All posts tagged Conditional Access

capolaad00Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled.

Since the two are basically the same you need to check your Conditional Access policies are still configured correctly. Read more

android-compl-00In one of my tenants the new compliance rules for Android arrived last night. So as from now we are able to block users to access corporate data that have Android devices that have enabled USB Debugging, enabled the installation of apps from Unknown Sources and when users have disabled the option “Scan device for security threats”.

If you ask me three of the most wanted compliance enhancements to be able to support Android devices. Let’s have a look at how it works.

Read more

ca-logoAfter the last blog about conditional access of Outlook Web App and SharePoint Online is forcing that the Managed Browser is used when accessing the service. This last part can be done via Active Directory Federation Service (AD FS). With AD FS you are able to allow or block access based on attributes of the client that is trying to authenticate.

As part of the March update of the Managed Browser the Managed Browser is identifiable as ManagedBrowser via the UserAgent, before March the Managed Browser had a generic UserAgent.

Read more

ca-logoThe last couple of weeks I had the privilege to test a feature that has just has been announced today to be released to Microsoft Intune . Conditional access to Outlook Web App and SharePoint Online web access for mobile devices. (CA for web services like OWA and SharePoint for Windows (mobile and PC) is coming up and still in preview)

So basically when a device is not enrolled and / or not compliant Outlook Web App or SharePoint Online web access cannot be accessed via browsers on those devices. Until now this was a major hole in the conditional access story of Exchange Online and SharePoint Online.

Read more

IntuneExciting times in the Microsoft Enterprise Mobility Suite space! Microsoft switched the support for Conditional Access for Skype for Business on. Earlier this year the MAM enabled Skype for Business Apps were released so as from now we have a complete story around securing Skype for Business on mobile devices.

Conditional Access for Skype for Business is available for Intune standalone and Intune connected to Configuration Manager (hybrid).

Read more

msemsThe mobility space is an area that is moving fast, almost every day new products, new features or complete new versions of Operating Systems are released. As a mobile device Administrator it is your job to secure the mobile devices and the corporate data on it, but also when you are like me being part of a project implementing Microsoft Intune as the MDM solution in an environment where data leakage prevention is very important. We need to set the baseline and be aware of the changing variables.

It is easy when you only allow corporate owned devices to be able to connect to your environment, it becomes challenging when allowing Bring Your Own Devices. The market is huge and the diversity of operating systems and devices is enormous!

Read more

IntuneA feature that was / is high on our wish list is the ability to block older OS versions. As from today this is publicly available in Intune. Like in Configuration Manager you are able to configure minimum and maximum versions of operating systems.

This way you are able to control exactly what kind of Operating Systems versions are supported for your environment. Whoho!

Read more