Simon May

Client and cloud

Simon May

  • Edge Show 133 – Azure AD SaaS apps and What’s new in Enterprise Mobility + Windows in January?

    In this episode of The Edge Show on Channel 9 I talked about Azure AD SaaS apps integration with Eran Dvir, Senior Program Manager from Microsoft’s Identity team about what Azure AD SaaS app integration can do.

    • We talk through and show new capabilities around adding your own, custom SaaS apps
    • We take a look at how Azure AD SaaS apps can help you manage access to shared, corporate apps such as Twitter accounts.
    • We take a look at what integration with HR systems looks like (hint, Nirvana!);

    This is what else has happened during the month of January in Enterprise Mobility and Windows

    A small Windows 10 announcement

    Press, analysts and myself are pretty excited about Windows 10 and the possibilities that it brings. Some especially neat things got announced at the preview event here on Redmond campus this week including holographic computing for Winodws 10. There wasn’t much more information released that’s particularly useful to IT folk but I’ve heard from a number of people it’s starting to make people ask you when you’ll be adopting Windows 10 and the IT people I’ve spoken to seem positive too. To make sure you get the best head start possible watch the Windows 10 Jumpstart on MVA.

    Universal Office apps for Windows 10

    One great feature of Windows 10 is that apps will run everywhere and that includes Office and the Office blog excitedly talked about how we are creating better universal experiences.

    Boards in Delve

    Delve is one of my favorite new features of Office 365, allowing me to discover what’s happening in my work social graph. Boards are a new feature that let me curate some of that information better.

    Brad Anderson, CVP Enterprise Mobility and Client Management, Podcast Series

    Brad continues his series by talking to me about conditional access to company resources which is something that most people I talk to about mobility tell me is keeping them up at night.

    Brad’s Architecture Matters Series

    Brad is the engineering leader that makes decisions about why we build things the way we do and as such he’s taken some key architectural decisions that really matter when you’re looking at a longer-term strategy for your technology…if you aren’t assessing the architecture you’re implementing you probably have some work to do. In this series Brad’s exploring some of the decisions we’ve made and why, such as moving our infrastructure for Microsoft Intune to Microsoft Azure.

    We have free deep technical virtual labs for enterprise mobility available and free training too.

    Workfolders for iPad made available in the Apple Store

    People have asked me for this for a while, and while I’ve known it was coming I couldn’t say when due to Apple’s store policy. It’s finally here meaning that you have a simple, way to get access to data stored on file servers in your private cloud (on-prem with Windows Server 2012 R2) anywhere in the world on iPad.

    Azure AD added workplace join for Android Devices

    Another big ask from IT has been the ability to give single sign on to corporate applications using Android devices. Thanks to this new set of Azure AD updates you can now do that by adding a workplace account on Android but not only that we’ve made enrollment more secure by adding an optional extra layer of trust with Multifactor Authentication (MFA).

    Public Preview of Azure AD Connect

    Setting up Azure AD and synchronization to your on premises directory has traditionally been a bit tricky. The product team has worked tireless to make it easier and they released Azure AD Connect into Public Preview. You can watch this Edge Show where I interview Jen Field, the Program Manager for Azure AD Connect about its capabilities.

    The post Edge Show 133 – Azure AD SaaS apps and What’s new in Enterprise Mobility + Windows in January? appeared first on Enterprise Devices + Infrastructure.

  • I’m on Brad Anderson’s @inthemsftcloud podcast

    Conditional Access to company resources is something I’m especially interested in and you should be too. It gives you the ability to allow only registered devices to access files and email and that gives you (the IT Admin) the control your company requires you to have over data. It’s a brilliant feature and I was thrilled when Brad asked me to come talk to him about it.

    You can find Brad’s podcast on his blog.

    In The Cloud Podcast

    The post I’m on Brad Anderson’s @inthemsftcloud podcast appeared first on Enterprise Devices + Infrastructure.

