Simplify management of apps & devices

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Microsoft Intune &#8211; Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Tue, 17 Jan 2017 15:32:14 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>Breaking down EMS Conditional Access: Part 2</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/#respond</comments> <pubDate>Thu, 05 Jan 2017 16:00:25 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45505</guid> <description><![CDATA[This post is the second in a three-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><i>This post is the second in a three-part series detailing </i><a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access"><i>Conditional Access</i></a><i> from Microsoft Enterprise Mobility + Security.</i></p>&#10;<p>Today, the typical employee connects an average of four devices to their corporate network. Usually theyre connecting from their own mobile device or PC, but thats not always the case. Maybe they use their daughters iPad in a pinch, or log on from a friends house, or use a hotel kiosk to connect. You might be OK with allowing access in some cases, but in other circumstances you may want to provide access only to certain employees, only to specific data, or only from known and compliant devices.</p>&#10;<p>Device-based conditional access from Microsoft Enterprise Mobility + Security (EMS) helps you make sure that only compliant mobile devices and PCsthose that meet the standards youve sethave access to corporate data.</p>&#10;<h2>Device Compliance</h2>&#10;<p>Device compliance policies help you protect company data by making sure the devices used to access your data or sensitive apps comply with your specific requirements or standards. Administrators can set these policies to enforce device compliance requirements before users attempt to access company resources. These can include settings for device enrollment, domain join, passwords and encryption, as well for the OS platform running on the device.</p>&#10;<p>You can use <a href="https://docs.microsoft.com/en-us/intune/deploy-use/introduction-to-device-compliance-policies-in-microsoft-intune">compliance policy settings</a> in Microsoft Intune to create a set of rules for and to evaluate the compliance of employee devices. When devices don&#8217;t meet the conditions set in the policies, the end user is guided though the process of enrolling the device and fixing the issue that prevents the device from being compliant.</p>&#10;<p><a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune">Conditional access policies</a> are a set of rules that can restrict or allow access to a specific service based on whether the user meets the requirements you define. When you use a conditional access policy in combination with a device compliance policy, only users with compliant devicesin addition to any other rules youve setwill be allowed to access the service. Since both policies are applied at the user level, any device from which the user tries to access services will be checked for compliance.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario.png"><img title="Conditional Access Policy Scenario" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="Conditional Access Policy Scenario" src="https://msdnshared.blob.core.windows.net/media/2017/01/Conditional-Access-Policy-Scenario_thumb.png" width="790" height="463" class="aligncenter" /></a></p>&#10;<p align="center"><em>In this scenario, IT has applied a policy that blocks unmanaged devices from accessing and opening files stored on OneDrive for Business. Devices need to be enrolled first, before the location can be accessed.</em></p>&#10;<h2>EMS + Lookout, providing additional mobile endpoint security</h2>&#10;<p><a href="https://www.lookout.com/about/partners/microsoft">Lookouts deep integration with EMS</a> gives you real-time visibility into mobile device risks, including advanced mobile threats and app data leakage, which can inform your conditional access policies. Lookout provides visibility across all three mobile risk vectors: app-based risks (such as malware), network-based risks (such as man-in-the-middle attacks), and OS-based risks (such as malicious OS compromise).</p>&#10;<p>The integration between Lookout and EMS makes it easy to apply this threat intelligence to your conditional access policies. If a device is found to be non-compliant due to a mobile risk identified by Lookout, access is blocked and the user is prompted to resolve the issue with one-step guidance from Lookout before they can regain access. <em>Note that Lookout licenses must be purchased separately from EMS.</em></p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout.png"><img title="EMS Intune Lookout" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border: 0px" border="0" alt="EMS Intune Lookout" src="https://msdnshared.blob.core.windows.net/media/2017/01/EMS-Intune-Lookout_thumb.png" width="850" height="351" class="aligncenter" /></a></p>&#10;<h2>Device-based conditional access to on-premises resources</h2>&#10;<p>EMS conditional access capabilities help you to secure access to both your cloud and on-premises resources. Our customers often manage broad and complex networks, so with that in mind, weve built partnerships with popular network access providers such as Cisco ISE, Aruba ClearPass, and Citrix NetScaler. Now you can extend your Intune conditional access capabilities to work with these networks.</p>&#10;<p>Partner network providers can implement checks for Intune-managed and compliant devices as a requirement before allowing user access through either your wireless or virtual private network. When you <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-networks">extend device compliance policies to network providers</a>, you can ensure that only managed and compliant devices will be able to connect to your on-premises corporate network.</p>&#10;<p>EMS offers you some great access simplifications: you can still enable <a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-on-premises-data-with-intune">secure access to on-premises</a> applications without VPNs, DMZs, or on-premises reverse proxies by leveraging the Azure Active Directory Application Proxy. Best of all, all of this can be done without installing or maintaining additional on-premises infrastructure or opening your company firewall to route traffic through it. Conditional access capabilities will work for this scenario as well.