As the COVID-19 pandemic continues to drag on, migration to the cloud is continuing to accelerate.
One cloud provider that is experiencing rapid growth in response to COVID-19 is Microsoft.
With thousands of new users moving to Microsoft’s version of the cloud, the company has released new updates to both Microsoft Intune (now called Unified Endpoint Management) and
Azure AD Updates
Temporary Access Pass (TAP)
Microsoft has long been trying to eliminate the need for passwords; TAP is a big step forward in achieving this goal. The tool is a time-limited password that’s created and issued by an IT administrator. This password can then be used during onboarding or resetting existing accounts. The hope is that TAP can eventually stop the usage of permanent passwords within a corporate network altogether.
In terms of account recovery, TAP simplifies the process while still keeping information secure by enabling users to reset passwords or change authentication methods without inputting a password.
Azure AD Authentication for Servers
To increase cloud connectivity and simplify user management, Microsoft users can now use their Azure AD login credentials to enter Azure Windows VM. This new functionality also supports integration with Conditional Access, RBAC, and PIM.
Users must have Windows Server 2019 OS to utilize this feature. Currently, Bastions that are used for server connectivity within Azure AD are unsupported, though this may change in the future.
New Conditional Access Policies
To help companies improve cybersecurity, Microsoft released new conditional access policies (CAP) in Azure AD. These include:
- Password Reset: Should admins detect a potential threat or suspicious logins, they can automatically reset user passwords. Additionally, should users require a password reset, admins can require multi-factor authentication prior to resetting.
- Register or Join Devices: To provide admins with greater control over devices, Microsoft increased the security and requirements surrounding device onboarding. For example, admins can create CAPs that require users to set up MFA methods through the corporate network when adding or joining new devices.
- Named Location: Previously, admins could only track corporate devices through IP addresses, which is not always accurate. With the ‘Named Location’ policy, devices are tracked using GPS coordinates which provide a more precise location.
New Filtering Capabilities in Microsoft UEM
When admins create CAPs within Azure AD, they can then utilize Microsoft UEM filters to see how policies, restrictions, and updates will affect devices and users. Essentially, these filters provide admins with greater visibility and control when assigning CAPs.
For example, filters can be used to deploy a new Android phone compliance policy to all employees within the company but exclude Android devices that don’t support mobile compliance policy settings. The same can be done for iOS devices.
These new updates to Microsoft solutions are a significant step forward in creating a user-friendly and secure cloud environment and facing the ambiguity of the future with confidence.
Integrating new solutions into an existing technology stack can be complicated and time-consuming. JourneyTEAM, a Microsoft Gold partner, relieves this burden by doing all the heavy lifting. We provide organizations with as much—or as little support—as needed when implementing Microsoft solutions.