Event banner
Event details
- For EPM, does it work for Hybrid AAD joined devices or just AAD joined?
- Matt_Call
Microsoft
It will work for both - We just require a trust with Azure Active Directory to make sure we have authentication material.
- `Does the Tunnel play nice together with other VPN's on mobile devices?
- Lance_CrandallDue to platform limitations, you can only have one VPN running at a time on iOS or Android. On iOS, the VPN is actually embedded with the app, so it's slightly different, but I believe it would intercept and route traffic first at the app layer before it got to, say, a personal VPN you had running at the device level. On Android, it's using more of the native networking stack so you'd have the same limitation that only one VPN could be running at a time.
Does Advanced Management Include both the Remote Assistance and the Tunnel or are they separate add-ons? Can the Tunnel app be used to provide a Terminal Server Session into an Azure environment? Or would you just recommend a Windows 365 machine? Our Use case might actually have to have the app run on the Terminal server environment.
- Lance_CrandallYes, Advanced Management includes both Remote Help and Tunnel for mobile application management. For tunneling into Azure itself, Azure VPN is probably the better choice honestly, or W365. I'd probably need a little more data on your scenario offline to make sure I'm giving you the best advice 🙂
- Any thoughts on Tunnel and support for MDE Web content filtering for iOS and Android devices? Web content filtering is currently only available for Windows.
- Lance_CrandallDo you mean web content filtering or anti-phishing. If anti-phishing, we do support running both Tunnel for remote connectivity and MDE for anti-phishing on the same iOS or Android device at the same time.
- I mean 'Web content filtering' for iOS, Android: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide
- Does Endpoint Privilege Management support offline use, e.g. service technician is at customer site without Internet connectivity but must run a certain binary privileged? Some kind of caching the rules ...
- Matt_CallOne-Time Passwords is on our roadmap - This would allow you to elevate without the need for connectivity back to the service. More on that closer to launch.
- When using EPM for something like printer driver installs. Do you need to create specific rules for EVERY possible installer/model? Or can you just set it to allow standard users to install ANY printer driver?
- Matt_CallPrinter drivers have sort of a mixed past, so I'm not sure we'll open it up to entire classes of installers. However, you could create a rule that allows any installer signed by an OEM, so you could do it on per OEM basis.
- If we aren't going to see a demo of the 3rd party patching, can we at least get some information on where to look for more information?
- Lance_CrandallWe don't have anything else we can share more publicly on that one quite yet.
- Can you elevate a privilege for a non-MS registered app? 3rd Party?
- Matt_CallSure! Essentially - You're in control with how the application is defined and the elevation action that is tied to that application. You'll be able to cue off of file metadata, signature, file hash, etc.
- Super interesting session! How is licensing for remote help done? We have multiple customers. Where lies the licensing to support multiple customers?
- Lance_CrandallRemote help is a per user per month license. It doesn't currently support federation (so you can't use your same account across tenants you may support). If you have accounts in each tenant it could definitely work.
- Any chance we'll see modifications to the licensing structure (e.g., licensing of techs, not end users) so that it doesn't cost millions of dollars a year when the competition is far less expensive?
- How does Microsoft expect to convince tenants that have gone to 3rd party solutions that have been doing this for years to switch? Cost is not going to be the best approach since Privilege Management is new for Microsoft and not for a company doing this for years.
- Agreed, if this was bundled with existing Intune subscriptions, we would likely race to adopt. It would make complete sense. the way this is being described, far too costly, and devalues our existing subscriptions - when compared to other 3rd part solutions. 50,000 users at 3.50/month????
- Lance_CrandallThere are a lot of benefits. You get a first party, M365 integrated solution that should lower your total cost of ownership. Single console, single vendor, single identity provider you are already using, lots of benefits only Microsoft can provide, and so forth.
- First party, single console / vendor / identity is not a good argument for a lower TCO. It takes relatively very little effort and cost to spin up a third-party solution that integrates with AAD. If the goal is to drive adoption, then the onus is on Microsoft to deliver a solid real-world TCO, or lower prices and/or restructure the licensing model.