</p>&#10;<h2>Additional Resources</h2>&#10;<ul>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">Breaking down EMS Conditional Access: Part 1</a></li>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/en-us/enterprise-mobility-security/solutions/protect-office365-data-with-intune">Read more about device based conditional access on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSFTMobility">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Conditional Access now in the new Azure portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/#comments</comments> <pubDate>Thu, 15 Dec 2016 18:00:09 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[Identity-driven Security]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45175</guid> <description><![CDATA[The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>The digital transformation thats affecting every organization brings new challenges for IT, as they strive to empower their users to be productive while keeping corporate data secure in an increasingly complex technology landscape. Microsoft Enterprise Mobility + Security (EMS) provides a unique identity-driven security approach to address these new challenges at multiple layers and to provide you with a more holistic and innovative approach to security one that can protect, detect, and respond to threats on-premises as well as in the cloud.</p>&#10;<p>Risk-based conditional access is a critical part of our identity-driven security story. It ensures that only the right users, on the right devices, under the right circumstances have access to your sensitive corporate data. Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels, and it also takes risk information into consideration (powered by the vast data in Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a>). As conditions change, natural user prompts ensure only the right users on compliant devices can access sensitive data, providing you the control and protection you need to keep your corporate data secure while allowing your people to do their best work from any device.</p>&#10;<p>This is an area where we are constantly innovating to bring you the most secure and easy-to-use solution, and today were announcing several improvements to Conditional Access in EMS:</p>&#10;<ol>&#10;<li><strong>Risk-based access policies per application</strong>. <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection">Leverage machine learning on a massive scale</a> to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.</li>&#10;<li><strong>Greater flexibility to protect applications</strong>. Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.</li>&#10;<li>All these capabilities are now available in a <strong>unified administrative experience on the Azure portal</strong>. This makes it even easier to create and manage holistic conditional access policies to all your applications.</li>&#10;</ol>&#10;<p>These new <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access</a> capabilities provide more flexible and powerful policies to enable productivity while ensuring security. Additionally, the new admin experience unifies conditional access workloads across Intune and Azure AD.</p>&#10;<p>If you are an Intune customer using the existing browser-based console or the Configuration Manager console, or an Azure AD customer using the classic Azure portal, you can now preview the new Conditional Access policy interface in the Azure portal.</p>&#10;<p><a href="https://aka.ms/cacontrols">Get started with these Conditional Access capabilities</a> or read on to learn a bit more about Conditional Access with EMS.</p>&#10;<h2>Overview</h2>&#10;<p>A Conditional Access policy is simply a statement about<br />&#10;<strong>When the policy should apply</strong> (called <strong>Conditions</strong>), and<br />&#10;<strong>What the action or requirement should be</strong> (called <strong>Controls</strong>).</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy.png"><img width="169" height="480" title="Conditional access policy" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditional access policy" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditional-access-policy_thumb.png" border="0" /></a></p>&#10;<h3>Conditions (When the policy should apply)</h3>&#10;<p>Conditions are the things about a login that dont change during the login, and are used to decide which policies should apply. Azure AD supports the following Conditions:</p>&#10;<ol>&#10;<li><strong>Users/Groups</strong> are the users/groups in the directory that the policy applies to.</li>&#10;<li><strong>Cloud apps</strong> are the services the user accesses that you want to secure.</li>&#10;<li><strong>Client app</strong> is the software the user is employing to access cloud app.</li>&#10;<li><strong>Device platform</strong> is the platform the user is signing in from.</li>&#10;<li><strong>Location</strong> is the IP-address based location the user is signing in from.</li>&#10;<li><strong>Sign-in risk</strong> is the likelihood that the sign-in is coming from someone other than the user.</li>&#10;</ol>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview.png"><img width="378" height="480" title="Conditions preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Conditions preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Conditions-preview_thumb.png" border="0" /></a></p>&#10;<p><a href="https://aka.ms/caconditions">Our documentation provides further details on how to set the conditions</a>.</p>&#10;<h3>Controls (What the action or requirement should be)</h3>&#10;<p>Controls are the additional enforcements that are put in place by the policy (such as do a Multi-factor authentication challenge) that will be inserted into the login flow. Azure AD supports the following controls:</p>&#10;<ol>&#10;<li><strong>Block access </strong></li>&#10;<li><strong>Multi-factor authentication</strong></li>&#10;<li><strong>Compliant device</strong></li>&#10;<li><strong>Domain Join</strong></li>&#10;</ol>&#10;<p>You can select individual controls or all of them.