<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Azure Active Directory &#8211; Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Thu, 13 Jul 2017 22:52:08 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>New Public Preview: Azure AD Domain Services admin UX in the new Azure Portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/11/new-public-preview-azure-ad-domain-services-admin-ux-in-the-new-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/11/new-public-preview-azure-ad-domain-services-admin-ux-in-the-new-azure-portal/#respond</comments> <pubDate>Tue, 11 Jul 2017 16:00:25 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[Domain Controller]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Public Preview]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=53575</guid> <description><![CDATA[Howdy folks, I&#8217;m excited to announce the public preview of Azure AD Domain Services in the new Azure portal. You can now create new managed AD domains and perform administrative tasks like configuring secure LDAP using the Azure portal. If you follow the blog, you already know that Azure AD Domain Services is pretty cool. <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/07/11/new-public-preview-azure-ad-domain-services-admin-ux-in-the-new-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>I&#8217;m excited to announce the <strong>public preview of Azure AD Domain Services in the new Azure portal</strong>. You can now create new managed AD domains and perform administrative tasks like configuring secure LDAP using the Azure portal. If you follow the blog, you already know that Azure AD Domain Services is pretty cool. It provides managed domain services like domain join, group policy, LDAP, and Kerberos/NTLM authentication, all fully compatible with Windows Server Active Directory.</p>&#10;<p>What might surprise you is that over 8000 (!!) customers are already using Azure AD Domain Services today!</p>&#10;<p>And qith this new public preview, we&#8217;ve made it even easier to create a managed AD domain using our brand-new wizard experience. The wizard knits tasks like creating virtual networks, configuring group membership of the delegated administrator group, and enabling domain services into a simple, intuitive, step-by-step experience.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/07/071117_0536_NewPublicPr1.png" /></p>&#10;<h2>Getting started</h2>&#10;<p>Here&#8217;s how to get started with the new Azure portal experience:</p>&#10;<ol>&#10;<li>&#10;<div><strong>If Azure AD Domain Services is not enabled for your Azure directory</strong> <a href="https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-getting-started">Create a new managed domain</a> using the new Azure portal.</div>&#10;</li>&#10;<li><strong>If you&#8217;ve already enabled Azure AD Domain Services for your Azure directory</strong> <a href="https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-contact-us">Contact us</a> via email to migrate your existing managed AD domain to the new Azure portal. From there, you can administer your existing managed AD domain using the new Azure portal.</li>&#10;</ol>&#10;<h2><span style="font-size: 12pt"><em>Note: This public preview release supports only classic Azure virtual networks. We don&#8217;t support Resource Manager-based virtual networks yet, but the team is hard at work making that happen and we hope to preview it soon!<br />&#10;</em></span></h2>&#10;<h2>We want to hear from you!</h2>&#10;<p>As always, your feedback is very important to us! Please share your comments, questions, or concerns on our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/160593-domain-services">discussion forum</a>, send us an email at <a href="mailto:aaddsfb@microsoft.com">aaddsfb@microsoft.com</a>, or simply comment below.</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/11/new-public-preview-azure-ad-domain-services-admin-ux-in-the-new-azure-portal/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Better together: Intune and Azure Active Directory team up to improve user access</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/06/better-together-intune-and-azure-active-directory-team-up-to-improve-user-access/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/06/better-together-intune-and-azure-active-directory-team-up-to-improve-user-access/#comments</comments> <pubDate>Thu, 06 Jul 2017 22:13:27 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=53465</guid> <description><![CDATA[The Intune Managed Browser for iOS and Android devices plays a key role in ensuring that data on mobile devices stays secure. It lets you safely view and navigate web pages that might contain company information, and provides a secure web-browsing experience. Today, were excited to announce a series of new enhancements that make it <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/07/06/better-together-intune-and-azure-active-directory-team-up-to-improve-user-access/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>The Intune Managed Browser for iOS and Android devices plays a key role in ensuring that data on mobile devices stays secure. It lets you safely view and navigate web pages that might contain company information, and provides a secure web-browsing experience. Today, were excited to announce a series of new enhancements that make it easier for your users to access the web apps and resources they need from anywhere. These new experiences are made possible by integrating the Intune Managed Browser with Azure Active Directory Application Proxy and the MyApps portal.</p>&#10;<h3>Give users secure and seamless access to web apps from anywhere with the Managed Browser and Application Proxy</h3>&#10;<p>The <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">Azure AD Application Proxy</a> enables you to provide your users with secure remote access to on-premises web applications. It is simple to use and configure, without requiring changes to your network infrastructure, and allows you to secure your applications with all the security features of Azure AD. When you provide remote access through Application Proxy you create an externally accessible URL for your internal resources. However, in some cases the internal &amp; external URLs are different, requiring users to remember two URLs. Additional challenges can also arise when multiple applications are linked to each other using internal URLs, which may cause the links to break when accessed from the internet under certain circumstances. Broken links frustrate users and can stop productivity in its tracks unintentionally barring them from accessing important resources on the go.