Microsoft Azure Active Directory joined Devices
Microsoft Azure Active Directory, commonly known as Azure AD, is a system in Microsoft Azure that enables identity management to configure user and group access to services and resources. Together with deviceTRUST contextual security, administrators now have a powerful new way to securely and intelligently enforce all security, compliance and regulatory requirements for Azure AD connected devices for access to on-premises or cloud resources.
Regardless of how Azure AD connected devices are managed, the Compliant Status of the device within Azure AD can be set accordingly depending on the context of the device.
For the context definition, various information from the physical device, the connected network, the location, day and time as well as about the user itself can be used locally as well as within Azure AD, e.g. for the compliant status or for conditional access.
Compliant application access
Local applications available on the device can be controlled contextually using Microsoft AppLocker or FSLogix App Masking. This ensures that applications are only available as specified. This also applies when unlocking and during session runtime for instances that are still running.
Authorized USB drives
Ensures that only authorized USB drives can be used on the device. In addition to technically blocking unauthorized USB drives, the user is blocked from accessing the session while the unauthorized USB drive is plugged in with a customizable notice.
Apply configuration defaults and policies to control available options and resources. This makes it very easy, for example, to apply policies to control session idle time depending on the context of access, or to connect session printers based on location.
The deviceTRUST context is always up to date. Context changes can be detected not only during login and when reconnecting to the session, but also during the session runtime to launch predefined actions.
You can quickly and easily create visibility of accesses via predefined and ready to use dashboards for Azure Log Analytics, Splunk, Graylog, and ELK Stack.
No additional infrastructure
No additional cloud infrastructure is required to use deviceTRUST.
As a result, deviceTRUST brings together all the context and control you need to protect your enterprise resources while providing the modern access your users demand.