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview.png"><img width="400" height="508" title="Controls preview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Controls preview" src="https://msdnshared.blob.core.windows.net/media/2016/12/Controls-preview_thumb.png" border="0" /></a></p>&#10;<p>To learn more about how to get started with controls, you can read a <a href="https://aka.ms/cacontrols">detailed documentation article</a>.</p>&#10;<p>Were really excited about the wide range of scenarios that this new experiences lights up and hope you find it useful. As always, were looking forward to your feedback.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/feed/</wfw:commentRss> <slash:comments>5</slash:comments> </item> <item> <title>New capabilities coming to Microsoft Enterprise Mobility + Security (EMS)</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/#comments</comments> <pubDate>Wed, 07 Dec 2016 17:00:59 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44305</guid> <description><![CDATA[As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS. With EMS we continue to build <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>As 2016 draws to a close, we would like to thank you for choosing Microsoft Enterprise Mobility + Security (EMS) to protect and secure your employees as you continue to digitally transform your organizations. More than 37,000 customers and over half of the Fortune 500 have now chosen EMS.</p>&#10;<p>With EMS we continue to build on identity at the core of the solution to maximize your employees productivity while at the same time providing the necessary capabilities across security, management of devices and apps, and information protection to ensure that your critical company data is protected. Today we are expanding these capabilities even further with:</p>&#10;<ul>&#10;<li><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a>, available today in preview, enables secure single sign-on to cloud resources without requiring syncing of passwords to the cloud, or modification to existing on-premises network infrastructure.</li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Microsoft Intunes new Admin Console in Azure</a>, rolling out in preview, makes setting up integrated security and management scenarios across EMS services even easier.</li>&#10;<li><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a> that provide even greater flexibility and security for protecting data at the file level. These updates include support formore file types, integration with your on-premises encryption key network, and new options for creating classification and protection policies.</li>&#10;</ul>&#10;<p>Heres more on these new capabilities and how our customers will benefit from these innovations:</p>&#10;<p><a href="https://aka.ms/aadptablogpost">Pass-through authentication with Azure Active Directory</a></p>&#10;<p>Pass-through authentication now in preview, lets users securely login to cloud resources by validating their password against their on-premises Active Directory more easily than ever. This feature allows customers that cannot or do not want to store passwords in the cloud (even encrypted ones) to onboard Azure Active Directory and Office 365 without having to modify their corporate network infrastructure and install products such as Active Directory Federation Services (AD FS) or similar third party federation solutions. Pass-through authentication is set up via the Azure AD Connect admin experience as the second option for authentication along with Password Sync and AD FS.</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in.png"><img width="640" height="451" title="Azure Active Directory Connect User Sign in" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="Azure Active Directory Connect User Sign in" src="https://msdnshared.blob.core.windows.net/media/2016/12/Azure-Active-Directory-Connect-User-Sign-in_thumb.png" border="0" /></a></p>&#10;<p>Additionally, with this new update, both Pass-through authentication and Password Synchronization authentication options will now provide seamless single sign-on to Azure AD connected applications from Windows devices.</p>&#10;<p><a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure">Preview of Microsoft Intune Admin Console in Azure</a></p>&#10;<p>The new Intune admin experience on Azure begins rolling out in public previewfor new and test tenants. The new console, built in Azure, provides powerful and integrated management of core EMS security solutions, such as conditional access to corporate resources based on device, users or risk, allowing for set up and management of policies between Intune and Azure Active Directory. This new admin experience makes it easier than ever to protect tens of thousands of mobile devices.</p>&#10;<p><a href="https://aka.ms/aip-december-release">Azure Information Protection updates</a></p>&#10;<p>Protecting data at the file level throughout its lifecycle, from creation to sharing to tracking and revocation, regardless of where it is stored or accessed, is a key priority for our customers and a unique part of the EMS solution. Since the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/04/azure-information-protection-is-now-generally-available/">release of Azure Information Protection in October</a> we have been listening to customer feedback and are releasing several new capabilities. Below are a few of the highlights:</p>&#10;<ul>&#10;<li>Give end users more focused classification and protection options with policies based on group membership.</li>&#10;<li>Support for more non-Office file types and bulk labelling of data at rest.</li>&#10;<li>Integrate protection with on-premises keys with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/08/10/azure-information-protection-with-hyok-hold-your-own-key/">Hold Your Own Key (HYOK).</a></li>&#10;</ul>&#10;<h4>Enterprise Mobility + Security Customer Stories</h4>&#10;<p>As more and more customers are choosing EMS, we wanted to share with you some examples of recent customers who have been deploying and using it successfully:</p>&#10;<ul>&#10;<li><a href="https://customers.microsoft.com/en-US/story/whole-foods-takes-natural-next-step-to-protect-applications-in-the-cloud">Whole Foods</a> is embracing identity-driven security with EMS to protect applications</li>&#10;<li><a href="https://customers.microsoft.com/en-US/story/avanade-balances-data-security-and-employee-privacy-with-microsoft-intune">Avanade</a> balances data security and employee privacy with EMS</li>&#10;</ul>&#10;<p>Get started with your own <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">Enterprise Mobility + Security deployment</a>.