Explore the New Features in Azure AD and Microsoft Unified Endpoint Management

Visit Website View Our Posts

In response to the COVID-19 pandemic, cloud-based ERP systems have become increasingly more popular. The accessibility, ease of management, and cost-effectiveness provided by the cloud are helping organizations worldwide navigate the demands of remote working and the ambiguity of the future.

To help their customers navigate the new normal, Microsoft has released a number of new updates to Azure AD and Microsoft Intune (now called Unified Endpoint Management), two of the company’s most popular cloud offerings. Each of these updates is improving ERP cloud security and simplifying device management. 

Updates to Microsoft Azure AD

Temporary Access Pass (TAP)

Using a TAP, administrators can create temporary passwords for both new and existing users that expireff after a certain amount of time. The tool is particularly useful when onboarding new employees or resetting user account credentials. 

Because it contains a number of authentication policies, the tool is considered to be a strong authentication method, enabling organizations to integrate multi-factor authentication and self-service password reset.

Server Authentication

A user’s Azure AD login information can now be used to access Azure Windows VM. This functionality can also be used in conjunction with PIM, Conditional Access, and RBAC. 

The goal of this feature is to enhance and simplify user management among IT administrators and increase cloud connectivity from Azure’s directory. 

 Please note: Azure AD server authentication requires Windows Server 2019 OS. Older versions (including Bastions) are not currently supported.

New Conditional Update Policies 

Azure AD’s conditional access policies (CAP) are essentially if-then statements. When a user wants to access something, they must first complete an action.

For example, one of the new CAPs within Azure AD is requiring users to go through multi-factor authentication prior to resetting a password. This policy can be set up by admins using grant controls.

Another new policy is listed underneath ‘Register or Join Devices’. This rule provides IT admins with greater control during device onboarding as it allows them to require users to complete a number of actions (such as setting up multi-factor authentication) prior to set up.

Finally, admins will have increased visibility of devices using the ‘Named Location’ policy. Rather than track by IP address, the tool finds a device using physical GPS coordinates, providing admins with a more precise location. 

New Microsoft UEM Filters

When a new CAP has been created, admins can utilize new filters to assign policies based on specific rules. Essentially, this allows admins to narrow the scope of a policy and get a comprehensive view of which devices and users will be affected. 

For example, filters may be useful when deploying a restriction policy to corporate devices while excluding personal ones or deploying a new iOS app to Apple devices on a specific team. 

Using these features, admins have greater flexibility and granularity when assigning CAPs. 

Get Started with JourneyTEAM

Organizations looking to provide their IT team with greater precision and control around cloud security and device management should contact JourneyTEAM. As a Microsoft gold partner, we have a wealth of knowledge surrounding Microsoft’s product. Together, we’ll customize the functionality of each solution to meet unique business needs. Contact a JourneyTEAM representative today to learn more.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons