Eastern Cloud Blog

This blog is aimed at our East Region State & Local Government customers. Opinions are our own - be gentle with us.

Lookout and Microsoft: securing enterprise mobility together

Microsoft and Lookout announced a new partnership that will integrate Lookout Mobile Threat Protection with our Enterprise Mobility Suite (EMS).  The partnership will result in product integration that will improve how customers protect and manage the sensitive data that employees access through their mobile devices every day.  Lookout is a leading provider of mobile threat protection with a global sensor network of over 100 million mobile sensors.  Integrating the threat intelligence from Lookout into EMS will give security teams the ability to take action on threats to protect users, devices and data.

Read this Lookout blog post for information about this partnership and what we are building together.

Microsoft and Citrix Partner to Help Customers Move to the Cloud

At the Citrix Synergy event in Las Vegas today, there were several exciting announcements about how Microsoft and Citrix are partnering together to accelerate Windows 10 and Office 365 adoption. 

  • Citrix will leverage Azure to provide a Windows 10 VDI solution for customers with Windows licensed per user. 
  • Citrix is updating their mobile applications with the Microsoft Intune SDK so they can be managed by Intune and integrated with Office 365 mobile apps.
  • Citrix has announced an updated connector for SCCM, allowing organizations to manage Citrix XenApps applications with a single tool.
  • Microsoft and Citrix have partnered to optimize the Skype for Business application for use in XenApp and XenDesktop environments
  • Citrix and Microsoft are working together to leverage the Citrix NetScaler solution to provide secure, conditional access to on premises applications through the Intune solution
  • Citrix is building capabilities into its mobile apps like support for MFA and self-service password reset

Find out more about how the Microsoft and Citrix partnership continues to grow and provide valuable solutions for our customers.  All the details are in this Brad Anderson blog post.

Video: What’s new in Intune MAM without device enrollment

Did you know that Intune can be used to manage individual applications on a mobile device, even if that device is managed by a different MDM solution?  Intune can also manage apps on a device that is not managed or enrolled.  We call it Mobile Application Management (MAM), and you can find out how we do it by checking out this new Microsoft Mechanics video that shows the admin and end-user experience.

New end-user experience: Mobile Application Management for iOS

We are excited to announce an updated user experience for Mobile Application Management (MAM) on iOS devices that users will soon start to see rolling out across their apps. Currently, each time a user launches an iOS app that is managed by an Intune MAM policy, they see a screen notifying them that the app is “Managed by your company.” We have heard feedback that this screen was confusing for end users, and that displaying this screen at every app launch was slowing down users as they were trying to get into their apps. Based on this feedback, we are replacing this existing message with the following alert.

Read more here.


A Single, Unified Trust Center for the Microsoft Cloud


Microsoft is pleased to announce that we have created a single Microsoft Trust Center at www.microsoft.com/trustcenter, which unifies the trust centers of our enterprise cloud services - Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365.


Now, you have a single place to go, and one URL to remember to get all the information you need about the security, compliance and privacy of Microsoft’s cloud solutions.  Read the full announcement on the Microsoft Cyber Trust blog.


Announcing New Microsoft Enterprise Mobility Capabilities

Today, Microsoft announced that we’re delivering some new enhancements to Microsoft Intune. Intune already delivers mobile device and application management capabilities to ensure data and apps are protected on mobile devices.  Now, Intune will provide expanded capabilities to manage company apps and data in many more cases, specifically:

  • Intune now provides data leakage prevention through its Mobile Application Management (MAM) features. Intune MAM was recently updated to isolate corporate and personal data within the same app – something no other solution provides.

  • With today’s announcements, Intune’s MAM is being extended to “Bring your own” (BYO) devices that are not enrolled for device management (MDM).  This protects company data in mobile apps without requiring IT to enroll and deeply manage that end users’ entire device. The end-user preserves complete control over their personal apps, data, and settings – while the IT department controls the protection of corporate IP.

  • Intune MAM is also being extended to protect company information on devices enrolled into non-Microsoft MDM solutions. This allows you to start extending Intune MAM protections to mobile apps without having to first migrate your entire MDM solution.

