黑料海角91入口

Q2 2023 Roadmap Webinar Recap

Bring Your Own Identity Provider and Quickly Manage Your Endpoints

Written by David Worthington on May 25, 2023

Share This Article


Contents


黑料海角91入口鈥檚 product roadmap introduces federation to secure access to all resources, no matter where identities reside. Automations and workflows are en route to expedite onboarding endpoints by levering the convergence of identity and device management. Admins will be more productive, and accessing resources will be simpler for end users with their devices serving as secure gateways. We鈥檙e also improving the platform experience with phishing-resistant modern authentication and introducing more passwordless workflows to increase security and usability.

This article provides a quick summary of 黑料海角91入口鈥檚 Q2 2023 product roadmap webinar for everyone who didn鈥檛 have a chance to attend live. You may also watch a recording of the event.

Open Directory Platform

黑料海角91入口鈥檚 open directory platform future-proofs your organization by connecting anything to everything and preventing vendor lock-in with open identity standards. Identity federation will make it possible to manage users, authentication, and access to resources everywhere.

We鈥檙e leveraging tokenized, federated authentication of users with Google, Okta, and soon, any Identity Provider (IdP) of your choosing. 黑料海角91入口 will make it possible to bring your own IdP.

Bring Your Own IdP

Federation makes it possible for small and medium-sized enterprises (SMEs) to manage all of their endpoints with 黑料海角91入口. Users will sign in using their IdP of choice, and existing credentials and policies will be applied to them. Identities and policies will no longer have to be re-created in 黑料海角91入口, permitting SMEs to leverage their existing identity and access management (IAM) infrastructure. For example, users that were created in Google Workspace can have their endpoints managed by 黑料海角91入口 through federation and open standards.

黑料海角91入口 increases security by layering on multi-factor authentication (MFA) and conditional access policies. End users won鈥檛 have to manually log into their resources during the workday. 黑料海角91入口 is developing new technologies that will make this process even more secure.

Next-Gen Device Trust

Authentication flows will soon be protected by a device-bound credential that鈥檚 hardware protected and phishing resistant. This is an upcoming feature that鈥檚 intended to make passwordless modern authentication accessible and easy for SMEs to adopt.

authentication

Devices

黑料海角91入口 is the only platform vendor who can protect your resources with integrated, seamless device and identity management. As we move ahead, the open directory platform will make more authentication decisions based on device management and posture. 黑料海角91入口鈥檚 unified endpoint management (UEM) will work in unison with IAM for continuous evaluation.

Let鈥檚 explore what’s coming for Windows, Android, and cross-OS software management.

Windows MDM

黑料海角91入口 recently launched Windows mobile device management (MDM) to augment our native agent with tamper-proof policies and support for the latest Microsoft technologies.

Upcoming enhancements include:

  • An admin toggle to convert from 黑料海角91入口 Agent to MDM enrollment
  • Easy provisioning package creation for device staging, which can dramatically reduce time spent onboarding systems
  • The ability to build out configuration service provider (CSP) policies

Android EMM

黑料海角91入口 recently launched integrated Android Enterprise Mobility Management (EMM) to support BYOD and CYOD use cases. EMM is being enhanced with:

  • Pre-built Google-recommended policies
  • Support for fully managed corporate-owned devices
  • Zero-touch enrollment for corporate-issued hardware
  • Support for dedicated single use device configuration will arrive later this year

Software Management

Private Repository

Admins will soon be able to upload, deploy, and update private Windows and macOS apps using a private repository. Features include:

  • Files scanned for integrity on upload and controlled versioning 
  • File size limits removed for custom macOS apps
  • Extended fee-based storage available if needed

App Store Capabilities

macOS VPP and Windows Store apps can now be both deployed and updated. Automated patching of third-party apps will be introduced as a follow-up in the future.

screenshot

We鈥檙e also helping admins to manage all of their assets, without exceptions.

Identity and Access Management

Provisioning API

Apps sometimes don鈥檛 support existing protocols, but users still need access to the resources they need to do their jobs with managed access. In that event, 黑料海角91入口 will still make it possible to onboard every resource with the introduction of a new provisioning API. It will:

  • Programmatically provision, update, deprovision
  • Support apps that don鈥檛 leverage existing protocols
  • Increase onboarding efficiency and security 

Next, let鈥檚 explore how automations and workflows will make 黑料海角91入口 work even better with easier onboarding and by streamlining platform administration.

