<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Azure Active Directory &#8211; Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Tue, 17 Jan 2017 15:32:14 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>#AzureAD Mailbag: MFA Q&#038;A, Round 6!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/06/azuread-mailbag-mfa-qa-round-6/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/06/azuread-mailbag-mfa-qa-round-6/#respond</comments> <pubDate>Fri, 06 Jan 2017 18:04:08 +0000</pubDate> <dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Azure MFA]]></category> <category><![CDATA[Mailbag]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45606</guid> <description><![CDATA[All right, it&#8217;s time for some more mandatory fun! Chad here again kicking off 2017 and ready with another MFA mailbag. In the last couple months, I&#8217;ve been having a lot of conversations with customers around Azure MFA Server licenses requirements, billing, and split configurations. In this mailbag, I&#8217;ve taken some of these &#8220;What if.&#8221; <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/06/azuread-mailbag-mfa-qa-round-6/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>All right, it&#8217;s time for some more mandatory fun!</p>&#10;<p>Chad here again kicking off 2017 and ready with another MFA mailbag. In the last couple months, I&#8217;ve been having a lot of conversations with customers around Azure MFA Server licenses requirements, billing, and split configurations. In this mailbag, I&#8217;ve taken some of these &#8220;What if.&#8221; and &#8220;How does this work?&#8221; questions that you implementers can get stuck on and will hopefully provide the answers you need to get started on your deployment. Also our team has really grown lately and some of these faces are going to join in on our blogging efforts. Check back on Fridays for a new posts.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 1:</strong></p>&#10;<p>I know when I use the text message option of Azure MFA, I get a 6 digit code texted to me. How long is that code good for? Can I change the length of the code and the length time the code is valid?</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Answer 1:</strong></p>&#10;<p>When using Azure MFA Server, the default timeout is 5 minutes. There is no UX to configure it. It can be configured via a registry key setting.</p>&#10;<p>When using (cloud-based) Azure MFA, the timeout is 3 minutes; this is not configurable. The length of the code (6 digits) is not configurable.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Questions 2:</strong></p>&#10;<p>Does the downloadable <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-sdk">MFA SDK</a> used for Azure MFA Server supports texting and calling to international numbers? Is there any additional cost associated with doing so?</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Answer 2:</strong></p>&#10;<p>Yes, the downloadable SDKs supports both texting &amp; phone calls to international calls. However, users may incur charges for receiving or replying to international calls and texts depending on the terms of their cellular plan and carrier.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 3:</strong></p>&#10;<p>Can you explain to me about how billing works for Azure MFA Server?</p>&#10;<p><strong></strong></p>&#10;<p><strong>Answer 3:</strong></p>&#10;<p>There are several options for billing:</p>&#10;<ol>&#10;<li>Per-User Consumption: Create a per-user MFA Provider in an Azure subscription. MFA Server reports the number of users marked as Enabled to our cloud service. The cloud service reports the number of users to the Commerce system to bill the Azure subscription for the number of users enabled.</li>&#10;<li>Per-Authentication Consumption: Create a per-authentication MFA provider in an Azure subscription. The cloud service reports the number of verification requests that have occurred daily to the Commerce system to bill the Azure subscription.</li>&#10;<li>License: Purchase standalone MFA, Azure AD Premium and/or EMS licenses. MFA Server reports the number of users marked as Enabled to the cloud service. The customer needs enough licenses to cover the number of users enabled. While we encourage licenses to be assigned to AAD users, the MFA system only looks at the total count of users enabled for MFA.</li>&#10;</ol>&#10;<p>You can mix options 1 and 3 by creating a per-user MFA Provider in an Azure subscription that is linked to your Azure AD tenant that has your MFA, AAD Premium and/or EMS licenses. The Azure subscription will only be billed for the number of users enabled for MFA that exceed the number of licenses owned. For more information, please visit our Multi-Factor Authentication Pricing documentation. For more information, please visit our <a href="https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/">Multi-Factor Authentication Pricing documentation</a>.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 4:</strong></p>&#10;<p>I want to understand if there are charges for failed authentications? Also, can I use a hybrid model with some users set as pay per user per month and others set up to pay per authentication?</p>&#10;<p><strong>Answer 4:</strong></p>&#10;<p>The only way to do a hybrid where some are per-user and other are per-authentication would be to have two separate MFA Providers that are used with two different environments or user groups. Another option would be to use Azure MFA (cloud) and a MFA Provider that is configured per auth. Azure MFA today only works for cloud-based resources and when using AD FS 2016. For per-authentication billing, we bill for each authentication attempt, including failed attempts.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 5:</strong></p>&#10;<p>Can my organization switch between per-user and per-authentication consumption billing models at any time?</p>&#10;<p><strong>Answer 5:</strong></p>&#10;<p>If you are using an Azure MFA Provider that is linked to your Azure AD tenant, you can safely delete the current provider and recreate it with the other usage model as long as you link the new one to that same Azure AD tenant. There are only issues deleting and recreating MFA Providers that aren&#8217;t linked to an Azure AD tenant.</p>&#10;<p>&nbsp;</p>&#10;<p>And that finishes up your Azure MFA FAQ&#8217;s for the week! We hope you took away something new or had an &#8220;ah ha&#8221; moment Keep the feedback coming to the GTP Team.</p>&#10;<p>&nbsp;</p>&#10;<p>For any questions you can reach us at<br />&#10;<a>[email protected]</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a></p>&#10;<p>&nbsp;</p>&#10;<p>Chad Hasbrook, Mark Morowczynski, Shawn Bishop, Todd Gugler</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/06/azuread-mailbag-mfa-qa-round-6/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Breaking down EMS Conditional Access: Part 2</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/#respond</comments> <pubDate>Thu, 05 Jan 2017 16:00:25 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45505</guid> <description><![CDATA[This post is the second in a three-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><i>This post is the second in a three-part series detailing </i><a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access"><i>Conditional Access</i></a><i> from Microsoft Enterprise Mobility + Security.</i></p>&#10;<p>Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in a pinch, or log on from a friends house, or use a hotel kiosk to connect. You might be OK with allowing access in some cases, but in other circumstances you may want to provide access only to certain employees, only to specific data, or only from known and compliant devices.</p>&#10;<p>Device-based conditional access from Microsoft Enterprise Mobility + Security (EMS) helps you make sure that only compliant mobile devices and PCsthose that meet the standards youve sethave access to corporate data.