Protect your business with identity and access management in the cloud
Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.
Benefits of Active Directory
Single sign-on to any cloud and on-premises web app
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.
See more supported SaaS apps
Easily extend Active Directory to the cloud
Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
Connect on-premises directories with Azure
Works with iOS, Mac OS X, Android and Windows devices
Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.
Protect sensitive data and applications
Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Protect on-premises web applications with secure remote access
Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.
Reduce costs and enhance security with self-service capabilities
Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Enterprise scale and SLA
Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.
Azure Active Directory applications: New apps
Clockworks
FileCloud
Cezanne HR
Flat for Education
Insider Track
BGS Online
Nexonia
Proofpoint on Demand
Lifesize Cloud
Reward Gateway
Pacific Timesheet
Cisco Spark
Recognize
Yonyx Interactive Guides
Identity Panel
Hall Monitor
MediaValet
Origami Risk
Complion
Predictix
Mojo Helpdesk
SharpCloud Standard
Boost mobile productivity with secured access to applications
Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.
Read the case study
Save time with simplified identity management
Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.
Read the case study
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Azure Active Directory – Enterprise Mobility and Security Blog</title>
<atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" />
<link>https://blogs.technet.microsoft.com/enterprisemobility</link>
<description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description>
<lastBuildDate>Fri, 24 Mar 2017 17:45:23 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>PingAccess for Azure AD: The public preview is being deployed!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/#respond</comments>
<pubDate>Wed, 22 Mar 2017 16:00:52 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[On-Prem]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49215</guid>
<description><![CDATA[Howdy folks, Back in September, I blogged about our exciting partnership with Ping Identity. Since then, Microsoft and Ping Identity have worked closely together to extend the capabilities of Azure AD Application Proxy to support new kinds of on-premises applications using Ping Access. I’m happy to announce today that PingAccess for Azure AD is now <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Back in September, I blogged about <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/14/azuread-and-pingaccess-partnering-to-bring-you-secure-remote-access-to-even-more-on-premises-web-apps/">our exciting partnership with Ping Identity</a>.</p> <p>Since then, Microsoft and Ping Identity have worked closely together to extend the capabilities of Azure AD Application Proxy to support new kinds of on-premises applications using Ping Access.</p> <p>I’m happy to announce today that PingAccess for Azure AD is now ready for Public Preview and is currently being deployed across Azure AD data centers around the world. Many of you in North America will see it turn on today and it should be available to everyone by the end of the day Friday, 3/24/2017.</p> <p>I’ve invited one of the program managers on our team, Harshini Jayaram, to share more details in a blog, which you’ll find below. We hope you try it out and look forward to hearing what you think!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="http://www.twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> <p>—-</p> <p>Hi all,</p> <p>We’ve already have many customers use Application Proxy to provide single sign-on (SSO) and secure remote access for web applications hosted on-premises. Many of them use this product for applications such as local SharePoint sites, Outlook Web Access for local Exchange servers, and other business web applications. It is a simple, secure, and cost-effective solution:</p> <ul> <li><strong>Simple:</strong> You don’t need to change the network infrastructure, put anything in a DMZ, or use VPN.</li> <li><strong>Secure:</strong> Application Proxy only uses outbound connections, giving you a more secure solution. It also works with other security features you’ve seen in Azure such as two-step verification, conditional access, and risk analysis. Learn more about this in <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-security-considerations">Security considerations for Azure AD Application Proxy</a>.</li> <li><strong>Cost-Effective:</strong> Application Proxy is a service that we maintain in the cloud, so you can save time and money.</li> </ul> <p>Right now, all those benefits of Application Proxy are available for many different types of applications, including:</p> <ul> <li>Web applications using Integrated Windows Authentication</li> <li>Web applications using form-based access</li> <li>Web APIs that you want to expose to rich applications on different devices</li> <li>Applications hosted behind a Remote Desktop Gateway</li> </ul> <p>If you want more details, you can check out our <a href="https://go.microsoft.com/fwlink/?linkid=844804">Application Proxy documentation</a>. For this blog, I want to focus more on how we’re adding header-based applications with this new public preview!</p> <h2>PingAccess for Azure AD enables more apps!</h2> <p>Our customers have consistently asked for Application Proxy to also support apps that use headers for authentication, such as Peoplesoft, Netweaver Portal, and WebCenter. To enable this capability for our Azure AD Premium customers, we have partnered with Ping Identity. Ping Identity’s PingAccess now allows Application Proxy to support apps that use header-based authentication.</p> <p>PingAccess is installed on-premises. For apps that use header-based authentication, Application Proxy connectors route traffic through PingAccess. Existing App Proxy applications are not impacted and use the current flow with no changes. An overview of this flow is shown below, and you can always check out our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">overview documentation</a> for more on App Proxy flows.</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032217_0025_PingAccessf1.jpg" /></p> <p style="text-align: center"><strong>Figure 1</strong>: Application Proxy + PingAccess Infrastructure Overview</p> <p>PingAccess is a separately licensed feature, but your Azure Premium licenses now include a free license to configure up to 20 applications with this flow. If you have more apps, you’ll need to get a license through Ping Identity.