Azure Active Directory Gets Policy, Printing and User Perks
Microsoft recently announced a few Azure Active Directory (AD) improvements, both for end users and IT pros.
IT pros can now test the effects of conditional access policies on individual Azure AD end users, Microsoft announced late last month. A "What If" tool, available at the preview stage, can be used to check those effects on a single user at a time. Microsoft built the tool so that IT pros can "see how CA [conditional access] policies will impact a user under various sign-in conditions." The conditions that can be set in the tool include the cloud app used, IP address, device platform, client app and sign-in risk.
The What If tool will show which conditional access policies applied and which didn't for a particular end user, along with an explanation. It'll show if "classic" policies are in place, and allows IT pros to disable those policies. The tool saves IT pros the time of having to log in as a particular user to run such tests, according to Microsoft's documentation. There's no bulk checking, so it seems more like a troubleshooting tool, at least in its current preview stage.
Azure AD and Printing
Microsoft has now made the bold declaration that it's possible to print from an Azure AD-joined Windows 10 device, according to a Feb. 1 announcement. The printing happens using a Windows Server 2016 Hybrid Cloud Print role feature, described as "just released" in the announcement although it was documented back in October. The Hybrid Cloud Print role is designed to permit printing in bring-your-own-device types of scenarios. It's used in conjunction with Azure AD and the Microsoft Intune mobile device management (MDM) solution.
"Up until now, there has never been a good way to print to a corporate printer from an Azure AD joined device," explained Alex Simons, director of program management for the Microsoft Identity Division, in the announcement.
Hybrid Cloud Print also supports AD domain-joined devices because it's "built on top of the Windows Print Server role," Simons explained, so existing scripts and tools will work with it. It uses two new Internet Information Services endpoints, namely the Printer Discovery Service and the Windows Print Service, and it has six new MDM policies.
Easier App Launching
Late last month, Microsoft described faster ways for end users to sign into Azure AD-managed applications. Microsoft has turned the My Apps portal for launching applications into a "waffle" icon browser extension, which is available from the top bar of browsers, including Chrome, Firefox and Microsoft Edge. The new waffle icon will appear automatically for users of "an older version of the extension."
The waffle extension also shows the user's available Azure AD-managed apps. It's a quicker way to access them than going back to the My Apps portal.
Microsoft also explained late last month that its Intune Managed Browser now has My Apps functionality included for Android and iOS devices. My Apps will now show as the home page when the Intune Managed Browser gets launched. The Intune Managed Browser is designed to work with Intune policies and permits organizations to use single sign-on with My Apps. It's also used to limit URL access by end users, among other capabilities, as described in this document.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.