</p>&#10;<h2>Device Compliance</h2>&#10;<p>Device compliance policies help you protect company data by making sure the devices used to access your data or sensitive apps comply with your specific requirements or standards. Administrators can set these policies to enforce device compliance requirements before users attempt to access company resources. These can include settings for device enrollment, domain join, passwords and encryption, as well for the OS platform running on the device.</p>&#10;<p>You can use <a href="https://docs.microsoft.com/en-us/intune/deploy-use/introduction-to-device-compliance-policies-in-microsoft-intune">compliance policy settings</a> in Microsoft Intune to create a set of rules for and to evaluate the compliance of employee devices. When devices don&#8217;t meet the conditions set in the policies, the end user is guided though the process of enrolling the device and fixing the issue that prevents the device from being compliant.</p>&#10;<p><a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune">Conditional access policies</a> are a set of rules that can restrict or allow access to a specific service based on whether the user meets the requirements you define. When you use a conditional access policy in combination with a device compliance policy, only users with compliant devicesin addition to any other rules youve setwill be allowed to access the service. Since both policies are applied at the user level, any device from which the user tries to access services will be checked for compliance.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario.png"><img title="Conditional Access Policy Scenario" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Conditional Access Policy Scenario" src="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario_thumb.png" width="790" height="463" class="aligncenter" /></a></p>&#10;<p align="center"><em>In this scenario, IT has applied a policy that blocks unmanaged devices from accessing and opening files stored on OneDrive for Business. Devices need to be enrolled first, before the location can be accessed.</em></p>&#10;<h2>EMS + Lookout, providing additional mobile endpoint security</h2>&#10;<p><a href="https://www.lookout.com/about/partners/microsoft">Lookouts deep integration with EMS</a> gives you real-time visibility into mobile device risks, including advanced mobile threats and app data leakage, which can inform your conditional access policies. Lookout provides visibility across all three mobile risk vectors: app-based risks (such as malware), network-based risks (such as man-in-the-middle attacks), and OS-based risks (such as malicious OS compromise).</p>&#10;<p>The integration between Lookout and EMS makes it easy to apply this threat intelligence to your conditional access policies. If a device is found to be non-compliant due to a mobile risk identified by Lookout, access is blocked and the user is prompted to resolve the issue with one-step guidance from Lookout before they can regain access. <em>Note that Lookout licenses must be purchased separately from EMS.</em></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout.png"><img title="EMS Intune Lookout" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="EMS Intune Lookout" src="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout_thumb.png" width="850" height="351" class="aligncenter" /></a></p>&#10;<h2>Device-based conditional access to on-premises resources</h2>&#10;<p>EMS conditional access capabilities help you to secure access to both your cloud and on-premises resources. Our customers often manage broad and complex networks, so with that in mind, weve built partnerships with popular network access providers such as Cisco ISE, Aruba ClearPass, and Citrix NetScaler. Now you can extend your Intune conditional access capabilities to work with these networks.</p>&#10;<p>Partner network providers can implement checks for Intune-managed and compliant devices as a requirement before allowing user access through either your wireless or virtual private network. When you <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-networks">extend device compliance policies to network providers</a>, you can ensure that only managed and compliant devices will be able to connect to your on-premises corporate network.</p>&#10;<p>EMS offers you some great access simplifications: you can still enable <a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-on-premises-data-with-intune">secure access to on-premises</a> applications without VPNs, DMZs, or on-premises reverse proxies by leveraging the Azure Active Directory Application Proxy. Best of all, all of this can be done without installing or maintaining additional on-premises infrastructure or opening your company firewall to route traffic through it. Conditional access capabilities will work for this scenario as well.</p>&#10;<h2>Additional Resources</h2>&#10;<ul>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">Breaking down EMS Conditional Access: Part 1</a></li>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-office365-data-with-intune">Read more about device based conditional access on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSFTMobility">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Conditional Access now in the new Azure portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/#comments</comments> <pubDate>Thu, 15 Dec 2016 18:00:09 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[Identity-driven Security]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45175</guid> <description><![CDATA[The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to provide you with a more holistic and innovative approach to security one that can protect, detect, and respond to threats on-premises as well as in the cloud.</p>&#10;<p>Risk-based conditional access is a critical part of our identity-driven security story. It ensures that only the right users, on the right devices, under the right circumstances have access to your sensitive corporate data. Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels, and it also takes risk information into consideration (powered by the vast data in Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a>). As conditions change, natural user prompts ensure only the right users on compliant devices can access sensitive data, providing you the control and protection you need to keep your corporate data secure while allowing your people to do their best work from any device.</p>&#10;<p>This is an area where we are constantly innovating to bring you the most secure and easy-to-use solution, and today were announcing several improvements to Conditional Access in EMS:</p>&#10;<ol>&#10;<li><strong>Risk-based access policies per application</strong>. <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">Leverage machine learning on a massive scale</a> to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.</li>&#10;<li><strong>Greater flexibility to protect applications</strong>. Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.</li>&#10;<li>All these capabilities are now available in a <strong>unified administrative experience on the Azure portal</strong>. This makes it even easier to create and manage holistic conditional access policies to all your applications.</li>&#10;</ol>&#10;<p>These new <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access</a> capabilities provide more flexible and powerful policies to enable productivity while ensuring security. Additionally, the new admin experience unifies conditional access workloads across Intune and Azure AD.</p>&#10;<p>If you are an Intune customer using the existing browser-based console or the Configuration Manager console, or an Azure AD customer using the classic Azure portal, you can now preview the new Conditional Access policy interface in the Azure portal.</p>&#10;<p><a href="https://aka.ms/cacontrols">Get started with these Conditional Access capabilities</a> or read on to learn a bit more about Conditional Access with EMS.</p>&#10;<h2>Overview</h2>&#10;<p>A Conditional Access policy is simply a statement about<br />&#10;<strong>When the policy should apply</strong> (called <strong>Conditions</strong>), and<br />&#10;<strong>What the action or requirement should be</strong> (called <strong>Controls</strong>).