</p> <h2>Joining the Preview</h2> <p>We are excited to have you join our preview! To get started you need to:</p> <ol> <li>Configure Application Proxy Connectors</li> <li>Create an Azure AD Application Proxy Application</li> <li>Download & Configure PingAccess</li> <li>Configure Applications in PingAccess</li> </ol> <p>Just head to our <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-ping-access">Application Proxy + PingAccess documentation</a> for a walkthrough of each of these steps.</p> <p>We hope you enjoy trying this preview! As always, we’d love to hear from you with any questions, comments, or feedback, so please leave us a <span style="font-family: Times New Roman">comment</span> or reach out to us directly at <a href="mailto:aadapfeedback@microsoft.com">aadapfeedback@microsoft.com</a>.</p> <p>Thanks,</p> <p>Harshini Jayaram</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>First ever #AzureAD AMA results</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/#respond</comments>
<pubDate>Tue, 21 Mar 2017 16:00:25 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49165</guid>
<description><![CDATA[Howdy folks, On March 9th, the Azure AD team hosted its first “Ask Me Anything” (AMA) on Reddit. A bunch of us gathered in a big conference room, and even more of the team joined on a Skype call (sadly, the Skypers didn’t get any of the snacks or pizza).And so many of you asked <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>On March 9<sup>th</sup>, the Azure AD team hosted its first “Ask Me Anything” (AMA) on Reddit. A bunch of us gathered in a big conference room, and even more of the team joined on a Skype call (sadly, the Skypers didn’t get any of the snacks or pizza).And so many of you asked such great questions that we learned a lot ourselves. Thank you for participating!</p> <p>If you haven’t had a chance to go through the thread yet, I recommend you <a href="http://aka.ms/azuread-reddit-ama">take a look</a>.There’s a lot of interesting and valuable information there.</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032117_0547_FirsteverAz1.jpg" /></p> <p style="text-align: center"><em>Just about to start!<br /> </em></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032117_0547_FirsteverAz2.jpg" /></p> <p style="text-align: center"><em>Everyone hard at work AMAing<br /> </em></p> <p>So how did it go? Pretty awesome! Some quick stats:</p> <ul> <li>More than <strong>50 people</strong> from our team participated, and some of our wonderful MVPs and representatives from our Microsoft partner teams joined, as well</li> <li>We had <strong>102 top-level questions</strong> (29 per hour) and <strong>449 total</strong> comments (128 per hour)</li> <li>Our post was upvoted by <strong>96% of people</strong> with a total of <strong>72 points. </strong>This compares with: <ul> <li><strong>25</strong> – average number of points for of all other /r/Azure AMAs (a <strong>284% increase</strong>!)</li> <li><strong>89%</strong> – average upvote percentage for all other /r/Azure AMAs (a <strong>7.8% increase</strong>!)</li> </ul> </li> <li>We answered <strong>99% of questions during the event</strong></li> <li>The <a href="http://aka.ms/azuread-reddit-ama">Azure AD AMA page</a> had <strong>2,586 hits</strong> in the five days surrounding the event, and is <strong>still getting 60-100 hits</strong> per day</li> </ul> <p>For questions per hour, total comment count, and response rate, we’re the new AMA champions at Microsoft.The SQL team has us beat for total number of questions, though, so we’ll definitely host another AMA in the future and try to knock them off the top. We’re looking forward to it and hope you’ll join us!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Microsoft Enterprise Mobility + Security and the Microsoft Graph API</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/#respond</comments>
<pubDate>Mon, 20 Mar 2017 19:54:11 +0000</pubDate>
<dc:creator><![CDATA[Andrew Conway]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49035</guid>
<description><![CDATA[Across the more than forty thousand customers that Enterprise Mobility + Security (EMS) serves today, theres a notable diversity in how they organize their IT resources to enable mobile productivity for their workforce. Each customer uniquely defines their mobile strategy and IT structure through a series of choices based on the strategic needs of their <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Across the more than forty thousand customers that <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/07/07/introducing-enterprise-mobility-security/">Enterprise Mobility + Security (EMS)</a> serves today, theres a notable diversity in how they organize their IT resources to enable mobile productivity for their workforce. Each customer uniquely defines their mobile strategy and IT structure through a series of choices based on the strategic needs of their business. Customers may choose to manage their mobility solutions internally while others choose to work with a managed service provider to manage on their behalf. Regardless of the structure, our goal is to enable IT to easily design processes and workflows that allow them to be more empowered and efficient.</p> <p>As the Microsoft Intune and Azure Active Directory admin experiences come together in Azure, were taking an important step forward in our ability to offer EMS customers more choices and capability. Built on the <a href="https://developer.microsoft.com/en-us/graph">Microsoft Graph API</a>, the new Intune and Azure AD experience on Azure opens a new set of possibilities for our customers and partners to simplify, automate, and integrate their workloads.</p> <p>Microsoft Graph API connects developers to the data that drives productivity mail, calendar, contacts, documents, directory, devices, and more. It serves as a single interface where Microsoft services can be reached through a set of REST APIs. With our shift to Azure and the Microsoft Graph API, customers now have the choice to manage the administration and operation of Intune and Azure AD services in the new Azure console or through the Microsoft Graph API. The scenarios that the Microsoft Graph API enable are expansive we expect the value to you and all our customers to center on three core benefits:</p> <h2>Simplicity</h2> <p>Microsoft Graph API is accessible through several platforms and tools, including REST- based API endpoints, and most popular programming and automation platforms (.NET, JS, iOS, Android, PowerShell). Resources (user, group, device, application, file) and policies can be queried through this API, and formerly difficult or complex questions can be addressed via straightforward queries. For example, you can use the Graph APIs to check the compliance state of all your Intune- managed devices and feed this data into your existing reporting system, enabling a simple, yet powerful, reporting experience across your organization.