  • Get Started with the Enterprise Mobility Suite in Minutes

    Microsoft Enterprise Mobility Suite is an awesome set of tools to help you manage mobility. But where do you start and what do the components do and why do you even need them? If you have EMS are you using all its tools to the best advantage? This post is going to give you the trials, the virtual labs and the free training courses you need!

    Get Started with Enterprise Mobility

    Trying new technology is hard, particularly in Enterprise Mobility where almost all the vendors in the space need you to give your details and wait for a hard, cold, sales call. Microsoft is the exception. With Enterprise Mobility Suite (EMS) you are up and running and trying mobility management in just a few minutes with WITHOUT a brutal sales call!

    With Enterprise Mobility Suite (EMS) you are up and running and trying mobility management in just a few minutes

    Enterprise Mobility Suite is a kind of “Avengers Assemble” group of mobility tools; As the name suggests Microsoft’s new and improved offering is a suite a of best-of-breed, often leading components that come together. Of course if you’ve read this blog for a while you’ll realize that I firmly believe that Productivity is the on-ramp to enterprise mobility…heck you probably already know that.

    “Where do I start with all these tools?”

    You’ll be set up in about 5 steps or so.

    1. Get the trials (see below)
    2. Synchronize an on-premises AD to Azure AD (you can do this from a free virtual lab)
    3. Configure mobile device authorities
    4. Enroll a device
    5. Drink a coffee, high-five your boss*

    *please note I am not responsible for you getting fired if your boss finds this inappropriate.

    Enterprise Mobility Suite is a kind of “Avengers Assemble” group of mobility tools

    Microsoft has one place for user accounts: Active Directory.

    One of the big benefits of EMS is that it doesn’t make you do over. You don’t need some funky-ass new LDAP/Directory/User Profile storage doohickey thingy. You need Active Directory and with Enterprise Mobility Suite Microsoft safely EXTEND your on-prem AD DS to Azure AD’s modern architecture without massive architecture (don’t worry if you don’t already have an on-prem AD, the solution is cloud stand-alone too.

    The short primer on Azure AD.

    Think of Azure AD as a schema extension that you don’t need to manage if you’re an Old-School AD admin. The idea of extending your on-prem AD to the internet might sound daunting but it really is a good idea.

    The architecture of the modern, mobile world doesn’t really jive with synchronous connections to AD DS.

    Modern mobile apps and devices need restful, API based connections to thrive…and you also need controls designed for those types of scenarios (multi-factor authentication, the ability to BLOCK compromised devices, users and to give CONDITIONAL ACCESS to company resources. Not only that but you are in ABSOLUTE CONTROL of what attributes get sent to Azure AD and geographically where they get sent.

    Office 365, Microsoft Intune and ANY apps you want can share your Azure AD.

    Manage Devices and Apps with Microsoft Intune

    If identity is the cornerstone of enterprise mobility management house then device management is the first floor and application management is the second floor. Mobility management technology has evolved to deal with the newer challenges that mobility  in today world faces.

    You probably know of MDM – Mobile Device Management. MDM manages things like remote wipe, applying company policy and such – I suppose an old-school admin might consider MDM as the Group Policy of the modern device world.

    Just as we need more than that in the old-school world we need more in mobility which is why we have Mobile Application Management. This is the need to control what applications get to a device but beyond that it’s the ability to control what other apps those apps can talk to and how they’re removed. It’s an essential layer in today’s world. For MDM and MAM you want Microsoft Intune, no matter what device platform (Windows, iOS, Android).

    an old-skool admin might consider MDM as the Group Policy of the modern device world.

    Protecting Data with Azure Rights Management

    Azure RMS is your device management roof. It keeps the water off!

    Azure RMS will protect your data and only allow the people intended to have access to it access under the right conditions. With Azure RMS protection has become much more straightforward to deliver. You install a couple of Azure RMS Connector servers on-prem and your Exchange, SharePoint and File Servers can be protected by Azure RMS. Not only that but you can bring your own key and Azure will store your keys in our very, very secure HSMs. Every time I show anyone Azure RMS they think it’s magic but you can try the magic of Asure RMS in this TechNet vlab.

