Enterprise Mobility and Security Blog

RSS

This post is authored by Simon May, Principal Program Manager, Intune CXP.

Empowering not only your employees, but also you to be more productive is one of the main goals for us. Ability to manage your mobility ecosystem from virtually any device and any browser, managing increasingly larger numbers of devices and apps, a modern micro-services cloud architecture, enterprise-grade APIs, reporting and automation support, unified admins experience for all of Enterprise Mobility + Security (EMS), and Role Based Access Controls (RBAC). These are all things that thousands of our customers have been asking us for. We are now delivering it to you.

 

One console. One set of APIs. Limitless possibilities.

 

More than half of Intune tenants have been already migrated to our new Azure micro-services based infrastructure, delivering the experiences described above. Our team is working diligently to migrate the remaining customers, taking the utmost care as they do.

Streamlined management of core EMS workflows across Azure AD and Intune

Personally, I find Conditional Access to be one of the most amazing features of EMS. We are continually told by our customers how good our access management experience is architecturally and practically. End users like the guided route to compliance, and IT can trust that the right users are granted or denied access based upon a combination of device, network location, risk, and other factors. We heard from many customers that it is not optimal to manage access, and thus risk, to company data from multiple places, the Azure AD console and the Intune Silverlight console.

We listened and significantly improved the experience.

There’s now a single experience in the Azure portal to express how I want to govern the level of risk that I’ll accept granularly. I can require devices I trust coming from networks trust don’t to need MFA, while not requiring MFA from devices I trust on networks I trust.

Harness the Microsoft Graph for simplicity, automation, and integration

We’ve had phenomenal feedback from early adopters about the work that our team has done with the Microsoft Graph API. Now a single API spans Office 365, Azure AD, Intune, and other Microsoft cloud services. You can leverage this API for complex reporting through PowerBI and other big data or analytics services to build custom dashboards for your business. IT admins are always looking for ways to save time and automate repetitive admin tasks. The Microsoft Graph API enables you to do just that.

Manage devices, users and groups with nearly unlimited scale

Following your tenant’s migration, Intune will use groups in Azure AD for user and device management and to apply policy. This reduces admin overhead since groups don’t need to be built in two places. For example if you have an Engineering group in Azure AD that you use to assign SaaS apps in Azure AD and use to configure access to a SharePoint site, you can now use that exact same group to apply policy to your devices and apps in Intune. Not only that but you now have the power of Dynamic groups in Azure AD at your disposal to create groups based on simple or even complex queries of device and user information.

Of course, your company could well have more than one IT admin and the level of experience and, let’s face it – trust, you put in those admins differs. Now you have granular Role Based Access Control that lets you enable or disable administrative capabilities depending upon the role a person has. One company I’m working with allows their Help desk staff to lock a user’s device, but they don’t want that employee to be able to do something destructive – wipe the device. For that only a Help desk manager can initiate the request.

There is a huge amount of information to unpack and understand for your organization. To help you out, Craig Marl, Principal Program Manager and I took to Microsoft Mechanics, where I’m asking the kinds of questions you might ask to understand more; Craig has the answers. Of course, if you have more questions, just ask below or you can ask me on twitter @simonster.