</p> <h2>Automation</h2> <p>The Microsoft Graph API allows you to connect different services and automate workflows and processes between them. For example, you could connect your HR system with the Microsoft Graph APIs to automate the provisioning of mobile devices when youre onboarding a new employee, and set up automation to retire and wipe a device as employees leave the company. If you are a service provider managing the environment of multiple customers at once, you could use these capabilities to automate the onboarding of tenants, populating them with default policies and implementing industry-specific templates. All this can be set up to happen automatically without ever opening a management console.</p> <h2>Integration</h2> <p>The Microsoft Graph API can send detailed device and application information to other IT asset management or reporting systems. You could build custom experiences which call our APIs to configure Intune and Azure AD controls and policies and unify workflows across multiple services. For example, a help desk organization might build a custom solution that incorporates Intune functionality into their console, allowing them to manage device and application policies in a unified way alongside other helpdesk tasks. You can even connect with PowerBI and other analytics services to create custom dashboards and reports based on Office 365, Intune, and Azure AD data from the Microsoft Graph API.</p> <p> </p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Graph-API-is-the-gateway-for.jpg"><img title="Microsoft Graph API is the gateway for" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Microsoft Graph API is the gateway for" src="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Graph-API-is-the-gateway-for_thumb.jpg" width="873" height="186" class="aligncenter" /></a></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/Supported-Platforms.jpg"><img title="Supported Platforms" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Supported Platforms" src="https://msdnshared.blob.core.windows.net/media/2017/03/Supported-Platforms_thumb.jpg" width="872" height="147" class="aligncenter" /></a></p> <p> </p> <p>The new <a href="https://blogs.windows.com/windowsexperience/2017/01/24/announcing-intune-education-new-windows-10-pcs-school-starting-189/#2h4ooD2KbRBHuix3.97">Intune for Education</a> experience and the OneDrive for Business console, where Intune app protection policies are now built in directly, are both great examples of new experiences that are made possible because of Intune and Azure AD being built on the Microsoft Graph API. Were also working directly with several partners who are starting to explore whats possible with our APIs in preview. Its exciting to see the ideas they come up with around how these capabilities will improve their processes and workflows, and the custom solutions they will enable.</p> <p>The Intune and Azure AD APIs are available in preview now as part of the Microsoft Graph API beta and will be generally available later in 2017.*For a closer look, check out the documentation on how to use <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview">Intune</a> and <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api">Azure Active Directory</a> APIs.</p> <hr /> <p><em>*Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use. </em></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Conditional Access “limited access” policies for SharePoint are in public preview!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/09/conditional-access-limited-access-policies-for-sharepoint-are-in-public-preview/</link>
<pubDate>Thu, 09 Mar 2017 17:00:23 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Android]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[iOS]]></category>
<category><![CDATA[Office 365]]></category>
<category><![CDATA[Security]]></category>
<category><![CDATA[SharePoint]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48725</guid>
<description><![CDATA[Howdy folks, Enabling productivity while securing data is the fine line IT pros walk today, and having the right tools to do it makes it that much easier. In the past, employees working from their personal devices was a recipe for leaked data. But not anymore! Working with the SharePoint team, we’ve created a great <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/09/conditional-access-limited-access-policies-for-sharepoint-are-in-public-preview/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Enabling productivity while securing data is the fine line IT pros walk today, and having the right tools to do it makes it that much easier. In the past, employees working from their personal devices was a recipe for leaked data.</p> <p>But not anymore! Working with the SharePoint team, we’ve created a great new feature in the conditional access experience that I think you’re going to love: the ability to limit a user’s ability to download, print and sync based on the state of their device.</p> <p>To tell you more about it, I’ve invited one of my program managers, Nitika Gupta, to write a blog, which you’ll find below. Read up, try things out, and let us know what you think!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> <p>—-</p> <p>Hi folks,</p> <p>I’m Nitika Gupta, a Program Manager in the Identity Security and Protection team at Microsoft. Today we are announcing the public preview of a feature that will enhance security for SharePoint and OneDrive access while still helping maintain productivity.</p> <p>Microsoft Intune and Azure Active Directory conditional access provides the ability to grant or block access to resources based on device state. This helps organizations ensure content doesn’t get on to a machine that isn’t encrypted, locked, secure from malware, etc. This is an important aspect of securing company data.</p> <p>Unfortunately, not all devices can be managed. Sometimes people need to work from home computers, personal devices, or shared machines that aren’t enrolled. Until now, this meant losing productivity by denying access to SharePoint altogether or allowing unsecured download of content. Because of this, IT admins struggle to find the balance when configuring policies to prevent data leakage of corporate resources while ensuring that employees remain productive.</p> <p>But what if we could have great user productivity and maintain a great security posture? That’s what the Secure, Productive Enterprise is all about and why <strong>I am thrilled to announce the public preview of the “<em>Limited Access to SharePoint and OneDrive”</em> feature!</strong> Now you can allow access to SharePoint and OneDrive from an unmanaged device by granting browser-only access with download, print, and sync disabled. Users can stay productive, and you can be assured that when they sign off, no data is leaked onto the unmanaged device.</p> <p>Let me show you how it works in Azure AD Conditional Access and SharePoint!</p> <h2>Getting started</h2> <p>Configuring limited browser-only access to SharePoint and OneDrive is an easy two-step process. See our <a href="https://aka.ms/spolimitedaccessdocs">limited access documentation</a> for more detailed instructions.</p> <ol> <li> <div>First <a href="https://portal.azure.com/">create an Azure AD Conditional access policy</a> for SharePoint that applies only to browser client apps with “use app enforced restrictions” as the session control.</div> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional1.png" /></p> <p>Tip: To prevent users from going around the browser policy and accessing resources from mobile and desktop applications on unmanaged devices, we recommend enabling Azure AD conditional access policy. This enables access from mobile and desktop apps only from a compliant or domain joined device.</li> <li>Next, go to <strong>device access </strong>in the SharePoint admin center and select the checkbox to “Allow limited access (web-only, without the Download, Print, and Sync commands)”</li> </ol> <p><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional2.png" /></p> <p>Note: It can take up to 15 minutes for policy changes to take effect.</p> <h2>End user experience</h2> <p>When accessing SharePoint and OneDrive from devices that are not compliant or domain joined, end users will see a warning banner explaining why their experience is limited.</p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional3.png" /></p> <h2>Feedback</h2> <p>We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, or tweet with the hashtag #AzureAD.</p> <p>Thanks,</p> <p>Nitika Gupta</p> <p>@_nitika_gupta</p> ]]></content:encoded>
</item>
<item>
<title>Microsoft Mechanics Video: New Conditional Access capabilities in Azure AD and Enterprise Mobility + Security!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/08/microsoft-mechanics-video-new-conditional-access-capabilities-in-azure-ad-and-enterprise-mobility-security/</link>
<pubDate>Wed, 08 Mar 2017 17:00:04 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[Multi-factor authentication]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[Security]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48585</guid>
<description><![CDATA[Howdy folks, Ive talked and written a lot about vision of Identity as the New Control Plane. This is based on the idea that as more and more of a companys digital resources live outside the corporate network, in the cloud and on devices, that a great cloud based identity system is the best way <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/08/microsoft-mechanics-video-new-conditional-access-capabilities-in-azure-ad-and-enterprise-mobility-security/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p> <p><span style="font-family: Calibri;font-size: medium">Ive talked and written a lot about vision of Identity as the New Control Plane. </span></p> <p><span style="font-family: Calibri;font-size: medium">This is based on the idea that as more and more of a companys digital resources live outside the corporate network, in the cloud and on devices, that a great cloud based identity system is the best way to maintain control over and visibility into how and when users access corporate applications and data.</span></p> <p><span style="font-family: Calibri;font-size: medium">The conditional access system in Azure AD Premium and the Enterprise Mobility + Security suite<b> </b>is the engine that makes this control plane vision a reality. It gives you, the enterprise admin, the ability to create policy based access rules for any Azure AD-connected application (SaaS apps, custom apps running in the cloud or on-premises web applications). Azure AD evaluates these policies in real-time, and enforces them whenever a user attempts to access an application. </span></p> <p><span style="font-family: Calibri;font-size: medium">Simon May and I just filmed a short ~10 minute video for On Microsoft Mechanics, where we discuss Azure ADs Conditional Access system and the many improvements weve made recently which youll find below. In the video I demonstrated the improved user experience, how company data is protected without impacting productivity and the improvements weve made to the IT admin experience.</span></p> <p><iframe width="560" height="315" src="https://www.youtube.com/embed/A7IrxAH87wc" frameborder="0" allowfullscreen></iframe> <p><b><span style="font-family: Calibri;font-size: medium">Contextual controls and the unified administration experience</span></b></p> <p><span style="font-family: Calibri;font-size: medium">One of the biggest improvements weve made is an expanded set of contextual controls so you can adjust user access based on type of app, specific user permissions, where the app is accessed from, and if the user is using a compliant device. </span></p> <p><span style="font-family: Calibri;font-size: medium">Weve also made it easier to implement these controls with the new unified administration experience in the Azure Portal, which provides an all-in-one admin experience across Azure AD and Microsoft Intune. </span></p> <p><span style="font-family: Calibri;font-size: medium">Now you can establish multiple policies per app, share policies across applications, or set default policies globally for your whole tenant. And when you set risk-based conditional access controls, machine learning will be continuously safeguarding access to your apps and data in real-time.</span></p> <p><span style="font-family: Calibri;font-size: medium">Check out todays show to see these capabilities in action, </span><a href="https://microsoft.com/Conditional-Access"><span style="font-family: Calibri;font-size: medium">try it out for yourself</span></a><span style="font-family: Calibri;font-size: medium">, and learn more on our </span><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps"><span style="font-family: Calibri;font-size: medium">documentation page.</span></a><span style="font-family: Calibri;font-size: medium"> And, as always, let us know what you think! Were listening.</span></p> <p><span style="font-family: Calibri;font-size: medium">Best regards,</span></p> <p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: </span><a href="https://twitter.com/Alex_A_Simons"><span style="font-family: Calibri;font-size: medium">@Alex_A_Simons</span></a><span style="font-family: Calibri;font-size: medium">)</span></p> <p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p> <p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p> ]]></content:encoded>
