Enterprise Mobility and Security Blog

How we secure your data in Azure AD

Howdy folks, With all the breaches of cloud identity services over the last few years, we get a lot of questions about how we secure customer data. So today’s blog is a dive into the details of how we protect customer data in Azure AD. Datacenter and Service Security Let’s start with our datacenters. First,...

Continue reading

EMS and Zimperium integration ensures risk free devices before accessing corporate resources

Today we’re excited to announce the general availability of our integration with Zimperium, a leader in the mobile threat defense space. The integration between Zimperium and Microsoft Enterprise Mobility + Security helps organizations defend against both known and unknown mobile threats and ensure that devices are risk-free and secure before users access corporate resources. Enhancing...

Continue reading

Fewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview

Howdy folks, A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox...

Continue reading

Marching into the future of the Azure AD admin experience: retiring the Azure classic portal

Howdy folks, Since we announced General Availability of the new Azure AD admin center in May, it’s been used by over 800,000 users from 500,000 organizations in almost every country in the world. The new admin center is the future for administration of Azure AD. For over a year, we’ve been listening to your feedback...

Continue reading

Active Directory Access Control List – Attacks and Defense

Recently there has been a lot of attention and a few different blog posts (references at the end of the post) regarding the use of Discretionary Access Control List (DACL) for privilege escalation in a Domain environment. This potential attack vector involves the creation of an escalation path based in AD object permissions (DACLs). For...

Continue reading

Simplifying transition from Hybrid MDM (ConfigMgr+Intune) to Intune standalone

We have heard repeatedly from our customers who are using System Center Configuration Manager connected with Microsoft Intune (hybrid MDM) that they’d like to move to a cloud-only experience with Intune on Azure. This experience brings many new benefits, such as large scale, unified admin console, RBAC, and more. To help customers easily transition, we’re...

Continue reading

Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!

Howdy folks, Just a quick note today! I am excited to announce a preview of a new integration between Azure and Azure Active Directory that is designed to make life easier for developers. It’s called Managed Service Identity, and it makes it simpler to build apps that call Azure services. Typically, to call a cloud...

Continue reading

Microsoft Intune provides support for iOS 11

Today, Apple announced the availability of iOS 11 (with public release scheduled for 9/19/2017) and we’re pleased to announce Microsoft Intune’s support for this update. Apple began releasing developer and beta builds a few months back, and since then the Intune team has been busy working to ensure that all Intune MAM and MDM scenarios...

Continue reading

Azure AD B2B Collaboration in Microsoft Teams

Howdy folks, Today I am excited to let you know that we’ve just enabled Guest Access in Microsoft Teams, built on the B2B collaboration features of Azure AD! You can now enable partner collaboration in Teams for interactions across chat, apps, and file sharing, all with the ease of use and enterprise-grade protection Azure Active...

Continue reading

Azure Active Directory Premium is now in limited preview in Microsoft Azure Government Cloud

Howdy folks, Today I’m happy to announce the limited preview for Azure Active Directory Premium on the Microsoft Azure Government Cloud. This preview is for customers that have specific compliance needs (e.g., FedRAMP or DoD requirements), and while certifications aren’t in place yet, we plan to have them in place for General Availability. Getting started...

Continue reading