</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/new-capabilities-coming-to-microsoft-enterprise-mobility-security-ems/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>Public preview of Intune on Azure</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/</link> <pubDate>Wed, 07 Dec 2016 17:00:14 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=44225</guid> <description><![CDATA[Get ready for a whole new Intune experience. In early 2017 we will begin migrating our Intune admin experience onto the Azure portal, allowing for powerful and integrated management of core EMS workflows on a modern service platform thats extensible using Graph APIs.Using the Microsoft Graph APIs to configure Intune controls and policies still requires <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Get ready for a whole new Intune experience. In early 2017 we will begin migrating our Intune admin experience onto the <a href="http://portal.azure.com"><u><span style="color: #0563c1">Azure portal</span></u></a>, allowing for powerful and integrated management of core EMS workflows on a modern service platform thats extensible using <a href="https://graph.microsoft.io/en-us/docs/api-reference/beta/intune_graph_overview"><u><span style="color: #0563c1">Graph APIs</span></u></a>.Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.</p>&#10;<p>In advance of the general availability of this portal for all Intune tenants, were excited to announce that we will begin rolling out a preview of this new admin experience later this month to select tenants. When your tenant is ready for preview, you will be notified through the current Intune console.</p>&#10;<h3>For existing Intune customers</h3>&#10;<p>The new Intune admin experience in the Azure portal will use the already announced new grouping and targeting functionality. When your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. Well be migrating existing tenants over the next few months, you will be notified when your tenant is ready for use on the new Azure portal.In the meantime, read up on the new <a href="https://docs.microsoft.com/en-us/intune-azure"><span style="margin: 0px;color: #0078d7;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt"><u>documentation located here</u></span></a>.</p>&#10;<p>If you have any questions about the timeline for your tenants migration, contact our migration team at <a><span style="margin: 0px;color: #0078d7;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt">[email protected]</span></a>.</p>&#10;<p>Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune"><u>Whats New in Microsoft Intune</u></a> page for more on these and other recent developments in Intune.</p>&#10;<p>&nbsp;</p>&#10;<h4>Additional resources:</h4>&#10;<ul>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/en-us/intune-azure">Find technical resources about this preview on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSIntune">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>New in Intune: More conditional access, App SDK updates, and Android for Work!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/22/new-in-intune-more-conditional-access-app-sdk-updates-and-android-for-work/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/22/new-in-intune-more-conditional-access-app-sdk-updates-and-android-for-work/#comments</comments> <pubDate>Tue, 22 Nov 2016 17:00:25 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=43796</guid> <description><![CDATA[A lot of teams ramp down at the end of the year, shifting into holiday hibernation mode for the final stretch. But not us. Were still pushing at full speed, dedicated to delivering more value to you in the remainder of 2016. If youre already making the shift into holiday mode, we suggest you bookmark <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/22/new-in-intune-more-conditional-access-app-sdk-updates-and-android-for-work/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>A lot of teams ramp down at the end of the year, shifting into holiday hibernation mode for the final stretch. But not us. Were still pushing at full speed, dedicated to delivering more value to you in the remainder of 2016. If youre already making the shift into holiday mode, we suggest you bookmark this page because youll want to read about all these new features and improvements in Intune when youre back from the break and gearing up for 2017. And please check back next month for news on our final update of the year.</p>&#10;<h2>More conditional access goodness:</h2>&#10;<p><a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">Conditional access</a> is one of the signature experiences from Microsoft Enterprise Mobility + Security, bringing together the power of Intune and Azure Active Directory Premium to allow you to define policies that provide contextual control at the user, location, device and app levels. This rich set of features gives you the control you need to ensure your corporate data is secure, while giving your users the experience they expect in todays world. Were excited to announce these new features that further expand our conditional access capabilities to mobile applications and Windows PCs:</p>&#10;<ul>&#10;<li><strong>Conditional access for mobile apps<br />&#10;</strong>This update allows you to restrict access to Exchange Online from only apps that are enabled with Intunes mobile application protection policies, such as Outlook. If youve been looking for a way to block access to Exchange Online from built-in mail clients or other apps, look no further.</li>&#10;<li><strong>Conditional access for Windows PCs</strong><br />&#10;You can now create conditional access policies through the Intune admin console to block Windows PCs from accessing <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-exchange-online-with-microsoft-intune">Exchange Online</a> and <a href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-sharepoint-online-with-microsoft-intune">SharePoint Online</a>. You can also create conditional access policies to block access to Office desktop and universal applications.</li>&#10;</ul>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2016/11/Conditional-Access-Overview.png"><img title="Conditional Access Overview" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" border="0" alt="Conditional Access Overview" src="https://msdnshared.blob.core.windows.net/media/2016/11/Conditional-Access-Overview_thumb.png" width="777" height="267" class="aligncenter" /></a></p>&#10;<h2>Intune App SDK now supports MAM without device enrollment</h2>&#10;<p>Last year, we released the Intune App SDK for iOS and Android. The SDK enables developers to easily build data protection and app management features into mobile apps, allowing admins to manage these apps via Microsoft Intune. For existing line-of-business applications, we created an Intune App Wrapping Tool which allows you to add app management without making code changes.</p>&#10;<p>A few months ago, we took it a step further, releasing a <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/04/27/announcing-intune-app-sdk-support-for-xamarin-cordova/">Cordova plugin and Xamarin component</a> based on our SDK that makes it simpler for cross-platform mobile developers using Cordova and Xamarin to incorporate Intunes mobile application protection controls into their standard development process.</p>&#10;<p>Today, we are happy to announce that all our SDK tools have been updated to support MAM without enrollment scenarios. Whether youre a big power player creating apps the world knows and loves, or an in-house developer creating LOB apps to fit the unique needs of your team, theres never been a better time to use our SDK.</p>&#10;<p>You can download the Intune App SDK, App Wrapping Tool, Cordova plugin, and Xamarin component <a href="https://github.com/msintuneappsdk">here on Github</a>.</p>&#10;<h2>Android for Work now generally available</h2>&#10;<p>Thanks to those of you who took part in <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/">our public preview</a>. Today, were pleased to announce the General Availability of our Android for Work support. Theres loads of information to help you get started <a href="https://docs.microsoft.com/en-us/intune/deploy-use/set-up-android-for-work">on our docs site</a>.</p>&#10;<p>Visit the <a href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p>&#10;<h3>Additional resources:</h3>&#10;<ul>&#10;<li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a href="https://docs.microsoft.com/intune">Find technical resources on the Intune docs site</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a href="https://twitter.com/MSIntune">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/11/22/new-in-intune-more-conditional-access-app-sdk-updates-and-android-for-work/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Breaking down EMS Conditional Access: Part 1</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/</link> <pubDate>Mon, 31 Oct 2016 16:04:04 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=42325</guid> <description><![CDATA[This post is the first in a 3-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. The way your employees interact with their devices, apps, and corporate data has changed with the adoption of mobility and cloud services. While users have become more productive, the new norm of mobile productivity requires innovative tools <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><em>This post is the first in a 3-part series detailing <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">Conditional Access</a> from Microsoft Enterprise Mobility + Security.</em></p>&#10;<p>The way your employees interact with their devices, apps, and corporate data has changed with the adoption of mobility and cloud services. While users have become more productive, the new norm of mobile productivity requires innovative tools that flex and flow to protect corporate data while giving your end users the best possible experience across their devices, wherever they are.</p>&#10;<p>In a <a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/">recent post</a>, we kicked off a discussion about how conditional access from Microsoft Enterprise Mobility + Security helps you safeguard your sensitive corporate data in this mobile-first environment. Today, well take that conversation one step deeper and explore the conditional parameters that can be used at the application, user, and location layers. Well cover device and risk-based conditional access in an upcoming post. Before getting started, its important to note that these layers are deeply connected and work together to deliver on our <a target="_blank" href="https://www.youtube.com/watch?v=CKRVndKZyfI">larger identity-driven security vision</a> for this discussion, though, we will assess them separately.</p>&#10;<p><img width="800" height="271" class="size-full wp-image-42326 aligncenter" alt="EMS_ConditionalAccess_1" src="https://msdnshared.blob.core.windows.net/media/2016/10/EMS_ConditionalAccess_11.png" /></p>&#10;<h2>Application</h2>&#10;<p>Cloud apps are gateways to lots of different types of information. While you may want to allow easy access to some apps, there are likely others which contain highly sensitive information where you want to control access to them with more rigor. When you consider the various scenarios that exist when accessing applications, its clear you need more than a one-size-fits-all approach to app-level control. Thats why weve designed our application-based conditional access in a way that allows you to choose which policies to apply to which apps.</p>&#10;<p>You can set a policy that defines the conditions of an apps access based on the sensitivity you define for it. For example, you can block access to an application from unknown locations, or require Multi-Factor Authentication, which can be required every time an app is accessed or required based on the location its being accessed from. These policies can be applied to any cloud (SaaS) or on-premises app protected by Azure Active Directory, including their rich, mobile or browser-based clients.</p>&#10;<h2>User</h2>&#10;<p>Azure Active Directory Premiums advanced capabilities in identity and access management are at the heart of EMSs identity-driven security story, and are the foundation that all our conditional access capabilities are built on. When setting conditional access policies, youll typically want to define which group of users you want various policies to apply to.</p>&#10;<p>EMS conditional access approach leverages the power of Azure AD Premium to make it easy for you to assign multiple conditions (at the location, application, device, and risk levels) to all users or multiple security groups. You can also specifically exclude groups from being affected by conditional access policies.</p>&#10;<h2>Location</h2>&#10;<p>Location-based conditions allow you to define a set of trusted IP addresses, and allow access only from them. If a user attempts to access corporate assets from an unknown network, you can define what happens next by setting specific controls that either challenge the user with Multi-Factor Authentication (MFA) or block access entirely. And of course, you can define which user groups these polices will affect.</p>&#10;<h2>Bringing it all together</h2>&#10;<p>Now lets check out a scenario that shows conditional access policy working at the user, location, and application layers.</p>&#10;<p><figure id="attachment_42535" style="width: 1024px" class="wp-caption aligncenter"><img width="1024" height="601" class="wp-image-42535 size-large" alt="ems_conditional-access-_user" src="https://msdnshared.blob.core.windows.net/media/2016/10/EMS_Conditional-Access-_user-1024x601.png" /><figcaption class="wp-caption-text">Because this app provides access to highly sensitive data, IT has applied a location-based conditional access policy that blocks users when they are working from an untrusted location. Marketing is one of the many security groups this policy is applied to.</figcaption></figure></p>&#10;<p>For more scenarios that show conditional access in action, visit our new <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">conditional access web experience</a>.</p>&#10;<h2>Next up</h2>&#10;<p>Over the next month well take a closer look at two other vital layers of our conditional access story: device- and risk-based conditions. Be sure to visit our blog regularly, or <a target="_blank" href="https://twitter.com/MSFTMobility">follow us on Twitter</a> to make sure you dont miss these upcoming installments of this series on conditional access. In the meantime, here are three important resources that will tell you more about what were delivering with conditional access:</p>&#10;<ul>&#10;<li><a target="_blank" href="https://myignite.microsoft.com/videos/2837">Ignite session recording: Conditional access for mobile devices</a></li>&#10;<li><a target="_blank" href="https://myignite.microsoft.com/videos/2842">Ignite session recording: Identity protection in action</a></li>&#10;<li><a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune">Intune conditional access documentation technical docs</a></li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>Protect your data at the front door with Conditional Access from Enterprise Mobility + Security</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/</link> <pubDate>Tue, 27 Sep 2016 10:00:39 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility + Security Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[Identity-driven Security]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=40865</guid> <description><![CDATA[With smartphones, tablets, laptops, and PCs, people have an increasing number of options for getting and staying connected at any time. Users expect the freedom to access their corporate email and documents from anywhere on any deviceand they expect the experience to be seamless and modern. This means IT needs to make sure that corporate <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/27/protect-your-data-at-the-front-door-with-conditional-access-from-enterprise-mobility-security/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>With smartphones, tablets, laptops, and PCs, people have an increasing number of options for getting and staying connected at any time. Users expect the freedom to access their corporate email and documents from anywhere on any deviceand they expect the experience to be seamless and modern. This means IT needs to make sure that corporate data is secure while enabling users to stay productive in todays mobile-first world, where the threat landscape is increasingly complex and sophisticated.</p>&#10;<p><iframe width="560" height="315" allowfullscreen="allowfullscreen" frameborder="0" src="https://www.youtube.com/embed/fvCT7Y3nlAY"></iframe></p>&#10;<h2>Safeguard your resources with advanced risk-based conditional access</h2>&#10;<p>In more than 60 percent of data breaches, attackers gain corporate network access through weak, default, or stolen user credentials. <a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/07/07/introducing-enterprise-mobility-security/">Microsofts identity-driven security approach</a> protects your organization at the front door by managing and protecting your identitieswith special attention to sensitive privileged accounts.</p>&#10;<p>Conditional access from Enterprise Mobility + Security (EMS) harnesses the power of Azure Active Directory Premium and Microsoft Intune to provide the control you need to keep your corporate data secure, while giving your people an experience that allows them to do their best work from any device.</p>&#10;<p>With conditional access, you can define adaptive policies that limit access to your corporate data based on location, device and user state, and application sensitivity. Plus, our machine learning-based Azure AD Identity Protection, which leverages billions of signals daily, can detect suspicious behavior and apply risk-based conditional access that protects your applications and critical company data in real time. As conditions change, controls are triggered that allow, block access, or challenge users with Multi-Factor Authentication, device enrollment or password change&#8211;ensuring that only trusted users on compliant devices can access sensitive corporate data.