Simplify management of apps & devices

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Microsoft Intune &#8211; Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Fri, 24 Mar 2017 17:45:23 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>Microsoft Enterprise Mobility + Security and the Microsoft Graph API</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/#respond</comments> <pubDate>Mon, 20 Mar 2017 19:54:11 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49035</guid> <description><![CDATA[Across the more than forty thousand customers that Enterprise Mobility + Security (EMS) serves today, theres a notable diversity in how they organize their IT resources to enable mobile productivity for their workforce. Each customer uniquely defines their mobile strategy and IT structure through a series of choices based on the strategic needs of their <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Across the more than forty thousand customers that <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/07/07/introducing-enterprise-mobility-security/">Enterprise Mobility + Security (EMS)</a> serves today, theres a notable diversity in how they organize their IT resources to enable mobile productivity for their workforce. Each customer uniquely defines their mobile strategy and IT structure through a series of choices based on the strategic needs of their business. Customers may choose to manage their mobility solutions internally while others choose to work with a managed service provider to manage on their behalf. Regardless of the structure, our goal is to enable IT to easily design processes and workflows that allow them to be more empowered and efficient.</p>&#10;<p>As the Microsoft Intune and Azure Active Directory admin experiences come together in Azure, were taking an important step forward in our ability to offer EMS customers more choices and capability. Built on the <a href="https://developer.microsoft.com/en-us/graph">Microsoft Graph API</a>, the new Intune and Azure AD experience on Azure opens a new set of possibilities for our customers and partners to simplify, automate, and integrate their workloads.</p>&#10;<p>Microsoft Graph API connects developers to the data that drives productivity mail, calendar, contacts, documents, directory, devices, and more. It serves as a single interface where Microsoft services can be reached through a set of REST APIs. With our shift to Azure and the Microsoft Graph API, customers now have the choice to manage the administration and operation of Intune and Azure AD services in the new Azure console or through the Microsoft Graph API. The scenarios that the Microsoft Graph API enable are expansive we expect the value to you and all our customers to center on three core benefits:</p>&#10;<h2>Simplicity</h2>&#10;<p>Microsoft Graph API is accessible through several platforms and tools, including REST- based API endpoints, and most popular programming and automation platforms (.NET, JS, iOS, Android, PowerShell). Resources (user, group, device, application, file) and policies can be queried through this API, and formerly difficult or complex questions can be addressed via straightforward queries. For example, you can use the Graph APIs to check the compliance state of all your Intune- managed devices and feed this data into your existing reporting system, enabling a simple, yet powerful, reporting experience across your organization.</p>&#10;<h2>Automation</h2>&#10;<p>The Microsoft Graph API allows you to connect different services and automate workflows and processes between them. For example, you could connect your HR system with the Microsoft Graph APIs to automate the provisioning of mobile devices when youre onboarding a new employee, and set up automation to retire and wipe a device as employees leave the company. If you are a service provider managing the environment of multiple customers at once, you could use these capabilities to automate the onboarding of tenants, populating them with default policies and implementing industry-specific templates. All this can be set up to happen automatically without ever opening a management console.</p>&#10;<h2>Integration</h2>&#10;<p>The Microsoft Graph API can send detailed device and application information to other IT asset management or reporting systems. You could build custom experiences which call our APIs to configure Intune and Azure AD controls and policies and unify workflows across multiple services. For example, a help desk organization might build a custom solution that incorporates Intune functionality into their console, allowing them to manage device and application policies in a unified way alongside other helpdesk tasks. You can even connect with PowerBI and other analytics services to create custom dashboards and reports based on Office 365, Intune, and Azure AD data from the Microsoft Graph API.</p>&#10;<p>&nbsp;</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Graph-API-is-the-gateway-for.jpg"><img title="Microsoft Graph API is the gateway for" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Microsoft Graph API is the gateway for" src="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Graph-API-is-the-gateway-for_thumb.jpg" width="873" height="186" class="aligncenter" /></a></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/Supported-Platforms.jpg"><img title="Supported Platforms" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Supported Platforms" src="https://msdnshared.blob.core.windows.net/media/2017/03/Supported-Platforms_thumb.jpg" width="872" height="147" class="aligncenter" /></a></p>&#10;<p>&nbsp;</p>&#10;<p>The new <a href="https://blogs.windows.com/windowsexperience/2017/01/24/announcing-intune-education-new-windows-10-pcs-school-starting-189/#2h4ooD2KbRBHuix3.97">Intune for Education</a> experience and the OneDrive for Business console, where Intune app protection policies are now built in directly, are both great examples of new experiences that are made possible because of Intune and Azure AD being built on the Microsoft Graph API. Were also working directly with several partners who are starting to explore whats possible with our APIs in preview. Its exciting to see the ideas they come up with around how these capabilities will improve their processes and workflows, and the custom solutions they will enable.</p>&#10;<p>The Intune and Azure AD APIs are available in preview now as part of the Microsoft Graph API beta and will be generally available later in 2017.*For a closer look, check out the documentation on how to use <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview">Intune</a> and <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api">Azure Active Directory</a> APIs.</p>&#10;<hr />&#10;<p><em>*Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use. </em></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Microsoft Teams is now generally available &#8212; and MAM enabled on iOS and Android!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/14/microsoft-teams-is-now-generally-available-and-mam-enabled-on-ios-and-android/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/14/microsoft-teams-is-now-generally-available-and-mam-enabled-on-ios-and-android/#respond</comments> <pubDate>Tue, 14 Mar 2017 15:30:00 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[MAM]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48785</guid> <description><![CDATA[Great news &#8211; today Microsoft announced the general availability of Microsoft Teams! Were excited to share this huge milestone and announce that the updated Microsoft Teams apps are now enabled with Intune MAM capabilities, so you can empower your teams to work freely across devices, while ensuring that conversations and corporate data is protected at <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/14/microsoft-teams-is-now-generally-available-and-mam-enabled-on-ios-and-android/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Great news &#8211; today Microsoft announced the <a href="https://blogs.office.com/2017/03/14/microsoft-teams-rolls-out-to-office-365-customers-worldwide/">general availability of Microsoft Teams</a>! Were excited to share this huge milestone and announce that the updated Microsoft Teams apps are now enabled with Intune MAM capabilities, so you can empower your teams to work freely across devices, while ensuring that conversations and corporate data is protected at every turn. The Microsoft Teams apps supports the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/create-and-deploy-mobile-app-management-policies-with-microsoft-intune">Intune MAM app-level data protection</a> with or without MDM device enrollment. Look for them in the <a href="https://play.google.com/store/apps/details?id=com.microsoft.teams">Google Play</a> and <a href="https://itunes.apple.com/us/app/microsoft-teams/id1113153706?mt=8">iOS App</a> stores today.Support for Microsoft Teams in the Intune admin console is currently being rolled out.</p>&#10;<p>Microsoft Teams is a chat-based workspace in Office 365 that brings together people, conversations, and content in a fresh new way that takes the work out of collaboration and makes it easy for teams to stay on the same page and achieve more. Microsoft Teams goes way beyond chat, giving you easy access to the tools your people depend on everyday Word, Excel, PowerPoint, OneNote, SharePoint and Power BI &#8211; are all built-in, so youre never more than a click away from getting things done. And its customizable, allowing you to create a workspace that fits the unique needs of every team.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Teams.png"><img title="Microsoft Teams" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Microsoft Teams" src="https://msdnshared.blob.core.windows.net/media/2017/03/Microsoft-Teams_thumb.png" width="771" height="435" class="aligncenter" /></a></p>&#10;<p>With the Teams apps for iOS and Android, work gets done anywhere &#8211;you can collaborate with partners and contribute to projects, even on the go.</p>&#10;<p><a href="https://technet.microsoft.com/en-us/library/mt627825.aspx">Heres a great article</a> if youre looking for more details on Intune MAM policies. Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats new in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p>&#10;<h3>Additional Resources</h3>&#10;<ul>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></li>&#10;<li><a href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></li>&#10;</ul>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/14/microsoft-teams-is-now-generally-available-and-mam-enabled-on-ios-and-android/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Conditional Access “limited access” policies for SharePoint are in public preview!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/09/conditional-access-limited-access-policies-for-sharepoint-are-in-public-preview/</link> <pubDate>Thu, 09 Mar 2017 17:00:23 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Android]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[Identity-driven Security]]></category> <category><![CDATA[iOS]]></category> <category><![CDATA[Office 365]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[SharePoint]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48725</guid> <description><![CDATA[Howdy folks, Enabling productivity while securing data is the fine line IT pros walk today, and having the right tools to do it makes it that much easier. In the past, employees working from their personal devices was a recipe for leaked data. But not anymore! Working with the SharePoint team, we&#8217;ve created a great <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/09/conditional-access-limited-access-policies-for-sharepoint-are-in-public-preview/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Enabling productivity while securing data is the fine line IT pros walk today, and having the right tools to do it makes it that much easier. In the past, employees working from their personal devices was a recipe for leaked data.