</p>&#10;<p>The new integration between the Intune Managed Browser and Azure AD Application Proxy solves this problem. Now, regardless of location, users can access the Azure AD Application Proxy apps their IT has provisioned to them simply by typing the internal URL into the Managed Browser. This simplifies the process for everyone, making sure that your users enjoy easy, secure access to the web apps they depend on to get their work done.</p>&#10;<p>Heres a quick diagram of what whats happening in the background to deliver this new experience:</p>&#10;<p>&nbsp;</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/07/image75.png"><img title="image" style="float: none;padding-top: 0px;padding-left: 0px;margin: 1px auto;padding-right: 0px;border: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/07/image_thumb71.png" width="826" height="340" class="aligncenter" /></a></p>&#10;<p>&nbsp;</p>&#10;<h3>Intune App Protection policies and the Managed Browser make sure that links in email work, even outside of your network</h3>&#10;<p>Weve all clicked on links in email that dont work, and often this is because the link is for an internal site that is not accessible outside the network. This is another frustrating scenario that can be easily solved with the Managed Browser and this new integration with the Azure AD Application Proxy. By configuring Intune App Protection policies for Outlook to automatically open https links with the Managed Browser, emailed links work regardless of a users location to access internal sites published with Application Proxy.</p>&#10;<p>&nbsp;</p>&#10;<p><img src="https://msdnshared.blob.core.windows.net/media/2017/07/Three-screenshots-1024x588.png" alt="" width="815" height="467" class="aligncenter wp-image-53475" /></p>&#10;<p>&nbsp;</p>&#10;<h3>MyApps and Managed Browser make it easy for end users to find apps</h3>&#10;<p>Finally, finding and accessing applicationsboth on-premises applications published with Application Proxy and cloud applications integrated with Azure ADis easier than ever with Managed Browser. The <a href="https://myapps.microsoft.com/">MyApps experience</a> is now integrated into the Managed Browser to allow users to easily find and have seamless access into their apps while benefiting from everything that Managed Browser offers.</p>&#10;<p>Users will find quick access to MyApps on their Managed Browser homepage and in their bookmarks, giving them fewer clicks to reach any application they may need to access. Plus, the Managed Browser supports the single sign-on functionality you have come to love with apps integrated with Azure AD.</p>&#10;<p>&nbsp;</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/07/image77.png"><img title="image" style="float: none;padding-top: 0px;padding-left: 0px;margin: 1px auto;padding-right: 0px;border: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/07/image_thumb73.png" width="307" height="549" class="aligncenter" /></a></p>&#10;<p>&nbsp;</p>&#10;<p>These awesome experiences are all available now. For details, see <a href="https://aka.ms/managedbrowser">our documentation</a>.</p>&#10;<p>Wed love to hear your feedback! Leave a note on this blog, or reach out to us at intuneandproxy@microsoft.com with questions or comments.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/07/06/better-together-intune-and-azure-active-directory-team-up-to-improve-user-access/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> <item> <title>Join us July 6th for the first Azure AD B2B collaboration AMA!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/30/join-us-july-6th-for-the-first-azure-ad-b2b-collaboration-ama/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/30/join-us-july-6th-for-the-first-azure-ad-b2b-collaboration-ama/#respond</comments> <pubDate>Fri, 30 Jun 2017 16:00:03 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=53205</guid> <description><![CDATA[Howdy folks, Those of you who follow the blog will remember that we held our first Azure AD AMA a few months back. It was quite a hit and we got a ton of great feedback from customers and partners on it. So, we thought wed do another one! This time were focusing on a <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/30/join-us-july-6th-for-the-first-azure-ad-b2b-collaboration-ama/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Those of you who follow the blog will remember that we held our first Azure AD AMA a few months back. It was quite a hit and we got a ton of great feedback from customers and partners on it. So, we thought wed do another one! This time were focusing on a specific topic, how to use Azure AD to easily enable cross-company, cloud based collaboration.</p>&#10;<p>I hope youll join us Wednesday, July 6th, at 9am PST/12pm EST for the first Azure AD B2B collaboration-hosted Ask Me Anything (AMA) on the<a target="_blank" href="https://aka.ms/b2bcommunity">Microsoft Tech Community</a>. Youll be able to connect directly with the Azure AD B2B collaboration team, who will be on hand to answer your questions and listen to feedback.</p>&#10;<h3><a target="_blank" href="https://aka.ms/b2b/ama/invite">Add the AMA to yourcalendar!</a></h3>&#10;<h2>When:</h2>&#10;<p><strong>Thursday, July 6, 2017</strong>from<strong>09:00 am</strong>to<strong>10:00 am Pacific Time</strong></p>&#10;<h2>Where:</h2>&#10;<p><a target="_blank" href="https://aka.ms/b2bcommunity">TheAzure AD B2B Community</a></p>&#10;<h2>Whats an AMA session?</h2>&#10;<p>Well have folks from the Azure AD B2B engineering team available to answer any questions you have. You can ask us anything about our products, services, or even our team!</p>&#10;<h2>Why are we doing an AMA?</h2>&#10;<p>Connect directly with customers, hear your feedback, and answer your questions, such as:</p>&#10;<ul>&#10;<li>What is Microsofts strategy around Azure AD B2B?</li>&#10;<li>Whats possible with Azure AD B2B today?</li>&#10;<li>Will B2B help meet this specific goal I or my customer have?</li>&#10;<li>I want to get insight into a specific issue I or my customer is having.</li>&#10;<li>How do I submit Azure AD B2B feature requests?</li>&#10;</ul>&#10;<h2>Who will be at the AMA?</h2>&#10;<p>Well have program managers, developers, and technical thought leaders from the Azure AD B2B engineering team in attendance and look forward to connecting with you all!</p>&#10;<p>I sure hope youll join us! Were always looking for opportunities like this to learn from you, our customers and partner!