This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:18:37
The video discusses Microsoft's application management features, particularly focusing on InTune and Mobile Application Management for Windows. It covers the integration of various Microsoft products for enhanced security, setting boundaries for data protection, and customizing user experiences. Different deployment scenarios are explored, such as protecting data for high-profile employees and non-employees. The process of enforcing Microsoft Edge Application Guard and configuring app protection policies for Windows devices is outlined. The video also demonstrates deploying policies to Windows M end-users, showcasing the management controls and health checks implemented. Overall, the aim is to provide a comprehensive solution for application management across all platforms, ensuring security and ease of access for users.
00:00:00
In this part of the video, Daniel Emerson, a product manager on the InTune team, discusses the InTune application management feature for Windows. He introduces key components such as app protection policies, app configuration policies, and app protection conditional access. The video highlights the integration of multiple Microsoft products, including Edge, InTune, and Windows Security Center for enhanced security. Key actions include setting boundaries for data protection, customizing user experiences, and integrating with the Windows Security Center for better security monitoring. The aim is to provide a comprehensive solution for application management across all platforms.
00:03:00
In this segment of the video, the focus is on the new capabilities of Mobile Application Management (MA) for Windows from both the administrator and end user perspectives. Administrators can now protect organization data on end users’ BYOD devices using Microsoft Edge app, including resources like internet sites, internal sites, SAS apps, and Microsoft 365 experiences. The admin controls are similar to those on mobile platforms, and can be integrated with Microsoft Intune. For end users, the key benefit is easy access to resources from personal devices with a straightforward onboarding process. Changes for company’s health criteria are clearly communicated, and management controls will not impact personal data. The deployment scenarios are designed for personally owned devices, with the first scenario being “work at home” for quick access to resources like Outlook web access email and document editing on SharePoint through Windows MA via Microsoft Edge.
00:06:00
In this part of the video, the primary scenarios discussed include emergency access to organizational resources for high-profile employees in case of device loss or theft while traveling. Another scenario addressed is improving security for non-employees accessing corporate data, such as students or visiting faculty, by using Windows ma to protect data within the browser. The video also covers the architecture that delivers these capabilities by recommending starting with conditional access policies, using Intune for app protection and configuration policies, and setting up connectors to ensure data protection when accessing resources through Microsoft Edge.
00:09:00
In this segment of the video, the setup process for enforcing Microsoft Edge Application Guard (MAG) when the health state is deemed unhealthy is explained. If a highly sensitive issue arises, users may choose to remove data from the application, and the org data will be automatically removed with instructions on how to re-access resources. Three recommended steps for configuring MAG for Windows are outlined: protect access with conditional access, secure org data with app protection policies, and customize the end user experience with app configuration policies. The process involves creating a new conditional access policy in the Microsoft InTune admin console, configuring app protection policies for org data protection, and setting up the Windows Security Center status check through a connector in the admin console.
00:12:00
In this part of the video, the speaker explains how to configure app protection policies for Windows devices using Microsoft Intune. They discuss enabling data protection and client health checks for unmanaged devices, setting criteria for data access, specifying automated actions in case of health check failure, creating app protection policies for Windows through the Microsoft Intune admin console, configuring data protection settings, setting up health checks for apps and devices, and targeting user groups for policy deployment. The speaker also talks about customizing end user experiences in protected applications with app configuration policies, setting up app configuration policies for managed applications, naming the policy, targeting it to Microsoft Edge for Windows, and choosing settings for configuration.
00:15:00
In this segment of the video, the user demonstrates deploying a policy to Windows M end-users. The user attempts to access a conditional access secured site from an unprotected application and is prompted to switch to a managed profile in Edge. By following the instructions, a new managed profile is created with clear visual indicators for browsing management. The user is prevented from copying data to personal devices and printing protected information based on organization policies. Health checks are conducted, and if the device does not meet criteria, access is restricted until remediation is completed. Admins can choose to automatically remove org account and data from compromised devices. Further resources are suggested for deploying Windows M in one’s environment, with documentation links for Intune, Edge, and Enter ID usage.
00:18:00
In this segment of the video, key steps for deploying Windows M capabilities are discussed. Viewers are encouraged to refer to detailed documentation for more information and reach out to support if needed. The presenter hopes that the audience enjoyed the walkthrough and can successfully implement Windows M in their environment.