I have implemented MFA and registered personal devices to access organization data and applications. Now users can access organization apps on personal devices, i want to restrict document uploads from the managed devices.
Users should not be able to upload files from personal devices to application such Onedrive/ SharePoint etc.
here are your options: https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
at the bottom under advanced, there is option to limit editing from browser, this may be sufficient to what you are seeking.
According to here. personal devices as long as they are not marked compliant,
then they are considered unmanaged.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices#managed-devices
Related
We store user email addresses, phones, physical addresses and other info in our corporate Windows Active Directory. Active Directory users need to access this information from all kind e-mail clients, such as Mozilla Thunderbird, Outlook, iOS Contacts, MacOS X, Android addressbook, etc. both from corporate network and outside if it, from Internet. We do not use Microsoft Exchange server.
I have found that this could be done via LDAP and CardDAV (through in-house app installed).
Which one to be better approach for accessing contacts in all kinds of email and mobile clients LDAP or CardDAV?
Think about this way - Active Directory is Microsoft's own implementation of LDAP, in addition to being their version of a database driven directory server. I wouldn't use anything else.
Also, Active Directory primarily supports LDAP based user authorization, so if you're going to be serving applications or individual requests outside of your local network and domain (especially from the various sources you named), this is a feature you'll need to consider for security purposes.
I'm not quite sure what your tech stack looks like, but many languages support LDAP based querying and authorization. I've cut my teeth in C# working with the System.DirectoryServices.Protocols namespace, and I've come to appreciate the adaptability and performance.
And, here is great link on the Protocols and Interfaces to Active Directory.
I understand that Metro limits the access an app has to the user's computer. Can anybody verify this, as I am considering creating an email client that will work with at least yahoo/at&t.net and gmail. Will I be able to access a user's email (assuming they provide their username and password, of course) with a Metro style app, or will I need to stick with creating an "old-fashioned" Desktop app for this scenario?
Metro applications can access the users Document Library, Picture Library, Video Library and Music Library without user intervention if the developer adds those capabilities to the Package.appxmanifest (double-click on it in Visual Studio and go to the Capabilities tab).
Even without these capabilities the app can read and write in its own local folders. And even with out these capabilities the app can prompt the user to open a file anywhere on disk using the FileOpenPicker. So yes, absolutely Metro can be used for an e-mail client.
For a sample of using FileOpenPicker (i.e. to add an attachment to your e-mail message) see:
http://code.msdn.microsoft.com/windowsapps/File-picker-sample-9f294cba
Metro can easily be used to create email clients. For something like this, you would be syncing data between the mail-server and the client.
Metro apps have limited access to the filesystem. But they can access Application Data Storage and isolatedStorage which can be used to store data pertaining to the application offline. This helper library helps store structured data in isolated storage, and might suit your needs.
For your scenario, a metro application would be a very good fit. However, the reach of metro applications will be decided by how well Windows 8 does after launch.
I've researched a ton and can't seem to find a solution for how to limit access to a secure mobile website to ONLY PREVIOUSLY REGISTERED devices.
I already have a secure login in-place, but we must also insure that ONLY registered devices access the site. We cannot have users sharing login information with others and allowing others to login and use the protected information.
Is there anyway to do this?
I've looked at trying to acquire the devices MAC address using JavaScript, PHP, or something similar, but this doesn't seem to be an option.
MAC addresses can be spoofed, so use something else such as REST-based authentication.
You can't do that because websites usually register users as opposed to their mobile devices as nothing can be truly unique about a physical device but the information it carries. The proper way of doing client based (as opposed to user based) authentication is to use a client certificate.
If you just want to simplify the sign-in experience for your users on mobile device you may want to take a look at this.
If i've got a filepath that the current browsers computer can access. Is there anyway that a silverlight application can open that file?
I dont want to run out of browser if possible as well.
Thanks in advance
In Silverlight 4 OpenFileDialog is the only option to access any place on the file system. Elevated trust, out of browser applications can access the current user folder only. However, in Silverlight 5 this type of application will be able to access anywhere on the file system.
From new features of Silverlight 5 at:
http://www.microsoft.com/silverlight/future/
Silverlight 5 extends features of the
‘Trusted Application’ model to the
browser for the first time. These
features, when enabled via a group
policy registry key and an application
certificate, mean users won’t need to
leave the browser to perform complex
tasks:
Host HTML content as a Web browser
control within the Silverlight
application. HTML pages, such as help
content or e-mail, can be integrated
within the application. Read and write
files to the user’s My Documents
folder, making it easier to find media
files or create local copies of
reports. Launch Microsoft Office and
other desktop programs. Users can open
Microsoft Outlook and create an e-mail
message, or send a report to Word
utilizing the power of Office. Access
devices and other system capabilities
by calling into application COM
components. Users can access a USB
security card reader or a bar-code
scanner. Enjoy full keyboard support
in full screen, which enables richer
kiosk and media viewing applications.
Call existing unmanaged code directly
from within Silverlight with PInvoke.
Note that this feature is available only on the Windows platform.
I am interested in developing a site similar to youtube. I want to have a site that users upload videos.
I imagine technically the website would upload the video to the azure cloud. Where the file will automatically be encoded to silverlight and hosted.
Can azure host my site, take care of encoding and host the videos all programmatically?
And can azure host the rest of the website pages that are not part of the app like a (homepage or about us page) and have a domain name or do i need a web host?
thanks
Azure can do the lot.
You'll probably want to use Azure Blob Storage for the initial upload, then use queues and the worker role functionality to do the encoding and other processing. Then you can store the resulting file back in Blob storage, and have an index either in Azure Tables or SQL Azure, depending on the architecture of the rest of the application.
And yes, an Azure Web role can quite happily host static content, standard dynamic ASPX pages, and a whole lot more (and can do it all on your own domain).
I suggest you grab the Windows Azure SDK (from http://www.microsoft.com/windowsazure/) and take a look through the documentation. Your example scenario is pretty simple actually, and working through the samples should give you all the information you need.
Good luck!
Azure can host your site indeed. However don't forget that the costs will probably be a minimum ~ $80-90 per month even without any load. If your website gets traffic this amount will increase
However you will have to implement video encoding yourself (or better yet find libraries to do it), Azure is purely a host.