</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy.png"><img width="169" height="480" title="Conditional access policy" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditional access policy" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy_thumb.png" border="0" /></a></p>&#10;<h3>Conditions (When the policy should apply)</h3>&#10;<p>Conditions are the things about a login that dont change during the login, and are used to decide which policies should apply. Azure AD supports the following Conditions:</p>&#10;<ol>&#10;<li><strong>Users/Groups</strong> are the users/groups in the directory that the policy applies to.</li>&#10;<li><strong>Cloud apps</strong> are the services the user accesses that you want to secure.</li>&#10;<li><strong>Client app</strong> is the software the user is employing to access cloud app.</li>&#10;<li><strong>Device platform</strong> is the platform the user is signing in from.</li>&#10;<li><strong>Location</strong> is the IP-address based location the user is signing in from.</li>&#10;<li><strong>Sign-in risk</strong> is the likelihood that the sign-in is coming from someone other than the user.</li>&#10;</ol>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview.png"><img width="378" height="480" title="Conditions preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditions preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview_thumb.png" border="0" /></a></p>&#10;<p><a href="https://aka.ms/caconditions">Our documentation provides further details on how to set the conditions</a>.</p>&#10;<h3>Controls (What the action or requirement should be)</h3>&#10;<p>Controls are the additional enforcements that are put in place by the policy (such as do a Multi-factor authentication challenge) that will be inserted into the login flow. Azure AD supports the following controls:</p>&#10;<ol>&#10;<li><strong>Block access </strong></li>&#10;<li><strong>Multi-factor authentication</strong></li>&#10;<li><strong>Compliant device</strong></li>&#10;<li><strong>Domain Join</strong></li>&#10;</ol>&#10;<p>You can select individual controls or all of them.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview.png"><img width="400" height="508" title="Controls preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Controls preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview_thumb.png" border="0" /></a></p>&#10;<p>To learn more about how to get started with controls, you can read a <a href="https://aka.ms/cacontrols">detailed documentation article</a>.</p>&#10;<p>Were really excited about the wide range of scenarios that this new experiences lights up and hope you find it useful. As always, were looking forward to your feedback.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/feed/</wfw:commentRss> <slash:comments>5</slash:comments> </item> <item> <title>#AzureAD Certificate Based Authentication is Generally Available!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/14/azuread-certificate-based-authentication-is-generally-available/</link> <pubDate>Wed, 14 Dec 2016 17:00:35 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Android]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Certificates]]></category> <category><![CDATA[Hybrid]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Office 365]]></category> <category><![CDATA[PKI]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45095</guid> <description><![CDATA[Howdy folks! Many big organizations that have certificates have been using the certificate-based authentication feature while it was in preview and giving us feedback. Thank you for your input! Today, Im excited to announce the GA of certificate based authentication. This announcement enables two key scenarios: 1. Federated Azure AD customers can sign in using <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/14/azuread-certificate-based-authentication-is-generally-available/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Many big organizations that have certificates have been using the </span><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-certificate-based-authentication-android"><span style="font-family: Calibri;font-size: medium">certificate-based authentication feature</span></a><span style="font-family: Calibri;font-size: medium"> while it was in preview and giving us feedback. Thank you for your input! Today, Im excited to announce the GA of certificate based authentication.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">This announcement enables two key scenarios:</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">1. Federated Azure AD customers can sign in using certificate-based authentication (performed against the federation server) with Office applications on iOS and Android. The chart below outlines the support for certificate-based authentication across Office applications:</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0027.jpg"><span style="font-family: Calibri;font-size: medium"></span></a><span style="font-family: Calibri;font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0028.jpg"><img width="725" height="237" title="clip_image002" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image002_thumb6.jpg" border="0" /></a></span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">2. Azure AD customers can sign in using certificate-based authentication with Exchange ActiveSync mobile apps in iOS and Android when signing in to Exchange Online.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Take a look at our </span><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-certificate-based-authentication-ios#getting-started"><span style="font-family: Calibri;font-size: medium">certificate-based authentication</span></a><span style="font-family: Calibri;font-size: medium"> documentation to get started with these scenarios</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Of course, we always love to hear your feedback and suggestions, and look forward to hearing from you!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Best regards,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/">@Alex_A_Simons</a>)</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p>&#10;]]></content:encoded> </item> <item> <title>More enhancements to the #AzureAD Admin experience in the new Azure Portal!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/#comments</comments> <pubDate>Fri, 09 Dec 2016 18:24:32 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[SaaS]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44905</guid> <description><![CDATA[Howdy folks, Since our most August 2016 preview release of our new admin experience in the new Azure portalwe&#8217;ve seen a ton of use and received a ton of feedback. Thank you to all of you who are giving the new experience a whirl! We really appreciate it. Since Ive invited Senior Program Manager Adam <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Since our most August 2016 preview release of our new admin experience in the </span><a href="https://portal.azure.com"><span style="font-family: Calibri;font-size: medium">new Azure portal</span></a><span style="font-family: Calibri;font-size: medium">we&#8217;ve seen a ton of use and received a ton of feedback. Thank you to all of you who are giving the new experience a whirl! We really appreciate it. Since </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Ive invited Senior Program Manager Adam Steenwyk to write a blog post introducing the first of many updates, which youll find below.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Please read, dig in, and make sure to tell us what you think!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Best Regards,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">&#8212;&#8212;&#8212;&#8212;&#8211;</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Hi there,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Today is an exciting day for us as we reveal the first of many updates weve made to our Azure AD administrative experiences. In fact, theres so much new stuff to cover that over the next few weeks well be releasing several blog posts going into depth about each of the improvements weve made. </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Todays post is focused on the updates weve made to Enterprise Application management in the new portal. Be sure you stay tuned for more posts to come!</span></p>&#10;<h2>Do more with Enterprise Applications in the new portal</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">In this latest update, weve given you many of the Enterprise Application management tools youre used to using in the Azure classic portal, and added a few new ones, too, including:</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">1.) A brand-new application gallery that supports all your favorite apps, including:</span></p>&#10;<ul>&#10;<li><span style="font-family: Calibri;font-size: medium">Thousands of pre-integrated apps</span></li>&#10;<li><span style="font-family: Calibri;font-size: medium">All your own existing apps</span></li>&#10;<li><span style="font-family: Calibri;font-size: medium">Newly created, custom-developed, apps</span></li>&#10;</ul>&#10;<p><span style="font-family: Calibri;font-size: medium">2.)A new quick start experience to get you going with a pilot of your newly added apps</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">3.) Support for bring your own password-based sign-on apps, including improved auto-detection of sign-in fields and the ability to customize user sign-in field labels</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">4.) Windows Integrated Authentication single sign-on mode to support full configuration of on-premises apps through the Application Proxy</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">5.) The ability to configure self-service application access for any application</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">6.) Updated SAML-based sign-on configuration to support the SAML relay state parameter, full customization of SAML token attributes, automatic SAML signing certificate creation, as well as customization of the options and algorithms used to sign the certificate</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">7.)Updated Application proxy experience to support custom app URLs using your own HTTPS certificates</span></p>&#10;<h2>Going deeper</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">If youd like to read more about the specific improvements weve made and how to try them out, check the </span><a></a><a href="https://aka.ms/aad-apps-whats-new-dec2016"><span style="font-family: Calibri;font-size: medium">Enterprise Applications public preview 2 release</span></a><span style="font-family: Calibri;font-size: medium"> article, or watch the video below!</span></p>&#10;<p><iframe width="960" height="540" allowfullscreen="allowfullscreen" frameborder="0" src="https://aka.ms/aad-apps-whats-new-dec2016-video"></iframe></p>&#10;<h2>Feedback</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">We hope you enjoy using our updated preview experience. Please keep the feedback coming! Post the things that are working and not working for you, or ideas for improvement in the Admin Portal section of our </span><a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal"><span style="font-family: Calibri;font-size: medium">feedback forum</span></a><span style="font-family: Calibri;font-size: medium">.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Cheers,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Adam Steenwyk</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Senior Program Manager</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Identity Division</span></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/09/more-enhancements-to-the-azuread-admin-experience-in-the-new-azure-portal/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>New capabilities coming to Microsoft Enterprise Mobility + Security (EMS)</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/#comments</comments> <pubDate>Wed, 07 Dec 2016 17:00:59 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44305</guid> <description><![CDATA[As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS. With EMS we continue to build <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS.</p>&#10;<p>With EMS we continue to build on identity at the core of the solution to maximize your employees productivity while at the same time providing the necessary capabilities across security, management of devices and apps, and information protection to ensure that your critical company data is protected. Today we are expanding these capabilities even further with:</p>&#10;<ul>&#10;<li><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a>, available today in preview, enables secure single sign-on to cloud resources without requiring syncing of passwords to the cloud, or modification to existing on-premises network infrastructure.</li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Microsoft Intunes new Admin Console in Azure</a>, rolling out in preview, makes setting up integrated security and management scenarios across EMS services even easier.</li>&#10;<li><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a> that provide even greater flexibility and security for protecting data at the file level. These updates include support formore file types, integration with your on-premises encryption key network, and new options for creating classification and protection policies.</li>&#10;</ul>&#10;<p>Heres more on these new capabilities and how our customers will benefit from these innovations:</p>&#10;<p><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a></p>&#10;<p>Pass-through authentication now in preview, lets users securely login to cloud resources by validating their password against their on-premises Active Directory more easily than ever. This feature allows customers that cannot or do not want to store passwords in the cloud (even encrypted ones) to onboard Azure Active Directory and Office 365 without having to modify their corporate network infrastructure and install products such as Active Directory Federation Services (AD FS) or similar third party federation solutions. Pass-through authentication is set up via the Azure AD Connect admin experience as the second option for authentication along with Password Sync and AD FS.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in.png"><img width="640" height="451" title="Azure Active Directory Connect User Sign in" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Azure Active Directory Connect User Sign in" src="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in_thumb.png" border="0" /></a></p>&#10;<p>Additionally, with this new update, both Pass-through authentication and Password Synchronization authentication options will now provide seamless single sign-on to Azure AD connected applications from Windows devices.</p>&#10;<p><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Preview of Microsoft Intune Admin Console in Azure</a></p>&#10;<p>The new Intune admin experience on Azure begins rolling out in public previewfor new and test tenants. The new console, built in Azure, provides powerful and integrated management of core EMS security solutions, such as conditional access to corporate resources based on device, users or risk, allowing for set up and management of policies between Intune and Azure Active Directory. This new admin experience makes it easier than ever to protect tens of thousands of mobile devices.</p>&#10;<p><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a></p>&#10;<p>Protecting data at the file level throughout its lifecycle, from creation to sharing to tracking and revocation, regardless of where it is stored or accessed, is a key priority for our customers and a unique part of the EMS solution. Since the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/04/azure-information-protection-is-now-generally-available/">release of Azure Information Protection in October</a> we have been listening to customer feedback and are releasing several new capabilities. Below are a few of the highlights:</p>&#10;<ul>&#10;<li>Give end users more focused classification and protection options with policies based on group membership.</li>&#10;<li>Support for more non-Office file types and bulk labelling of data at rest.