Recently Microsoft announced Microsoft Teams, a new chat-based platform in Office 365. For all mobile platforms (Android, iOS and Windows 10 Mobile) Microsoft released an native app, including a desktop app for Windows 10 and Mac OS X. The Microsoft Teams apps can be downloaded here. After I installed the Microsoft Teams desktop app on Windows 10 I bumped into the following funny message ‘Yikes! Looks like someone pulled the plug on the internet’.
Last week Microsoft announced the public preview of Azure AD Conditional Access to protect Azure AD SaaS applications based on device-based policy rules. Conditional Access (CA) is already available for a quite long time for those who are using Microsoft Intune, but was scoped to Microsoft cloud services such as Dynamics CRM Online, Exchange Online, Exchange on-premises, SharePoint Online and Skype for Business Online.
With the introduction of CA for Azure AD SaaS applications it’s a great step forwards raising the security bar in a mobile first cloud first world securing your SaaS applications and how they being accessed.
In this blog I will not elaborate the detailed operation of CA but will show you how easily it is to configure and apply Azure AD Conditional Access for an on-premise web application which we have published by Azure AD Proxy. Continue reading “Secure your SaaS & On-premises applications with Azure AD Conditional Access”
For those who are using Azure Multi-Factor Authentication Server (on-premises) hereby a quick post to inform you there is a new version of Azure MFA Server available. The new version of Azure MFA Server (126.96.36.199) can be downloaded through the Azure Management Portal or MFA Management Portal.
With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps or deploy purchased apps offline by Configuration Manager or Microsoft Intune.
Choose the best app store for the right scenario.
I’m more than happy being your tour guide for today and walkthrough the various portals that the Microsoft Enterprise Mobility Suite (EMS) houses. For those who are involved with EMS, this might be a handy overview of all current available portals. I often heard that it is not always clear which portal you need and where you can find it. In this blog I’ll do my best to cover all the portals including their purpose.
- Azure Management Portal
- Azure Management Portal (Preview)
- Azure Access Panel Applications Portal
- Azure Cloud App Discovery Portal
- Azure Self-Service Password Reset Portal
- Microsoft Intune Account Portal
- Microsoft Intune Admin Portal
- Microsoft Intune Company Portal
- Azure Rights Management Portal
- Azure Rights Management Document Tracking Portal
- Office 365 Admin Portal
So you’ve always wondered what it takes to improve both collaboration and business processes in your organization, which results in employees being more productive? Do I’ve your attention…read on!
With Microsoft Azure and Office 365, Microsoft offers you a (cloud) platform with a huge potential to optimize and boost your business. In this blog I’ll illustrate this with a simple example of how you can use these cloud services to improve collaboration within your organization.
Coming together is a beginning; keeping together is a progress; working together is a success.
Last weekend Rob Tiffany announced a fun but just as usefully 50 enterprise mobility tips twitter live stream. If you’re doubting how to address Enterprise Mobility in your company, these 50 pointers should give you a good start to feel comfortable and start embrace Enterprise Mobility.
I’ve tried hard to create my favorite top 5 Enterprise Mobility tips – but I didn’t make it…
Microsoft is continuously improving their Azure cloud services while new features get introduced in rapid pace. In this blog I want to consider some new Azure Active Directory Premium features which are currently in public preview. ’These features are:
- Dynamic Groups
- Azure Application Custom Domain publishing
- Azure Conditional Application Access
As all roads lead to Rome there are many ways to assign Enterprise Mobility Suite (EMS) licenses to end-users. This can be a manual process or automated by using PowerShell. Both options have in common that you must be a global administrator of your Azure subscription to assign these licenses.
- How to assign EMS/Azure AD Premium licenses to user accounts
- How to use PowerShell to assign EMS/Azure AD Premium licenses
- Simplified License Assignment with Azure AD and EMS
- How to assign EMS licenses using the Azure Portal
The majority of the available public resources and publications describes the (manual) process bassed on per user- or group assignment through the Azure Management Portal. Downside of assigning EMS licenses through the Azure Management Portal or by PowerShell is that you must be a member of the global administrator user role. A right you want to keep to a limited number of accounts, further these accounts are often not responsible for such tasks as assigning licenses.
This week the Azure AD Product Team did a great job by updating the Azure Application Proxy service to allow you to publish NDES using Azure Application Proxy, which is great news! Pieter Wigleven, Microsoft Technology Solution Professional on Enterprise Mobility has posted a great serie of posts on setting up certificate distribution to mobile devices. A must read!
Part 1 – First tips and tricks on how to troubleshoot and check existing ConfigMgr/SCEP/NDES infrastructures.
Part 2 – After many asks for clarity, a full guide on how to install and troubleshoot ConfigMgr/SCEP/NDES.
Part 3 – Using an additional reverse proxy in a DMZ in front of NDES. The reverse proxy of choice was Windows Server 2012 R2 with the Web Application Proxy role installed.
Part 4 – Protecting NDES with Azure AD Application Proxy
In part 4 Pieter will outlines the set up of publishing NDES by Azure Application Proxy service, a cool solution that just have been made possible!
Azure AD Application Proxy (Web Application Proxy from the Cloud) lets you publish applications, such as SharePoint sites, Outlook Web Access and other web application, inside your private network and provides secure access to users outside your network via Azure.
Azure AD Application Proxy is built on Azure and gives you a massive amount of network bandwidth and server infrastructure to have better protection against DDOS attacks and superb availability. Furthermore there is no need to open external firewall ports to your on premise network and no DMS server is required. All traffic is originated inbound. For a complete list of outbound ports take a look at this MSDN page.
Azure AD Application Proxy is a feature that is available only if you are using the Premium or Basic editions of Azure Active Directory. For more information, see Azure Active Directory Editions.
If you have Enterprise Mobility Suite (EMS) licenses you are eligible of using this solution. The Azure AD Application Proxy connector only installs on a Windows Server 2012 R2 Operating system, this is also a requirement of the NDES server anyway.