Archive

Posts Tagged ‘policy’

Microsoft Intune May updates – #Intunes, #EMM, #MDM, #Mobility, #EnvokeIT

Thsi week Microsoft is going to roll out some new updates like Android Wrapping Tool and new features for iOS, Android and Windows Phone to Microsoft Intunes.

We are excited to share with you the next set of Intune features that will be released between May 19 and May 26.  With our monthly release cadence, we continue to focus on providing you with best-in-class experiences that help keep your users productive while protecting your company’s sensitive data. You can expect to see the following new Intune standalone (cloud only) features in this release:

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

Also, as announced last week, several new hybrid features are now…

Contact us at EnvokeIT if you like assistance with Intunes or continue reading the blog post here.

//Richard

#Windows 8.1’s #BYOD enhancements ready for business adoption – via @kenhess

This is actually great news and a great article by Ken Hess! Microsoft is finally understanding the new BYOD use cases and scenarios! Interesting reading…

Summary: Microsoft understands, better than any other software company, that BYOD is actually a thing. It’s a thing to be dealt with at the source, which is exactly what they’re doing.

Everyone has weighed in on Microsoft’s Windows 8.1 update due at the end of the month, but few have highlighted the finer points of this significant update. Personally, I see Windows 8.1 as the new business operating system for desktop computing. Microsoft has listened to its critics and has made some super improvements on its much-beleagured new operating system.

Some of the more exciting improvements come in the form of BYOD enhancements. I believe that it is these features that will propel Windows 8.x onto corporate desktop systems and out of critical oblivion.

Excerpt from Stephen L. Rose’s Springboard Blog on Windows.com.

B.Y.O.D (Bring Your Own Device) Enhancements

  • Workplace Join – A Windows 8 PC was either domain joined or not. If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms. This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources. With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources. If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device to ensure the security of corporate assets.
  • Work Folders – Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system. Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares. Syncing could be done with 3rd party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.
  • Open MDM- While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch .
  • NFC tap-to-pair printing – Tap your Windows 8.1 device against an NFC-enabled printer and you’re all set to print without hunting on your network for the correct printer. You also don’t need to buy new printers to take advantage of this; you can simply put an NFC tag on your existing printers to enable this functionality.
  • Wi-Fi Direct printing – Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and any Wi-Fi enabled printer.
  • Native Miracast wireless display – Present your work wirelessly with no connection cords or dongles needed; just pair with project to a Miracast-enabled projector through Bluetooth or NFC and Miracast will use Wi-Fi to let you project wire-free.
  •  Mobile Device Management – When a user enrolls their device, they are joining the device to the Windows Intune management service. They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices. This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have more comprehensive policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having to deploy a full management client.
  • Web Application Proxy – The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using…

Continue reading here!

//Richard

#BYOD: From optional to mandatory by 2017, says #Gartner

I agree with this great article and the analysis made by Gartner.

Bring-your-own-device (BYOD) has for some time been gaining traction in the workplace, as not only a way of freeing up IT costs but also liberalizing workers from being virtually chained, clunky, aging machines at their desks.

But latest research from Gartner suggests that by 2017, half of employers may impose a mandatory BYOD policy — requiring staffs to bring their own laptop, tablet and smartphone to work.

As an optional policy, workplaces still have an IT fallback option, but many are choosing to bring their own tablets and smartphones to work in order to work more effectively using the technology they feel more comfortable with.

Some interesting tidbits from the research:

  • 38 percent of companies expect to stop providing workplace devices to staff by 2016. (PCs, such as desktops and laptops, are included in the definition of BYOD.)
  • BYOD is most prevalent in midsize and larger enterprises, often generating between $500m-$5bn in revenue per year, with 2,500-5,000 employees on the roster.
  • BRIC nations, such as India, China, and Brazil, will most likely already be using a personal device — typically a “standard mobile phone” — at work.
  • Meanwhile, companies in the U.S. are more likely to allow BYOD than those in Europe (likely due to stronger data protection rules, see below).
  • Around half of all BYOD programs provide a partial reimbursement, while full reimbursement costs “will become rare.”
  • Gartner vice president David Willis says companies should “subsidize only the service plan on a smartphone.”