</li>&#10;<li>Integrate protection with on-premises keys with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/10/azure-information-protection-with-hyok-hold-your-own-key/">Hold Your Own Key (HYOK).</a></li>&#10;</ul>&#10;<h4>Enterprise Mobility + Security Customer Stories</h4>&#10;<p>As more and more customers are choosing EMS, we wanted to share with you some examples of recent customers who have been deploying and using it successfully:</p>&#10;<ul>&#10;<li><a href="https://customers.microsoft.com/en-US/story/whole-foods-takes-natural-next-step-to-protect-applications-in-the-cloud">Whole Foods</a> is embracing identity-driven security with EMS to protect applications</li>&#10;<li><a href="https://customers.microsoft.com/en-US/story/avanade-balances-data-security-and-employee-privacy-with-microsoft-intune">Avanade</a> balances data security and employee privacy with EMS</li>&#10;</ul>&#10;<p>Get started with your own <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">Enterprise Mobility + Security deployment</a>.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>Introducing #AzureAD Pass-Through Authentication and Seamless Single Sign-on</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/#comments</comments> <pubDate>Wed, 07 Dec 2016 17:00:20 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[ADFS]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[Deployment]]></category> <category><![CDATA[Hybrid]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Public Cloud]]></category> <category><![CDATA[Public Preview]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44625</guid> <description><![CDATA[Howdy folks, Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview! When we talk to organizations about how they want to integrate their identity infrastructure to the cloud, we often hear the same set of requirements: Ive got to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">When we talk to organizations about how they want to integrate their identity infrastructure to the cloud, we often hear the same set of requirements: <i>Ive got to have single sign-on for my users, passwords need to stay on-premises, and I cant have any un-authenticated end points on the Internet. And make sure it is super easy</i>.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">We heard your feedback, and now the wait is over. Im excited to announce we have added a set of new capabilities in Azure AD to meet all those requirements: <b>Pass-Through Authentication</b> and <b>Seamless Single Sign-on</b> to Azure AD Connect! These new capabilities allow customers to securely and simply integrate their on-premises identity infrastructure with Azure AD.</span></p>&#10;<div align="center"><iframe width="960" height="540" allowfullscreen="allowfullscreen" frameborder="0" src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-AD-Connect-Updates-Pass-through-authentication/player"></iframe></div>&#10;<h2>Azure AD pass-through authentication</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">Azure AD pass-through authentication provides a simple, secure, and scalable model for validation of passwords against your on-premises Active Directory via a simple connector deployed in the on-premises environment. This connector uses only secure outbound communications, so no DMZ is required, nor are there any unauthenticated end points on the Internet.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Thats right. User passwords are validated against your on-premises Active Directory, without needing to deploy ADFS servers!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">We also automatically balance the load between the set of available connectors for both high availability and redundancy without requiring additional infrastructure. We made the connector super light-weight so it can be easily incorporated into your existing infrastructure and even deployed on your Active Directory controllers.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">The system works by passing the password entered on the Azure AD login page down to the on-premises connector. That connector then validates it against the on-premises domain controllers and returns the results. Weve also made sure to integrate with self-service password reset (SSPR) so that, should the user need to change their password, it can be routed back to on-premises for a complete solution. There is absolutely no caching of the password in the cloud. Find more details about this process in our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication">documentation</a></span><span style="font-family: Calibri;font-size: medium"></span><span style="font-family: Calibri;font-size: medium">.</span></p>&#10;<h2>Seamless single sign-on for all</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">Single sign-on is one of the most important aspects of the end-user experience our customers think through as they move to cloud services. You need more than just single sign-on for interactions between cloud services you also need to ensure users wont have to enter their passwords over and over again.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">With the new single sign-on additions in Azure AD Connect you can enable seamless single sign-on for your corporate users (users on domain joined machines on the corporate network). In doing so, users are securely authenticated with Kerberos, just like they would be to other domain-joined resources, without needing to type passwords.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">The beauty of this solution is that it doesnt require any additional infrastructure on-premises since it simply uses your existing Active Directory services. This is also an opportunistic feature in that if, for some reason, a user cant obtain a Kerberos ticket for single sign-on, they will simply be prompted for their password, just as they are today. It is available for both password hash sync and Azure AD pass-through authentication customers. Read more on seamless single sign-on <a href="https://Aka.ms/hybrid/sso">in this documentation article</a></span></p>&#10;<h2>Enabling these new capabilities</h2>&#10;<p><span style="font-family: Calibri;font-size: medium"><a href="https://www.microsoft.com/en-us/download/details.aspx?id=47594">Download</a></span><a><span style="font-family: Calibri;font-size: medium"> </span></a><span style="font-family: Calibri;font-size: medium">the latest version of Azure AD Connect now to get these new capabilities! Youll find the new options in a custom install for new deployments, or, for existing deployments, when you change your sign-in method.</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image0022.jpg"><img width="940" height="664" title="clip_image002" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/12/clip_image002_thumb2.jpg" border="0" /></a></p>&#10;<p><span style="font-family: Calibri;font-size: medium">I encourage you to <a href="https://www.microsoft.com/en-us/download/details.aspx?id=47594">download</a> the new version of Azure AD Connect today and start testing out these new functions.</span></p>&#10;<h2>The fine print</h2>&#10;<p><span style="font-family: Calibri;font-size: medium">As with all previews there are some limits to what we currently support. We are working hard to ensure we provide full support across all systems. You can find the full list of supported client and operating systems in the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication">documentation</a>, which well be updating consistently as things change.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Also, keep in mind that this is an authentication feature, so its best to try it out in a test environment to ensure you understand the end-user experience and how switching from one sign-on method to another will change that experience. </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">And last but by no means least, its your feedback that pushes us to make improvements like this to our products, so keep it coming. I look forward to hearing what you think!