Publish NDES by Azure AD Application Proxy

This week the Azure AD Product Team did a great job by updating the Azure Application Proxy service to allow you to publish NDES using Azure Application Proxy, which is great news! Pieter Wigleven, Microsoft Technology Solution Professional on Enterprise Mobility has posted a great serie of posts on setting up certificate distribution to mobile devices. A must read!

Part 1 – First tips and tricks on how to troubleshoot and check existing ConfigMgr/SCEP/NDES infrastructures.
Part 2 – After many asks for clarity, a full guide on how to install and troubleshoot ConfigMgr/SCEP/NDES.
Part 3 – Using an additional reverse proxy in a DMZ in front of NDES. The reverse proxy of choice was Windows Server 2012 R2 with the Web Application Proxy role installed.
Part 4 – Protecting NDES with Azure AD Application Proxy

ndes_azure_application_proxy

In part 4 Pieter will outlines the set up of publishing NDES by Azure Application Proxy service, a cool solution that just have been made possible!

—————————————————————————————-

Azure AD Application Proxy (Web Application Proxy from the Cloud) lets you publish applications, such as SharePoint sites, Outlook Web Access and other web application, inside your private network and provides secure access to users outside your network via Azure.

Azure AD Application Proxy is built on Azure and gives you a massive amount of network bandwidth and server infrastructure to have better protection against DDOS attacks and superb availability. Furthermore there is no need to open external firewall ports to your on premise network and no DMS server is required. All traffic is originated inbound. For a complete list of outbound ports take a look at this MSDN page.

Important notes:

Azure AD Application Proxy is a feature that is available only if you are using the Premium or Basic editions of Azure Active Directory. For more information, see Azure Active Directory Editions.
If you have
Enterprise Mobility Suite (EMS) licenses you are eligible of using this solution. The Azure AD Application Proxy connector only installs on a Windows Server 2012 R2 Operating system, this is also a requirement of the NDES server anyway.

Read more…

Advertisements

Configuration Manager 2012 R2 Hotfix introduces instant Remote Wipe and Retirement of Mobile Devices

men_in_black_movie_image_tommy_lee_jones_and_will_smith

Exciting times upfront of Configuration Manager & Microsoft Intune! After announcement of renaming Windows Intune to Microsoft Intune and expected new functionalities in Q4 Microsoft released this week an imported hotfix for Configuration Manager 2012 R2. In short this hotfix allows you to remote wipe or retire your mobile devices almost instanlty with out any delay…how cool is that! Continue reading “Configuration Manager 2012 R2 Hotfix introduces instant Remote Wipe and Retirement of Mobile Devices”

Windows Intune User Provisioning: Having a closer look

At the moment there’re several scenario’s to manage and provisioning users to Windows Intune in order to enable Enterprise Mobility Management (EMM) or simply said – managing your mobile devices. As the process of provisioning users to Windows Intune in combination with Configuration Manager 2012 R2 is not always clear I’ll provide you some insights and tips where and how to troubleshoot.

clip_image001

As mentioned I’ll will focus in this post on a hybrid scenario using Configuration Manager 2012 R2, Windows Intune and on-premise Active Directory where Azure Active Directory Sync (aka DirSync) is used to syncronize on-premise users to Windows Intune (Azure Active Directory).

Process Overview Windows Intune User provisioning

  1. John Doe is created in (on-premise) Active Directory
  2. John Doe is synchronized by Azure Active Directory Sync to (off-premise) Azure Active Directory
  3. John Doe is discovered by Configuration Manager 2012 R2
  4. John Doe is add to Windows Intune collection in Configuration Manager 2012 R2
  5. John Doe is synchronized by Windows Intune Connector
  6. John Doe is enabled Windows Intune user

Continue reading “Windows Intune User Provisioning: Having a closer look”

Microsoft anounced new update of Windows Intune Services; “Modern mobile devices should be managed from a cloud service”

WindowsIntuneAnnouncement

Today Microsoft announced new enhancements of Windows Intune Service as per next week. These updates include:

  • Ability for the administrator to configure email profiles, which can automatically configure the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed.
  • Support for new configuration settings in iOS 7, including the “Managed open in” capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
  • Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it.
  • In addition to our unified deployment mode and integration with System Center Configuration Manager, Windows Intune can now stand alone as a cloud-only MDM solution. This is a big win for organizations that want a cloud-only management solutions to manage both their mobile devices and PC’s.

Continue reading “Microsoft anounced new update of Windows Intune Services; “Modern mobile devices should be managed from a cloud service””

Overview of Settings Management in R2 & “Wave E”

As you might know Microsoft has started upgrading the Windows Intune cloud service to the next version, Wave E  which will be (GA) available on October 18th together with System Center R2.

image

With the arrival of these new product versions Microsoft introduces a lot of new features and settings related to Unified Device Management #UDM (formerly known as Mobile Device Management #MDM). Some new features are:

  • Extended Windows Intune connector
  • Native Self-Service Portal App for Windows iOS & Andriod platform
  • Support for Work Folders
  • Resource Access
  • Selective Wipe

Ronni Pedersen provides in a blog post a complete overview of all new features comming with R2 and wave E.

Continue reading “Overview of Settings Management in R2 & “Wave E””

Have you heard the news? Windows Server 2012 R2 & Windows 8.1 RTM are ready now for MSDN and TechNet subscribers.

bb250589_windowsserver2012R2_preview(en-us,MSDN_10)

Today Microsoft achieved a great milestone releasing Windows 8.1, Windows 8.1 Pro and Windows Server 2012 R2 RTM builds to the developer and IT professional communities via MSDN and TechNet subscriptions. The Windows 8.1 RTM Enterprise edition will be available through MSDN and TechNet for businesses later this month. Additionally, today we’re making available the Visual Studio 2013 Release Candidate which you can download here.

Read the complete post here.

Windows Intune Product Comparison vs. Mobile Device Management Market Leaders #sysctr #windowsintune

 

With the announcement of Configuration Manager 2012 R2 and Windows Intune (wave E) Microsoft offers a mature Mobile Device Management (MDM) solution which it emphatically (re)positions itself in the market of enterprise device management software. Various publications including Gartner’s Magic Quadrant for Mobile Device Management Software (May 2013) shows that Microsoft plays no significant role in the market of enterprise mobile device management software.

image

Figure 1Gartners Magic Quadrant for MDM software.

Successors System Center Mobile Device Management 2008 wasn’t that success and was too early with the lack of suitable hardware. With the current version of Configuration Manager 2012 SP1 and Windows Intune (wave D) Microsoft is working on it closing the gap by providing base MDM functionality. But was it good enough to be a serious competitor in the market of enterprise MDM solutions? With the announcement of Configuration Manager 2012 R2 and 4th generation of Windows Intune (wave E) I am convinced this will change!

Goal of this article is to provide a high-level overall product comparison of Microsoft MDM solution based on Configuration Manager 2012 R2/Windows Intune (wave E) versus the current MDM market leaders Airwatch, MobileIron, Citrix and Good Technology. The product comparison is based on the following areas: platform support, infrastructure complexity, features and licensing & pricing.

Continue reading “Windows Intune Product Comparison vs. Mobile Device Management Market Leaders #sysctr #windowsintune”