</item>
<item>
<title>The final push to GA Azure AD in new Azure Portal: We need your help!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/07/the-final-push-to-ga-azure-ad-in-new-azure-portal-we-need-your-help/</link>
<pubDate>Tue, 07 Mar 2017 18:25:53 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48555</guid>
<description><![CDATA[Howdy folks, Last September we shared the first preview of the new administration experience for Azure Active Directory in the new Azure portal. Since then, we’ve added lots of new functionality, including reporting, app management, conditional access, B2B, and licensing. Many of you are using the new experience regularly in fact, over half a <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/07/the-final-push-to-ga-azure-ad-in-new-azure-portal-we-need-your-help/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Last September we shared the first <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/the-azuread-admin-experience-in-the-new-azure-portal-is-now-in-public-preview/">preview of the new administration experience</a> for Azure Active Directory in the new Azure portal. Since then, we’ve added lots of new functionality, including <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/08/azuread-weve-just-turned-on-detailed-auditing-and-sign-in-logs-in-the-new-azure-portal/">reporting</a>, <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/">app management</a>, <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/">conditional access</a>, <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/01/azure-ad-b2b-new-updates-make-cross-business-collab-easy/">B2B</a>, and <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/">licensing</a>.</p> <p>Many of you are using the new experience regularly in fact, over half a million of you are using it, from almost every country in the world, with usage increasing by about 25% each month. We appreciate all your positive feedback, and love the constructive feedback that’s helped us make an even stronger product. But there are still a LOT of you using the old portal.</p> <p>Late last week we turned on the another set of feature updates, and the new experience now has all of the features identity admins frequently use. With that update, we’ve entered our final push to GA the UX in the next ~60 days.</p> <p><span style="text-decoration: underline"><strong>And that’s where we need your help</strong></span> : We need <span style="text-decoration: underline">everyone</span> to move over to using the new portal for production tasks so we can uncover any last minute lingering issues.</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030717_1819_Thefinalpus1.jpg" /></p> <p style="text-align: center"><a href="http://portal.azure.com"><span style="font-size: 8pt"><em>http://portal.azure.com</em></span></a><span style="font-size: 8pt"><em><br /> </em></span></p> <h1>What to expect</h1> <p>We took the opportunity of redesigning this experience to optimize some of our features, so you might not immediately recognize everything in the new portal. For example, since reporting is a key part of the value of Azure AD, we’ve made activity information more accessible and powerful. We’ve has written a <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-migration">helpful article</a> to help you transition to the new model.</p> <p>There are other differences, too. Some functionality that was part of Azure AD in the classic portal will be integrated differently in the future. Azure Rights Management Services has matured into <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/04/azure-information-protection-is-now-generally-available/">Azure Information Protection</a>. We’ve previously shared the plans for <a href="https://blogs.technet.microsoft.com/enterprisemobility/2015/02/12/the-future-of-azure-acs-is-azure-active-directory/">Access Control Namespaces</a>.</p> <p>We also have a few features we’re still transitioning: Azure Active Directory Domain Services, MFA provider management, schema editing for provisioned apps, and a few reports including enterprise state roaming status, invitation summary, unlicensed usage, and MIM hybrid reports.</p> <h1>Let us know what you think!</h1> <p>Over the next month or so, as we work to make Azure Active Directory generally available in the new Azure portal, we’ll be completing transition of the last few features, ironing out some usability issues, fixing any bugs we find, and responding to your feedback. But even when we GA, we’re not going to stop. We’ll continue to work to make the experience of administering Azure Active Directory richer, more streamlined, and efficient, and we appreciate your help. Send us your feedback in the ‘Admin Portal’ section of our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal">feedback forum</a>.</p> <p>Best Regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
</item>
<item>
<title>First ever Azure AD Ask Me Anything (AMA)! March 9th, 10am – 1pm Pacific</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/#comments</comments>
<pubDate>Thu, 02 Mar 2017 16:34:06 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48325</guid>
<description><![CDATA[Howdy folks, I’m excited to announce that we’re going to host our first ever Azure AD Ask Me Anything session! When: March 9, 2017 from 10:00 am to 1:00 pm Pacific Time. You’ll be able to access the AAD AMA when it goes live on March 8. What’s an AMA session? We’ll have folks from <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Segoe UI;font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">I’m excited to announce that we’re going to host our first ever Azure AD Ask Me Anything session!<br /> </span></p> <h1>When:</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt"><strong>March 9, 2017</strong> from <strong>10:00 am</strong> to <strong>1:00 pm</strong><br /> <strong>Pacific Time. </strong>You’ll be able to access the <a href="http://aka.ms/azuread-reddit-ama">AAD AMA</a> when it goes live on March 8.<br /> </span></p> <h1>What’s an AMA session?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">We’ll have folks from across the Azure Active Directory Engineering team available to answer any questions you have. You can ask us anything about our products, services, or even our team!<br /> </span></p> <h1>Why are we doing an AMA?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">As you know, we love learning from our customers and the overall identity community. We want to know how you use Azure Active Directory and how your experience has been using it. Your questions provide insights into how we can make the service better.<br /> </span></p> <h1>Who will be there?