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Best regards,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</span></p>&#10;<p>P.S.: Many of you have asked how the usernames and passwords are protected by the service. Usernames and passwords are passed to the on-premises connector and the results are passed back to Azure AD over an encrypted HTTPS connection. During the public preview we are also going to add an additional layer of public key/private key encryption to the service <a></a>[updated 12/7/16 at 1:15pm pdt.]</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/feed/</wfw:commentRss> <slash:comments>67</slash:comments> </item> <item> <title>#AzureAD PowerShell V2.0 is now GA</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/#comments</comments> <pubDate>Mon, 05 Dec 2016 17:00:56 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Azure PowerShell]]></category> <category><![CDATA[Powershell]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44265</guid> <description><![CDATA[Howdy folks, About a month ago, we announced an updated public preview for PowerShell Azure AD v2.0. Today Im happy to announce that these PowerShell Azure AD v2.0 cmdlets are now generally available (GA)! To give you a rundown on the improvements weve made since we released the preview, Ive asked Rob de Jong to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><span style="font-family: Calibri;font-size: medium">Howdy folks,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">About a month ago, we announced an </span><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/13/in-case-you-missed-it-azuread-powershell-v2-0-is-now-in-public-preview/"><span style="font-family: Calibri;font-size: medium">updated public preview for PowerShell Azure AD v2.0</span></a><span style="font-family: Calibri;font-size: medium">. </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Today Im happy to announce that these PowerShell Azure AD v2.0 cmdlets are now generally available (GA)!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">To give you a rundown on the improvements weve made since we released the preview, Ive asked Rob de Jong to blog about them. Youll find his blog below.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">I hope you will find these cmdlets useful. And as always, we would love to receive any feedback or suggestions you have!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Best Regards,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Alex Simons (Twitter: </span><a href="http://www.twitter.com/alex_a_simons"><span style="font-family: Calibri;font-size: medium">@Alex_A_Simons</span></a><span style="font-family: Calibri;font-size: medium">)</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Director of Program Management</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Microsoft Identity Division</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">&#8212;-</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Hi everyone,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Its Rob de Jong here and today Im excited to let you know that Azure AD PowerShell v2.0 is now GA and to give you a quick tour of the changes weve made since the previous public preview.</span><span style="font-family: Calibri;font-size: medium"> This release marks an important milestone in the Azure AD PowerShell because now you can leverage the new cmdlets in this module in your production environments.</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">One request customers have consistently made is that we make sure we maintain equivalent capabilities between our Graph API and our PowerShell cmdlets. To make sure that happens, all these new cmdlets are built on top of the Graph API. </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Two important notes:</span></p>&#10;<ul>&#10;<li><span style="font-family: Calibri;font-size: medium">The new Azure AD PowerShell v2.0 module dont provide full functional parity with the older MSOL module yet. Were working hard to make that happen in the coming months and will keep you updated on our progress.</span></li>&#10;<li><span style="font-family: Calibri;font-size: medium">We are not planning to publish new functionality in the MSOL PowerShell module. Over time we will implement all the functionality of the old MSOL cmdlets in the new module, and this new module contains quite a few new cmdlets that havent been available before. </span></li>&#10;</ul>&#10;<h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Changes since the preview</span></span></h4>&#10;<p><span style="font-family: Calibri;font-size: medium">Weve made a few changes to some of the cmdlets since the previous preview release of Azure AD PowerShell v2.0:</span></p>&#10;<ul>&#10;<li><span style="font-family: Calibri;font-size: medium">Naming conventions: The Revoke-AzureADSignedInUserAllRefreshTokens and Revoke-AzureADUserAllRefreshTokens were renamed to Revoke-AzureADSignedInUserAllRefreshToken Revoke-AzureADUserAllRefreshToken respectively to follow the Verb-SingularNoun naming convention.</span></li>&#10;<li><span style="font-family: Calibri;font-size: medium">Excluded cmdlets: This GA only includes cmdlets that call into a production endpoint of the Graph API. If you want to use cmdlets that call a Beta endpoint, these are available in the public preview release of the Azure AD v2.0 PowerShell cmdlets. </span><span style="font-family: Calibri;font-size: medium">The cmdlets excluded from this release include those used to manage Administrative Units, Domain settings, Policy settings, and Directory settings.</span></li>&#10;</ul>&#10;<p><span style="font-family: Calibri;font-size: medium">To find a list of all cmdlets included in this release, please refer to the </span><a href="https://www.powershellgallery.com/packages/AzureAD"><span style="font-family: Calibri;font-size: medium">Azure AD v2.0 general availability release notes</span></a><span style="font-family: Calibri;font-size: medium">.</span></p>&#10;<h4><span style="font-family: Calibri;font-size: large"><span style="font-weight: bold">How to deploy</span></span></h4>&#10;<p><span style="font-family: Calibri;font-size: medium">To install the new module, follow </span><a href="https://www.powershellgallery.com/packages/AzureAD"><span style="font-family: Calibri;font-size: medium">this link to the PowerShell Gallery</span></a><span style="font-family: Calibri;font-size: medium">. Installing a PowerShell module from the PowerShell gallery requires some additional components to be installed on your system. If you are running a computer with the Windows 10 OS, these components are already present and you can simply open a PowerShell window as an administrator and type Install-Module AzureAD, The module will be installed on your computer and imported in your session. </span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">For other Windows operating systems, please refer to </span><a href="https://msdn.microsoft.com/powershell/gallery/readme"><span style="font-family: Calibri;font-size: medium">the documentation about the PowerShell Gallery</span></a><span style="font-family: Calibri;font-size: medium">. </span></p>&#10;<h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Getting help with this module</span></span></h4>&#10;<p><span style="font-family: Calibri;font-size: medium">If you need more information about how these cmdlets work, the easiest way to get it is to use the inline help functionality. Here is an example of how to do that, using the Get-Help cmdlet:</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/image112.png"><img width="1500" height="506" title="image" style="margin-right: auto;margin-left: auto;float: none" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/12/image_thumb79.png" border="0" /></a></p>&#10;<p><span style="font-family: Calibri;font-size: medium">For online help, you can also refer to the </span><a href="https://docs.microsoft.com/en-us/powershell/azuread/v2/azureactivedirectory"><span style="font-family: Calibri;font-size: medium">Azure AD v2.0 PowerShell module</span></a><span style="font-family: Calibri;font-size: medium"> online documentation.