</p>&#10;<p>Best Regards,</p>&#10;<p>Alex Simons (Twitter: <a target="_blank" href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/30/join-us-july-6th-for-the-first-azure-ad-b2b-collaboration-ama/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Enabling a more strategic role for IT with Microsoft Enterprise Mobility + Security</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/29/enabling-a-more-strategic-role-for-it-with-microsoft-enterprise-mobility-security/</link> <pubDate>Thu, 29 Jun 2017 16:00:18 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=53135</guid> <description><![CDATA[Organizations are pushing forward in their digital transformations and we continue to see and hear more about what this shift means for IT. The scope of digital transformation goes beyond moving existing work to the cloud and enabling a more mobile workforce. It brings the opportunity to reimagine business from the ground up from <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/29/enabling-a-more-strategic-role-for-it-with-microsoft-enterprise-mobility-security/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Organizations are pushing forward in their digital transformations and we continue to see and hear more about what this shift means for IT. The scope of digital transformation goes beyond moving existing work to the cloud and enabling a more mobile workforce. It brings the opportunity to reimagine business from the ground up from product offerings, to customer engagement strategies, to how to drive innovation and differentiate vs. competition. As a result, today more than ever, CIOs are being asked by their boards and other executives to weigh in on a growing number of business decisions. Almost half (46%) of CIOs in the <a href="http://core0.staticworld.net/assets/2017/02/20/state_of_the_cio_exec-summary_2017.pdf">State of the CIO survey</a> report directly to their CEO, 61% have direct interaction with the board, and 76% are interfacing directly with customers.</p>&#10;<h2>Making room for a broader IT impact</h2>&#10;<p>As CIOs are playing an extended role in the business, the function of IT is also flexing to become more strategic and business focused. To make room for this expanded responsibility, IT organizations are undergoing efforts to optimize traditional IT operations and serviceswith a focus on increasing agility, reducing costs, and maintaining security. Organizations are also looking to empower employees with a more connected and holistic approach to managing access while protecting corporate resources. This focus on greater agility and better experience for employees, while maintaining security and holding down costs, is one of the key drivers of Enterprise Mobility + Securitys (EMS) market success.</p>&#10;<p>EMS has rapidly become a leading choice because it delivers what customers tell us they need most to transform their businesses &#8211; a comprehensive yet flexible born in the cloud service that meets a broad set of mobility and security needs in an integrated way. EMS led on bringing <a href="https://www.microsoft.com/en-us/cloud-platform/azure-active-directory">identity and access management</a> together with <a href="https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps">mobile device and application management</a>. EMS has kept pace with industry shifts and customer feedback by incorporating new security solutions such as <a href="https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics">advanced threat analytics</a> and <a href="https://www.microsoft.com/en-us/cloud-platform/cloud-app-security">cloud access security</a>. EMS has also shown it can reduces overhead by addressing customer needs in one place; avoiding the pain of integrating point solutions from many different vendors.</p>&#10;<h2>A new EMS experience delivers increased IT Pro productivity</h2>&#10;<p>Over the last few months, we have turned the dial further and introduced new administrator experiences for <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">Azure Active Directory</a>, <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/">Microsoft Intune, conditional access</a>, and <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/23/azure-information-protection-unified-administration-phase-two/">Azure Information Protection</a> in the new Azure portal. This collective move delivers a unified admin experience for these core EMS services that boosts IT Pro productivity and helps you get more out of EMS. The new console simplifies the configuration and management of powerful cross product workflows, such as <a href="https://info.microsoft.com/EMS-Conditional-Access-Whitepaper.html">conditional access</a>, allowing you to define complex access management policies across Azure AD and Intune within a single interface. It also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organizations on-premises Active Directory.</p>&#10;<p>Identity is at the core of mobility strategies and we often find our customers first workload to deploy is Azure AD. This new environment makes it easy for you to scale your Azure AD groups and policies to protect at deeper levels using Intune and Azure Information Protection. Lets say you defined a set of Azure AD and conditional access policies to protect your Office mobile apps, you can now easily find your way to Intune to set device and app protection policies to ensure your data remains protected even after its been accessed. From there, you click into Azure Information Protection to set encryption policies that protect your data no matter where it travels. You can even create a custom dashboard in Azure that allows you to monitor and control everything at a glance from any device.</p>&#10;<p>&nbsp;</p>&#10;<p><iframe width="560" height="315" src="https://www.youtube.com/embed/Cn29dmgDcIw" frameborder="0" allowfullscreen="allowfullscreen"></iframe></p>&#10;<p>&nbsp;</p>&#10;<p>Our goal with EMS has always been to empower IT with a holistic and innovative set of tools that protect at the user, device, app and data levels without compromising productivity streamlining management of mobility and security workflows in the process. This is the driving force behind our move to a unified EMS admin experience, and we are sure that your IT organization will reap the benefits.</p>&#10;<p>Moving forward, well release all new features and enhancements for Azure AD, Intune and Azure Information Protection within the new experience on Azure. You can check out our new admin experience by logging into the <a href="http://portal.azure.com/">Microsoft Azure portal</a> today.</p>&#10;]]></content:encoded> </item> <item> <title>New updates to the Azure AD Power BI content pack!