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">Well, first we really hope you’ll be there! We’ll have a broad set of Program Managers and Developers from the Azure Active Directory team participating throughout the day.<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Go ahead, ask us anything about our public products or the team. But please note, we cannot comment on unreleased features and future plans.<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">So head over to the <a href="http://aka.ms/azuread-reddit-ama">Azure Active Directory AMA</a><span style="color: #505050"><br /> </span>on March 9!<span style="text-decoration: underline"><br /> </span>We’re looking forward to having a conversation with you!<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Best Regards,<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a><span style="color: #505050">)<br /> </span></span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Microsoft Identity Division</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>#AzureAD Connect Health: Monitoring for Windows Server AD DS and Sync Error Reports are GA + simplified licensing</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/</link>
<pubDate>Mon, 27 Feb 2017 17:00:15 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Domain Controller]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[On-Prem]]></category>
<category><![CDATA[Public Preview]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48066</guid>
<description><![CDATA[Howdy folks, It’s a big day for Azure AD! I’m happy to let you know that: Azure AD Connect Health for Windows Server AD DS is now GA! Azure AD Connect Health Sync Error Reports is now GA! Based onyour feedback, we’vesimplified the Azure AD Connect Health licensing model. I’ve invited two program managers from <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">It’s a big day for Azure AD! I’m happy to let you know that:<br /> </span></p> <ul style="margin-left: 38pt"> <li><span style="font-size: 12pt">Azure AD Connect Health for Windows Server AD DS is now GA!<br /> </span></li> <li><span style="font-size: 12pt">Azure AD Connect Health Sync Error Reports is now GA!<br /> </span></li> <li><span style="font-size: 12pt">Based onyour feedback, we’vesimplified the Azure AD Connect Health licensing model.<br /> </span></li> </ul> <p><span style="font-size: 12pt">I’ve invited two program managers from my team, Varun Karandikar and Arturo Lucatero, to give you all the details here. Their blog is below.<br /> </span></p> <p><span style="font-size: 12pt">As you read through these updates and begin exploring, share your feedback with us. We’re always listening!<br /> </span></p> <p><span style="font-size: 12pt">Best regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> <p><span style="font-size: 12pt">—-<br /> </span></p> <p><span style="font-size: 12pt">Hello everyone,<br /> </span></p> <p><span style="font-size: 12pt">We couldn’t be more thrilled to share the latest updates on Azure AD Connect Health with you! Before we get started, we’d recommend that if you haven’t tried this service yet, you really should! Please visit our <a href="http://aka.ms/aadchdocs">documentation</a> page, and <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health">give it a try</a>! (Note: Azure AD Connect Health requires Azure AD Premium licenses)<br /> </span></p> <p><span style="font-size: 13pt"><strong>General Availability of Connect Health for Windows Server AD</strong><br /> </span></p> <p><span style="font-size: 12pt">You can now monitor your on-premises Active Directory (AD DS) infrastructure from the cloud using Connect Health for AD DS!<br /> </span></p> <p><span style="font-size: 12pt">In the six months Connect Health for AD DS lived in preview, we received all kinds of feedback from the community. You told us about areas that needed polishing, capabilities that were working well, and new features you would like to see included. Your feedback has been invaluable in helping us improve our offering and get to general availability status.<br /> </span></p> <p><span style="font-size: 12pt">Here are some of the updates we made during the preview:<br /> </span></p> <ul> <li><span style="font-size: 12pt">The Domain Controllers dashboard contains more information. Adding OS Name was one of the most popular requests we received.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn1.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Support for monitoring Read Only Domain Controllers & identifying RODCs in the Domain Controllers dashboard.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn2.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Big performance improvements to the portal. The main dashboards load ten times faster, leading to a smooth experience for forests with 100+ Domain Controllers.<br /> </span></li> <li><span style="font-size: 12pt">A new entry point to the Performance Monitors Collection. Now you can easily pin the monitors collection to your Azure dashboard.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn3.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Alert coverage for all the essential services running on your DCs. If an essential service like Kerberos Key Distribution Center or Netlogon stops, you will quickly be notified about it.<br /> </span></li> <li><span style="font-size: 12pt">Refinements to existing alerts to minimize noisy notifications. Improving the detection logic of alerts is highly important and something we’re always investing in.<br /> </span></li> </ul> <p><span style="font-size: 12pt">On behalf of the entire Connect Health team, we thank everyone who has deployed this feature, reported issues, and sent feedback, and we encourage others to do the same!<br /> </span></p> <p><span style="font-size: 13pt"><strong>General Availability of Sync Error Reports<br /> </strong></span></p> <p><span style="font-size: 12pt">You may encounter <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-troubleshoot-sync-errors/">Object Level Sync Errors</a> while syncing data from your on-premises AD to Azure AD. With the <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-sync">Sync Error Reports within Azure AD Connect Health for Sync</a> it’s now easy to get all the relevant information about sync errors in one place. This reduces the time required to fix errors and helps your users embrace the cloud.<br /> </span></p> <p><span style="font-size: 12pt">The Sync Error Reports are now generally available to all Azure AD Premium customers using Azure AD Connect (version 1.1.281.0 or higher). Here are a few key points to note about them:<br /> </span></p> <ul> <li><span style="font-size: 12pt">Provide an overview of errors based on error type and root cause.