But there’s a problem within. Those who have yet to adopt a BYOD policy often generally cite one of two good reasons (or both): interoperability and…

Continue reading here!

//Richard

How to check which #NetScaler policy that your #Citrix #Receiver or web browser hits?

April 18, 2013 1 comment

Ok, this is a common issue that you’ll end up in when setting up Access Gateway access scenarios:

How do you know which policy that is hit when your different Receivers are logging in?

Well, there are a couple of nice commands that can help you troubleshooting your access scenario! I guess that most of you have a simple scenario where you have one domain to authenticate against and some simple PNA, CVPN and potentially SSL VPN policies and profiles to deal with, and they are all linked to the virtual server like something like this simple example:

AG_vServer_VIP

But in more complex scenarios you may end up controlling which browser the user is accessing with (for giving nice error messages instead of Citrix default messages when users may use an unsupported browser etc.), or when you have multiple AD domains and AD groups to link different policies to etc. Then it may be complex and you have multiple policies and profiles for the same config with minor changes like the SSO domain name etc. So how do you then troubleshoot that easily?

First we have the must know command that hooks into the auth process of the NetScaler and gives you a view of the authentication process:

cat /tmp/aaad.debug

When you run that and you authenticate you’ll see the result of your auth process agains for instance LDAP and RADIUS sources like the result here when I logged in to our little environment:

aaad_debug_output

At the top of the output you see all the AD groups that I’m a member of that needs to match the group that you like to use on the NetScaler side, and last you see that accept from AD for my authentication request.

Then you know that you’re authentication ok, but which of the session polices are we hitting? Then you need to have a look at this great command:

nsconmsg -d current -g pol_hits

This is the output when I access using my Receiver on OS X:

nsconmsg_policy_hit

Read more…

Surprising Stats About Mobile Security

February 28, 2013 Leave a comment

Another good article!!

Surprising Stats About Mobile Security

IT security and data protection are the top ranked challenges faced by many mobile IT asset managers. This was certainly brought to light in Mobile Enterprise’s IT headaches executive survey, and recent research from the International Association of IT Asset Managers (IAITAM) brings this to light as well.

When IAITAM asked: how do organizations handle mobility and security? Fifty five percent of respondents access the enterprise from a remote location during off hours and the same number can access enterprise information from any BYOD device. Yet only 60% of organizations track how, how long or who is accessing remotely.
Out of those employees who do access the enterprise remotely, slightly more than half use a secure key or digital pass, while 49% use a login name and password on a secure site. A little more than half (53%) of organizations surveyed have an intrusion protection system for deployed mobile units.

Lost/Stolen Devices Covered
Nearly 90% of respondents have a mobile device policy and process in place for lost, misplaced or stolen mobile devices. At the same time, little more than a quarter have real-time location system tracking on any/all mobile devices. Still, 56% say they are able to perform a remote wipe of all data.
Less than half (43%) will automatically replace a lost, misplaced or stolen device within a 24 to 48 hour period. Eighty-four percent of companies have a firm policy that employees leaving the company must surrender their mobile device(s).
Tracking software downloaded on devices and preventing software downloads came in third and fourth as the most challenging issues, respectively, but with the predicted growth of mobile malware, this number could change going forward.

Asset Tracking?
Nearly 60% believe that they are managing mobile security adequately, but nearly 75% surveyed felt that licensing and management of mobile device assets is a challenge; 52% track their assets using an automated tool, while 36% still use spreadsheets. Another 12% are not tracking mobile assets at all. Members of the Mobile Enterprise Editorial Advisory recently had few things to say about this topic.
The main software programs accessed through a mobile handheld device or smartphone are Microsoft (85%), Google (52%) and Adobe (26%). Many of these same software publishers aggressively protect their intellectual property through software audits.

BYOD
Fifty-one percent of organizations surveyed had a BYOD or BYOT [technology] program that allows employees to use their personal mobile devices for work purposes. Surprisingly, 60% who took advantage of a BYOD program only accounted for 25% or less of employees who brought in their personal devices. 
 
More than three-quarters (77%) allow their employees…
Continue reading here!
//Richard

Do you really need a #BYOD policy? – via @GeneMarks

February 27, 2013 Leave a comment

This is a really good article by Gene Marks!