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/new-updates-to-the-azure-ad-power-bi-content-pack/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/new-updates-to-the-azure-ad-power-bi-content-pack/#comments</comments> <pubDate>Tue, 27 Jun 2017 21:15:03 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=53066</guid> <description><![CDATA[Howdy folks, Those of you who follow the blog will remember that in January we announced the integration of Azure Active Directory APIs with Power BI. This integration makes it easy to download pre-built content packs that give you visibility into everything happening in your Azure Active Directory tenant. This content pack has been super <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/new-updates-to-the-azure-ad-power-bi-content-pack/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Those of you who follow the blog will remember that in January we announced the <a target="_blank" href="https://powerbi.microsoft.com/en-us/blog/azure-active-directory-meets-power-bi/" rel="noopener noreferrer">integration of Azure Active Directory APIs with Power BI</a>. This integration makes it easy to download pre-built content packs that give you visibility into everything happening in your Azure Active Directory tenant.</p>&#10;<p>This content pack has been super popular, and weve received a ton of requests for additional views and reports. So Im happy to let you know that weve just added the two views customers requested the most:</p>&#10;<ul>&#10;<li><strong>Device Logins:</strong> Get a view of the browsers and operating systems used by your organization. With this view, you can learn about the various device configurations used within your organization and make decisions based on the insights provided. You can also drill into specific details of login activity, including location and device info.</li>&#10;</ul>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/06/AAD_PBI_contentpack1.png"><img width="640" height="374" title="AAD_PBI_contentpack1" class="aligncenter" style="border: 0px currentcolor" alt="AAD_PBI_contentpack1" src="https://msdnshared.blob.core.windows.net/media/2017/06/AAD_PBI_contentpack1_thumb.png" border="0" /></a></p>&#10;<ul>&#10;<li><strong>SSPR Funnel:</strong> The SSPR funnel report shares details of the various stages of the SSPR flow, along with additional information like how many password reset attempts were made and how many were successful. This information can help you with root cause analysis and determining next steps in increasing adoption of the SSPR tool.</li>&#10;</ul>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/06/AAD_PBI_contentpack2.jpg"><img width="640" height="373" title="AAD_PBI_contentpack2" class="aligncenter" style="border: 0px currentcolor" alt="AAD_PBI_contentpack2" src="https://msdnshared.blob.core.windows.net/media/2017/06/AAD_PBI_contentpack2_thumb.jpg" border="0" /></a></p>&#10;<h2>Wrapping Up</h2>&#10;<p>Take a look at our <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-power-bi-content-pack-how-to" rel="noopener noreferrer">step-by-step guide</a> to download and set up your content pack. You can also refer to the <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-troubleshoot-content-pack" rel="noopener noreferrer">troubleshooting guide</a> as you get started.</p>&#10;<p>We want this pack to be as useful to you as possible, so please continue sharing your feedback with us. We look forward to hearing from you!</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a target="_blank" href="http://www.twitter.com/alex_a_simons" rel="noopener noreferrer">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/new-updates-to-the-azure-ad-power-bi-content-pack/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>How Microsoft EMS can support you in your journey to EU GDPR compliance &#8211; Part 3</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/how-microsoft-ems-can-support-you-in-your-journey-to-eu-gdpr-compliance-part-3/</link> <pubDate>Tue, 27 Jun 2017 20:15:15 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52986</guid> <description><![CDATA[Granting and restricting access to data with Azure Active Directory This blog post is the latest in our series about how EMS can support you in your journey to EU GDPR compliance. We last looked at how Azure Information Protection helps keep your data protected, whether its stored on-premises or in the cloud. Today, Im <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/27/how-microsoft-ems-can-support-you-in-your-journey-to-eu-gdpr-compliance-part-3/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<h2>Granting and restricting access to data with Azure Active Directory</h2>&#10;<p>This blog post is the latest in our series about how EMS can support you in your journey to EU GDPR compliance. We last looked at how <a href="https://www.microsoft.com/en-us/cloud-platform/azure-information-protection">Azure Information Protection</a> helps keep your data protected, whether its stored on-premises or in the cloud. Today, Im going to talk about how you can protect access to your data using <a href="http://www.microsoft.com/identity">Azure Active Directory</a>, Microsofts Identity and Access Management solution.</p>&#10;<p>Hackers work hard to steal credentials. Stealing credentials is the easiest way to sneak into a network undetected, which is why controlling and protecting identities needs to be your first line of defense. Considering the majority of cybersecurity attacks traced back to lost, weak or compromised user credentials, its clear you need more security than passwords will ever give you.</p>&#10;<p>Below are some of the great features in Azure AD that put stronger locks on your front door so you only let in people you trust.</p>&#10;<h3>Set conditions to protect access</h3>&#10;<p>Protecting data starts with securing identities and controlling access and Azure Active Directory helps you protect your organization beginning at the front door. But one critical aspect of good security is that its nearly invisible to good users. Excessive friction inhibits productivity, and good users will find ways to work around things that block their productivity, creating risk. While you could challenge every user at every login with <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication">multi-factor authentication</a> (MFA), ideally youd maximize productivity by allowing good users to get their work done with few interruptions, all while stopping the bad guys in their tracks.</p>&#10;<p>Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access">Conditional Access</a> allows you to do just that. Previously, you mightve had to say, No access from off the corporate network or, No access from a personal device, but Azure AD Conditional Access allows you to basically say, Yes, but there are conditions.</p>&#10;<p>The group that users belong to, the location from which theyre accessing corporate resources, the health of their device, the sign-in, and the user risk are conditions to consider when youre deciding whether youd like to block access, grant access, or challenge the user with MFA.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/06/image596.png"><img title="image" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/06/image_thumb563.png" width="567" height="300" class="aligncenter" /></a></p>&#10;<p>&nbsp;</p>&#10;<h3>Evaluate risk before granting access</h3>&#10;<p><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">Azure AD Identity Protection</a> lets you define conditional access policies based on risk calculation enhanced by Microsofts Intelligent Security Graph the cumulative intelligence we collect from our products, services, internal teams, and external sources. Based on this data, we calculate the risk of an individual user or a sign-in attempt. Azure AD Identity Protection will notify you if it detects suspicious behavior, help you investigate, and take automated action like blocking a sign-in or triggering a password reset.</p>&#10;<h3>Give people the right level of permissions, only when they need it</h3>&#10;<p>The higher the users privileges, the bigger the potential damage if their account gets compromised. <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-configure">Azure AD Privileged Identity Management</a> helps you bring hygiene to your privileged accounts by providing visibility into admin accounts so you can monitor their activity. With this visibility you can revoke permanent privileged access from people who dont need it all the time and give just-in-time privileged access temporarily.</p>&#10;<h3>Define special controls for groups and their members</h3>&#10;<p>The <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal">Dynamic Groups</a> feature automatically adds or removes members from a group based on user attributes that you define. You can use these groups to provide access to applications or cloud resources like SharePoint sites.</p>&#10;<h3>Get information on users, groups, and managed applications</h3>&#10;<p><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-azure-portal">Azure AD reporting</a> gives you insight into the detailed activities happening in your environment. View sign-in activities for individual users and understand which applications people are using and whos using them. Audit logs will show you a list of privileged actions, such as role creation, password resets, and changes to groups, as well as show you applications that have been added, updated, or removed.</p>&#10;<p><img src="https://msdnshared.blob.core.windows.net/media/2017/06/AAD_Infographic-1024x698.png" alt="" width="778" height="530" class="wp-image-52996 aligncenter" /></p>&#10;<h4>We encourage you to:</h4>&#10;<ul>&#10;<li>Learn more about Azure Active Directory by reading through our <a href="https://docs.microsoft.com/en-us/azure/active-directory/">technical documentation</a></li>&#10;<li><a href="https://aka.ms/emsgdprwhitepaper">Download our whitepaper</a> to learn how EMS supports your GDPR compliance journey</li>&#10;<li>Explore these capabilities with a <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">free EMS trial</a></li>&#10;<li>Learn more about Microsofts commitment to the GDPR and how we can help you on your journey to compliance on <a href="http://www.microsoft.com/gdpr">Microsoft&#8217;s GDPR website</a></li>&#10;</ul>&#10;<p>In the next blog post of this series, well be digging into how to protect data in cloud apps with Microsoft Cloud App Security.</p>&#10;<p>Thank you for attention and support!</p>&#10;<p>Enterprise Mobility + Security Marketing Team</p>&#10;]]></content:encoded> </item> <item> <title>Ping Access for Azure AD is now Generally Available (GA)!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/15/ping-access-for-azure-ad-is-now-generally-available-ga/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/15/ping-access-for-azure-ad-is-now-generally-available-ga/#comments</comments> <pubDate>Thu, 15 Jun 2017 15:50:18 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Hybrid]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[On-Prem]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52745</guid> <description><![CDATA[Howdy folks, Many of you already use Azure AD Application Proxy to provide single sign-on (SSO) and secure remote access to your users for web applications hosted on-premises. However, some of you also need Azure AD Application Proxy to support on-premises apps that use headers for authentication. As you may remember from our public preview <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/15/ping-access-for-azure-ad-is-now-generally-available-ga/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Many of you already use Azure AD Application Proxy to provide single sign-on (SSO) and secure remote access to your users for web applications hosted on-premises. However, some of you also need Azure AD Application Proxy to support on-premises apps that use headers for authentication.</p>&#10;<p>As you may remember from our <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/">public preview announcement</a>, we&#8217;ve partnered with Ping Identity to make this happen. <strong><br />&#10;</strong></p>&#10;<p>Today, I&#8217;m happy to announce that PingAccess for Azure AD is now generally available! We&#8217;ve worked closely with our customers to validate this solution, which integrates Ping Access with Azure AD Application Proxy.</p>&#10;<p style="text-align: center"><img width="780" height="320" class="size-full wp-image-52755 aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/Ping-Access.jpg" /></p>&#10;<p>If you need to provide secure remote access to applications that use header-based authentication, now is a good time to look at this solution. If you&#8217;ve been waiting for general availability before deploying it to your production environment, now you&#8217;re good to go!</p>&#10;<p>Configure your applications to use PingAccess for Azure AD with just four steps:</p>&#10;<ol>&#10;<li>Configure Azure AD Application Proxy Connectors</li>&#10;<li>Create an Azure AD Application Proxy Application</li>&#10;<li>Download &amp; Configure PingAccess</li>&#10;<li>Configure Applications in PingAccess</li>&#10;</ol>&#10;<p>Our <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-ping-access">Application Proxy + PingAccess documentation</a> provides a detailed walkthrough for each of these steps. Try it out and tell us what you think! Please leave us a comment or reach out to us at <a href="mailto:aadapfeedback@microsoft.com">aadapfeedback@microsoft.com</a> with any feedback we look forward to hearing from you!