Enterprise Mobility and Security Blog

RSS

A few weeks ago, the Enterprise Mobility Team hosted a Tweet Chat about managing mobility for Office365. It was great to have this dialogue with folks across our community, and a few people asked for our team to summarize the Q&A. So, here are the questions we received during the Tweet Chat. If you have additional questions related to Conditional Access, please tweet them to us @MSFTMobility, we are always happy to help.

 

What options does Microsoft offer for managing Office mobile apps?

  • Various options exist for this, please refer to this link for an overview and further info on enhancing your mobile productivity.
What’s the difference between MDM and MAM?

  • These are 2 of the four layers of security and management. Read more about Mobile Device Management and Mobile Application Management in our eBook “Controlling the Uncontrollable”.
How can I project and manage apps on non-enrolled devices with Intune?

How can I configure Application Protection policies for Office Mobile Apps with Intune?

  • You can do this from within the Office 365 admin portal. Our document here can show you how to control access to features in the OneDrive and SharePoint mobile apps.
How can I define policies for Multi-Identity capabilities with Intune?

  • This can now be done through the Azure Portal experience for admins. Find out how to configure app protection policies in the Azure portal.
Is there a way to set up risk based policies for Conditional Access to Office apps?

How can I set up policies for automatic classification with Azure Information Protection?

  • Use our quick start tutorial to learn this and enabling other functionality for Azure Information Protection.
What are the right set of labels for my company?

  • Refer to our Top 5 tips for accelerating information protection video or the Ready, set, protect blog series to find out our recommendations for labels.
What actions can be triggered based on data classification?

  • You can trigger encryption with permissions or include visual markings such as watermarks and header-footer. Policies can also be set in other systems such as a DLP engine or CASB solution to read labels set by AIP and take protection actions.
Is it possible to configure policies specific to groups or departments?

  • Yes! Discover how to configure the Azure Information Protection policy for specific users by using scoped policies.
Is there a way to bulk label existing data on file servers?

  • Sure thing. Read more about bulk classification and labeling for data in our blog.
Is it possible to track files shared with AIP and revoke access is case of unexpected sharing?

Can you tell me what Enterprise Mobility Suite capabilities can be enabled from within the Office 365 admin console?

  • Some examples include Azure Multi-Factor Authentication, Conditional Access, and App Protection policy for OneDrive.
Can Enterprise Mobility Suite wipe data from a device if it is compromised?

  • Microsoft Intune supports both selective and complete wipe. Learn how with this helpful documentation.
I’d like to know how we can connect SAP applications using Azure AD, Intune? Any demo available?

  • Check out our tutorial: Azure Active Directory integration with SAP NetWeaver.
Does MDM-WE handle activating Office apps on Mobile device automatically once user enrolls into Microsoft Intune?

  • Yes, it’s a part of app policy configuration. Learn how to protect app data using app protection policies with Microsoft Intune here.
What’s the time frame to provide Intune\Netscaler Conditional access for apps like the Intune managed browser?

  • We are actively working towards this. Please stay tuned to our social channel for updates
Is leveraging Enterprise Mobility Suite on top of my current IDAM (Identity & Access Management) solution possible?

  • Yes, that’s possible however you will have to set up Azure AD tenant and use Azure AD Connect to set up syncs.
If we install Intune-WE on top of our MDM (Mobile Iron), login to Intune, then install Word from App Store, would Word be Auto-Activated?

Should I take the 70-398? If not, where do I start?

  • It depends on your job role. More details–including who this exam is for are available here.
Is it possible to have Intune client and SCCM client on a single machine and be managed by SCCM/Intune Hybrid Config?

  • Running both the SCCM agent and InTune agent on the same box isn’t supported. Installing the InTune agent doesn’t uninstall the SCCM agent. Uninstall the SCCM agent before installing the InTune agent.
Are there any good resources for getting up to speed with Intune\Graph API?

Can Intune be connected to all devices e.g: IoT enabled and integrated with an ERP Solution?

  • Intune supports all Windows, Android, iOS devices. The App Protection policies cover apps like SAP.
Does Azure AD recommend Best Practices for Security Policies which can be implemented without any changes?

 

We truly enjoyed answering your questions. Be sure to follow @MSFTMobility and stay tuned for updates for the next Tweet Chat topic.

We’re looking forward to chatting with you!

If you are not a Twitter user but would like to participate, please create an account so you can join us next time!