<br /> </span></li> <li><span style="font-size: 12pt">Allow you to download the report with all errors as a single CSV.<br /> </span></li> <li><span style="font-size: 12pt">Make it easy to understand the root cause and steps to fix the error.<br /> </span></li> <li><span style="font-size: 12pt">Side-by-side comparison of objects for errors due to duplicates.<br /> </span></li> <li><span style="font-size: 12pt">Allow you to delegate report access to users who are not global admins via Role Based Access Control.<br /> </span></li> <li><span style="font-size: 12pt">Provide weekly email notifications.<br /> </span></li> </ul> <p><span style="font-size: 12pt"> Here’s a demo of the report available in the new Azure Portal:<br /> </span></p> <p><span><iframe width="960" height="540" src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Monitor-sync-errors-with-Azure-Active-Directory-Connect-Health/player" allowfullscreen="allowfullscreen" frameborder="0"></iframe></span></p> <p><span style="font-size: 13pt"><strong>Licensing Update<br /> </strong></span></p> <p><span style="font-size: 12pt">We also heard your feedback regarding our licensing model and that it was complicated to understand and to manage. In response, we made the following changes to make it simpler:<br /> </span></p> <ul> <li><span style="font-size: 12pt">First Connect Health agent requires at least one Azure AD Premium license.<br /> </span></li> <li><span style="font-size: 12pt">Each additional agent requires 25 additional incremental AADP licenses.<br /> </span></li> <li><span style="font-size: 12pt">Agent count is equivalent to the total number of agents registered per role (AD FS, Azure AD Connect, AD DS) per server. <strong><br /> </strong></span></li> </ul> <p><span style="font-size: 12pt">You can also find this information on the <a href="https://azure.microsoft.com/en-us/pricing/details/active-directory/">Azure AD Pricing page</a>. <strong><br /> </strong></span></p> <p><span style="font-size: 12pt">Congratulations! You are officially caught up with Azure AD Connect Health news.<br /> </span></p> <p><span style="font-size: 12pt">Now it’s time for that last request: please share your thoughts on Azure AD Connect Health! Comments, questions, and suggestions are strongly encouraged and extremely important to us. Post below, in our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/165591-azure-ad-connect-health">discussion forum</a>, or send us a note at <a href="askaadconnecthealth@microsoft.com">askaadconnecthealth@microsoft.com</a>. We look forward to hearing from you.<br /> </span></p> <p><span style="font-size: 12pt">Thanks for reading!<br /> </span></p> <p><span style="font-size: 12pt">– <a href="https://twitter.com/varundikar">Varun</a>, <a href="https://twitter.com/arlucaid">Arturo</a> and The Azure AD Connect Health Team</span></p> ]]></content:encoded>
</item>
<item>
<title>#AzureAD now supports Federated SSO and Provisioning with Slack</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/#comments</comments>
<pubDate>Thu, 23 Feb 2017 17:00:16 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47955</guid>
<description><![CDATA[Howdy folks, We have a very cool integration to announce today: Azure AD now supports both automated user provisioning and federated single sign-on to Slack! With this integration, businesses can now use Azure AD to automatically provision and manage employee access to Slack, based on things like group membership or account status. In addition to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">We have a very cool integration to announce today: Azure AD now supports both automated user provisioning and federated single sign-on to <a href="https://slack.com/">Slack</a>!<br /> </span></p> <p><span style="font-size: 12pt">With this integration, businesses can now use Azure AD to automatically provision and manage employee access to Slack, based on things like group membership or account status. In addition to provisioning user accounts, Azure AD can also create and manage groups inside of Slack, based on groups in Azure AD and Active Directory.<br /> </span></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022317_0711_AzureADnows1.png" /><span style="font-size: 12pt"><br /> </span></p> <p><span style="font-size: 12pt">As one of the featured apps in the Azure AD app gallery, Azure AD also supports fully-federated single sign-on with Slack, in addition to an easy click-through setup for admins.<br /> </span></p> <p><span style="font-size: 12pt">See our documentation for more information on <a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-slack-provisioning-tutorial&data=02%7C01%7Casmalser%40microsoft.com%7Cb60f91042ef246b4e03508d450e7a2bb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636222403196204559&sdata=wEMfIl4Ux99I8agtL3VuK3H6gqQFHrQ9WutyftKW0dY%3D&reserved=0">setting up user provisioning between Azure AD and Slack</a>. The Azure AD Integration is available for customers on Slack’s Plus plan or those using their recently-announced Enterprise Grid product.<br /> </span></p> <p><span style="font-size: 12pt">We’d like to thank the Slack team for their great partnership and support in delivering this integration, and look forward to continuing our work with them to deliver great experiences for our mutual customers!<br /> </span></p> <p><span style="font-size: 12pt">Let us know what you think about this integration! Leave us your comments at the end of this post or reach out to us on Twitter. We’re always listening.<br /> </span></p> <p><span style="font-size: 12pt">Best regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>Announcing the public preview of Azure AD group-based license management for Office 365 (and more)!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/#comments</comments>
<pubDate>Wed, 22 Feb 2017 17:00:00 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Exchange]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Office 365]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47795</guid>
