The New Intune and Conditional Access Admin Consoles reach general availability.
- It’s built to leverage Azure’s hyper scale
The Azure platform provides huge increases in elasticity and reliability for Intune, and it provides the foundation for nearly unlimited scale. The new admin experience will also run on any browser on any device form-factor. Now you can manage Intune from anywhere – even from your phone!
The redesigned architecture and new console bring nearly unlimited scale to the service. We currently have customers that are rapidly growing to 100,000s of devices in a single tenant. No problem! One customers has shared that they associated a sophisticated policy to ~200,000 users – and what took hours in the past was done in less than 3 minutes. Now, because this is built into the Azure console, you get all the rich role-based administration for delegation of authority.
- It’s optimized for cross-EMS workflows
With Intune’s move to Azure and the Azure Portal, we now share a console experience with other core EMS services like Azure Active Directory and Azure Information Protection. Having the collective power of these services living side-by-side makes them more effective and easier to manage across identity and access management, MDM and MAM, and information protection workloads.
For example: If you’ve just finished creating a set of conditional access policies to control access to data using Intune in the same portal environment, you’re now just a click away from adding additional app protection policies that ensure that your data is protected after it’s been accessed and is in use on mobile devices.
The Intune transition to Azure also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organization’s on-premises Active Directory.
- You can simplify, automate, and integrate management with Microsoft Graph
Built on the Microsoft Graph API, the new Intune experience also opens the door for broader systems integration and automation. This means that our customers can now simplify, automate and integrate workflows across Intune and the other services they are using however they see fit. For more information about what you can do with this, I really recommend this post. Microsoft Graph API capabilities are currently in preview; expect a GA announcement for this functionality in the coming quarter.
Conditional Access – the new admin experience in the Azure portal
The new conditional access admin experience is also Generally Available today. Conditional access in Azure brings rich capabilities across Azure Active Directory and Intune together in one unified console. We built this functionality after getting requests for more integration across workloads and fewer consoles. The experience we’re delivering today does exactly that.
Organizations everywhere face the challenge of enabling users on an ever-expanding array of mobile devices, while the data they are tasked with protecting is moving outside of their network perimeter to cloud services – and all of this happens while the severity and sophistication of attacks are dramatically accelerating. IT teams need a way to quantify the risks around the identity, device, and app being used to access corporate data while also taking into consideration the physical location – and then grant or block access to corporate apps/data based upon a holistic view of risk across these four vectors. This is how you win.
Conditional access allows you to do this and ensure that only appropriately authenticated and validated users, from the compliant devices, from approved apps, and under the right conditions have access to your company’s data. The functionality at work here is technologically incredible, but it’s not always obvious how granular and powerful these controls really are. The new conditional access experience on Azure now makes the power of this technology crystal clear by showcasing the deep controls you have at every level in one consolidated view:
Now you can easily step through a consolidated flow that allows you to set granular policies that define access at the user, device, app and location levels. Over the last 6 months, as I have shown this integrated experience to 100s of customers, the most common comment has been: “Now I completely see what Microsoft has been talking about how Identity management/protection has needed to work with Enterprise Mobility Management to protect our data.”
You can also control access to resources based on a user’s sign-in risk via the vast data in. Once your policies are set, users operating under the right conditions are granted real-time access to apps and data – however, as conditions change, intelligent controls kick in to make sure that your data stays secure.
These controls include:
- Challenging a user with MFA to prove that they are who they say they are.
- Prompting the user to enroll their device in Intune.
- Guiding the user to make adjustments to their device to meet your org’s security requirements
- Blocking access all together or even wiping a device.
- Granting different access privileges when using a native app (Word) vs. a web app (Word Online)