Monthly archives "December 2014"

10 Features You (Probably) Don’t Know About EMS

Joe Kuster

Here’s a few snippets from recent customer conversations about features that most don’t know about.

  1. Azure AD Application Proxy: This allows VPN-less connectivity between your internet based devices and on-premises applications. It sounds like SSL tunneling voodoo, but no one else is doing this and it may revolutionize the way we work remotely. The only requirement is the Application Proxy app being installed on any server behind the firewall that had outbound internet access to Azure.
  2. Cloud App Discovery: An agent is available to track down cloud based application usages to find services your employees are using to help prevent data loss and security compliance. Most Corporate IT departments massively underestimate their employees usage and reliance on cloud apps.
  3. ForeFront Identity Manager 2010 licenses are included for each licensed EMS user. Azure AD Premium provides hybrid identity management with over 2,400 compatible cloud based SaaS providers. FIM gives you a massive feature-set for integration capabilities for on-premises applications using protocols such as LDAP, OAUTH, REST, SOAP as well as full .Net programmability for raw database integration.
  4. Azure AD Premium Self-Service Password Resets support using security questions.
  5. Azure RMS integrates with both Exchange Online and Exchange on-premises (2010 or newer) with just a couple lines of PowerShell. This brings RMS to the OWA user interface.
  6. EMS (Intune, Azure AD Premium, and Azure RMS) licenses can be provisioned via PowerShell.
  7. Office 365 can restrict mobile device access to devices with Intune installed and compliant configurations (no rooted/jailbroken devices).
  8. Intune now features Kiosk policies to lock applications in the foreground and require an administrative PIN to access other apps (iOS, Knox, Android).
  9. Containerization on steroids is now part of Intune. Microsoft calls is Mobile Application Management and you can create your own corporate managed workspace on a BYOD device. Microsoft’s approach is different from traditional containerization as it not only supports all of the traditional features, but supports using a custom wrapper around pre-existing applications that users are already familiar with to enforce data policies.
  10. Triggering VPN connectivity automatically for specific apps is part of Per-Application VPN Intune Policies.