Over the past few weeks we have covered enablement of “Bring Your Own Device” or BYOD in business. As you can imagine, this has become a hot topic as of late as more and more smartphones and tablets become available in the marketplace touting new “bells and whistles” in regards to capability. As covered in a previous post, user enablement through policies provides a great first step. Providing users access to their apps and data on any of their devices in any location via policies alone however is not enough. Realizing this, Microsoft has taken steps to allow access of information to devices not normally able to connect in a secure manner to devices that don’t necessarily have the ability to connect to the company’s domain.
Several new capabilities have been introduces into Windows Server 2012 R2 this year intended to enable organizations to embrace BYOD. People-centric IT (PCIT), a new initiative introduced by Microsoft referring to the added capabilities, is about helping providing people secure access to their apps and data on any of their devices in any location. With feedback gathered from IT professionals such as yourself, Microsoft is providing help to reduce complexity and client management infrastructure cost. Enablement of said People-centric IT (PCIT) capabilities included in Windows Server 2012 R2 Include:
- Extended device support in Active Directory
- Workplace join: Allows users to securely register their devices with your company directory. Registration provisions the device with a certificate that can be used to authenticate the device when the user is accessing company resources. IT professionals can then configure custom access policies requiring users to be both authenticated and using their Workplace Joined device when accessing company resources.
Single Sign-On (SSO): Provides the ability for an end user to sign-in once when accessing an application provided by their company and then not be prompted for their sign-in information again when accessing additional company applications.
Work from anywhere: Utilizing Active Directory Federation Services (AD FS), this Web Application Proxy is an extension of the AD FS proxy. This role service is also provides a proxy for web application payloads.
Multi-Factor authentication (MFA): This built a plug-in model makes it simpler to implement multiple factors of authentication using Active Directory. The provides the ability to plug different multi-factor authentication solutions directly into AD FS.
Multi-Factor Access Control : Provides IT professionals the ability to create application specific access control policies using multiple criteria, such as the identity of the user, the identity of the device, whether the access is coming from the intranet or the extranet, and if any additional authentication factors were used to authenticate the user.
OAuth 2.0 support: With this update, the AD authentication library can be used by your applications irrespective of whether they depend on Windows Azure Active Directory or Windows Server Active Directory for authentication.
Enabling Modern Work Styles using Remote Desktop Services
Improvements made to Microsoft VDI (Remote Desktop Services) reducing storage related costs, improving the end user experience, and administration improvements to both session and VM based VDI.
- Work Folders
- Work Folders enables IT administrators to provide Information Workers the ability to sync their work data on all their devices wherever they are while remaining in compliance with company policies. This is done by syncing user data from devices to on-premise file servers.
Be sure to download Windows Server 2012 R2 Preview today to test the capabilities of People-centric IT (PCIT) for future utilization.