" height="834" title="clip_image001" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image001_thumb5.png" border="0" /></a></p> <p> </p> <p><strong>Question 4:</strong></p> <p>Within my company, we own multiple brands; we are looking to customizing the feel of our O365 Portal/Access Panel page. It only gives me one option to brand my tenant – what are other customers doing?</p> <p><strong>Answer 4:</strong></p> <p>Yes, each image has an independent upload for <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-add-company-branding/">branding</a> as seen on the Large Illustration below. Most companies that have deployed Azure AD and own multiple brands usually do one of two things</p> <ol> <li>Use an icon from their parent company that represents their company as a whole (a recognizable image for all brands)</li> <li>Use the “Large Illustration/Background Color” image and incorporate multiple brands on this same image. This allows a unified company representation on your main log on page for the cloud. This image is seen in the top left corner of the screenshot below.</li> </ol> <p> </p> <p><a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-add-company-branding/"><img width="1664" height="1018" title="clip_image001[8]" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001[8]" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00181.png" border="0" /></a></p> <p> </p> <p>Image Options to Upload</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00110.png"><img width="980" height="825" title="clip_image001[10]" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001[10]" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00110_thumb.png" border="0" /></a></p> <p> </p> <p><strong>Question 5:</strong></p> <p>I operate in multiple countries and I’m about to deploy multiple Microsoft cloud services. Where can I get started with reading up on Microsoft’s documentation on how data is managed from a global perspective?</p> <p><strong>Answer 5:</strong></p> <p>I recommend visiting Microsoft’s <a href="https://www.microsoft.com/en-us/TrustCenter/Transparency/default.aspx">Trust Center</a> to learn more about how Microsoft helps secure your data. Here are a few links to get you started:</p> <ul> <li><a href="http://azuredatacentermap.azurewebsites.net/">Microsoft Azure</a></li> <li><a href="https://www.microsoft.com/en-us/TrustCenter/Privacy/You-are-in-control-of-your-data/CS-location">Microsoft Commercial Support</a></li> <li><a href="http://www.microsoft.com/en-us/TrustCenter/Privacy/You-are-in-control-of-your-data/dynamics-ax-location">Microsoft Dynamics AX</a></li> <li><a href="http://o365datacentermap.azurewebsites.net/">Microsoft Dynamics CRM Online</a></li> <li><a href="http://intunedatacentermap.azurewebsites.net/">Microsoft Intune</a></li> <li><a href="http://o365datacentermap.azurewebsites.net/">Microsoft Office 365</a></li> </ul> <p>Please let us know if you have any additional feedback. Also, join myself or one of my team members in a live discussion on our Webinar platform that we host – covering a variety topics. <a href="https://info.microsoft.com/AADP-Webinar-CLE_AADP-Main-Landing-Page.html?ls=Blog">Join the conversation here</a>. I look forward to chatting with ya’ll!</p> <p> </p> <p>We hope youve found this post and this series to be helpful. For any questions you can reach us at<br /> <a>AskAzureADBlog@microsoft.com</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a></p> <p> </p> <p>-Chad Hasbrook, Mark Morowczynski, Shawn Bishop, Yossi Banai, Damien Gallot, Brjann Brekkan, Ariel Gordon, and Dan Mace.</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
<item>
<title>Combining your Skype account and your Microsoft account. You want to do this!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/15/combining-your-skype-account-and-your-microsoft-account-you-want-to-do-this/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/15/combining-your-skype-account-and-your-microsoft-account-you-want-to-do-this/#comments</comments>
<pubDate>Tue, 15 Nov 2016 19:01:06 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=43335</guid>
<description><![CDATA[Howdy folks, You may have seen our recent announcement about how you can now use your Skype name to sign into all Microsoft apps and services. You may also have noticed that sign-in screens for Microsoft accounts now mention you can enter your Skype name in addition to your email address or phone number: This <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/15/combining-your-skype-account-and-your-microsoft-account-you-want-to-do-this/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p> <p><span style="font-family: Calibri;font-size: medium">You may have seen our recent announcement about </span><a href="https://blogs.skype.com/2016/10/18/get-skype-access-microsoft-services/"><span style="font-family: Calibri;font-size: medium">how you can now use your Skype name to sign into </span></a><span style="font-family: Calibri;font-size: medium">all Microsoft apps and services. You may also have noticed that sign-in screens for Microsoft accounts now mention you can enter your Skype name in addition to your email address or phone number: </span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/image344.png"><img width="327" height="559" title="image" class="aligncenter" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/11/image_thumb288.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">This is cool! But if youre like many Skype users, you have two account, a Skype account that you use to sign into Skype, and a Microsoft account (Outlook.com or Hotmail account) that you use to sign into to read your mail or access other Microsoft apps and services such as Xbox, Office 365, or OneDrive.</span></p> <p><span style="font-family: Calibri;font-size: medium">The good news is you can now consolidate these into a single account, which makes sign-in easier <i>and</i> improves the security of your account. Think of it this way: </span></p> <p><span style="font-family: Calibri;font-size: medium"> Youll get a single password to sign into all Microsoft apps and services one less thing to remember! </span></p> <p><span style="font-family: Calibri;font-size: medium"> Youll get a better account protection for your Skype account. For example, you can use two-step verification to better protect your account against compromises.</span></p> <p><span style="font-family: Calibri;font-size: medium"> Youll get a better account recoverability experience; in case you lose access to your Skype account (like if you forgot your password).</span></p> <p><span style="font-family: Calibri;font-size: medium">For these reasons, <i>we strongly recommend that if you have a Skype account that you combine it with your Microsoft account</i>. You can do this by adding your Microsoft account email address to your existing Skype account, or by adding another email address if you dont already have one. </span></p> <p><span style="font-family: Calibri;font-size: medium">Until you do so, you won’t get the added benefits and security to your Skype account. </span></p> <p><b><i><span style="font-family: Calibri;font-size: medium">Updating your Skype account with an email address</span></i></b></p> <p><span style="font-family: Calibri;font-size: medium">When you decide to update your Skype account with an email address, take the following steps. Note that this is a one-time process. </span></p> <ol> <li><span style="font-family: Calibri;font-size: medium">Go to </span><a href="https://account.microsoft.com"><span style="font-family: Calibri;font-size: medium">https://account.microsoft.com</span></a><span style="font-family: Calibri;font-size: medium">.</span></li> </ol> <p><span style="font-family: Calibri;font-size: medium">2. Sign in with your Skype name.</span></p> <p><span style="font-family: Calibri;font-size: medium">3. We’ll ask you to update your Skype account with an email address </span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/image345.png"><img width="327" height="559" title="image" class="aligncenter" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/11/image_thumb289.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">a. If you have previously linked your Skype account with a Microsoft account, well find it for you – </span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/image346.png"><img width="328" height="559" title="image" class="aligncenter" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/11/image_thumb290.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">Well ask you to enter password for your Microsoft account and youll be done!</span></p> <p><span style="font-family: Calibri;font-size: medium">b. If your Skype account is already associated with a Microsoft account, well find it for you: </span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/image347.png"><img width="331" height="559" title="image" class="aligncenter" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/11/image_thumb291.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">When you click on Next, well ask you to enter password for your Microsoft account and youll be done!</span></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/image348.png"><img width="328" height="559" title="image" class="aligncenter" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/11/image_thumb292.png" border="0" /></a></p> <p><span style="font-family: Calibri;font-size: medium">Thats it! Youre all set! You can now use your Skype name or your email address to sign into all Microsoft apps and services. Remember to use the password for your Microsoft account, regardless of whether you use your Skype name or email address to sign in. </span></p> <p><span style="font-family: Calibri;font-size: medium">Read more about how you can </span><a href="https://support.skype.com/en/faq/FA34657/one-account-for-skype-and-your-other-microsoft-services?intcmp=blogs-_-generic-click-_-get-skype-access-microsoft-services"><span style="font-family: Calibri;font-size: medium">set up one account for Skype and other Microsoft services</span></a><span style="font-family: Calibri;font-size: medium">, and please share your thoughts and feedback with us!</span></p> <p><span style="font-family: Calibri;font-size: medium">Best Regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</span></p> <p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p> <p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/15/combining-your-skype-account-and-your-microsoft-account-you-want-to-do-this/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
<item>
<title>Microsoft Authenticator for Windows Phone is Generally Available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/14/microsoft-authenticator-for-windows-phone-is-generally-available/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/14/microsoft-authenticator-for-windows-phone-is-generally-available/#comments</comments>
<pubDate>Mon, 14 Nov 2016 17:33:59 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[Multi-factor authentication]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=43205</guid>
<description><![CDATA[Howdy folks, Back in July we blogged about our plan to combine the two different authenticator apps from Microsoft into one new app, Microsoft Authenticator. Since then, we’ve released the iOS and Android versions of the application and updated them both quite a few times. Today I’m happy to let you know that late last <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/14/microsoft-authenticator-for-windows-phone-is-generally-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Back in July we blogged about our plan to combine the two different authenticator apps from Microsoft into one new app, Microsoft Authenticator. Since then, we’ve released the iOS and Android versions of the application and updated them both quite a few times.</p> <p>Today I’m happy to let you know that late last week, we released the Windows phone version!</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2016/11/111416_1732_MicrosoftAu1.png" /></p> <p>Getting here has taken a bit longer than we had hoped (due to some pretty challenging bugs) but we’re excited to finally bring our industry-leading two-step verification experiences to Windows Phone (Note: you need to be running the Windows 10 Anniversary update). Just like Android and iOS, the new app provides push notification approvals for both our Azure AD and Microsoft consumer accounts. For anyone currently using the app, this new version will arrive as an update. All of your accounts will seamlessly move over to the new app.</p> <p>Besides the complete redesign, there are quite a few changes under the hood as well, including tons of performance, reliability, and accessibility features. One change to note involves moving to Window’s’ latest notification service. This might prevent you from receiving the first few approval requests from outside the app. It’s only temporary, and the requests can still be easily found by opening the app.</p> <p>Hope you enjoy the latest app, and I look forward to hearing what you think!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/14/microsoft-authenticator-for-windows-phone-is-generally-available/feed/</wfw:commentRss>
<slash:comments>5</slash:comments>
</item>
</channel>
</rss>
