A number of new updates and announcements emerged for Microsoft’s Enterprise Mobility and Security (EM+S) over June.
Here’s a round-up of the changes, which included new resources for Remote Desktop Services Disaster Recovery, and a preview ‘Do not track’ feature in Azure Information Protection.
New Resources for Remote Desktop Services Disaster Recovery
Microsoft has released new documentation aimed at assisting customers to create a geo-redundant, multi-data centre Remote Desktop Services (RDS) deployment for disaster recovery.
As Haley Rowland, RDS Programme Manager, points out: “When you deploy Remote Desktop Services into your environment, it becomes a critical part of your infrastructure, particularly the apps and resources that you share with users. If the RDS deployment goes down due to anything from a network failure to a natural disaster, users can’t access those apps and resources, and your business is negatively impacted.”
The resources suggest a dual approach to disaster recovery. Using multiple data centres in Azure (i.e. utilising data centres in different geographic locations) can add security as it is highly unlikely that the different regions would go down simultaneously. This type of geo-redundant, multi-data centre RDS deployment can allow you to ride out even a catastrophic failure of one entire region.
You are also advised to create your own disaster recovery solution using Azure Site Recovery. This is a service that uses a variety of replication technologies to protect and failover virtual machines and apps.
Azure Information Protection ‘Do Not Track’ Feature Preview
A new ‘Do not track’ feature is now in preview for those using document tracking in Azure Information Protection. According to Microsoft, this feature has been introduced in direct response to feedback from users concerned about privacy and compliance when using the document tracking feature.
Essentially the ‘Do not track’ feature allows you to compile groups within your organisation who should not be tracked for reasons of compliance and/or privacy. To do so you can simply add them to a group that is stored in Azure AD. Once added and configured, you will not be able to track activities related to documents others have shared with them. Email notifications will not be sent to the user responsible for sharing and protecting the documents.
Users in a ‘Do not track’ group will still be able to track and revoke access to documents they have protected themselves.
Azure Information Protection Status Update
On June 28 the Azure Information Protection (AIP) team released the first of what will be an ongoing series of monthly status updates. They also promise to take feedback and feature requests into account when looking at further improvements and updates. To this end, they have adopted the UserVoice platform.
According to Adam Hall of the Customer and Partner Engagement team, these commitments will involve providing more visibility on features and updates they are working on, releasing preview versions where possible and announcing GA level clients to aggregate the new features and bug fixes that have been previewed.
The June update announced that AIP was looking to release further AIP Client Previews in July and August. The three streams being worked on for the next GA client release (due towards the end of September) included:
- Regular bug fixing and stability improvements
- Improving automation via enriched detection of information types using Office DLP rules
- Improving the Information Workers experience
Azure Information Protection Documentation Update
The documentation for AIP has also been updated for June. A number of articles have undergone significant technical updates since the April update.
These include the following articles and entries:
An FAQ entry for AIP on ‘How do I configure a Mac computer to protect and track documents?
How to configure a label for Rights Management protection
Azure Information Protection client administrator guide
Updates 1705 and 1706 for Configuration Manager Technical Preview Branch
Two new updates – 1705 and 1706 – were released for the Technical Preview Branch of System Center Configuration Manager in June, on June 2 and June 23 respectively.
New features included in the most recent preview (1706) included the option to include trust for named file paths within Device Guard policies and to register Windows 10 devices with Azure Active Directory.
In the area of Application Lifecycle and Content, different install and uninstall content locations can now be specified and improvements were introduced to the Software Update Points in Boundary Groups.
In the area of Core infrastructure, you are now able to add a primary site server to a standalone site in ‘passive mode’ to boost availability.