In response to the COVID-19 pandemic, cloud-based ERP (Enterprise Resource Planning) systems have become increasingly more popular. The accessibility, ease of management, and cost-effectiveness provided by the
To help their customers navigate the new normal, Microsoft has released a number of new updates to Azure AD and Microsoft Intune (now called Unified Endpoint Management), two of the company’s most popular cloud offerings. Each of these updates is improving ERP cloud security and simplifying device management.
Updates to Microsoft Azure AD
Temporary Access Pass (TAP)
Using a TAP, administrators can create temporary passwords for both new and existing users that expire after a certain amount of time. The tool is particularly useful when onboarding new employees or
Because it contains a number of authentication policies, the tool is considered to be a strong authentication method, enabling organizations to integrate multi-factor authentication and self-service password reset.
A user’s Azure AD login information can now be used to access Azure Windows VM. This functionality can also be used in conjunction with PIM, Conditional Access, and RBAC.
The goal of this feature is to enhance and simplify user management among IT administrators and increase cloud connectivity from Azure’s directory.
Please note: Azure AD server authentication requires Windows Server 2019 OS. Older versions (including Bastions) are not currently supported.
New Conditional Update Policies
Azure AD’s conditional access policies (CAP) are essentially if-then statements. When a user wants to access something, they must first complete an action.
For example, one of the new CAPs within Azure AD is requiring users to go through multi-factor authentication prior to resetting a password. This policy can be set up by admins using grant controls.
Another new policy is listed underneath ‘Register or Join Devices’. This rule provides IT admins with greater control during device onboarding as it allows them to require users to complete a number of actions (such as setting up multi-factor authentication) prior to set up.
Finally, admins will have increased visibility of devices using the ‘Named Location’ policy. Rather than track by IP address, the tool finds a device using physical GPS coordinates, providing admins with a more precise location.
New Microsoft UEM Filters
When a new CAP has been created, admins can utilize new filters to assign policies based on specific rules. Essentially, this allows admins to narrow the scope of a policy and get a comprehensive view of which devices and users will be affected.
For example, filters may be useful when deploying a restriction policy to corporate devices while excluding personal ones or deploying a new iOS app to Apple devices on a specific team.
Using these features, admins have greater flexibility and granularity when assigning CAPs.
Get Started with JourneyTEAM
Organizations looking to provide their IT team with greater precision and control around