</p>&#10;<h2>Get a closer look at conditional access</h2>&#10;<p>In the coming weeks, well be sharing more about the innovative vision behind EMS approach to conditional access.Check back here for a deeper look at each of the conditional layers that you can set policy around; including:</p>&#10;<ul>&#10;<li>User/Location</li>&#10;<li>Device</li>&#10;<li>Application</li>&#10;<li>Risk</li>&#10;</ul>&#10;<p>In the meantime, here are three must read articles which will tell you more about what were delivering with conditional access:</p>&#10;<ul>&#10;<li><a target="_blank" href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access/">Azure Active Directory Premium and Conditional Access</a></li>&#10;<li><a target="_blank" href="https://docs.com/officeitpro/9302/microsoft-mobility-and-security-for-enterprise">Office 365 + EMS datasheet for Enterprise Architects</a></li>&#10;<li><a target="_blank" href="http://download.microsoft.com/download/E/C/7/EC78FF06-02BB-4DFD-9EBB-CADB66BB594F/Microsoft_Identity Driven Security_Datasheet_EN_US.pdf">Microsoft Identity-Driven Security</a></li>&#10;</ul>&#10;<h2>Check out conditional access at Ignite</h2>&#10;<p>If youre in Atlanta, GA attending <a target="_blank" href="https://ignite.microsoft.com/#fbid=TzL7XougiRd">Microsoft Ignite</a>, be sure to check out todays <a target="_blank" href="https://myignite.microsoft.com/sessions/2837">Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune</a>, where well show you how to configure conditional access policies to ensure that only authorized users, devices, and apps can access corporate resources both on-premises and in the cloud. And you dont want to miss Thursdays <a target="_blank" href="https://myignite.microsoft.com/sessions/2842">Azure AD Identity Protection session</a>where well show you how to use the power of conditional access and advanced risk analytics, and just-in-time administration and security reviews to stop cyber criminals from gaining entry to your systems. If you couldnt make it to Atlanta for Ignite, session recordings will be available after the event.</p>&#10;<h2>Additional resources:</h2>&#10;<p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p>&#10;<p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p>&#10;<p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p>&#10;<p><a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p>&#10;<p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p>&#10;]]></content:encoded> </item> <item> <title>Microsoft Intune support for Android for Work</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/#comments</comments> <pubDate>Mon, 12 Sep 2016 21:00:36 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Announcements]]></category> <category><![CDATA[Android]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=38206</guid> <description><![CDATA[Today, we are announcing that Intune is now part of the Android for Work program and in the early stages of rolling out Android for Work features. Heres a sample of what you can expect to see in our initial release of Android for Work support: A broader set of management policies for Android devices; <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Today, we are announcing that Intune is now <a target="_blank" href="https://www.google.com/work/android/partners/">part of the Android for Work program</a> and in the early stages of rolling out Android for Work features. Heres a sample of what you can expect to see in our initial release of Android for Work support:</p>&#10;<ul>&#10;<li>A broader set of management policies for Android devices; including the ability to manage a work profile on the device, set policies to enforce complex lockscreen PINs and define permission policies for Android apps you manage.</li>&#10;<li>Application install improvements; today, the user experience for deploying apps is different depending on whether the app is an internally developed LOB app, or if its in the Play store. Android for Work unifies this experience, making it consistent regardless of what kind of app you are deploying.</li>&#10;<li>Security improvements; including mandatory encryption and the ability to disable app installation from unknown sources.</li>&#10;<li>Email client app configuration; using managed configuration, any email app that supports enterprise configuration can be provisioned with Intune. Intune also provides IT Pro UI for configuring the Gmail and Nine Work applications.</li>&#10;<li>App configuration capabilities; developers will be able to expose managed configuration capabilities in their applications, opening up a pipeline for Intune to be able to configure these settings.</li>&#10;</ul>&#10;<h2><img width="225" height="400" class="alignright wp-image-40565" alt="AndroidForWork" src="https://msdnshared.blob.core.windows.net/media/2016/09/AndroidForWork-169x300.png" /></h2>&#10;<h2>Join our Android for Work Preview</h2>&#10;<p>Our rollout begins with a private preview in early September. If youre interested in participating in our preview and providing us with input on what were building, we want to hear from you. Email us at [email protected] for consideration.</p>&#10;<h2>Check out Microsoft Intune and Android for Work at Ignite</h2>&#10;<p>If youre planning on attending <a target="_blank" href="https://ignite.microsoft.com/#fbid=TzL7XougiRd">Microsoft Ignite</a>, be sure to check out our <a target="_blank" href="https://myignite.microsoft.com/sessions/3220">Android content</a>. A full session dedicated to everything you need to know about using Intune to manage Android devices presented by the Intune engineering team designing the features and experiences. If you cant make it to Atlanta for Ignite, session recordings will be available after the event.</p>&#10;<h2>Additional resources:</h2>&#10;<p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p>&#10;<p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p>&#10;<p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p>&#10;<p><a target="_blank" href="https://blogs.technet.microsoft.com/b/microsoftintune/rss.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Subscribe to the Intune blog RSS feed</a></p>&#10;<p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/microsoft-intune-support-for-android-for-work/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Microsoft Intune provides support for iOS 10</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/#comments</comments> <pubDate>Wed, 07 Sep 2016 19:43:31 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Announcements]]></category> <category><![CDATA[iOS]]></category> <category><![CDATA[Mobile]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=37875</guid> <description><![CDATA[Earlier today, Apple announced the availability of iOS 10 (with public release scheduled for 9/13/2016). Since the initial beta bits were first released, we have been busy working to ensure that all existing MDM and MAM scenarios are compatible with the latest version of iOS and we are pleased to announce that Microsoft Intune will <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Earlier today, Apple announced the availability of iOS 10 (with public release scheduled for 9/13/2016). Since the initial beta bits were first released, we have been busy working to ensure that all existing MDM and MAM scenarios are compatible with the latest version of iOS and we are pleased to announce that Microsoft Intune will support iOS 10. We expect all existing Intune features currently available for managing iOS devices will continue to work seamlessly as your users upgrade their devices and appsare released to supportiOS 10. In addition, iOS 10 will also work with customers managing in hybrid with both Intune and Configuration Manager.</p>&#10;<p>For more details on our iOS 10 support, please visit the <a href="https://blogs.technet.microsoft.com/intunesupport/">Intune product support blog</a>.</p>&#10;<h2>Additional resources:</h2>&#10;<p><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></p>&#10;<p><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></p>&#10;<p><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></p>&#10;<p><a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></p>&#10;<p>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></p>&#10;<p>&nbsp;</p>&#10;<p><em>This blog post was updated on 9.13.2016.</em></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/07/microsoft-intune-provides-support-for-ios-10/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>New in Intune: Enhanced app management control for iOS 9.3 and Samsung KNOX devices</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2016/09/01/new-in-intune-enhanced-app-management-control-for-ios-9-3-and-samsung-knox-devices/</link> <pubDate>Thu, 01 Sep 2016 16:00:00 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[MAM]]></category> <category><![CDATA[MDM]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=36585</guid> <description><![CDATA[Unwanted applications such as those preinstalled on some devices can be a cause of concern for customers managing corporate-owned devices. Also, some organizations need to have specific control over which applications can be installed on their devices from public app stores. The August update of Intune brings some important enhancements to app management on iOS <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/01/new-in-intune-enhanced-app-management-control-for-ios-9-3-and-samsung-knox-devices/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Unwanted applications such as those preinstalled on some devices can be a cause of concern for customers managing corporate-owned devices. Also, some organizations need to have specific control over which applications can be installed on their devices from public app stores. The August update of Intune brings some important enhancements to app management on iOS 9.3 and Samsung KNOX devices that give you even more control of the apps users can access on their devices.</p>&#10;<h2>Hidden and shown apps for iOS 9.3 (or later)</h2>&#10;<p>There are two new ways to manage and control which apps your users have access to on their supervised iOS 9.3 or later devices. Now you can use the hidden and shown apps list in the iOS general configuration policy to specify which apps users can view and launch, and which are hidden on their devices. <em>The apps you can specify include both apps you have deployed, and the built-in iOS apps like Messages and Notes.</em></p>&#10;<ul>&#10;<li>Apps that are specified as hidden cant be viewed or launched by users.</li>&#10;<li>When you specify a list of apps to be shown, no other apps can be viewed or launched.</li>&#10;</ul>&#10;<p>For more details, see <a target="_blank" href="https://docs.microsoft.com/intune/deploy-use/ios-policy-settings-in-microsoft-intune">iOS policy settings in Microsoft Intune</a>.</p>&#10;<h2>Allowed and blocked apps custom policy for Samsung KNOX devices</h2>&#10;<p>The Samsung KNOX improvements also allow you to configure custom policies that let you block or allow specific apps on these devices.</p>&#10;<ul>&#10;<li>Once an app is blocked, it cannot be activated or run on the device, even if it is already installed.</li>&#10;<li>Specifying which apps are allowed designates which apps can be installed from the Google Play store. When a list of allowed apps is defined, no other apps can be installed from the store.</li>&#10;</ul>&#10;<p><img width="270" height="480" title="" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="" src="https://msdnshared.blob.core.windows.net/media/2016/08/Intune1608Update_1.jpg" border="0" /></p>&#10;<p>For more details, see <a target="_blank" href="https://docs.microsoft.com/intune/deploy-use/custom-policy-to-allow-and-block-samsung-knox-apps">Use custom policies to allow and block apps for Samsung KNOX devices</a>.</p>&#10;<p>Visit the <a target="_blank" href="https://docs.microsoft.com/en-us/intune/deploy-use/whats-new-in-microsoft-intune">Whats New in Microsoft Intune</a> page for more on these and other recent developments in Intune.</p>&#10;<h2>Additional resources:</h2>&#10;<ul>&#10;<li><a target="_blank" href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li>&#10;<li><a target="_blank" href="http://technet.microsoft.com/library/jj676587.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Find technical resources for Intune in the TechNet library</a></li>&#10;<li><a target="_blank" href="https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx?WT.mc_id=Blog_Intune_Announce_PCIT">Sign up for a free trial of Microsoft Intune</a></li>&#10;<li><a target="_blank" href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li>&#10;<li>Follow us on <a target="_blank" href="https://twitter.com/MSIntune">Twitter</a></li>&#10;</ul>&#10;]]></content:encoded> </item> </channel> </rss>