Control Cloud Apps with Microsoft CAS

Moving to the cloud increases flexibility for employees and reduces IT cost, but it also introduces new challenges and complexities for keeping your organization secure. To be able to get the full benefit of cloud applications, an IT team must find the right balance of supporting access while maintaining control, to protect critical data.

This video shows how you can combine Azure AD, Microsoft Cloud App Security and Azure Information Protection to protect your sensitive data. I’m showing how you can enrich a SaaS-application like Box with the capabilities of the Microsoft cloud platform, in order to make sure that sensitive files copied to Box, are automatically classified and protected (encrypted).

Azure AD for non-Microsoft applications

I often hear the misconception that Azure AD is only meant for use with Microsoft products like Office 365 or Azure. And of course Azure AD works great with the Microsoft portfolio, but it is also very easy to use Azure AD to give your users seamless access to non-Microsoft applications.

There‚Äôs actually already thousands of applications pre-configured for you, to make it really easy to add them for your users. One of those applications in Salesforce, which I am going to add to Azure AD in today’s video using SAML SSO.

Also want to integrate Salesforce with Azure AD? You can find the tutorial here!

How to use Azure AD Application Proxy

A lot of organizations have moved to Office 365 and started using Azure AD. However, many of these organizations still have on-premises applications which are tied to the on-premises Active Directory. An often overlooked option is the Azure AD Application Proxy. In this video I explain how you can use the Azure AD Application Proxy to easily make your on-prem application available in Azure AD and start using advanced capabilities like SSO and MFA, without changing a line of application code. And in most cases, even firewall changes are unnecessary.

Also want to give secure remote access to your on-premises apps? Learn more: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy

Intune: set compliance by location of the device

Intune now offers the possibility to set compliance of an Android device, based on the IP address of the device. If the device moves outside the IP range, then the device cannot access corporate resources.

Have a look at my video that shows how to create such a compliance policy and what it will look like for the end user.

More information and all other updates can be found here: https://docs.microsoft.com/en-us/intune/whats-new

Using Azure AD B2C

Today I’m showing you the B2C capabilities of Azure Active Directory. Azure AD B2C is a great solution to give your customers a very easy way to sign up and sign in to your applications, using the social ID’s they’re already using such as Google or Facebook.

B2C offers support for all platforms and open standards, like OpenID Connect and SAML, and can be fully branded for your organization.

As Azure AD B2C is a cloud service, it can easily scale to hundreds of millions of users.

Block legacy authentication without ADFS, using Conditional Access

One of the biggest advantages of Azure AD is the Conditional Access framework. Conditional Access allows for a very granular access control to your applications. Based on the conditions you define in a policy, certain controls are enforced before access is allowed. The catch is that Conditional Access is based on Modern Authentication. All the CA policies you create, do not apply to users that use legacy authentication – for example when using Outlook 2010 or protocols like POP3 or IMAP.

Since last week, it is possible to block legacy authentication in Conditional Access (in preview). This means, it is now possible to create your Conditional Access policy while at the same time blocking legacy authentication – all from one place and without the use of ADFS.

For many organizations, this is great news, because this removes another possible requirement for the use of ADFS, after we already introduced pass-through authentication last year.

Check out my video to find out how (easy) this works in real life.