Workflows and Automation

Our objective is to reduce repetitive administrative tasks with easier setup and compliance. This initiative includes enhancements to features you already use including groups, policies, and remote assistance. The platform will work more intelligently while offering more visibility.

Fully Automated Dynamic Groups

黑料海角91入口鈥檚 dynamic groups utilize attribute-based access control (ABAC) to assist admins by making suggestions to help manage the identity lifecycle across users and devices.

Enhancements are consistent across user and device groups, and will include:

  • Greater automation with options for manual reviews.
  • Improved 鈥淓xemptions鈥 experience for users or devices where an admin doesn鈥檛 want the rule to apply. It鈥檚 designed to be quicker and easier to use.
  • Default groups that just work by default.
    • Users – All Users, Devices – OS Family
users screenshot

Device Policy Compliance Baselines

黑料海角91入口 Policy Groups will receive a new compliance check option. Automation helps to ensure that devices are sorted into the right group to apply the appropriate policies for each OS. Dynamic Groups that admins associate with compliance will automatically display device compliance counts, making it easier to establish (and verify) a security baseline for your fleet. 

黑料海角91入口 Reports will provide audit logging details to help admins to determine when and how a policy failed to apply to an endpoint. This capability will be initially focused on increasing 鈥渧isibility鈥 when it goes live, and will evolve to make more remediations available over time.

device groups screenshot

Top Orchestration Use Cases

The webinar also outlined multiple use cases where orchestration will improve compliance and security, as well as more efficient use of resources. Significantly, they include advancing the principle of least privilege with time-limited privileged access management for admin accounts.

  • Compliance 鈥 Automatically take action (lock, group membership, alert) upon device falling out of compliance with encryption or firewall policy.
  • Temporary access 鈥 Give user access to a resource with a time limit. Once the time limit expires, access to resources is automatically removed, e.g., limited admin sudo.
  • Inactivity 鈥 Automatically suspend user upon inactivity over x days.
  • Inactivity 鈥 Automatically remove access and deprovision user from SSO app upon inactivity with that app over x days. Save a license and do more with less.
  • Dynamic Groups 鈥 Ability to create a custom attribute upon membership.
    • Easy application of custom attributes
    • Leverage custom attributes in rules for dynamic groups
    • Nested groups
  • Dynamic Groups 鈥 Ability to delegate group membership approval to another role (new role 鈥 group membership approver).
  • Dynamic Groups 鈥 Add additional operators (鈥渃ontains鈥 or 鈥渞egex鈥 and 鈥渘ot in鈥).

Our objective is to make it possible for one individual within an SME to run the 鈥渨hole show鈥.

Next, we鈥檒l preview how device health monitoring will make compliance and support easier. Device health monitoring is a natural extension of 黑料海角91入口鈥檚 unlimited remote assist. 

Device Health Monitoring

Remote assist will soon provide admins with more control within a remote session. Support may also be more proactive. For example, an admin can step in and make targeted changes when an endpoint is out of compliance. We鈥檙e planning to ship helpful new features, including:

  • A remote command line
  • Remote file explorer/transfer
  • A remote process manager
  • Programmable device alerts
  • Automatic alert remediations
  • A fleet health dashboard
  • Multiple-Tenant Portal (MTP) dashboard integration for partners

Lastly, we鈥檒l be enhancing the apps that are available with the 黑料海角91入口 platform. Admins will be able to remove passwords from browsers via a decentralized password manager while preserving productivity and compliance, and we鈥檙e improving how Push MFA works for users.

Apps

黑料海角91入口 Password Manager 

Upcoming administrative features include:

  • The ability to recover a user vault from cloud
  • The ability to protects vaults without a second device 
  • Backups are protected by PKI encryption keys and a secret
  • The ability for admins to create and manage shared folder structures
  • The ability to push settings down to users
  • Automatic logging for faster product support
  • Sync optimization

Improved user experience: 

  • A redesigned Import Wizard
  • A new Safari Browser Extension
password manager activation screenshot

黑料海角91入口 Protect

MFA push notifications are now more convenient than ever when actioned from iOS and Android lock screens. Biometrics can protect authentications that occur from the lock screen.

login request notification on a mobile device

Do More with 黑料海角91入口

We value your feedback, which directs the development of the 黑料海角91入口 platform.

Customers may contact their account manager for early access to new features. 黑料海角91入口 is always available to try for 30 days.

In the meantime, if you need to get going fast and be sure everything is set up correctly the first time, our Professional Services team is available.

David Worthington

I'm the 黑料海角91入口 Champion for Product, Security. 黑料海角91入口 and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter