The Twelve Days of Blog-mas: No.10 – It’s a Multi-Tenant and Cross-Platform World: Part II

In Part I of this mini-series, I discussed some of the new hotness around multi-tenant capabilities in our space.  In Part II, I'll cover cross-platform support across several of our cloud services.  The cloud era ushered in mainstream cross-platform support from many Microsoft services.  Like the title of this post says, anymore, it's a cross-platform world.             

Intune

Nowhere is this more pronounced than in Intune, which now provides a very polished and rich set of MDM and MAM capabilities for numerous platforms.  Device enrollment and configuration, application deployment and protection, and on.   Not only for typical device management scenarios, but we've added support for specific use-cases such as single and multi-app kiosks and point-of-sale devices from Samsung and Zebra, as well as support for AOSP – the Android Open-Source Project – which is often used for ‘wearable' devices such as VR goggles (which don't need the mobile services ‘stack' within the OS). 

Intune offers support for updates policies to manage OS and firmware updates for non-Windows devices: 

MichaelHildebrand_2-1702316334733.png

MichaelHildebrand_3-1702316334738.png

The Intune cross-platform story continues with the introduction/expansion of Intune Suite.  One component of the Suite is Remote Help – here's the macOS flavor:

  • Here's the admin portal view for initiating a Remote Help session on a Mac device:

MichaelHildebrand_0-1702316334689.png

Here's the end-user experience, from that device:

MichaelHildebrand_1-1702316334725.png

BONUS – The long-awaited device SSO for macOS is coming soon

Microsoft Purview

Information retention, governance and protection capabilities are integrated on platforms far and wide – we've enabled/extended secure productivity and labeling across device types via M365 apps (aka ‘the Office apps').  The Office Web Apps are supported for many of these scenarios, too.

Here's Word on a Mac, where a user is prompted to apply a certain label, due to sensitive information discovered within the content:

MichaelHildebrand_4-1702316334747.png

Here's that file, once the label is applied (notice the header, watermark and footer applied): 

MichaelHildebrand_0-1702390369854.png

MichaelHildebrand_1-1702390433765.png

Here's a different file, where the label is automatically applied due to an Automatic Label policy:

MichaelHildebrand_5-1702316334757.png

Endpoint DLP

Endpoint DLP provides numerous capabilities across platforms to reduce the likelihood of casual data leaks and to help protect end-users from accidents, mistakes or ‘unwise decisions.'  

  • NOTE: EDLP rules/policy can integrate with the labels above

MichaelHildebrand_4-1702391090093.png

NOTE: The end-user notifications are customizable

MichaelHildebrand_0-1702383243855.png

  1. Copy to clipboard – Block w/ override and justification:
  1. MichaelHildebrand_8-1702316334802.png

  2. Block saving to USB:

MichaelHildebrand_6-1702316334770.png

3.  Block print:

MichaelHildebrand_7-1702316334796.png

4.  Block upload to specific cloud services (such as personal cloud ) or from unapproved apps:

MichaelHildebrand_3-1702390595725.png

MichaelHildebrand_9-1702316334812.png

for Endpoint

In Defender for Endpoint, we have a strong security ‘platform' that includes AV, XDR and malware protection. 

  • Here's the client app for macOS, deployed and managed via integration of Intune and for Endpoint services:

MichaelHildebrand_0-1702407577029.png

MichaelHildebrand_1-1702330388475.png

  • Portal Reporting and Export

MichaelHildebrand_2-1702330972778.png

  • If you click one of the colored line-items in the report, you'll get a fly-out w/ more details (here's the ‘Mac devices' line):

MichaelHildebrand_0-1702406924242.png

for Endpoint also offers a mobile threat defense (MTD) solution for iOS and Android platforms.

MichaelHildebrand_2-1702329308188.png

  • One question I had from numerous customers was: ‘Some users sign out of the Defender mobile app – How can I prevent that?'
  • It's now a simple policy setting:

MichaelHildebrand_12-1702316334823.png

There you have it folks – a sample of some of our cross-platform capabilities.  Of course, these days, most of our products have ‘standing' design goals to account for cross-platform support so that will only continue to expand.        

A series recap (so far):

  1. The Twelve Days of Blog-mas: No.1 – A Creative Use for Intune Remediations – Microsoft Community Hub
  2. The Twelve Days of Blog-mas: No.2 – Windows Web Sign in and Passwordless – Microsoft Community Hub
  3. The Twelve Days of Blog-mas: No.3 – Windows Local Admin Password Solution (LAPS) – Microsoft Communi…
  4. The Twelve Days of Blog-mas: No.4 – Sync Cloud Groups from AAD/Entra ID back to Active Directory – M…
  5. The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw – Microsoft Community Hub
  6. The Twelve Days of Blog-mas: No.6 – The Reporting Edition – Microsoft Community Hub
  7. The Twelve Days of Blog-mas: No.7 – Architecture Visuals – for Your Reference or Your Own Docs – Mic…
  8. The Twelve Days of Blog-mas: No.8 – The Evolution of Windows Server Management – Microsoft Community…
  9. The Twelve Days of Blog-mas: No.9 – It's a Multi-Tenant and Cross-Platform World: Part I – Microsoft…

Hilde

 

This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.