</p>&#10;<p>But not anymore! Working with the SharePoint team, we&#8217;ve created a great new feature in the conditional access experience that I think you&#8217;re going to love: the ability to limit a user&#8217;s ability to download, print and sync based on the state of their device.</p>&#10;<p>To tell you more about it, I&#8217;ve invited one of my program managers, Nitika Gupta, to write a blog, which you&#8217;ll find below. Read up, try things out, and let us know what you think!</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;<p>&#8212;-</p>&#10;<p>Hi folks,</p>&#10;<p>I&#8217;m Nitika Gupta, a Program Manager in the Identity Security and Protection team at Microsoft. Today we are announcing the public preview of a feature that will enhance security for SharePoint and OneDrive access while still helping maintain productivity.</p>&#10;<p>Microsoft Intune and Azure Active Directory conditional access provides the ability to grant or block access to resources based on device state. This helps organizations ensure content doesn&#8217;t get on to a machine that isn&#8217;t encrypted, locked, secure from malware, etc. This is an important aspect of securing company data.</p>&#10;<p>Unfortunately, not all devices can be managed. Sometimes people need to work from home computers, personal devices, or shared machines that aren&#8217;t enrolled. Until now, this meant losing productivity by denying access to SharePoint altogether or allowing unsecured download of content. Because of this, IT admins struggle to find the balance when configuring policies to prevent data leakage of corporate resources while ensuring that employees remain productive.</p>&#10;<p>But what if we could have great user productivity and maintain a great security posture? That&#8217;s what the Secure, Productive Enterprise is all about and why <strong>I am thrilled to announce the public preview of the &#8220;<em>Limited Access to SharePoint and OneDrive&#8221;</em> feature!</strong> Now you can allow access to SharePoint and OneDrive from an unmanaged device by granting browser-only access with download, print, and sync disabled. Users can stay productive, and you can be assured that when they sign off, no data is leaked onto the unmanaged device.</p>&#10;<p>Let me show you how it works in Azure AD Conditional Access and SharePoint!</p>&#10;<h2>Getting started</h2>&#10;<p>Configuring limited browser-only access to SharePoint and OneDrive is an easy two-step process. See our <a href="https://aka.ms/spolimitedaccessdocs">limited access documentation</a> for more detailed instructions.</p>&#10;<ol>&#10;<li>&#10;<div>First <a href="https://portal.azure.com/">create an Azure AD Conditional access policy</a> for SharePoint that applies only to browser client apps with &#8220;use app enforced restrictions&#8221; as the session control.</div>&#10;<p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional1.png" /></p>&#10;<p>Tip: To prevent users from going around the browser policy and accessing resources from mobile and desktop applications on unmanaged devices, we recommend enabling Azure AD conditional access policy. This enables access from mobile and desktop apps only from a compliant or domain joined device.</li>&#10;<li>Next, go to <strong>device access </strong>in the SharePoint admin center and select the checkbox to &#8220;Allow limited access (web-only, without the Download, Print, and Sync commands)&#8221;</li>&#10;</ol>&#10;<p><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional2.png" /></p>&#10;<p>Note: It can take up to 15 minutes for policy changes to take effect.</p>&#10;<h2>End user experience</h2>&#10;<p>When accessing SharePoint and OneDrive from devices that are not compliant or domain joined, end users will see a warning banner explaining why their experience is limited.</p>&#10;<p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/030917_0059_Conditional3.png" /></p>&#10;<h2>Feedback</h2>&#10;<p>We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, or tweet with the hashtag #AzureAD.</p>&#10;<p>Thanks,</p>&#10;<p>Nitika Gupta</p>&#10;<p>@_nitika_gupta</p>&#10;]]></content:encoded> </item> <item> <title>Update 1702 for Configuration Manager Technical Preview Branch – Available Now!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/update-1702-for-configuration-manager-technical-preview-branch-available-now/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/update-1702-for-configuration-manager-technical-preview-branch-available-now/#comments</comments> <pubDate>Mon, 27 Feb 2017 19:00:42 +0000</pubDate> <dc:creator><![CDATA[Yvette OMeally]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47535</guid> <description><![CDATA[Hello everyone! We are happy to let you know that update 1702 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/update-1702-for-configuration-manager-technical-preview-branch-available-now/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Hello everyone! We are happy to let you know that update 1702 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features include:</p>&#10;<ul>&#10;<li><strong>Azure Active Directory Domain Services support </strong> You can install a ConfigMgr site on an Azure virtual machine that is connected to <a href="https://go.microsoft.com/fwlink/?linkid=842178"><u>Azure Active Directory Domain Services</u></a>, and use the site to manage other Azure virtual machines connected to the same domain.</li>&#10;<li><strong>Improvements for in-console search </strong> Based on User Voice feedback, we have added several improvements to in-console search, including searching by Object Path, preservation of search text and preservation of your decision to search sub-nodes.</li>&#10;<li><strong>Windows Update for Business integration </strong> You can now implement Windows Update for Business assessment results as part of Conditional Access compliance policy conditional rules.