<description><![CDATA[Howdy folks, One of the toprequests we hear fromAzure AD and Office 365is forrichertoolsto manage licenses for Microsoft Online Serviceslike Office 365 and the Enterprise Mobility + Security. Admins need easier tools to control who gets a product license and which services are enabled. Some customers have even had todelay service roll-outsas they struggled to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>One of the toprequests we hear fromAzure AD and Office 365is forrichertoolsto manage licenses for Microsoft Online Serviceslike Office 365 and the Enterprise Mobility + Security. Admins need easier tools to control who gets a product license and which services are enabled. Some customers have even had todelay service roll-outsas they struggled to find a reliable solution that works at scale.</p> <p>Today, were happy to be able to fulfill this request by announcing the public preview of a much-anticipated new capability in Azure AD: group-based license management! With this new feature you can define a license templateand assignit to asecurity group in Azure AD. Azure AD willautomatically assign and remove licenses as users join and leave the group.</p> <p>This preview also includes the highly-requested ability to selectively disable service components in product licenses, making it possible to stage the deployment of large service suites such as Office 365 Enterprise E5.</p> <p>Keep reading to get an overview of this new capability, or dive straight into our <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-portal">detailed documentation</a>.</p> <h2>Overview</h2> <p>Here are a few key facts about group-based license management:</p> <ul> <li>Licenses can be assignedusing any security group in Azure AD, whether synced from on-premises or created directly in Azure AD.</li> <li>All Microsoft Online Services that require user-level licensing are supported.</li> <li>The administrator can disable one or more servicecomponents when assigning a license to a group. This allows staged deployments of rich products like Office 365 Enterprise E5 at scale.</li> <li>The feature is only available in the <a target="_blank" href="https://portal.azure.com/">Azure portal</a>.</li> <li>Licenses are typically added or removed within minutes of a user joining or leaving a group.</li> </ul> <p>There are more details below, or, if youre ready to dig in, just jump straight into our <a target="_blank" href="https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products">new license management experience in the Azure portal</a>. Thats right, no more going back to the classic portal to license your EMS or Azure AD users! If youre not using Azure AD Basic or above, <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">sign up for a trial</a>.</p> <h2>Easily assign licenses to many users</h2> <p>To <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-assignment-azure-portal">assign a license</a>, just choose an individual user or a group. In the example below, Im rolling out the Office 365 Enterprise E3 suite to all information workers in the organization. Since Im doing a staged rollout, I will initially enable only a handful of online services in the suite:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL1.png"><img width="610" height="223" title="AAD_CBL1" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL1" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL1_thumb.png" border="0" /></a></p> <p>After all users in the group are processed they will inherit licenses from the Information Workers group.</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL2.png"><img width="610" height="225" title="AAD_CBL2" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL2" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL2_thumb.png" border="0" /></a></p> <p>From now on, any newly added group members will be licensed, and when they leave the group the license will be removed from them. You can do more cool things with this, like have users inherit licenses from multiple groups at the same time. <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced">Check out this article</a> to learn more about how this functionality works.</p> <h2>Automate even more with dynamic group membership</h2> <p>If you have an Azure AD Premium P1 subscription you can combine dynamic group membership with license management to create an automated license management flow.</p> <p>Here is an example of two groups that look at extensionAttribute1 and assign licenses based on its value:</p> <p><em>“O365 E5 base services”</em></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL3.png"><img width="610" height="164" title="AAD_CBL3" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL3" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL3_thumb.png" border="0" /></a></p> <p><em>“EMS E5 licensed users”</em></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL4.png"><img width="610" height="164" title="AAD_CBL4" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL4" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL4_thumb.png" border="0" /></a></p> <p>A user with attribute value of <em>EMS;E5_baseservices;</em> automatically inherits both licenses:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL5.png"><img width="610" height="192" title="AAD_CBL5" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL5" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL5_thumb.png" border="0" /></a></p> <p>This functionality keeps you from having to write and maintain scripts to manage licenses and group memberships. All the heavy lifting is done in the cloud, by Azure AD!</p> <p>Find out more about <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced#group-based-licensing-using-dynamic-groups">how to use these features</a>.</p> <h2>Let your users sign up for licenses!</h2> <p>As the admin, you control license assignment in Azure AD, but you can choose to open a group for users so you dont have to be involved in managing a certain product, like Power BI (free).</p> <p>With Azure AD Premium P1, you can use the <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-self-service-group-management">powerful self-service management features</a> directly in the cloud to let users decide if they need product licenses by requesting to join a group.</p> <h2>How can I try it?</h2> <p>Visit the <a target="_blank" href="https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products">Azure portal</a> and give the license management experience a try!</p> <p>While group-based license management is in public preview you will need an active subscription for Azure AD Basic (or above) in your tenant to assign licenses to groups. If you dont have one, just <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">sign up for an Enterprise Mobility + Security trial</a>. Later, when this functionality becomes generally available it will be included in Office 365 Enterprise E3 and similar products.</p> <p>As with all previews there are some limits to what we currently support. You can find details about those limitations in our <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced#limitations-and-known-issues">documentation</a>, which we will be updating consistently as things change.</p> <p>Let us know what you think by leaving a comment below or emailing the Azure AD License Management team. We look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a target="_blank" href="http://twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/feed/</wfw:commentRss>
<slash:comments>37</slash:comments>
</item>
</channel>
</rss>