</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="http://www.twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/15/ping-access-for-azure-ad-is-now-generally-available-ga/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Azure AD makes the leaders quadrant in Gartner&#8217;s 2017 Magic Quadrant for Access Management!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/12/azure-ad-makes-the-leader-quadrant-in-gartners-2017-magic-quadrant-for-access-management/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/12/azure-ad-makes-the-leader-quadrant-in-gartners-2017-magic-quadrant-for-access-management/#comments</comments> <pubDate>Mon, 12 Jun 2017 16:38:08 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52625</guid> <description><![CDATA[Howdy folks, I have great news to share with you today! Gartner released their 2017 Magic Quadrant for Access Management (AM MQ), which shows that Microsoft is placed in the leaders quadrant for our completeness of vision and ability to execute. The AM MQ is a new MQ. It is a separate entity from the <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/12/azure-ad-makes-the-leader-quadrant-in-gartners-2017-magic-quadrant-for-access-management/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Howdy folks,</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">I have great news to share with you today! Gartner released their 2017 Magic Quadrant for <strong><span style="font-family: 'Segoe UI',sans-serif">Access Management</span></strong> (AM MQ), which shows that Microsoft is placed in the leaders quadrant for our completeness of vision and ability to execute.</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">The AM MQ is a new MQ. It is a separate entity from the discontinued IDaaS MQ and this is the first time it has been published. Azure Active Directory is the product evaluated in the report.</span></p>&#10;<p><img width="501" height="480" title="GartnerAMMQ2017" class="aligncenter" style="border: 0px currentcolor" alt="GartnerAMMQ2017" src="https://msdnshared.blob.core.windows.net/media/2017/06/GartnerAMMQ2017.png" border="0" /></p>&#10;<p style="text-align: center"><em>Gartner 2017 Magic Quadrant for Access Management</em></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">We have worked with Gartner to make complimentary copies of the report available, which you can access <a href="https://info.microsoft.com/EMS-AM-MQ-2017.html">here</a></span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Our opinion is that Microsoft&#8217;s amazing placement validates our vision of providing a complete identity and access management solution for employees, partners, and customers, all backed by world-class identity protection based on Microsoft&#8217;s Intelligent Security Graph. </span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">We believe that Gartner&#8217;s analysis says a lot about our commitment to the identity and access management space. More importantly, though, Microsoft believes it says a lot about our customers, implementation partners, and ISV partners who have worked with us, sharing their time and energy every day to ensure the products and services we build meet their needs and position them to thrive in a world increasingly driven by cloud technology.</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">We promise to continue delivering innovative capabilities to address your needs in the identity and access management space and to further improve our position in the leaders quadrant of the Gartner AM MQ.</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Best regards,</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Alex Simons (Twitter: @Alex_A_Simons)</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Director of Program Management</span></p>&#10;<p><span style="font-size: 11.5pt;font-family: 'Segoe UI',sans-serif;color: #41424e">Microsoft Identity Division</span></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/12/azure-ad-makes-the-leader-quadrant-in-gartners-2017-magic-quadrant-for-access-management/feed/</wfw:commentRss> <slash:comments>3</slash:comments> </item> <item> <title>The New Intune and Conditional Access Admin Consoles are GA</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/#comments</comments> <pubDate>Thu, 08 Jun 2017 15:00:46 +0000</pubDate> <dc:creator><![CDATA[BradAnderson]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52547</guid> <description><![CDATA[There are a handful of topics that consistently come up whenever I meet with our customers and partners and one of the most common has to do with how to balance productivity for end users with the need for security and control of company data. The tension between these two needs is the stage <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>There are a handful of topics that consistently come up whenever I meet with our customers and partners and one of the most common has to do with how to balance productivity for end users with the need for security and control of company data. The tension between these two needs is the stage upon which an even bigger challenge constantly looms: Every IT team on earth being asked to do more with less at a time when technology keeps accelerating and the landscape of their own industry shifts beneath their feet.</p>&#10;<p>The request I get in these meetings is very clear and consistent: We need efficient solutions that make it easier to manage and control growing complexity; can you help us reduce the complexity we are dealing with?</p>&#10;<p><strong>This is where we bring in the good news:</strong> Managing Intune and Conditional Access together with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">Azure AD</a> just got a lot easier for our rapidly growing community of IT Professionals. As of today, we have reached two important milestones for Microsoft Intune and for EMS <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">Conditional Access</a> capabilities: Both new admin experiences are now <strong>Generally Available in the Azure portal</strong>!