  • Additional Microsoft apps are announcing support of for Intune MAM, including Power BI, and Remote Desktop client (both of which are available now).  Support for the Skype for Business and Dynamics CRM apps is coming soon.

  • Major companies like Box and Adobe have announced iOS and Android apps with native support for Intune mobile application management. Additionally, SAP Fiori mobile apps that are customized and built by SAP’s customers using SAP’s Fiori mobile services will also support these management and data protection capabilities delivered by Microsoft Intune.

Read this major announcement on Brad Anderson’s In the Cloud blog.  Find out how Intune MAM can now complement your current MDM solution, whatever it may be.

Office Mechanics: Beyond MDM


In this August 19th show, the team demonstrates how built-in Mobile Device Management (MDM) in Office 365 allows you to set up conditional access to data by a specific device. We also show the resulting user experience. New MDM capabilities were introduced almost a year ago on this Office Mechanics show and are available in Office 365 now, and they get even better when you add Microsoft Intune.


To learn more and see everything in action, watch the show. And if you are an admin already using Office 365, you can start testing out most of the controls today.


See this Office Blog entry for more information and a video of the show.

New Windows 10, iOS, and Android features coming over next week

New Microsoft Intune features and enhancements will be released over the next week. Building on the Intune management capabilities for Windows 10 that were announced in May, this service update adds support for creating and deploying Windows 10 configuration policies and VPN profiles using new Windows 10-specific templates. Additionally, as detailed on the Active Directory team blog, you can now automatically enroll Windows 10 devices into Intune device management using Azure AD join.

In addition to these new Windows 10 management capabilities, this Intune service update includes several other features and enhancements, such as:  

  • Multi-identity support for OneDrive app on Android: When using the OneDrive app for Android devices, users can access both their personal and corporate accounts in the same app while Intune mobile application management policies are only applied to the user's corporate account (Multi-identity support for OneDrive app on iOS previously released in June).
  • Deployment of certificates in .pfx format: You can deploy certificates in Personal Information Exchange (.pfx) format to Windows 10 and Android devices without need for Network Device Enrollment Service (NDES).
  • Conditional access for Windows PCs: You can restrict access to Office 365 so that only domain-joined PCs running Office 2013 can connect.  
  • User-specific terms and conditions: You can deploy customized terms and conditions to Intune user groups which they must accept before using the Intune Company Portal to enroll devices and access corporate resources.
  • Management of Activation Lock feature for iOS: You have the ability to manage the Activation Lock feature on iOS 7.1+ devices, providing you with the option to turn the feature on/off, view status, and bypass the Activation Lock.  
  • Support for custom VPN profiles for iOS: You have the ability to define VPN settings for additional VPN providers on iOS devices using the new custom option in the VPN profile dropdown menu.
  • Intune Company Portal app for Android updated: The Intune Company Portal app for Android has been updated to display device enrollment instructions after signing in for those who have not yet enrolled their device for management.

Read More here..

Coming this week: Android App Wrapping Tool + new features for iOS, Android, and Windows Phone

We are excited to share with you the next set of Intune features that will be released between May 19 and May 26.  With our monthly release cadence, we continue to focus on providing you with best-in-class experiences that help keep your users productive while protecting your company’s sensitive data. You can expect to see the following new Intune standalone (cloud only) features in this release:

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

Read more here..

New Intune features this month!!

Yes - updates now coming to Intune every month!! 

From Brad Anderson's post at http://blogs.technet.com/b/microsoftintune/archive/2015/04/17/new-intune-features-coming-over-the-next-week-for-android-and-more.aspx

New Intune standalone (cloud only) features that will be made available as part of this update include:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets. (Management of Office Mobile app for Android phones made available in February 2015)
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually
  • Deployment of .appx bundles to Windows Phone 8.1 devices (Support for .appx files made available in March 2015)
  • Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites (Managed Browser app for Android devices made available in December 2014)
  • Management of Work Folders app for iOS devices
  • Updated Endpoint Protection agent for managing Windows PCs
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads
  • Enhanced user interface for overview pages within Intune admin console