</li>&#10;<li><strong>Customize high-risk deployment warning </strong> You can now customize the Software Center warning when running a high-risk deployment, such as a task sequence to install a new operating system. The default string regarding data may not apply in scenarios like in-place upgrade.</li>&#10;<li><strong>Close executable files at the deadline when they would block application installation</strong> &#8211; If executable files are listed on the Install Behavior tab for a deployment type and the application is deployed to a collection as required, then a more intrusive notification experience is provided to inform the user, and the specified executable files will be closed automatically at the deadline.</li>&#10;</ul>&#10;<p>This release also includes the following improvements for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:</p>&#10;<ul>&#10;<li><strong>Non-Compliant Apps Compliance Settings </strong>&#8211; Add iOS and Android applications to a non-compliant apps rule in a compliance policy to trigger conditional access if the devices have those applications installed.</li>&#10;<li><strong>PFX Certificate Creation and Distribution and S/MIME Support</strong> &#8211; Admins can create and deploy PFX certificates to users. These certificates can then be used for S/MIME encryption and decryption by devices that the user has enrolled.</li>&#10;<li><strong>Android for Work Support </strong>&#8211; You can now manage <a href="https://enterprise.google.com/android/"><u>Android for Work</u></a> devices. This enables you to enroll devices, approve and deploy apps, and configure policies for Android for Work devices.</li>&#10;</ul>&#10;<p>Update 1702 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1610 baseline version of Configuration Manager Technical Preview Branch <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview"><u>available on TechNet Evaluation Center</u></a>.</p>&#10;<p>We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback"><u>Connect</u></a>. If theres a new feature or enhancement you want us to consider for future updates, please use the <a href="http://configurationmanager.uservoice.com/"><u>Configuration Manager UserVoice site</u></a>.</p>&#10;<p>Thanks,</p>&#10;<p>The System Center Configuration Manager team</p>&#10;<p><strong>Configuration Manager Resources:</strong></p>&#10;<p><a href="https://docs.microsoft.com/sccm/core/get-started/technical-preview"><u>Documentation for System Center Configuration Manager Technical Previews </u></a></p>&#10;<p><a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview"><u>Try the System Center Configuration Manager Technical Preview Branch</u></a></p>&#10;<p><a href="https://docs.microsoft.com/sccm/"><u>Documentation for System Center Configuration Manager </u></a></p>&#10;<p><a href="https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB"><u>System Center Configuration Manager Forums </u></a></p>&#10;<p><a href="https://aka.ms/cmcbsupport"><u>System Center Configuration Manager Support</u></a></p>&#10;<p><a href="https://www.microsoft.com/en-us/download/details.aspx?id=42645"><u>Download the Configuration Manager Support Center</u></a></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/update-1702-for-configuration-manager-technical-preview-branch-available-now/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> <item> <title>Webinar: On-premises conditional access with EMS and NetScaler</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/webinar-on-premises-conditional-access-with-ems-and-netscaler/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/webinar-on-premises-conditional-access-with-ems-and-netscaler/#comments</comments> <pubDate>Mon, 27 Feb 2017 19:00:26 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48035</guid> <description><![CDATA[The demand for a modern mobile user experience isnt just a matter of conveniencepeople do their best work when they have the freedom to access their corporate email and documents from anywhere, on any device. But increasing freedom and mobility also raises the stakes for IT requiring you to balance the need to protect your <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/webinar-on-premises-conditional-access-with-ems-and-netscaler/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>The demand for a modern mobile user experience isnt just a matter of conveniencepeople do their best work when they have the freedom to access their corporate email and documents from anywhere, on any device. But increasing freedom and mobility also raises the stakes for IT requiring you to balance the need to protect your corporate data with the expectations and needs of your users.</p>&#10;<p><strong>Join us for a free one-hour webinar</strong> with Citrix NetScaler Unified Gateway expert Akhilesh Dhawan and David Randall, from Microsoft Intune to learn about a product integration between Microsoft EMS and Citrix NetScaler that provides on-premises conditional access to corporate resources and data.</p>&#10;<p>The integration of Citrix NetScaler Unified Gateway with Microsoft Enterprise Mobility + Security lets you:</p>&#10;<ul>&#10;<li>Give your employees the highly productive mobile experience they expect.</li>&#10;<li>Ensure that only the right users on compliant devices have access to your corporate data and resources.</li>&#10;</ul>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/EMS_NetScaler.png"><img title="EMS_NetScaler" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="EMS_NetScaler" src="https://msdnshared.blob.core.windows.net/media/2017/02/EMS_NetScaler_thumb.png" width="800" height="329" /></a></p>&#10;<p>The live webinar is taking place on March 1, 2017 at 11 AM PT.</p>&#10;<p><a href="https://citrix.webcasts.com/starthere.jsp?ei=1135309&amp;sti=microsoft">REGISTER NOW to learn more about this integration and to see how it works!</a></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/webinar-on-premises-conditional-access-with-ems-and-netscaler/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>Microsoft Intune 2016 &#8211; a year in review</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/19/microsoft-intune-2016-a-year-in-review/</link> <pubDate>Thu, 19 Jan 2017 19:00:45 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=46055</guid> <description><![CDATA[Where you are today is not where you will be tomorrow. Things change fast these days. Regardless of your industry, youre always in motion evolving and adapting to the shifting needs of your business and workforce. Intune gives you a diverse set of tools for managing your complex mobile environment and empowering a workforce <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/19/microsoft-intune-2016-a-year-in-review/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Where you are today is not where you will be tomorrow. Things change fast these days. Regardless of your industry, youre always in motion evolving and adapting to the shifting needs of your business and workforce. Intune gives you a diverse set of tools for managing your complex mobile environment and empowering a workforce on the move. Intunes innovative combination of mobile application and device management options gives you flexibility in how you manage and secure mobile productivity.</p>&#10;<h3>Delivering ongoing innovation from the cloud</h3>&#10;<p>Our cloud service model gives you many advantages. It eliminates the need to plan, purchase, and maintain on-premises hardware and infrastructure, lowering costs and making your day-to-day management experience much easier.</p>&#10;<p>For the Intune team, the cloud makes it possible for us to innovate on an ongoing basis. Each month we release new features and product updates designed to help you empower your users to be productive, all while protecting the massive amounts of data flowing through your mobile ecosystem. And because Intune is always up to date, theres no need for a cumbersome deployment process for you to manage.</p>&#10;<p>Theres always something new in Intune. Check out our <a href="https://sway.com/C28XZnaiWRRA0UjW">Intune 2016 year in review</a> to see a list of features, innovations, and product news that we released in 2016.</p>&#10;<p><a href="https://sway.com/C28XZnaiWRRA0UjW"><img width="1024" height="316" title="Microsoft Intune 2016 timeline" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" alt="Microsoft Intune 2016 timeline" src="https://msdnshared.blob.core.windows.net/media/2017/01/Microsoft-Intune-2016-timeline.png" border="0" /></a></p>&#10;<p>And be sure to <a href="https://twitter.com/MSFTMobility">follow us on Twitter</a> and check back here for product updates throughout 2017. If theres a feature or update that you want us to consider, please add it to our <a href="https://microsoftintune.uservoice.com/forums/291681-ideas">User Voice conversation</a>.</p>&#10;<h3></h3>&#10;<h3>Additional resources:</h3>&#10;<ul>&#10;<li>Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on recent developments in Intune.</li>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/intune">Find technical resources on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>Breaking down EMS Conditional Access: Part 2</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/</link> <pubDate>Thu, 05 Jan 2017 16:00:25 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45505</guid> <description><![CDATA[This post is the second in a three-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><i>This post is the second in a three-part series detailing </i><a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access"><i>Conditional Access</i></a><i> from Microsoft Enterprise Mobility + Security.</i></p>&#10;<p>Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in a pinch, or log on from a friends house, or use a hotel kiosk to connect. You might be OK with allowing access in some cases, but in other circumstances you may want to provide access only to certain employees, only to specific data, or only from known and compliant devices.</p>&#10;<p>Device-based conditional access from Microsoft Enterprise Mobility + Security (EMS) helps you make sure that only compliant mobile devices and PCsthose that meet the standards youve sethave access to corporate data.</p>&#10;<h2>Device Compliance</h2>&#10;<p>Device compliance policies help you protect company data by making sure the devices used to access your data or sensitive apps comply with your specific requirements or standards. Administrators can set these policies to enforce device compliance requirements before users attempt to access company resources. These can include settings for device enrollment, domain join, passwords and encryption, as well for the OS platform running on the device.</p>&#10;<p>You can use <a href="https://docs.microsoft.com/en-us/intune/deploy-use/introduction-to-device-compliance-policies-in-microsoft-intune">compliance policy settings</a> in Microsoft Intune to create a set of rules for and to evaluate the compliance of employee devices. When devices don&#8217;t meet the conditions set in the policies, the end user is guided though the process of enrolling the device and fixing the issue that prevents the device from being compliant.</p>&#10;<p><a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune">Conditional access policies</a> are a set of rules that can restrict or allow access to a specific service based on whether the user meets the requirements you define. When you use a conditional access policy in combination with a device compliance policy, only users with compliant devicesin addition to any other rules youve setwill be allowed to access the service. Since both policies are applied at the user level, any device from which the user tries to access services will be checked for compliance.