</p>&#10;<h1><strong>Heres how Intunes redesign helps your organization</strong></h1>&#10;<p>Intunes move to the Azure portal is, in technical terms, a really big deal. Not only did the Intune console change, but all of the components of the EMS console experience have now come together. The process of migrating capabilities into the new portal was an incredible opportunity to reimagine the entire admin experience from the ground up and <strong>what we are shipping today is an expression of our unique vision for mobility management</strong> <strong>shaped by needs of our over 45K unique paying customers</strong>.</p>&#10;<p>I love the progress weve made here because <strong>Intune on Azure is great for our existing customers</strong> because they can now manage all Intune MAM and MDM capabilities in one consolidated admin experience, and they can leverage all of Azure AD seamlessly within one experience. Awesome.</p>&#10;<p>There is actually a whole lot more going on behind the scenes of the new administrative experience. Not only have the administrative experiences converged, but we also converged Intune and Azure Active Directory onto a common architecture and platform. Converging the architectures dramatically simplifies the work we do to support it, the work you do to use it, and it enables some incredible end-to-end scenarios across Identity and Enterprise Mobility Management.</p>&#10;<h1><strong>Here are the 3things you need to know about Intune on Azure:</strong></h1>&#10;<ol>&#10;<li><strong> </strong><strong>Its built to leverage Azures hyper scale<br />&#10;</strong>The Azure platform provides huge increases in elasticity and reliability for Intune, and it provides the foundation for nearly unlimited scale. The new admin experience will also run on <strong>any browser</strong> on <strong>any device</strong> form-factor. Now you can manage Intune from anywhere even from your phone!<br />&#10;The redesigned architecture and new console bring nearly unlimited scale to the service. We currently have customers that are <em>rapidly</em> growing to 100,000s of devices in a single tenant. No problem! One customers has shared that they associated a sophisticated policy to ~200,000 users and what took hours in the past was done in less than 3 minutes. Now, because this is built into the Azure console, you get all the rich role-based administration for delegation of authority.</li>&#10;</ol>&#10;<ol start="2">&#10;<li><strong> </strong><strong>Its optimized for cross-EMS workflows<br />&#10;</strong>With Intunes move to Azure and the Azure Portal, we now share a console experience with other core EMS services like Azure Active Directory and Azure Information Protection. Having the collective power of these services living side-by-side makes them more effective and easier to manage across identity and access management, MDM and MAM, and information protection workloads.<br />&#10;For example: If youve just finished creating a set of conditional access policies to control access to data using Intune in the same portal environment, youre now just a click away from adding additional app protection policies that ensure that your data is protected after its been accessed and is in use on mobile devices.<br />&#10;The Intune transition to Azure also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organizations on-premises Active Directory.</li>&#10;</ol>&#10;<ol start="3">&#10;<li><strong> </strong><strong>You can simplify, automate, and integrate management with Microsoft Graph<br />&#10;</strong>Built on the <a href="https://developer.microsoft.com/en-us/graph">Microsoft Graph API</a>, the new Intune experience also opens the door for broader systems integration and automation. This means that our customers can now simplify, automate and integrate workflows across Intune and the other services they are using however they see fit. For more information about what you can do with this, I really recommend <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">this post</a>. Microsoft Graph API capabilities are currently in preview; expect a GA announcement for this functionality in the coming quarter<em>.</em></li>&#10;</ol>&#10;<p>If you havent tried Intune on Azure, we invite you to jump into this new experience with us. <strong>To check it out for yourself</strong>, log into the <a href="http://portal.azure.com">Microsoft Azure portal</a> right now. Were always listening and learning from your feedback, and we want to hear what you think! Since we put this into preview in December there have been <strong>more than 100k paying and trial tenants provisioned</strong>!</p>&#10;<h1><strong>Conditional Access the new admin experience in the Azure portal</strong></h1>&#10;<p>The new conditional access admin experience is also Generally Available today. Conditional access in Azure brings rich capabilities across Azure Active Directory and Intune together in one unified console. We built this functionality after getting requests for more integration across workloads and fewer consoles. The experience were delivering today does exactly that.</p>&#10;<p>Organizations everywhere face the challenge of enabling users on an ever-expanding array of mobile devices, while the data they are tasked with protecting is moving outside of their network perimeter to cloud services and all of this happens while the severity and sophistication of attacks are dramatically accelerating. IT teams need a way to quantify the risks around the identity, device, and app being used to access corporate data while also taking into consideration the physical location and then grant or block access to corporate apps/data based upon a holistic view of risk across these four vectors. This is how you win.</p>&#10;<p>Conditional access allows you to do this and ensure that only appropriately <strong>authenticated and validated users</strong>, from the <strong>compliant devices</strong>, from <strong>approved apps</strong>, and under the <strong>right conditions</strong> have access to your companys data. The functionality at work here is technologically incredible, but its not always obvious how granular and powerful these controls really are. The new conditional access experience on Azure now makes the power of this technology crystal clear by showcasing the deep controls you have at every level in one consolidated view:</p>&#10;<p><img width="946" height="634" class="alignnone size-full wp-image-52555" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/xxxxx.png" /></p>&#10;<p>Now you can easily step through a consolidated flow that allows you to set granular policies that define access at the <strong>user</strong>, <strong>device</strong>, <strong>app</strong> and <strong>location</strong> levels. Over the last 6 months, as I have shown this integrated experience to 100s of customers, the most common comment has been: Now I completely see what Microsoft has been talking about how Identity management/protection has needed to work with Enterprise Mobility Management to protect our data. Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a> is also integrated here, delivering a dynamic risk based assessment into the conditional access decision.</p>&#10;<p>You can also control access to resources based on a users sign-in risk via the vast data in. Once your policies are set, users operating under the right conditions are granted real-time access to apps and data <em>however</em>, as conditions change, intelligent controls kick in to make sure that your data stays secure. These controls include:</p>&#10;<ul>&#10;<li>Challenging a user with MFA to prove that they are who they say they are.</li>&#10;<li>Prompting the user to enroll their device in Intune.</li>&#10;<li>Guiding the user to make adjustments to their device to meet your orgs security requirements</li>&#10;<li>Blocking access all together or even wiping a device.</li>&#10;<li>Granting different access privileges when using a native app (Word) vs. a web app (Word Online)</li>&#10;</ul>&#10;<p>We believe Microsoft is uniquely positioned to deliver solutions that are this comprehensive and sophisticated yet remain simple to operate. With EMS, these types of functionalities are possible because were building them together, from the ground up, to deliver on our commitment for secure and mobile productivity.</p>&#10;<p>You can access the new conditional access console in the menu within both the Intune and Azure AD blades. To see this functionality in action, check out <a href="https://channel9.msdn.com/Series/Endpoint-Zone/Endpoint-Zone-with-BRad-Anderson-1703">this <em>Endpoint Zone</em> episode</a>.</p>&#10;<h1><strong>Whats Next</strong></h1>&#10;<p>Our commitment to ongoing innovation means we never stop listening, shipping and reaching for whats next. <strong>Looking ahead</strong>, well continue to release new features and enhancements at a steady pace throughout the year. From this point forward, all new Intune and conditional access features will be delivered in the new portal, so keep an eye out.</p>&#10;<p><strong>Also:</strong> Dont hesitate to let us know what you think; our dialog with customers is <strong>our most valuable development input</strong>.</p>&#10;<p>One last note: This is a really significant day for all of us. I am so pleased with the work that has been done here at Microsoft on the architecture and administrative experiences. Im happy for the team and what has been accomplished. I am so pleased with the feedback that has come in from so many customers about the richness and vibrancy of the new admin experience as well as how performant the services are. And, at the risk of sounding redundant, Im happy to hear how much this has simplified your work while delivering incredible new, unique value such as the integrated Conditional Access.</p>&#10;<p>&nbsp;</p>&#10;<p>&nbsp;</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/feed/</wfw:commentRss> <slash:comments>3</slash:comments> </item> <item> <title>Azure AD Conditional Access now supports Microsoft Teams &#038; the Azure Portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/#comments</comments> <pubDate>Tue, 06 Jun 2017 16:01:49 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52435</guid> <description><![CDATA[Howdy folks, Quick blog post today. Many of you have asked when you&#8217;ll be able to use Conditional Access policies with Microsoft Teams and the Azure Portal. I&#8217;m happy to let you know that support for both services is now available. Nitika Gupta from my team has written a blog post with the details. You&#8217;ll <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Quick blog post today.</p>&#10;<p>Many of you have asked when you&#8217;ll be able to use Conditional Access policies with Microsoft Teams and the Azure Portal. I&#8217;m happy to let you know that support for both services is now available. Nitika Gupta from my team has written a blog post with the details. You&#8217;ll find it below.</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-</p>&#10;<p>Hi folks,</p>&#10;<p>I&#8217;m Nitika Gupta, a Program Manager in the Identity Security and Protection team at Microsoft. I&#8217;m excited to share that Microsoft Teams and Azure portal now support Azure AD Conditional Access.</p>&#10;<p>Till now, the only way to secure access to Azure portal was to require Multi-Factor Authentication all the time for an administrative account. This addressed the security need but came in the way of productivity. With this announcement, customers can require Multi-Factor Authentication only for access to Azure portal. Leveraging the power of Conditional Access, customers can allow access to Azure portal only under certain conditions (sign-in risk, location, device) and from trusted devices.</p>&#10;<p>To create a policy for Azure portal, you can simply select &#8220;Microsoft Azure Management&#8221; under <strong>Cloud apps</strong>.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/060617_0548_AzureADCond1.png" /></p>&#10;<p>The policy will impact all the Azure management endpoints (classic Azure portal, Azure portal, Azure Resource Manager provider, classic Service Management APIs, as well as PowerShell).</p>&#10;<p>While configuring a policy for Azure portal, be cautious! A bad configuration might lead to you locking yourself out.</p>&#10;<p>And making news is also Microsoft Teams, one of the newest members of the Office 365 family, which is now available as its own Cloud app for IT admins to configure Conditional Access policies on. This allows organizations to secure the data in Teams and prevent leakage on untrusted devices.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/060617_0548_AzureADCond2.png" /></p>&#10;<p>The policy applies to Teams app on Windows, macOS, iOS, Android and Windows Phone. It&#8217;s important to note that Conditional Access policies created for Exchange Online and SharePoint Online cloud apps also affect Microsoft Teams as the Teams clients rely heavily on these services for core productivity scenarios such as meetings, calendars and files.</p>&#10;<h1>Feedback</h1>&#10;<p>We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, or tweet with the hashtag #AzureAD.</p>&#10;<p>Thanks,</p>&#10;<p>Nitika Gupta</p>&#10;<p><a href="https://twitter.com/_nitika_gupta">@_nitika_gupta</a></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/feed/</wfw:commentRss> <slash:comments>9</slash:comments> </item> </channel> </rss>