{"id":1012,"date":"2017-06-08T08:00:46","date_gmt":"2017-06-08T15:00:46","guid":{"rendered":"https:\/\/www.microsoft.com\/en-au\/2017\/06\/08\/the-new-intune-and-conditional-access-admin-consoles-are-ga\/"},"modified":"2022-06-28T10:43:45","modified_gmt":"2022-06-28T17:43:45","slug":"the-new-intune-and-conditional-access-admin-consoles-are-ga","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-au\/microsoft-365\/blog\/2017\/06\/08\/the-new-intune-and-conditional-access-admin-consoles-are-ga\/","title":{"rendered":"The new Intune and conditional access admin consoles are generally available"},"content":{"rendered":"
There are a handful of topics that consistently come up whenever I meet with our customers and partners \u2013 and one of the most common has to do with how to balance productivity for end users with the need for security and control of company data. The tension between these two needs is the stage upon which an even bigger challenge constantly looms: \u00a0Every IT team on earth being asked to do more with less at a time when technology keeps accelerating and the landscape of their own industry shifts beneath their feet.<\/p>\n
The request I get in these meetings is very clear and consistent: We need efficient solutions that make it easier to manage and control growing complexity; can you help us reduce the complexity we are dealing with?<\/p>\n
This is where we bring in the good news:<\/strong>\u00a0 Managing Intune and Conditional Access together with Azure AD<\/a> just got a lot easier for our rapidly growing community of IT Professionals. As of today, we have reached two important milestones for Microsoft Intune and for EMS Conditional Access<\/a> capabilities:\u00a0 Both new admin experiences are now Generally Available in the Azure portal<\/strong>!<\/p>\n Intune\u2019s move to the Azure portal is, in technical terms, a really big deal. Not only did the Intune console change, but all of the components of the EMS console experience have now come together. The process of migrating capabilities into the new portal was an incredible opportunity to reimagine the entire admin experience from the ground up \u2013 and what we are shipping today is an expression of our unique vision for mobility management<\/strong> shaped by needs of our over 45K unique paying customers<\/strong>.<\/p>\n I love the progress we\u2019ve made here because Intune on Azure is great for our existing customers<\/strong> because they can now manage all Intune MAM and MDM capabilities in one consolidated admin experience, and they can leverage all of Azure AD seamlessly within one experience. Awesome.<\/p>\n There is actually a whole lot more going on \u201cbehind the scenes\u201d of the new administrative experience. Not only have the administrative experiences converged, but we also converged Intune and Azure Active Directory onto a common architecture and platform. Converging the architectures dramatically simplifies the work we do to support it, the work you do to use it, and it enables some incredible end-to-end scenarios across Identity and Enterprise Mobility Management.<\/p>\n If you haven\u2019t tried Intune on Azure, we invite you to jump into this new experience with us. To check it out for yourself<\/strong>, log into the Microsoft Azure portal<\/a> right now. \u00a0We\u2019re always listening and learning from your feedback, and we want to hear what you think!\u00a0 Since we put this into preview in December there have been more than 100k paying and trial tenants provisioned<\/strong>!<\/p>\n The new conditional access admin experience is also Generally Available today. Conditional access in Azure brings rich capabilities across Azure Active Directory and Intune together in one unified console. We built this functionality after getting requests for more integration across workloads and fewer consoles. The experience we\u2019re delivering today does exactly that.<\/p>\n Organizations everywhere face the challenge of enabling users on an ever-expanding array of mobile devices, while the data they are tasked with protecting is moving outside of their network perimeter to cloud services \u2013 and all of this happens while the severity and sophistication of attacks are dramatically accelerating. IT teams need a way to quantify the risks around the identity, device, and app being used to access corporate data while also taking into consideration the physical location \u2013 and then grant or block access to corporate apps\/data based upon a holistic view of risk across these four vectors. This is how you win.<\/p>\n Conditional access allows you to do this and ensure that only appropriately authenticated and validated users<\/strong>, from the compliant devices<\/strong>, \u00a0from approved apps<\/strong>, and under the right conditions<\/strong> have access to your company\u2019s data. The functionality at work here is technologically incredible, but it\u2019s not always obvious how granular and powerful these controls really are. The new conditional access experience on Azure now makes the power of this technology crystal clear by showcasing the deep controls you have at every level in one consolidated view:<\/p>\n <\/p>\n Now you can easily step through a consolidated flow that allows you to set granular policies that define access at the user<\/strong>, device<\/strong>, app<\/strong> and location<\/strong> levels. \u00a0Over the last 6 months, as I have shown this integrated experience to 100s of customers, the most common comment has been:\u00a0 \u201cNow I completely see what Microsoft has been talking about how Identity management\/protection has needed to work with Enterprise Mobility Management to protect our data.\u201d Microsoft\u2019s Intelligent Security Graph<\/a> is also integrated here, delivering a dynamic risk based assessment into the conditional access decision.<\/p>\n You can also control access to resources based on a user\u2019s sign-in risk via the vast data in. Once your policies are set, users operating under the right conditions are granted real-time access to apps and data \u2013 however<\/em>, as conditions change, intelligent controls kick in to make sure that your data stays secure. These controls include:<\/p>\n We believe Microsoft is uniquely positioned to deliver solutions that are this comprehensive and sophisticated yet remain simple to operate. With EMS, these types of functionalities are possible because we\u2019re building them together, from the ground up, to deliver on our commitment for secure and mobile productivity.<\/p>\nHere\u2019s how Intune\u2019s redesign helps your organization<\/h3>\n
Here are the 3\u00a0things you need to know about Intune on Azure:<\/h3>\n
\n
\n<\/strong>The Azure platform provides huge increases in elasticity and reliability for Intune, and it provides the foundation for nearly unlimited scale. The new admin experience will also run on any browser<\/strong> on any device<\/strong> form-factor. Now you can manage Intune from anywhere \u2013 even from your phone!
\nThe redesigned architecture and new console bring nearly unlimited scale to the service. We currently have customers that are rapidly<\/em> growing to 100,000s of devices in a single tenant. No problem!\u00a0 One customers has shared that they associated a sophisticated policy to ~200,000 users \u2013 and what took hours in the past was done in less than 3 minutes. Now, because this is built into the Azure console, you get all the rich role-based administration for delegation of authority.<\/li>\n<\/ol>\n\n
\n<\/strong>With Intune\u2019s move to Azure and the Azure Portal, we now share a console experience with other core EMS services like Azure Active Directory and Azure Information Protection. Having the collective power of these services living side-by-side makes them more effective and easier to manage across identity and access management, MDM and MAM, and information protection workloads.
\nFor example:\u00a0 If you\u2019ve just finished creating a set of conditional access policies to control access to data using Intune in the same portal environment, you\u2019re now just a click away from adding additional app protection policies that ensure that your data is protected after it\u2019s been accessed and is in use on mobile devices.
\nThe Intune transition to Azure also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organization\u2019s on-premises Active Directory.<\/li>\n<\/ol>\n\n
\n<\/strong>Built on the Microsoft Graph API<\/a>, the new Intune experience also opens the door for broader systems integration and automation. This means that our customers can now simplify, automate and integrate workflows across Intune and the other services they are using however they see fit. For more information about what you can do with this, I really recommend this post<\/a>. Microsoft Graph API capabilities are currently in preview; expect a GA announcement for this functionality in the coming quarter.<\/em><\/li>\n<\/ol>\nConditional Access \u2013 the new admin experience in the Azure portal<\/h3>\n
\n