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario.png"><img width="790" height="463" title="Conditional Access Policy Scenario" class="aligncenter" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" alt="Conditional Access Policy Scenario" src="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario_thumb.png" border="0" /></a></p>&#10;<p align="center"><em>In this scenario, IT has applied a policy that blocks unmanaged devices from accessing and opening files stored on OneDrive for Business. Devices need to be enrolled first, before the location can be accessed.</em></p>&#10;<h2>EMS + Lookout, providing additional mobile endpoint security</h2>&#10;<p><a href="https://www.lookout.com/about/partners/microsoft">Lookouts deep integration with EMS</a> gives you real-time visibility into mobile device risks, including advanced mobile threats and app data leakage, which can inform your conditional access policies. Lookout provides visibility across all three mobile risk vectors: app-based risks (such as malware), network-based risks (such as man-in-the-middle attacks), and OS-based risks (such as malicious OS compromise).</p>&#10;<p>The integration between Lookout and EMS makes it easy to apply this threat intelligence to your conditional access policies. If a device is found to be non-compliant due to a mobile risk identified by Lookout, access is blocked and the user is prompted to resolve the issue with one-step guidance from Lookout before they can regain access. <em>Note that Lookout licenses must be purchased separately from EMS.</em></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout.png"><img width="850" height="351" title="EMS Intune Lookout" class="aligncenter" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" alt="EMS Intune Lookout" src="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout_thumb.png" border="0" /></a></p>&#10;<h2>Device-based conditional access to on-premises resources</h2>&#10;<p>EMS conditional access capabilities help you to secure access to both your cloud and on-premises resources. Our customers often manage broad and complex networks, so with that in mind, weve built partnerships with popular network access providers such as Cisco ISE, Aruba ClearPass, and Citrix NetScaler. Now you can extend your Intune conditional access capabilities to work with these networks.</p>&#10;<p>Partner network providers can implement checks for Intune-managed and compliant devices as a requirement before allowing user access through either your wireless or virtual private network. When you <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-networks">extend device compliance policies to network providers</a>, you can ensure that only managed and compliant devices will be able to connect to your on-premises corporate network.</p>&#10;<p>EMS offers you some great access simplifications: you can still enable <a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-on-premises-data-with-intune">secure access to on-premises</a> applications without VPNs, DMZs, or on-premises reverse proxies by leveraging the Azure Active Directory Application Proxy. Best of all, all of this can be done without installing or maintaining additional on-premises infrastructure or opening your company firewall to route traffic through it. Conditional access capabilities will work for this scenario as well.</p>&#10;<h2>Additional Resources</h2>&#10;<ul>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">Breaking down EMS Conditional Access: Part 1</a></li>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-office365-data-with-intune">Read more about device based conditional access on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSFTMobility">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>Conditional Access now in the new Azure portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/#comments</comments> <pubDate>Thu, 15 Dec 2016 18:00:09 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[Identity-driven Security]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45175</guid> <description><![CDATA[The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to provide you with a more holistic and innovative approach to security one that can protect, detect, and respond to threats on-premises as well as in the cloud.</p>&#10;<p>Risk-based conditional access is a critical part of our identity-driven security story. It ensures that only the right users, on the right devices, under the right circumstances have access to your sensitive corporate data. Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels, and it also takes risk information into consideration (powered by the vast data in Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a>). As conditions change, natural user prompts ensure only the right users on compliant devices can access sensitive data, providing you the control and protection you need to keep your corporate data secure while allowing your people to do their best work from any device.</p>&#10;<p>This is an area where we are constantly innovating to bring you the most secure and easy-to-use solution, and today were announcing several improvements to Conditional Access in EMS:</p>&#10;<ol>&#10;<li><strong>Risk-based access policies per application</strong>. <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">Leverage machine learning on a massive scale</a> to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.</li>&#10;<li><strong>Greater flexibility to protect applications</strong>. Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.</li>&#10;<li>All these capabilities are now available in a <strong>unified administrative experience on the Azure portal</strong>. This makes it even easier to create and manage holistic conditional access policies to all your applications.</li>&#10;</ol>&#10;<p>These new <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access</a> capabilities provide more flexible and powerful policies to enable productivity while ensuring security. Additionally, the new admin experience unifies conditional access workloads across Intune and Azure AD.