</span></p>&#10;<h4><span style="font-family: Calibri;font-size: medium"><span style="font-size: large;font-weight: bold">Were here to help</span></span></h4>&#10;<p><span style="font-family: Calibri;font-size: medium">If you need any help with a specific solution youre trying to create, have feedback you want to share, or have questions for which the answer cannot be found in the documentation, please send an email to </span><a><span style="font-family: Calibri;font-size: medium">[email protected]</span></a><span style="font-family: Calibri;font-size: medium">. Well get back to you as soon as we can and look forward to hearing from you!</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Regards,</span></p>&#10;<p><span style="font-family: Calibri;font-size: medium">Rob</span></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/05/azuread-powershell-v2-0-is-now-ga/feed/</wfw:commentRss> <slash:comments>3</slash:comments> </item> <item> <title>New #AzureAD Access Panel is now Generally Available!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/#comments</comments> <pubDate>Mon, 28 Nov 2016 18:04:56 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44025</guid> <description><![CDATA[Howdy folks, Many hundreds of thousands of you have used the our new Access Panel (MyApps) while it was in public previewto launch your Azure AD connected applications, change memberships in groups, and quickly access your security settings. Today, Im excited to announce the new Access Panel isnow Generally Available (GA)! Since we launched Public <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<h3><span style="font-size: medium">Howdy folks,</span></h3>&#10;<p><span style="font-size: medium">Many hundreds of thousands of you have used the our new Access Panel (MyApps) while it was in public previewto launch your Azure AD connected applications, change memberships in groups, and quickly access your security settings. </span></p>&#10;<p><span style="font-size: medium">Today, Im excited to announce the new Access Panel isnow Generally Available (GA)! </span></p>&#10;<p><span style="font-size: medium">Since we launched Public Preview weve received a ton of interest and great feedback. Weve listened to your feedback to offer a refreshing experience on both desktop and mobile. The Access Panel is better than ever!</span></p>&#10;<p><span style="font-size: medium">The new design&#8217;s biggest highlights are its modern layout and optimized controls. If youre convinced already, go ahead and </span><a href="http://myapps.microsoft.com/"><span style="font-size: medium">check it out</span></a><span style="font-size: medium"> for yourself. </span></p>&#10;<p><span style="font-size: medium">If you need a little more convincing, here are the top three new features youll notice in the new design:</span></p>&#10;<p><span style="font-size: medium"><strong>Mobile-friendly with a completely new look</strong></span></p>&#10;<p><span style="font-size: medium">Our responsive layout adjusts to the perfect size no matter what device youre on. The new layout makes it easy to scan through your apps and add new ones.</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00213.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00214.png"><img width="756" height="475" title="clip_image002" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image002_thumb9.png" border="0" /></a></span></p>&#10;<p align="center"><i><span style="font-size: small">Figure 1: Apps page in Desktop Browser</span></i></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00413.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00414.png"><img width="304" height="477" title="clip_image004" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image004" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image004_thumb7.png" border="0" /></a></span></p>&#10;<p align="center"><i><span style="font-size: small">Figure 2: Apps page on Mobile</span></i></p>&#10;<p><span style="font-size: medium"><strong>At a glance notifications and a new user control</strong></span></p>&#10;<p><span style="font-size: medium">Notifications now alert you instantly when an access request comes your way and lets you review them at once. The user control lets you quickly switch between organizations anywhere on the site.</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0069.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00610.png"><img width="507" height="450" title="clip_image006" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image006" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image006_thumb3.png" border="0" /></a></span></p>&#10;<p align="center"><i><span style="font-size: small">Figure 3: Notifications</span></i></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0087.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0088.png"><img width="478" height="461" title="clip_image008" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image008" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image008_thumb2.png" border="0" /></a></span></p>&#10;<p align="center"><i><span style="font-size: small">Figure 4: User Control</span></i></p>&#10;<p><span style="font-size: medium"><strong>Improved group management experience</strong></span></p>&#10;<p><span style="font-size: medium">Group management is now a breeze with everything you need on the main page. You can easily see what groups youre in or own, and join or create new ones.</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0108.png"><span style="font-size: medium"></span></a><span style="font-size: medium"><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0109.png"><img width="850" height="526" title="clip_image010" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image010" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image010_thumb2.png" border="0" /></a></span></p>&#10;<p align="center"><i><span style="font-size: small">Figure 5: Groups Page</span></i></p>&#10;<p><span style="font-size: medium">If you use our mobile app you&#8217;ll also notice a new icon along with the upgraded design.</span></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image011.png"><span style="font-size: medium"><img width="148" height="148" title="clip_image011" class="aligncenter" style="margin-right: auto;margin-left: auto;float: none" alt="clip_image011" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image011_thumb.png" border="0" /></span></a></p>&#10;<p align="center"><span style="font-size: small"><em>Figure 6. MyApps Mobile Icon</em></span></p>&#10;<p><span style="font-size: medium">Since the holiday season is in full swing, well have a two-month transition period where individual users can opt in. Our target date to switch on the new design for everyone is the end of January.</span></p>&#10;<p><span style="font-size: medium">Of course, we always love to hear your feedback and suggestions, and look forward to hearing from you!</span></p>&#10;<p><span style="font-size: medium">Best regards,</span></p>&#10;<p><span style="font-size: medium">Alex Simons (Twitter: </span><a href="http://twitter.com/alex_a_simons"><span style="font-size: medium">@Alex_A_Simons</span></a><span style="font-size: medium">)</span></p>&#10;<p><span style="font-size: medium">Director of Program Management</span></p>&#10;<p><span style="font-size: medium">Microsoft Identity Division</span></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/28/new-azuread-access-panel-is-now-generally-available/feed/</wfw:commentRss> <slash:comments>6</slash:comments> </item> <item> <title>#AzureAD Mailbag: International Deployments Round 2</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/#comments</comments> <pubDate>Fri, 18 Nov 2016 17:00:41 +0000</pubDate> <dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Azure MFA]]></category> <category><![CDATA[Mailbag]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=43685</guid> <description><![CDATA[Hey yall, Mark Morowczynski here with another Friday mailbag. I realize weve been sort of slacking on these for the last 2 months but we are looking to finish the calendar year strong. Key word being looking. Well continue last weeks topic of things to consider with international deployments. Lets dive in. &#160; Question 1: <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Hey yall, Mark Morowczynski here with another Friday mailbag. I realize weve been sort of slacking on these for the last 2 months but we are looking to finish the calendar year strong. Key word being looking. Well continue last weeks topic of things to consider with international deployments. Lets dive in.