News

Microsoft Adding 'Conditional Access' to Intune with March Update

The latest update to Microsoft Intune will include new capabilities related to mobile device management (MDM).

Microsoft will roll out this month's Intune update between March 4 and March 7, although the exact timing will depend on a user's area-dependent "service instance." For instance, users in the North America region will get the update on March 6, according to Microsoft's Intune status page.

The updates apply mostly to the "standalone Intune" service, by which Microsoft means Intune unattached to System Center Configuration Manager. It's possible to connect the two device management applications via a Microsoft connector solution, but it seems that not all of the mobile device management capabilities work in conjunction quite yet. Microsoft's announcement of the March Intune improvements, though, claims that such "hybrid" integration is a "top priority" at the company.

"Delivering new features to our hybrid customers using System Center Configuration Manager integrated with Intune remains a top priority for our team, and you can expect additional hybrid features to be made available soon," the announcement stated. 

As an example, this March Intune update includes the ability for hybrid users to "create custom Wi-Fi profiles with preshared keys (PSK) for Android devices."

Most of the March Intune management improvements are for Apple iOS or Android devices. However, Microsoft did add the "ability to deploy .APPX files to Windows Phone devices." That's a way of distributing applications for those devices through a portal page or the Windows Store via an app packaging process.

On the Apple iOS side, Microsoft made it easier to enroll devices purchased from Apple or an Apple-authorized reseller, according to its announcement. For both iOS and Android devices, Microsoft now enables the use of Intune to manage OneDrive apps.

Microsoft's announcement also indicated that the March update will make it easier for organizations to restrict access to OneDrive for Business and SharePoint Online services based on "device enrollment and compliance policies" set by IT departments. Microsoft describes this approach as setting "conditional access," as described in this blog post.

Setting conditional access to OneDrive for Business and SharePoint Online services is an important feature for organizations to have if they are migrating users to Office 365 services, according to Microsoft. Organizations can define a compliance policy for devices that will be used by Azure Active Directory to check if the device is managed and compliant before enabling access to those services. This conditional access scheme requires that a "workplace join" operation take place with the device first, according to a Microsoft TechNet library article. The workplace join phrase refers to Microsoft's technology for establishing trust with non-domain-joined devices, which is typically associated with the Windows Server 2012 R2 product.

The March Intune update also includes the ability for IT pros to "restrict the number of devices a user can enroll in Intune."

As of last month, Microsoft has kicked off a new policy with regard to its Intune updates. Going forward, all Intune updates are getting released now on monthly basis.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.