</p>&#10;<p>If you are an Intune customer using the existing browser-based console or the Configuration Manager console, or an Azure AD customer using the classic Azure portal, you can now preview the new Conditional Access policy interface in the Azure portal.</p>&#10;<p><a href="https://aka.ms/cacontrols">Get started with these Conditional Access capabilities</a> or read on to learn a bit more about Conditional Access with EMS.</p>&#10;<h2>Overview</h2>&#10;<p>A Conditional Access policy is simply a statement about<br />&#10;<strong>When the policy should apply</strong> (called <strong>Conditions</strong>), and<br />&#10;<strong>What the action or requirement should be</strong> (called <strong>Controls</strong>).</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy.png"><img width="169" height="480" title="Conditional access policy" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditional access policy" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy_thumb.png" border="0" /></a></p>&#10;<h3>Conditions (When the policy should apply)</h3>&#10;<p>Conditions are the things about a login that dont change during the login, and are used to decide which policies should apply. Azure AD supports the following Conditions:</p>&#10;<ol>&#10;<li><strong>Users/Groups</strong> are the users/groups in the directory that the policy applies to.</li>&#10;<li><strong>Cloud apps</strong> are the services the user accesses that you want to secure.</li>&#10;<li><strong>Client app</strong> is the software the user is employing to access cloud app.</li>&#10;<li><strong>Device platform</strong> is the platform the user is signing in from.</li>&#10;<li><strong>Location</strong> is the IP-address based location the user is signing in from.</li>&#10;<li><strong>Sign-in risk</strong> is the likelihood that the sign-in is coming from someone other than the user.</li>&#10;</ol>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview.png"><img width="378" height="480" title="Conditions preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditions preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview_thumb.png" border="0" /></a></p>&#10;<p><a href="https://aka.ms/caconditions">Our documentation provides further details on how to set the conditions</a>.</p>&#10;<h3>Controls (What the action or requirement should be)</h3>&#10;<p>Controls are the additional enforcements that are put in place by the policy (such as do a Multi-factor authentication challenge) that will be inserted into the login flow. Azure AD supports the following controls:</p>&#10;<ol>&#10;<li><strong>Block access </strong></li>&#10;<li><strong>Multi-factor authentication</strong></li>&#10;<li><strong>Compliant device</strong></li>&#10;<li><strong>Domain Join</strong></li>&#10;</ol>&#10;<p>You can select individual controls or all of them.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview.png"><img width="400" height="508" title="Controls preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Controls preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview_thumb.png" border="0" /></a></p>&#10;<p>To learn more about how to get started with controls, you can read a <a href="https://aka.ms/cacontrols">detailed documentation article</a>.</p>&#10;<p>Were really excited about the wide range of scenarios that this new experiences lights up and hope you find it useful. As always, were looking forward to your feedback.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/feed/</wfw:commentRss> <slash:comments>5</slash:comments> </item> <item> <title>New capabilities coming to Microsoft Enterprise Mobility + Security (EMS)</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/#comments</comments> <pubDate>Wed, 07 Dec 2016 17:00:59 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44305</guid> <description><![CDATA[As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS. With EMS we continue to build <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS.</p>&#10;<p>With EMS we continue to build on identity at the core of the solution to maximize your employees productivity while at the same time providing the necessary capabilities across security, management of devices and apps, and information protection to ensure that your critical company data is protected. Today we are expanding these capabilities even further with:</p>&#10;<ul>&#10;<li><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a>, available today in preview, enables secure single sign-on to cloud resources without requiring syncing of passwords to the cloud, or modification to existing on-premises network infrastructure.</li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Microsoft Intunes new Admin Console in Azure</a>, rolling out in preview, makes setting up integrated security and management scenarios across EMS services even easier.</li>&#10;<li><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a> that provide even greater flexibility and security for protecting data at the file level. These updates include support formore file types, integration with your on-premises encryption key network, and new options for creating classification and protection policies.</li>&#10;</ul>&#10;<p>Heres more on these new capabilities and how our customers will benefit from these innovations:</p>&#10;<p><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a></p>&#10;<p>Pass-through authentication now in preview, lets users securely login to cloud resources by validating their password against their on-premises Active Directory more easily than ever. This feature allows customers that cannot or do not want to store passwords in the cloud (even encrypted ones) to onboard Azure Active Directory and Office 365 without having to modify their corporate network infrastructure and install products such as Active Directory Federation Services (AD FS) or similar third party federation solutions. Pass-through authentication is set up via the Azure AD Connect admin experience as the second option for authentication along with Password Sync and AD FS.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in.png"><img width="640" height="451" title="Azure Active Directory Connect User Sign in" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Azure Active Directory Connect User Sign in" src="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in_thumb.png" border="0" /></a></p>&#10;<p>Additionally, with this new update, both Pass-through authentication and Password Synchronization authentication options will now provide seamless single sign-on to Azure AD connected applications from Windows devices.</p>&#10;<p><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Preview of Microsoft Intune Admin Console in Azure</a></p>&#10;<p>The new Intune admin experience on Azure begins rolling out in public previewfor new and test tenants. The new console, built in Azure, provides powerful and integrated management of core EMS security solutions, such as conditional access to corporate resources based on device, users or risk, allowing for set up and management of policies between Intune and Azure Active Directory. This new admin experience makes it easier than ever to protect tens of thousands of mobile devices.</p>&#10;<p><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a></p>&#10;<p>Protecting data at the file level throughout its lifecycle, from creation to sharing to tracking and revocation, regardless of where it is stored or accessed, is a key priority for our customers and a unique part of the EMS solution. Since the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/04/azure-information-protection-is-now-generally-available/">release of Azure Information Protection in October</a> we have been listening to customer feedback and are releasing several new capabilities. Below are a few of the highlights:</p>&#10;<ul>&#10;<li>Give end users more focused classification and protection options with policies based on group membership.</li>&#10;<li>Support for more non-Office file types and bulk labelling of data at rest.</li>&#10;<li>Integrate protection with on-premises keys with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/10/azure-information-protection-with-hyok-hold-your-own-key/">Hold Your Own Key (HYOK).</a></li>&#10;</ul>&#10;<h4>Enterprise Mobility + Security Customer Stories</h4>&#10;<p>As more and more customers are choosing EMS, we wanted to share with you some examples of recent customers who have been deploying and using it successfully:</p>&#10;<ul>&#10;<li><a href="https://customers.microsoft.com/en-US/story/whole-foods-takes-natural-next-step-to-protect-applications-in-the-cloud">Whole Foods</a> is embracing identity-driven security with EMS to protect applications</li>&#10;<li><a href="https://customers.microsoft.com/en-US/story/avanade-balances-data-security-and-employee-privacy-with-microsoft-intune">Avanade</a> balances data security and employee privacy with EMS</li>&#10;</ul>&#10;<p>Get started with your own <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">Enterprise Mobility + Security deployment</a>.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>Public preview of Intune on Azure</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/</link> <pubDate>Wed, 07 Dec 2016 17:00:14 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44225</guid> <description><![CDATA[Get ready for a whole new Intune experience. In early 2017 we will begin migrating our Intune admin experience onto the Azure portal, allowing for powerful and integrated management of core EMS workflows on a modern service platform thats extensible using Graph APIs.Using the Microsoft Graph APIs to configure Intune controls and policies still requires <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Get ready for a whole new Intune experience. In early 2017 we will begin migrating our Intune admin experience onto the <a href="http://portal.azure.com"><u><span style="color: #0563c1">Azure portal</span></u></a>, allowing for powerful and integrated management of core EMS workflows on a modern service platform thats extensible using <a href="https://graph.microsoft.io/en-us/docs/api-reference/beta/intune_graph_overview"><u><span style="color: #0563c1">Graph APIs</span></u></a>.Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.</p>&#10;<p>In advance of the general availability of this portal for all Intune tenants, were excited to announce that we will begin rolling out a preview of this new admin experience later this month to select tenants. When your tenant is ready for preview, you will be notified through the current Intune console.</p>&#10;<h3>For existing Intune customers</h3>&#10;<p>The new Intune admin experience in the Azure portal will use the already announced new grouping and targeting functionality. When your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. Well be migrating existing tenants over the next few months, you will be notified when your tenant is ready for use on the new Azure portal.In the meantime, read up on the new <a href="https://docs.microsoft.com/en-us/intune-azure"><span style="margin: 0px;color: #0078d7;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt"><u>documentation located here</u></span></a>.</p>&#10;<p>If you have any questions about the timeline for your tenants migration, contact our migration team at <a><span style="margin: 0px;color: #0078d7;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt">intunegrps@microsoft.com</span></a>.</p>&#10;<p>Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune"><u>Whats New in Microsoft Intune</u></a> page for more on these and other recent developments in Intune.</p>&#10;<p>&nbsp;</p>&#10;<h4>Additional resources:</h4>&#10;<ul>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/en-us/intune-azure">Find technical resources about this preview on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSIntune">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> </item> </channel> </rss>