</p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 1:</strong></p>&#10;<p>Your <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/">documentation</a> states that Azure AD Premium is not supported in China. I am a US customer but have 200 employees located in China. Will my users in China not be able to get the Azure AD Premium functionalities such as MFA, SSPR, and Azure App Proxy?</p>&#10;<p><strong>Answer 1:</strong></p>&#10;<p>We hear this question frequently for customers who operate in China but, I&#8217;m going to borrow some words from <a href="https://twitter.com/BBrekkan_MSFT">Brjann Brekkan</a>, (another member on our team) for this response:</p>&#10;<p>Azure AD Premium and its capabilities is not currently available in Tenants hosted in our Mainland China Azure AD instance such as when a company signs up for Office 365 or Azure operated by our partner 21Vianet. A company with Tenant in our Global Azure AD instance, hosted in our global datacenters, has access to Azure AD Premium services and all employees in that Tenant, including those in China, can leverage the services.</p>&#10;<p><strong></strong></p>&#10;<p><strong>Question 2:</strong></p>&#10;<p>I have multiple brands within my company. Some of the companies I&#8217;ve acquisitioned are in different countries and have their own IT staff that manages their identities. Is there a way I can limit admin access based on location? (e.g. Help Desk in France supports users only in France)</p>&#10;<p><strong>Answer 2:</strong></p>&#10;<p>Today this can be done with <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-administrative-units-management/">Administrative Units</a>. There are some caveats though:</p>&#10;<ul>&#10;<li>The only resources that Administrative Units can be applied to is users</li>&#10;<li>Configuring these can only be done through PowerShell (there is no GUI as of today)</li>&#10;<li>Administrative Units are not dynamic (meaning you must manually add new users as they become qualified to be a member of the scoped group or a member of the role that you have defined)</li>&#10;</ul>&#10;<p>Even with these caveats, this is still a very powerful tool for scoping and decreasing surface area from a risk perspective. Remember, this is a defense in depth type strategy. Privileged accounts are high value targets &#8211; shrink your surface area as much as possible!</p>&#10;<p><strong></strong></p>&#10;<p><strong>Question 3:</strong></p>&#10;<p>I&#8217;m concerned about charges that may occur for my users that operate outside of the US. Will Microsoft charge my users long distance fees for SMS/Phone calls? Where is the SMS/Phone calls coming from with Azure MFA and SSPR?</p>&#10;<p><strong>Answer 3:</strong></p>&#10;<p>Azure AD phone calls come from the United States &#8211; which is why the caller ID phone number must be a US number. However, text messages may come from US (+1), UK (+44) or other countries. It may vary for each authentication based on the destination and the provider we use to send each text message.</p>&#10;<p>We do not charge the end user or tenant for processing calls/SMS for countries outside of the United States. Some providers may charge for receiving long-distance SMS/Phone calls but this is purely based on the user&#8217;s carrier (This is no different than requiring a phone plan to receive SMS or voice calls). We do have other options available for both SSPR and MFA that do not require SMS/Phone calls (e.g. Azure Authenticator app for MFA and Q/A gate for SSPR) but does require internet connectivity.</p>&#10;<p>Fun Fact: For Azure MFA, you can change the Caller ID Phone Number but this is only from US phone numbers only.</p>&#10;<p>&nbsp;</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image0018.png"><img width="872" height="834" title="clip_image001" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image001_thumb5.png" border="0" /></a></p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 4:</strong></p>&#10;<p>Within my company, we own multiple brands; we are looking to customizing the feel of our O365 Portal/Access Panel page. It only gives me one option to brand my tenant &#8211; what are other customers doing?</p>&#10;<p><strong>Answer 4:</strong></p>&#10;<p>Yes, each image has an independent upload for <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-add-company-branding/">branding</a> as seen on the Large Illustration below. Most companies that have deployed Azure AD and own multiple brands usually do one of two things</p>&#10;<ol>&#10;<li>Use an icon from their parent company that represents their company as a whole (a recognizable image for all brands)</li>&#10;<li>Use the &#8220;Large Illustration/Background Color&#8221; image and incorporate multiple brands on this same image. This allows a unified company representation on your main log on page for the cloud. This image is seen in the top left corner of the screenshot below.</li>&#10;</ol>&#10;<p>&nbsp;</p>&#10;<p><a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-add-company-branding/"><img width="1664" height="1018" title="clip_image001[8]" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001[8]" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00181.png" border="0" /></a></p>&#10;<p>&nbsp;</p>&#10;<p>Image Options to Upload</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00110.png"><img width="980" height="825" title="clip_image001[10]" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="clip_image001[10]" src="https://msdnshared.blob.core.windows.net/media/2016/11/clip_image00110_thumb.png" border="0" /></a></p>&#10;<p>&nbsp;</p>&#10;<p><strong>Question 5:</strong></p>&#10;<p>I operate in multiple countries and I&#8217;m about to deploy multiple Microsoft cloud services. Where can I get started with reading up on Microsoft&#8217;s documentation on how data is managed from a global perspective?</p>&#10;<p><strong>Answer 5:</strong></p>&#10;<p>I recommend visiting Microsoft&#8217;s <a href="https://www.microsoft.com/en-us/TrustCenter/Transparency/default.aspx">Trust Center</a> to learn more about how Microsoft helps secure your data. Here are a few links to get you started:</p>&#10;<ul>&#10;<li><a href="http://azuredatacentermap.azurewebsites.net/">Microsoft Azure</a></li>&#10;<li><a href="https://www.microsoft.com/en-us/TrustCenter/Privacy/You-are-in-control-of-your-data/CS-location">Microsoft Commercial Support</a></li>&#10;<li><a href="http://www.microsoft.com/en-us/TrustCenter/Privacy/You-are-in-control-of-your-data/dynamics-ax-location">Microsoft Dynamics AX</a></li>&#10;<li><a href="http://o365datacentermap.azurewebsites.net/">Microsoft Dynamics CRM Online</a></li>&#10;<li><a href="http://intunedatacentermap.azurewebsites.net/">Microsoft Intune</a></li>&#10;<li><a href="http://o365datacentermap.azurewebsites.net/">Microsoft Office 365</a></li>&#10;</ul>&#10;<p>Please let us know if you have any additional feedback. Also, join myself or one of my team members in a live discussion on our Webinar platform that we host &#8211; covering a variety topics. <a href="https://info.microsoft.com/AADP-Webinar-CLE_AADP-Main-Landing-Page.html?ls=Blog">Join the conversation here</a>. I look forward to chatting with ya&#8217;ll!</p>&#10;<p>&nbsp;</p>&#10;<p>We hope youve found this post and this series to be helpful. For any questions you can reach us at<br />&#10;<a>[email protected]</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a></p>&#10;<p>&nbsp;</p>&#10;<p>-Chad Hasbrook, Mark Morowczynski, Shawn Bishop, Yossi Banai, Damien Gallot, Brjann Brekkan, Ariel Gordon, and Dan Mace.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/18/azuread-mailbag-international-deployments-round-2/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> </channel> </rss>