    The Power of Many

    This is where things with a suite of awesome like EMS come together and really avenge your problems (sorry that was bad pun). With the above you can do some amazing things. You can protect all your data on your OneDrive with RMS and allow only those enrolled devices with MDM (Intune) to have access to the information.

    In this situation a number of things become true:

    • The user looses their device: You know that RMS protects the data at rest, even if you can’t remote wipe it.
    • The user leaves the company: You can remove the apps and the data that the user was using and know they have no access to further data.
    • The user sells their device without wiping it: You can block the devices access while leaving their access in tact.

    Quick Start Option 1: Get some free, no money ever changing hands, trials

    The free trials come thick and fast with EMS: You will want Microsoft Intune, Microsoft Azure AD and Microsoft RMS but thankfully all the trials are under one handy page on the Microsoft Enterprise Mobility Website – along with some helpful resources or just use the 5 steps below to get started.

    1. Do you have an Office 365 trail? If not get one. If you do, make sure it’s still valid.
    2. Now go get a Microsoft Intune trial, be sure to click the link to use your Office 365 ID
    3. Go get an Azure trial, or if you already have one you can just use that.
    4. Step 1 creates and Azure AD tenant for you, now use your Azure Trial to manage your Azure AD tenant.
    5. Enable and license Azure AD premium

    intune signup

    Quick Start Option 2: Use a TechNet vLab as your virtual lab

    I build labs, and I’ve made Seven Deep Enterprise Mobility labs just for you, free. These deep technical labs will guide you through trying and using Enterprise Mobility Suite, including signing up for the trials. The labs include domain controllers, Configuration Manager servers, VMs and everything you need already setup for you.

    If you need some more help

    I would highly recommend trying some courses on the free Microsoft Virtual Academy such as these stellar, all-star titles:

    Thanks for taking the time to read… what do you think?


    The post Get Started with the Enterprise Mobility Suite in Minutes appeared first on Enterprise Devices + Infrastructure.

  • Seven Zero-Cost Microsoft Enterprise Mobility Suite Technical Training Courses

    Microsoft Virtual Academy Courses on Enterprise Mobility

    Over on the Microsoft Enterprise Mobility Blog I just posted a roundup of all of the Microsoft Virtual Academy courses that we’ve published that cover aspects of Enterprise Mobility Suite. That includes:

    • Microsoft Intune
    • Azure RemoteApp
    • System Center Configuration Manager 2012 R2
    • Managing iOS and Android

    Also we have lots more great training coming soon, including a course on managing Samsung KNOX.

    You can find all the courses on the Microsoft Enterprise Mobility blog.

    Share these key points:

    • HolyMow! Seven Free Microsoft Enterprise Mobility Suite Courses
    • MVPs, check this 7 new Microsoft Enterprise Mobility Suite Courses
    • Microsoft Partners, get a load of this: 7 Free Enterprise Mobility Suite Courses!
    • I LOVE FREE STUFF! No-cost but high value @MSVirtAcademy courses on EMS

    The post Seven Zero-Cost Microsoft Enterprise Mobility Suite Technical Training Courses appeared first on Enterprise Devices + Infrastructure.

  • Announcing: Taming Android and iOS with Enterprise Mobility Suite Jumpstart on MVA

    Just a few weeks ago my colleague Kevin Remde and I hit the Microsoft Virtual Academy studios to record a live “Jumpstart” event aimed at getting you up and running on Microsoft Enterprise Mobility Suite (EMS) and on using it to tame your iOS and Android devices. IF you’re not aware there are many, many ways that EMS can help you get your iOS and Android estates under control – things like:

    • implementing kiosk modes for those task worker style devices
    • enrolling lots of devices with Apples enrollment programs
    • controlling email flow with Exchange on-prem or Office 365 to those devices

    And whole ton more stuff.

    This jumpstart will get you up and running and because we had a TON of questions on KNOX specifically which we kept outside the scope of this course we’re doing another MVA course just on KNOX management in a few weeks’ time.

    The post Announcing: Taming Android and iOS with Enterprise Mobility Suite Jumpstart on MVA appeared first on Enterprise Devices + Infrastructure.