Social media.  Cloud computing.  Gamification.  SaaS.  Social CRM. Virtualization.  Mobile.  Every year we hear of the latest technology issues facing small business owners like me.   And now it’s BYOD (Bring Your Own Device).  Everywhere I read in the tech world it’s BYOD.  That’s because with the proliferation of smartphones, tablets and mini-laptops it’s become the hot tech security issue.  Whitepapers are written.  Seminars are conducted. Roundtables are moderated.  It’s a BYOD year.

I have 10 people in my company.  And a half dozen other contractors.  These people are using smartphones, tablets and laptops to access our data.  We do not have a BYOD policy.  Do I really need one?  Do all businesses, big or small, need to really worry about this?  Or is just another scare tactic from a bunch of IT guys looking to put fear into their clients’ minds and generate additional billable hours.

Hmmm.

The fact that everyone in my company has a different smartphone is of no concern to me.  Why should I care if Sam prefers his iPhone but Josh likes his Droid?  They are using their phones to call clients on Verizon or AT&T or whatever so I’m not exposed to any risk there.  The same with texting.  But uh oh…then there’s email.  Am I exposed to security issues when they send and retrieve email from our server?  No.  That’s because we have a hosted mail server and each employee has their own login to their email account.  They set up their email on their own with instructions we gave them.  Viruses, spam and all the other evil things that could happen via email are (hopefully) controlled by the security software running at the server level.

Read more…

#XenMobile, #MobileSolutions – Is this what we’ve been waiting for? – #Citrix, #ZenPrise, #BYOD

February 25, 2013 Leave a comment

Ok, so Citrix has now presented their new offering after merging Zenprise into their product portfolio. And is this what you have been waiting for?

My personal answer to that is probably yes, now you have all the capabilities (almost) out there to get your BYOx program/strategy and architecture in place or if you just want to add additional capabilities to your existing service offerings.

I must say though that the packaging is compelling and VERY interesting!

Citrix Mobile Solutions Bundle

The Citrix Mobile Solutions Bundle, which is comprised of XenMobile MDMand CloudGateway, offers a complete enterprise mobility management solution that enables IT to manage and secure devices, apps, and data.

XenMobile MDM Edition

XenMobile MDM Edition offers market leading mobile device management capabilities that deliver role-based management, configuration and security of corporate and employee-owned devices.

What I’d like to see is a roadmap where Citrix becomes an even more complete provider of technology in the Mobility segment. I still believe that Mobility is not only about smartphones and tablets and all the apps that you shall deliver to those devices and non-managed and non-corporate owned devices. There is still a need to provide device management of corporate assets that are not smartphones and tablets! And why should you have to implement another device management service/product for those.

So please Citrix = add Windows 7/8, OS X and Linux device capabilities as well in your almost complete Enterprise Mobile Management offering!

The offering is of course also today an early release where the former Zenprise product and CloudGateway is provided under the same marketing and price bundle but I’m waiting for when we have one (1) enterprise app store! And all capabilities from one technical architecture and product that you enable each capability on a need basis and are licensed accordingly.

But this is a great step for Citrix and I must say that I’m looking forward to see where this is going, I mean the feature set is pretty awesome!

Compare Features

XenMobile MDM Edition

Mobile Solutions Bundle

Enterprise MDM
Device management
Configure policies
Security and compliance
Scalability and high-availability
Ease of administration
Provisioning and self-service enrollment
Enterprise integration
Monitor and support
Decommission devices
Secure email, browser and data sharing apps
@WorkMail
Email attachment encryption
@WorkWeb
ShareFile integration
Microsoft SharePoint integration
Mobile app containers
Mobile application management
MDX Vault
MDX Interapp
MDX Access
App wrapping
Unified app store
Enterprise app store
Follow-me apps
Identity management, single sign-on and scenario-based access control
Active Directory integration
Instant application and data provisioning
Single sign-on to apps and data
App requests
Instant application and data de-provisioning
Strong authentication
Secure remote access
Policy enforcement

More information about the technologies have also been added to eDocs!

MobileSolutions_Citrix_edocs

 

Of course also made their competition table:

Compare the Mobile Solutions Bundle to other enterprise mobility solutions

These are exciting times and I’m looking forward to play around with the whole bundle!

Read more about XenMobile/Mobile Solutions here!

//Richard

%d bloggers like this: